fix: add duplicate GSTIN and PAN message checks in party and address

[ljain112]

closes: #3781

Summary by CodeRabbit

• New Features
  • Duplicate-detection for GSTIN and PAN across parties and linked addresses; surfaces orange alerts when potential conflicts are found.
  • Duplicate checks trigger automatically after GSTIN/PAN entry and during quick-entry flows for faster review.
  • Alerts include contextual, highlighted links to matching records (including via-address matches) to aid resolution.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds client-side calls to check for duplicate GSTIN/PAN after local validation and implements a server-side API that searches Parties and Addresses (with permission checks), returning an HTML alert linking to any matching records.

Changes

Cohort / File(s)	Summary
Client: party form script india_compliance/gst_india/client_scripts/party.js	After GSTIN and PAN validation, invoke client duplicate checks (india_compliance.check_duplicate_gstin, india_compliance.check_duplicate_pan).
Client: quick-entry & utils india_compliance/public/js/quick_entry.js, india_compliance/public/js/utils.js	Add client methods check_duplicate_gstin, check_duplicate_pan, and check_duplicate_party; quick-entry wires GSTIN onchange to call duplicate check and adjusts minor formatting.
Server: duplicate detection utilities india_compliance/gst_india/utils/__init__.py	New public API check_duplicate_party(field, value, party_type, party=None) plus internal helpers (_get_duplicate_pan_party, _get_duplicate_gstin_party) to locate duplicates across Party and Address records, enforce permission checks, and return formatted HTML alerts with links.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant User
    participant Browser as Client (party.js / quick_entry.js)
    participant Server as Backend (gst_india.utils)
    participant DB as Database

    User->>Browser: Enter or edit GSTIN/PAN
    Browser->>Browser: local validate_gstin / validate_pan
    Browser->>Server: frappe.call -> check_duplicate_gstin/check_duplicate_pan(args)
    Server->>Server: validate party_type and permissions
    Server->>DB: Query Parties (by PAN/GSTIN)
    alt Address-linked duplicates
        Server->>DB: Query Addresses -> linked Party(s)
    end
    DB-->>Server: return matches (if any)
    alt duplicates found
        Server->>Server: build HTML links (mark via-address if applicable)
        Server-->>Browser: return alert HTML
        Browser->>User: render orange alert with links
    else no duplicates
        Server-->>Browser: return no-duplicates
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• fix: first and last name field in party quick entry form #3791 — touches india_compliance/public/js/quick_entry.js and related quick-entry fields; likely overlaps in quick-entry client changes.

Suggested reviewers

• karm1000

Poem

🐰 I sniffed a GSTIN beneath the moon,
Hopped through parties and hummed a tune,
Found a twin and lit an orange light,
Click the link — hop to the right sight.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: adding duplicate GSTIN and PAN message checks for party and address entities, matching the primary objective.
Linked Issues check	✅ Passed	The PR implements duplicate GSTIN detection with UI alerts for party and address entities [#3781], and includes duplicate PAN checks and quick entry form validation as requested in comments.
Out of Scope Changes check	✅ Passed	Minor formatting and indentation adjustments in quick_entry.js and utils.js are incidental refactoring and fall within the scope of adding duplicate validation checks.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

india_compliance/gst_india/client_scripts/party.js (1)

83-111: Add a small guard around frappe.boot.gst_party_types to avoid runtime errors

The Address‑aware logic for resolving party_type, party, and address_name is well thought out and matches the server API. To be defensive, consider guarding the includes call in case frappe.boot.gst_party_types is missing or not an array:

-    if (doc.doctype === "Address") {
-        if (!doc.links || doc.links.length !== 1) return;
-
-        const link = doc.links[0];
-        if (!frappe.boot.gst_party_types.includes(link.link_doctype)) return;
+    if (doc.doctype === "Address") {
+        if (!doc.links || doc.links.length !== 1) return;
+
+        const link = doc.links[0];
+        if (!Array.isArray(frappe.boot.gst_party_types) ||
+            !frappe.boot.gst_party_types.includes(link.link_doctype)) {
+            return;
+        }

This avoids a Cannot read properties of undefined error if boot data changes while keeping the current behavior otherwise.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 66fcda1 and 5f1c818.

