From 901773a13991b04c30e1c7a5f86e4271a3620faf Mon Sep 17 00:00:00 2001
From: Anand Doshi <anand@erpnext.com>
Date: Fri, 5 Jul 2013 12:57:03 +0530
Subject: [PATCH 1/3] [fresh install] [fix] replace allow roles with explicit
 has_permission checks for doctype py files

---
 accounts/doctype/mis_control/mis_control.py     |  5 ++---
 .../upload_attendance/upload_attendance.py      | 10 ++++++++--
 .../stock_ledger_entry/stock_ledger_entry.py    | 17 +++++++++--------
 utilities/doctype/rename_tool/rename_tool.py    |  5 ++++-
 4 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/accounts/doctype/mis_control/mis_control.py b/accounts/doctype/mis_control/mis_control.py
index 17971fe184..35d2bc2cbf 100644
--- a/accounts/doctype/mis_control/mis_control.py
+++ b/accounts/doctype/mis_control/mis_control.py
@@ -35,8 +35,6 @@ class DocType:
 		self.account_list = []
 		self.ac_details = {} # key: account id, values: debit_or_credit, lft, rgt
 		
-		self.roles = webnotes.user.get_roles()
-
 		self.period_list = []
 		self.period_start_date = {}
 		self.period_end_date = {}
@@ -44,7 +42,7 @@ class DocType:
 		self.fs_list = []
 		self.root_bal = []
 		self.flag = 0
-
+		
 	# Get defaults on load of MIS, MIS - Comparison Report and Financial statements
 	# ----------------------------------------------------
 	def get_comp(self):
@@ -75,6 +73,7 @@ class DocType:
 		ret['month'] = mon
 
 		# ------------------------ get MIS Type on basis of roles of session user ------------------------------------------
+		self.roles = webnotes.user.get_roles()
 		if has_common(self.roles, ['Sales Manager']):
 			type.append('Sales')
 		if has_common(self.roles, ['Purchase Manager']):
diff --git a/hr/doctype/upload_attendance/upload_attendance.py b/hr/doctype/upload_attendance/upload_attendance.py
index ee4234a279..54b8e49b09 100644
--- a/hr/doctype/upload_attendance/upload_attendance.py
+++ b/hr/doctype/upload_attendance/upload_attendance.py
@@ -13,8 +13,11 @@ class DocType():
 		self.doc = doc
 		self.doclist = doclist
 
-@webnotes.whitelist(allow_roles=['System Manager', 'HR Manager', "HR User"])
+@webnotes.whitelist()
 def get_template():
+	if not webnotes.has_permission("Attendance", "create"):
+		raise webnotes.PermissionError
+	
 	args = webnotes.form_dict
 	global doclist
 	doclist = webnotes.model.doctype.get("Attendance")
@@ -96,8 +99,11 @@ def get_naming_series():
 	return series[0]
 
 
-@webnotes.whitelist(allow_roles=['System Manager', 'HR Manager', "HR User"])
+@webnotes.whitelist()
 def upload():
+	if not webnotes.has_permission("Attendance", "create"):
+		raise webnotes.PermissionError
+	
 	from webnotes.utils.datautils import read_csv_content_from_uploaded_file
 	from webnotes.modules import scrub
 	
diff --git a/stock/doctype/stock_ledger_entry/stock_ledger_entry.py b/stock/doctype/stock_ledger_entry/stock_ledger_entry.py
index b2a10853ac..c216c42631 100644
--- a/stock/doctype/stock_ledger_entry/stock_ledger_entry.py
+++ b/stock/doctype/stock_ledger_entry/stock_ledger_entry.py
@@ -119,11 +119,12 @@ class DocType(DocListController):
 	def scrub_posting_time(self):
 		if not self.doc.posting_time or self.doc.posting_time == '00:0':
 			self.doc.posting_time = '00:00'
-			
-	def on_doctype_update(self):
-		if not webnotes.conn.sql("""show index from `tabStock Ledger Entry` 
-			where Key_name="posting_sort_index" """):
-			webnotes.conn.commit()
-			webnotes.conn.sql("""alter table `tabStock Ledger Entry` 
-				add index posting_sort_index(posting_date, posting_time, name)""")
-			webnotes.conn.begin()
\ No newline at end of file
+
+def on_doctype_update():
+	print "on_doctype_update called for SLE"
+	if not webnotes.conn.sql("""show index from `tabStock Ledger Entry` 
+		where Key_name="posting_sort_index" """):
+		webnotes.conn.commit()
+		webnotes.conn.sql("""alter table `tabStock Ledger Entry` 
+			add index posting_sort_index(posting_date, posting_time, name)""")
+		webnotes.conn.begin()
\ No newline at end of file
diff --git a/utilities/doctype/rename_tool/rename_tool.py b/utilities/doctype/rename_tool/rename_tool.py
index 5accf3c6b7..4da3a28ad9 100644
--- a/utilities/doctype/rename_tool/rename_tool.py
+++ b/utilities/doctype/rename_tool/rename_tool.py
@@ -13,7 +13,7 @@ def get_doctypes():
 	return webnotes.conn.sql_list("""select name from tabDocType
 		where ifnull(allow_rename,0)=1 and module!='Core' order by name""")
 		
