Frappe File Management

Quick Reference

save_file(fname, content, dt, dn)

save_url(file_url, fname, dt, dn)

frappe.get_file(fname)

[filename, content]

get_file_path(file_name)

POST /api/method/upload_file

frappe.delete_doc("File", name)

frappe.attach_print(dt, dn, print_format)

{"fname", "fcontent"}

frappe.get_cached_doc("File", name)

Decision Tree

What file operation do you need?
│
├─ Upload a file from user input?
│  ├─ Via web form → Attach field type (auto-handles upload)
│  └─ Via API → POST /api/method/upload_file
│
├─ Create a file programmatically?
│  ├─ From bytes/content → save_file(fname, content, dt, dn)
│  ├─ From external URL → save_url(file_url, fname, dt, dn)
│  └─ Full control → frappe.get_doc({"doctype": "File", ...}).insert()
│
├─ Read file content?
│  ├─ By filename → frappe.get_file(fname)
│  └─ By File doc → file_doc.get_content()
│
├─ Public or private?
│  ├─ Public (anyone with link) → is_private=0, URL: /files/fname
│  └─ Private (permission-based) → is_private=1, URL: /private/files/fname
│
└─ Generate PDF attachment?
   └─ frappe.attach_print(doctype, name, print_format)

File DocType: Core Fields

file_name

file_url

/files/report.pdf

file_type

is_private

is_folder

folder

attached_to_doctype

attached_to_name

attached_to_field

content_hash

file_size

File URL Patterns

/files/{filename}

{site}/public/files/{filename}

/private/files/{filename}

{site}/private/files/{filename}

https://...

/api/method/{path}

Valid URL prefixes:

http://

https://

/api/method/

/files/

/private/files/

ALWAYS use

/private/files/

Permission Model

Frappe files use a three-tier permission model:

1. Administrator — unrestricted access to all files
2. Public files (

   is_private=0

   ) — readable by anyone with the URL (no authentication required for read)
3. Private files (

   is_private=1

   ) — access requires:
   • User is the file owner, OR
   • User has explicit share on the file, OR
   • User has read permission on the

     attached_to_doctype

     /

     attached_to_name

     document

NEVER store sensitive data as public files. ALWAYS set

is_private=1

Programmatic File Operations

Save File from Content

from frappe.utils.file_manager import save_file

# Save a generated CSV
csv_content = "Name,Amount\nACME,1000\nGlobex,2000"
file_doc = save_file(
    fname="report.csv",
    content=csv_content.encode("utf-8"),
    dt="Sales Invoice",           # attach to this DocType
    dn="SINV-00001",              # attach to this document
    folder="Home/Attachments",    # optional folder
    is_private=1,                 # private file
)
# file_doc.file_url → "/private/files/report.csv"

Save File from URL

from frappe.utils.file_manager import save_url

file_doc = save_url(
    file_url="https://example.com/logo.png",
    filename="company-logo.png",
    dt="Company",
    dn="My Company",
    folder="Home",
    is_private=0,
)

Read File Content

# By filename
filename, content = frappe.get_file("report.csv")

# By File document
file_doc = frappe.get_doc("File", {"file_name": "report.csv"})
content_bytes = file_doc.get_content()

Create File Document Directly

file_doc = frappe.get_doc({
    "doctype": "File",
    "file_name": "generated-report.pdf",
    "attached_to_doctype": "Sales Invoice",
    "attached_to_name": "SINV-00001",
    "is_private": 1,
    "content": pdf_bytes,  # raw bytes — written to disk on insert
}).insert(ignore_permissions=True)

Generate and Attach PDF

# Create PDF attachment dict (for use with sendmail)
pdf_attachment = frappe.attach_print(
    "Sales Invoice",
    "SINV-00001",
    print_format="Standard",
)
# Returns: {"fname": "Sales Invoice - SINV-00001.pdf", "fcontent": <bytes>}

# Save PDF as file attachment
from frappe.utils.file_manager import save_file

pdf = frappe.get_print("Sales Invoice", "SINV-00001", print_format="Standard", as_pdf=True)
save_file("invoice.pdf", pdf, "Sales Invoice", "SINV-00001", is_private=1)

File Upload via REST API

# Upload file attached to a document
curl -X POST https://site.example.com/api/method/upload_file \
  -H "Authorization: token api_key:api_secret" \
  -F "file=@/path/to/document.pdf" \
  -F "doctype=Sales Invoice" \
  -F "docname=SINV-00001" \
  -F "is_private=1"

Response:

{
  "message": {
    "name": "FILE-00001",
    "file_name": "document.pdf",
    "file_url": "/private/files/document.pdf",
    "is_private": 1
  }
}

File Size and Extension Limits

Default max file size: 10 MB per attachment.

Override in

site_config.json

{
  "max_file_size": 20971520
}

Max attachments per document: Set via Customize Form → Max Attachments field on the DocType.

Check file size programmatically:

from frappe.utils.file_manager import check_max_file_size
check_max_file_size(content)  # raises MaxFileSizeReachedError if too large

Attach Field Types

Attach

Attach Image

Both store the

file_url

attached_to_field

S3 / Cloud Storage Integration

Frappe supports custom file storage via the

delete_file_data_content

S3 via frappe-s3-attachment or similar app

# In hooks.py of custom app
delete_file_data_content = "my_app.storage.delete_from_s3"

ALWAYS test file deletion when using custom storage backends — the default

delete_file_from_filesystem

Configuration Pattern

# site_config.json for S3-compatible storage
{
  "s3_bucket": "my-frappe-files",
  "s3_region": "eu-west-1",
  "s3_access_key": "AKIA...",
  "s3_secret_key": "...",
}

Version Differences

content_hash

See Also

• references/examples.md — File operation code examples
• references/anti-patterns.md — Common file handling mistakes

• frappe-core-permissions

  — Permission model for file access

• frappe-core-database

  — Database operations for File queries