📒 Files selected for processing (2)

• india_compliance/gst_india/client_scripts/party.js (3 hunks)
• india_compliance/gst_india/utils/__init__.py (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📚 Learning: 2025-05-26T03:16:30.230Z

Learnt from: vorasmit
Repo: resilient-tech/india-compliance PR: 3344
File: india_compliance/gst_india/report/gst_account_wise_summary/gst_account_wise_summary.py:0-0
Timestamp: 2025-05-26T03:16:30.230Z
Learning: In GST account-wise summary reports, the filtering logic `doc.company_gstin != IfNull(doc[counterparty_gstin_field], "")` is intentionally designed to exclude internal transfers (where company GSTIN equals party GSTIN) while including transactions with unregistered parties (empty GSTIN). Internal transfers are excluded as they are only for internal reporting purposes like stock transfers between branches.

Applied to files:

• india_compliance/gst_india/client_scripts/party.js

📚 Learning: 2025-11-21T08:53:26.329Z

Learnt from: ljain112
Repo: resilient-tech/india-compliance PR: 3807
File: india_compliance/gst_india/overrides/transaction.py:142-157
Timestamp: 2025-11-21T08:53:26.329Z
Learning: In the india_compliance/gst_india/overrides/transaction.py file, the `_item_wise_tax_details` field used in `validate_item_wise_tax_detail()` is populated from ERPNext (not from within the India Compliance codebase) before validation runs, as part of cross-repository changes.

Applied to files:

• india_compliance/gst_india/client_scripts/party.js

🧬 Code graph analysis (1)

india_compliance/gst_india/client_scripts/party.js (3)

india_compliance/gst_india/utils/__init__.py (2)

• check_duplicate_gstin (1177-1180)
• check_duplicate_pan (1137-1140)

india_compliance/gst_india/client_scripts/address.js (2)

• doc (33-33)
• frappe (37-41)

india_compliance/gst_india/overrides/party.py (1)

• validate_pan (61-78)

🪛 GitHub Actions: Linters

india_compliance/gst_india/utils/__init__.py

[error] 1245-1245: Blocking Semgrep rule fired: frappe-translation-variable-only. Avoid translating variables with _("{}").format(msg). Use proper translation handling. Rule: frappe-semgrep-rules.rules.frappe-translation-variable-only.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Python Unit Tests
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🔇 Additional comments (4)

india_compliance/gst_india/utils/__init__.py (1)

1136-1174: PAN duplicate check helper looks correct and side‑effect only

Permission check, normalization (upper().strip()), and the duplicate lookup/message construction all look good and match the requirement of warning (not blocking) on PAN reuse across the same party type.

india_compliance/gst_india/client_scripts/party.js (3)

48-80: Wiring duplicate GSTIN check into validate_gstin looks correct

Calling check_duplicate_gstin(frm.doc) right after india_compliance.validate_gstin(gstin) ensures the server sees a syntactically valid GSTIN, and because the server also normalizes (upper().strip()), the slight timing difference with frm.doc.gstin = gstin does not affect correctness.

---

114-128: PAN duplicate check hook is placed appropriately

Invoking check_duplicate_pan(frm.doc) immediately after india_compliance.validate_pan(pan) ensures only normalized, valid PAN values trigger the server‑side duplicate warning, which matches the intended behavior.

---

130-135: PAN duplicate check helper is a clean, minimal wrapper

The check_duplicate_pan helper correctly forwards pan, party_type, and party to the new server method without adding extra client‑side branching, keeping responsibilities cleanly separated.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

india_compliance/gst_india/utils/__init__.py (2)

1136-1172: PAN duplicate check logic looks sound; consider small polish for reuse/testing

The PAN normalization, exclusion of the current party, and HTML message construction all look correct and aligned with how _check_duplicate_gstin works. To make this a bit easier to reuse and test in isolation, you might consider (optionally) returning the existing_parties / rendered HTML list from _check_duplicate_pan in addition to side‑effecting via msgprint, so callers (or tests) can assert behavior without scraping UI. Not a blocker.