-@webnotes.whitelist(allow_roles=["System Manager"])
+@webnotes.whitelist()
 def upload(select_doctype=None, rows=None):
 	from webnotes.utils.datautils import read_csv_content_from_uploaded_file
 	from webnotes.modules import scrub
@@ -21,6 +21,9 @@ def upload(select_doctype=None, rows=None):
 
 	if not select_doctype:
 		select_doctype = webnotes.form_dict.select_doctype
+		
+	if not webnotes.has_permission(select_doctype, "write"):
+		raise webnotes.PermissionError
 
 	if not rows:
 		rows = read_csv_content_from_uploaded_file()

From cba2913ddd698c3058f3b985d698f18a4185fec7 Mon Sep 17 00:00:00 2001
From: Anand Doshi <anand@erpnext.com>
Date: Fri, 5 Jul 2013 12:58:30 +0530
Subject: [PATCH 2/3] [stock ledger entry] [minor] removed print

---
 stock/doctype/stock_ledger_entry/stock_ledger_entry.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/stock/doctype/stock_ledger_entry/stock_ledger_entry.py b/stock/doctype/stock_ledger_entry/stock_ledger_entry.py
index c216c42631..664ead21d9 100644
--- a/stock/doctype/stock_ledger_entry/stock_ledger_entry.py
+++ b/stock/doctype/stock_ledger_entry/stock_ledger_entry.py
@@ -121,7 +121,6 @@ class DocType(DocListController):
 			self.doc.posting_time = '00:00'
 
 def on_doctype_update():
-	print "on_doctype_update called for SLE"
 	if not webnotes.conn.sql("""show index from `tabStock Ledger Entry` 
 		where Key_name="posting_sort_index" """):
 		webnotes.conn.commit()

From 8226dc089ed680acb2af2dc7fbbeefa74e445fe1 Mon Sep 17 00:00:00 2001
From: Anand Doshi <anand@erpnext.com>
Date: Fri, 5 Jul 2013 14:15:00 +0530
Subject: [PATCH 3/3] [website] [css] changed default button color

---
 website/css/website.css | 33 ++++++++++++++++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/website/css/website.css b/website/css/website.css
index df37821bfe..816b3efd9d 100644
--- a/website/css/website.css
+++ b/website/css/website.css
@@ -134,4 +134,35 @@ img {
 
 .accordion-heading, .accordion-inner {
 	padding-left: 10px;
-}
\ No newline at end of file
+}
+
+/* buttons */
+.btn-default {
+  color: #ffffff;
+  background-color: #a7a9aa;
+  border-color: #a7a9aa;
+}
+
+.btn-default:hover,
+.btn-default:focus,
+.btn-default:active,
+.btn-default.active {
+  background-color: #9a9c9d;
+  border-color: #8d9091;
+}
+
+.btn-default.disabled:hover,
+.btn-default[disabled]:hover,
+fieldset[disabled] .btn-default:hover,
+.btn-default.disabled:focus,
+.btn-default[disabled]:focus,
+fieldset[disabled] .btn-default:focus,
+.btn-default.disabled:active,
+.btn-default[disabled]:active,
+fieldset[disabled] .btn-default:active,
+.btn-default.disabled.active,
+.btn-default[disabled].active,
+fieldset[disabled] .btn-default.active {
+  background-color: #a7a9aa;
+  border-color: #a7a9aa;
+}