---

1174-1252: GSTIN duplicate detection is correct and fixes prior i18n issue; only minor nits

The combined duplicate logic across Party and Address looks correct: you normalize GSTIN, exclude the current party (and optionally the current address), avoid generating a NOT IN () when there are no direct matches, and now build the “via Address …” text using a constant translation string with placeholders, which should satisfy the Semgrep frappe-translation-variable-only rule and keep the fragment translatable. Two minor cleanups you might consider:

• Rename the loop variable in for party in existing_parties: to party_name (or similar) to avoid shadowing the party parameter.
• Update the _check_duplicate_gstin docstring to mention that it also checks Address-linked GSTINs, not just party records.

These are purely cosmetic; the current implementation is functionally and i18n-wise in good shape.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f1c818 and e8ccdfa.

📒 Files selected for processing (1)

• india_compliance/gst_india/utils/__init__.py (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Python Unit Tests
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

[codecov]

Codecov Report

❌ Patch coverage is 14.54545% with 47 lines in your changes missing coverage. Please review.
✅ Project coverage is 69.35%. Comparing base (e0d073b) to head (0ae9686).
⚠️ Report is 12 commits behind head on develop.

Files with missing lines	Patch %	Lines
india_compliance/gst_india/utils/__init__.py	14.54%	47 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3821      +/-   ##
===========================================
- Coverage    69.51%   69.35%   -0.16%     
===========================================
  Files          182      182              
  Lines        17965    18028      +63     
===========================================
+ Hits         12489    12504      +15     
- Misses        5476     5524      +48     

Files with missing lines	Coverage Δ
india_compliance/gst_india/utils/__init__.py	67.41% <14.54%> (-6.08%)	⬇️

... and 4 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[karm1000]

@ljain112 Also add this validation in quick entry form

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

india_compliance/public/js/quick_entry.js (1)

500-523: Consider passing address_name for Address doctype for consistency with party.js.

The party.js version of check_duplicate_gstin passes address_name when the doctype is Address (see lines 100-101 in party.js). While for quick entry the address doesn't exist yet, passing null explicitly would maintain consistency with the server API signature and the other client implementation.

🔎 Suggested fix

     if (!party_type) return;
     if (!frappe.boot.gst_party_types.includes(party_type)) return;
 
     frappe.call({
         method: "india_compliance.gst_india.utils.check_duplicate_gstin",
         args: {
             gstin: gstin,
             party_type: party_type,
             party: party_name,
+            address_name: null,
         },
     });
 }

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ae9686 and 5c96a45.

📒 Files selected for processing (3)

• india_compliance/gst_india/client_scripts/party.js
• india_compliance/gst_india/utils/__init__.py
• india_compliance/public/js/quick_entry.js

🧰 Additional context used

🧠 Learnings (5)

📚 Learning: 2025-11-21T08:53:26.329Z

Learnt from: ljain112
Repo: resilient-tech/india-compliance PR: 3807
File: india_compliance/gst_india/overrides/transaction.py:142-157
Timestamp: 2025-11-21T08:53:26.329Z
Learning: In the india_compliance/gst_india/overrides/transaction.py file, the `_item_wise_tax_details` field used in `validate_item_wise_tax_detail()` is populated from ERPNext (not from within the India Compliance codebase) before validation runs, as part of cross-repository changes.

Applied to files:

• india_compliance/public/js/quick_entry.js
• india_compliance/gst_india/utils/__init__.py
• india_compliance/gst_india/client_scripts/party.js

📚 Learning: 2025-11-11T12:44:44.690Z

Learnt from: ljain112
Repo: resilient-tech/india-compliance PR: 3784
File: india_compliance/gst_india/client_scripts/company.js:25-28
Timestamp: 2025-11-11T12:44:44.690Z
Learning: In india_compliance, when using erpnext.company.set_custom_query(frm, [field_name, filters]) in Company doctype client scripts, the function automatically adds company and is_group filters. The filters object parameter should only contain additional filters beyond these defaults (e.g., root_type). For default_gst_expense_account, no root_type filter is needed, so an empty object {} is passed.

Applied to files:

• india_compliance/public/js/quick_entry.js

📚 Learning: 2025-09-04T13:11:55.495Z

Learnt from: karm1000
Repo: resilient-tech/india-compliance PR: 3636
File: india_compliance/gst_india/utils/e_invoice.py:0-0
Timestamp: 2025-09-04T13:11:55.495Z
Learning: For e-invoice API error codes 3028 and 3029, the response will always contain a GSTIN that can be extracted from the error message using GSTIN_FORMAT regex.

Applied to files:

• india_compliance/gst_india/utils/__init__.py

📚 Learning: 2025-10-01T10:54:11.096Z

Learnt from: karm1000
Repo: resilient-tech/india-compliance PR: 3709
File: india_compliance/gst_india/utils/exporter.py:174-174
Timestamp: 2025-10-01T10:54:11.096Z
Learning: In india_compliance/gst_india/doctype/gstr_1/gstr_1_export.py, FIELD_TRANSFORMATIONS dictionary contains lambdas that are only called internally by DataProcessor.apply_transformations() with a single argument. These are separate from header transforms used with ExcelExporter.insert_data() which accept two arguments (value, row).

Applied to files:

• india_compliance/gst_india/utils/__init__.py

📚 Learning: 2025-05-26T03:16:30.230Z

Learnt from: vorasmit
Repo: resilient-tech/india-compliance PR: 3344
File: india_compliance/gst_india/report/gst_account_wise_summary/gst_account_wise_summary.py:0-0
Timestamp: 2025-05-26T03:16:30.230Z
Learning: In GST account-wise summary reports, the filtering logic `doc.company_gstin != IfNull(doc[counterparty_gstin_field], "")` is intentionally designed to exclude internal transfers (where company GSTIN equals party GSTIN) while including transactions with unregistered parties (empty GSTIN). Internal transfers are excluded as they are only for internal reporting purposes like stock transfers between branches.

Applied to files:

• india_compliance/gst_india/client_scripts/party.js

🧬 Code graph analysis (2)

india_compliance/public/js/quick_entry.js (1)

india_compliance/gst_india/utils/__init__.py (1)

• check_duplicate_gstin (1193-1217)

india_compliance/gst_india/client_scripts/party.js (2)

india_compliance/gst_india/utils/__init__.py (2)

• check_duplicate_gstin (1193-1217)
• check_duplicate_pan (1157-1174)

india_compliance/gst_india/client_scripts/address.js (2)

• doc (33-33)
• frappe (37-41)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Codacy Static Code Analysis
• GitHub Check: Python Unit Tests
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🔇 Additional comments (13)

india_compliance/public/js/quick_entry.js (2)

100-101: LGTM!

The duplicate GSTIN check is correctly invoked before proceeding with autofill or category guessing. This ensures users are alerted about duplicates early in the form filling process.

---

174-187: LGTM!

Contact fields layout adjustment looks correct. No functional changes to the field definitions.

india_compliance/gst_india/utils/__init__.py (7)

36-36: LGTM!

Import of GST_PARTY_TYPES is correctly added to support party type validation.

---

1137-1145: LGTM!

The alert function correctly formats the message with duplicate links and uses an appropriate orange indicator to warn users without blocking their workflow.

---

1148-1153: LGTM!

The validation correctly gates duplicate checks to only GST party types and enforces permission checks before proceeding.

---

1156-1174: LGTM!

The check_duplicate_pan function is well-structured with proper input validation, normalization, and the party parameter is correctly optional to handle new documents.

---

1177-1189: LGTM!

Simple and effective duplicate PAN query. Correctly excludes the current party when editing.

---

1192-1217: LGTM!

The function correctly handles both direct party GSTIN matches and address-linked GSTIN matches, with proper translation handling for the "via Address" message.

---

1220-1275: LGTM!

The UNION query efficiently combines direct party matches and address-linked matches in a single database call. The deduplication logic correctly prioritizes direct GSTIN matches over address-linked ones when a party appears in both result sets.

india_compliance/gst_india/client_scripts/party.js (4)

63-63: LGTM!

Duplicate GSTIN check is correctly invoked after validation and before refreshing the field.

---

83-110: LGTM!

The function correctly handles the Address doctype by using the linked party information and safely returns early when multiple parties are linked (avoiding ambiguity about which party to check against). The __islocal check properly handles new documents by passing null for party/address_name.

---

121-121: LGTM!

Duplicate PAN check is correctly placed after validation.

---

128-143: LGTM!

The check_duplicate_pan function mirrors the pattern of check_duplicate_gstin appropriately. PAN checks don't need Address-specific handling since PAN is typically a party-level field.

[karm1000]

LGTM

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@india_compliance/gst_india/utils/__init__.py`:
- Around line 1165-1174: The code building duplicate_links assumes each row from
_get_duplicate_pan_party() has keys "via_address" and "address", causing
KeyError; update the loop that iterates existing_parties to safely access
row.get("via_address") and row.get("address") (or normalize rows returned by
_get_duplicate_pan_party()) before calling get_link_to_form, e.g., check if
row.get("via_address") is truthy and only then call get_link_to_form("Address",
row.get("address")), otherwise fall back to using party_link; ensure
duplicate_links.append still uses the constructed link_msg.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@india_compliance/gst_india/utils/__init__.py`:
- Around line 1165-1173: existing_parties from _get_duplicate_gstin_party() can
be plain dicts, so using attribute access like row.name / row.via_address /
row.address will raise AttributeError; update the loop that builds link_msg
(referencing existing_parties, get_link_to_form, party_type) to either normalize
each row to a frappe._dict (e.g., row = frappe._dict(row)) before use or switch
to dict-style access (row["name"], row.get("via_address"), row.get("address"))
when building party_link and address_link so duplicate-GSTIN cases do not crash.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Fix dict attribute access to avoid duplicate-GSTIN crash.
_get_duplicate_gstin_party() returns plain dicts, so row.name / row.via_address / row.address will raise AttributeError when duplicates exist. Use dict access (or normalize to frappe._dict) before formatting the message.

🛠️ Proposed fix

-    for row in existing_parties:
-        party_link = get_link_to_form(party_type, row.name)
-        if row.via_address:
-            address_link = get_link_to_form("Address", row.address)
+    for row in existing_parties:
+        party_name = row.get("name")
+        if not party_name:
+            continue
+        party_link = get_link_to_form(party_type, party_name)
+        if row.get("via_address"):
+            address_link = get_link_to_form("Address", row.get("address"))
             link_msg = _("{0} (via Address {1})").format(party_link, address_link)
         else:
             link_msg = party_link

🤖 Prompt for AI Agents

In `@india_compliance/gst_india/utils/__init__.py` around lines 1165 - 1173,
existing_parties from _get_duplicate_gstin_party() can be plain dicts, so using
attribute access like row.name / row.via_address / row.address will raise
AttributeError; update the loop that builds link_msg (referencing
existing_parties, get_link_to_form, party_type) to either normalize each row to
a frappe._dict (e.g., row = frappe._dict(row)) before use or switch to
dict-style access (row["name"], row.get("via_address"), row.get("address")) when
building party_link and address_link so duplicate-GSTIN cases do not crash.

[ljain112]

@Mergifyio backport version-16-hotfix

[mergify]

backport version-16-hotfix

✅ Backports have been created

Details

• #3935 fix: add duplicate GSTIN and PAN message checks in party and address (backport #3821) has been created for branch version-16-hotfix but encountered conflicts

Cherry-pick of 5c96a45 has failed:

On branch mergify/bp/version-16-hotfix/pr-3821
Your branch is ahead of 'origin/version-16-hotfix' by 8 commits.
  (use "git push" to publish your local commits)

You are currently cherry-picking commit 5c96a450.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   india_compliance/public/js/quick_entry.js

no changes added to commit (use "git add" and/or "git commit -a")

Cherry-pick of e2ee569 has failed:

On branch mergify/bp/version-16-hotfix/pr-3821
Your branch is ahead of 'origin/version-16-hotfix' by 9 commits.
  (use "git push" to publish your local commits)

You are currently cherry-picking commit e2ee5690.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   india_compliance/public/js/quick_entry.js

no changes added to commit (use "git add" and/or "git commit -a")

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally