From 78a0c20305ac8e9e4c8266b7cd47187ece395142 Mon Sep 17 00:00:00 2001
From: Rushabh Mehta <rmehta@gmail.com>
Date: Tue, 1 Jan 2013 19:51:35 +0530
Subject: [PATCH 1/3] new permission manager

---
 .../leave_application/leave_application.txt   | 47 ++++++---------
 patches/january_2013/__init__.py              |  0
 .../january_2013/remove_bad_permissions.py    |  7 +++
 patches/patch_list.py                         |  4 ++
 setup/page/setup/setup.html                   | 12 ++--
 utilities/doctype/question/question.txt       | 58 ++++---------------
 website/utils.py                              |  2 +-
 7 files changed, 46 insertions(+), 84 deletions(-)
 create mode 100644 patches/january_2013/__init__.py
 create mode 100644 patches/january_2013/remove_bad_permissions.py

diff --git a/hr/doctype/leave_application/leave_application.txt b/hr/doctype/leave_application/leave_application.txt
index edebe4bfd9..6af6529f8e 100644
--- a/hr/doctype/leave_application/leave_application.txt
+++ b/hr/doctype/leave_application/leave_application.txt
@@ -2,9 +2,9 @@
  {
   "owner": "Administrator", 
   "docstatus": 0, 
-  "creation": "2012-12-10 10:25:20", 
+  "creation": "2012-12-19 12:46:47", 
   "modified_by": "Administrator", 
-  "modified": "2012-12-18 11:06:54"
+  "modified": "2013-01-01 15:13:51"
  }, 
  {
   "is_submittable": 1, 
@@ -28,6 +28,7 @@
   "parent": "Leave Application", 
   "read": 1, 
   "doctype": "DocPerm", 
+  "write": 1, 
   "parenttype": "DocType", 
   "parentfield": "permissions"
  }, 
@@ -49,6 +50,7 @@
   "description": "Leave can be approved by users with Role, \"Leave Approver\"", 
   "doctype": "DocField", 
   "label": "Leave Approver", 
+  "options": "link:Profile", 
   "fieldname": "leave_approver", 
   "fieldtype": "Select", 
   "permlevel": 0
@@ -90,6 +92,7 @@
   "permlevel": 0
  }, 
  {
+  "print_width": "50%", 
   "doctype": "DocField", 
   "width": "50%", 
   "fieldname": "column_break1", 
@@ -115,29 +118,32 @@
   "in_filter": 1
  }, 
  {
+  "read_only": 1, 
   "search_index": 0, 
   "doctype": "DocField", 
   "label": "Employee Name", 
   "fieldname": "employee_name", 
   "fieldtype": "Data", 
-  "permlevel": 1, 
+  "permlevel": 0, 
   "in_filter": 1
  }, 
  {
+  "read_only": 1, 
   "no_copy": 1, 
   "doctype": "DocField", 
   "label": "Leave Balance Before Application", 
   "fieldname": "leave_balance", 
   "fieldtype": "Currency", 
-  "permlevel": 1
+  "permlevel": 0
  }, 
  {
+  "read_only": 1, 
   "no_copy": 1, 
   "doctype": "DocField", 
   "label": "Total Leave Days", 
   "fieldname": "total_leave_days", 
   "fieldtype": "Currency", 
-  "permlevel": 1
+  "permlevel": 0
  }, 
  {
   "doctype": "DocField", 
@@ -157,6 +163,7 @@
   "permlevel": 2
  }, 
  {
+  "read_only": 0, 
   "search_index": 0, 
   "doctype": "DocField", 
   "label": "Fiscal Year", 
@@ -168,6 +175,7 @@
   "in_filter": 1
  }, 
  {
+  "read_only": 0, 
   "print_hide": 1, 
   "doctype": "DocField", 
   "label": "Letter Head", 
@@ -177,38 +185,27 @@
   "permlevel": 2
  }, 
  {
+  "print_hide": 1, 
+  "no_copy": 1, 
   "doctype": "DocField", 
   "label": "Amended From", 
+  "options": "Sales Invoice", 
   "fieldname": "amended_from", 
-  "fieldtype": "Data", 
-  "permlevel": 2
- }, 
- {
-  "doctype": "DocField", 
-  "label": "Amendment Date", 
-  "fieldname": "amendment_date", 
-  "fieldtype": "Date", 
-  "permlevel": 2
+  "fieldtype": "Link", 
+  "permlevel": 1
  }, 
  {
   "create": 1, 
   "doctype": "DocPerm", 
-  "write": 1, 
   "role": "Employee", 
   "permlevel": 0, 
   "match": "employee"
  }, 
- {
-  "doctype": "DocPerm", 
-  "role": "All", 
-  "permlevel": 1
- }, 
  {
   "amend": 1, 
   "create": 1, 
   "doctype": "DocPerm", 
   "submit": 1, 
-  "write": 1, 
   "role": "HR User", 
   "cancel": 1, 
   "permlevel": 0
@@ -218,7 +215,6 @@
   "create": 1, 
   "doctype": "DocPerm", 
   "submit": 1, 
-  "write": 1, 
   "role": "Leave Approver", 
   "cancel": 1, 
   "permlevel": 0, 
@@ -226,7 +222,6 @@
  }, 
  {
   "doctype": "DocPerm", 
-  "write": 1, 
   "role": "HR User", 
   "permlevel": 2
  }, 
@@ -235,14 +230,8 @@
   "create": 0, 
   "doctype": "DocPerm", 
   "submit": 0, 
-  "write": 1, 
   "role": "Leave Approver", 
   "cancel": 0, 
   "permlevel": 2
- }, 
- {
-  "doctype": "DocPerm", 
-  "role": "All", 
-  "permlevel": 3
  }
 ]
\ No newline at end of file
diff --git a/patches/january_2013/__init__.py b/patches/january_2013/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/patches/january_2013/remove_bad_permissions.py b/patches/january_2013/remove_bad_permissions.py
new file mode 100644
index 0000000000..58d5de27d4
--- /dev/null
+++ b/patches/january_2013/remove_bad_permissions.py
@@ -0,0 +1,7 @@
+import webnotes
+
+def execute():
+	webnotes.conn.sql("""update tabDocPerm set permlevel=0 where permlevel is null""")
+	webnotes.conn.sql("""update tabDocPerm set `create`=0, `submit`=0, `cancel`=0,
+		`amend`=0, `match`='' where permlevel>0""")
+	webnotes.delete_doc("Permission Control")
\ No newline at end of file
diff --git a/patches/patch_list.py b/patches/patch_list.py
index b1ebdef5ed..318ce25407 100644
--- a/patches/patch_list.py
+++ b/patches/patch_list.py
@@ -574,4 +574,8 @@ patch_list = [
 		'patch_module': 'patches.december_2012',
 		'patch_file': 'update_print_width',
 	},
+	{
+		'patch_module': 'patches.january_2013',
+		'patch_file': 'remove_bad_permissions',
+	},	
 ]
\ No newline at end of file
diff --git a/setup/page/setup/setup.html b/setup/page/setup/setup.html
index 1e7607f6c0..676dd179ee 100644
--- a/setup/page/setup/setup.html
+++ b/setup/page/setup/setup.html
@@ -23,9 +23,13 @@
 				<span class="help">Add/remove users, set roles, passwords etc</span>
 			</p>
 			<p>
-				<b><a href="#Permission Engine">Permission Manager</a></b><br>
+				<b><a href="#user-properties">Permission Manager</a></b><br>
 				<span class="help">Set permissions on transactions / masters</span>
 			</p>
+			<p>
+				<b><a href="#permission-manager">User Properties</a></b><br>
+				<span class="help">Set default values for users (also used for permissions).</span>
+			</p>
 			<p>
 				<b><a href="#List/Workflow">Workflow Manager</a></b><br>
 				<span class="help">Set workflow rules.</span>
@@ -118,12 +122,6 @@
 				<b><a href="#List/Print Heading">Print Headings</a></b><br>
 				<span class="help">Add headers for standard print formats</span>
 			</p>
-			<!--
-			<p>
-				<b><a href="#Form/Personalize/Personalize">Home Banner</a></b><br>
-				<span class="help">Add a home page banner</span>
-			</p>
-			-->
 			<p>
 				<b><a href="#Form/Style Settings/Style Settings">Style Settings</a></b><br>
 				<span class="help">Change background fonts etc</span>
diff --git a/utilities/doctype/question/question.txt b/utilities/doctype/question/question.txt
index b63df41106..ef9d7d3d1c 100644
--- a/utilities/doctype/question/question.txt
+++ b/utilities/doctype/question/question.txt
@@ -2,24 +2,18 @@
  {
   "owner": "Administrator", 
   "docstatus": 0, 
-  "creation": "2012-03-27 14:36:01", 
+  "creation": "2012-07-03 13:30:42", 
   "modified_by": "Administrator", 
-  "modified": "2012-03-27 14:36:01"
+  "modified": "2013-01-01 18:58:55"
  }, 
  {
-  "section_style": "Simple", 
-  "allow_attach": 0, 
-  "module": "Utilities", 
-  "allow_trash": 1, 
-  "server_code_error": " ", 
-  "in_create": 1, 
   "read_only": 1, 
   "autoname": "QUES.#######", 
+  "in_create": 1, 
   "name": "__common__", 
-  "colour": "White:FFF", 
   "doctype": "DocType", 
-  "show_in_menu": 0, 
-  "version": 7
+  "module": "Utilities", 
+  "allow_attach": 0
  }, 
  {
   "name": "__common__", 
@@ -32,10 +26,10 @@
  {
   "parent": "Question", 
   "read": 1, 
-  "doctype": "DocPerm", 
   "cancel": 1, 
   "name": "__common__", 
   "create": 1, 
+  "doctype": "DocPerm", 
   "write": 1, 
   "parenttype": "DocType", 
   "role": "All", 
@@ -46,9 +40,6 @@
   "name": "Question", 
   "doctype": "DocType"
  }, 
- {
-  "doctype": "DocPerm"
- }, 
  {
   "oldfieldtype": "Text", 
   "doctype": "DocField", 
@@ -79,41 +70,11 @@
   "fieldtype": "Data", 
   "hidden": 1
  }, 
- {
-  "search_index": 0, 
-  "doctype": "DocField", 
-  "label": "Tag 1", 
-  "oldfieldname": "tag_1", 
-  "fieldname": "tag_1", 
-  "fieldtype": "Link", 
-  "oldfieldtype": "Link", 
-  "options": "Question Tag"
- }, 
  {
   "doctype": "DocField", 
+  "label": "Users Voted", 
   "fieldname": "_users_voted", 
-  "fieldtype": "Text", 
-  "label": "Users Voted"
- }, 
- {
-  "search_index": 0, 
-  "doctype": "DocField", 
-  "label": "Tag 2", 
-  "oldfieldname": "tag_2", 
-  "fieldname": "tag_2", 
-  "fieldtype": "Link", 
-  "oldfieldtype": "Link", 
-  "options": "Question Tag"
- }, 
- {
-  "search_index": 0, 
-  "doctype": "DocField", 
-  "label": "Tag 3", 
-  "oldfieldname": "tag_3", 
-  "fieldname": "tag_3", 
-  "fieldtype": "Link", 
-  "oldfieldtype": "Link", 
-  "options": "Question Tag"
+  "fieldtype": "Text"
  }, 
  {
   "oldfieldtype": "Text", 
@@ -123,5 +84,8 @@
   "fieldname": "file_list", 
   "fieldtype": "Text", 
   "hidden": 1
+ }, 
+ {
+  "doctype": "DocPerm"
  }
 ]
\ No newline at end of file
diff --git a/website/utils.py b/website/utils.py
index b7fd88da35..96fbdc8dc9 100644
--- a/website/utils.py
+++ b/website/utils.py
@@ -145,7 +145,7 @@ def prepare_args(page_name):
 	
 	if page_name in get_template_pages():
 		args = webnotes._dict({
-			'template': 'pages/%s' % page_name,
+			'template': 'pages/%s.html' % page_name,
 			'name': page_name,
 		})
 		if page_name in page_settings_map:

From 7d19e5c4dd12c5e64316cc2322ddfc44f0a4282f Mon Sep 17 00:00:00 2001
From: Rushabh Mehta <rmehta@gmail.com>
Date: Tue, 1 Jan 2013 19:52:36 +0530
Subject: [PATCH 2/3] new permission manager

---
 setup/doctype/permission_control/__init__.py  |   1 -
 .../permission_control/permission_control.py  | 217 -------
 .../permission_control/permission_control.txt |  26 -
 setup/page/permission_engine/__init__.py      |   1 -
 .../permission_engine/permission_engine.html  |  10 -
 .../permission_engine/permission_engine.js    | 585 ------------------
 .../permission_engine/permission_engine.txt   |  32 -
 7 files changed, 872 deletions(-)
 delete mode 100644 setup/doctype/permission_control/__init__.py
 delete mode 100644 setup/doctype/permission_control/permission_control.py
 delete mode 100644 setup/doctype/permission_control/permission_control.txt
 delete mode 100644 setup/page/permission_engine/__init__.py
 delete mode 100644 setup/page/permission_engine/permission_engine.html
 delete mode 100644 setup/page/permission_engine/permission_engine.js
 delete mode 100644 setup/page/permission_engine/permission_engine.txt

diff --git a/setup/doctype/permission_control/__init__.py b/setup/doctype/permission_control/__init__.py
deleted file mode 100644
index baffc48825..0000000000
--- a/setup/doctype/permission_control/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-from __future__ import unicode_literals
diff --git a/setup/doctype/permission_control/permission_control.py b/setup/doctype/permission_control/permission_control.py
deleted file mode 100644
index 4fbd1ddfaf..0000000000
--- a/setup/doctype/permission_control/permission_control.py
+++ /dev/null
@@ -1,217 +0,0 @@
-# ERPNext - web based ERP (http://erpnext.com)
-# Copyright (C) 2012 Web Notes Technologies Pvt Ltd
-# 
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-from __future__ import unicode_literals
-import webnotes
-
-from webnotes.utils import cint, cstr, get_defaults, now
-from webnotes.model import db_exists
-from webnotes.model.doc import Document
-from webnotes.model.wrapper import copy_doclist
-from webnotes import msgprint
-
-sql = webnotes.conn.sql
-
-class DocType:
-	def __init__(self, doc, doclist):
-		self.doc = doc
-		self.doclist = doclist
-		
-	
-	# Get Roles and Modules on loading Permission Engine
-	# ----------------------------------------------------- 
-	def get_doctype_list(self):
-		ret = sql("""SELECT `name` FROM tabDocType 
-			WHERE ifnull(docstatus,0)=0
-			AND ifnull(istable,0)=0
-			AND ifnull(issingle,0)=0
-			AND (`module` NOT IN ('System','Utilities','Setup Masters','Roles','Recycle Bin','Mapper','Application Internal','Development', 'Core')
-			OR name IN ('Contact', 'Address'))
-			ORDER BY `name` ASC""")
-		
-		rl = [''] + [a[0] for a in sql("select name from tabRole where ifnull(docstatus,0)=0")]
-		
-		return {'doctypes': [r[0] for r in ret], 'roles': rl}
-		
-
-	# Get Perm Level, Perm type of Doctypes of Module and Role Selected
-	# -------------------------------------------------------------------
-	def get_permissions(self,doctype):
-		import webnotes.model.doctype
-		doclist = webnotes.model.doctype.get(doctype).get_parent_doclist()
-		
-		ptype = [{
-				'role': perm.role,
-				'permlevel': cint(perm.permlevel),
-				'read': cint(perm.read),
-				'write': cint(perm.write),
-				'create': cint(perm.create),
-				'cancel': cint(perm.cancel),
-				'submit': cint(perm.submit),
-				'amend': cint(perm.amend),
-				'match': perm.match
-				} for perm in sorted(doclist,
-					key=lambda d: [d.fields.get('permlevel'),
-						d.fields.get('role')]) if perm.doctype=='DocPerm']
-
-		fl = ['', 'owner'] + [d.fieldname for d in doclist \
-				if d.doctype=='DocField' and ((d.fieldtype=='Link' \
-				and cstr(d.options)!='') or (d.fieldtype=='Select' and
-					'link:' in cstr(d.options).lower()))]
-
-		return {
-			'perms':ptype,
-			'fields':fl,
-			'is_submittable': doclist[0].fields.get('is_submittable')
-		}
-		
-	# get default values
-	# ------------------
-	def get_defaults(self, arg):
-		if isinstance(arg, basestring):
-			import json
-			arg = json.loads(arg)
-
-		match_key = arg["match"]
-		with_profiles = arg["profiles"]
-		
-		pl = ol = []
-	
-		# defaults
-		dl = [a for a in sql("select parent, ifnull(parenttype,'') as parenttype, ifnull(defvalue,'') as defvalue from tabDefaultValue where defkey=%s order by parenttype desc, parent asc", match_key, as_dict=1)]
-
-		# options
-		tn = webnotes.get_doctype(arg["doctype"]).get_options(match_key)
-
-		# tn = sql("select options from tabDocField where fieldname=%s and fieldtype='Link' and docstatus=0 limit 1", match_key)[0][0]
-		ol = [''] + [a[0] for a in sql("select name from `tab%s` where ifnull(docstatus,0)=0" % tn)]
-
-		# roles
-		if with_profiles=='Yes':			
-			# profiles
-			pl = [''] + [a[0] for a in sql("select name from tabProfile where ifnull(enabled,0)=1")]
-	
-
-		return {'dl':dl, 'pl':pl, 'ol':ol}
-
-	# delete default
-	# ----------------------
-	def delete_default(self, arg):
-		parent, defkey, defvalue = arg.split('~~~')
-		sql("delete from tabDefaultValue where parent=%s and defkey=%s and defvalue=%s", (parent, defkey, defvalue))
-
-	# add default
-	# ----------------------
-	def add_default(self, arg):
-		parent, parenttype, defkey, defvalue = arg.split('~~~')
-
-		if sql("select name from tabDefaultValue where parent=%s and defkey=%s and defvalue=%s", (parent, defkey, defvalue)):
-			msgprint("This rule already exists!")
-			return
-					
-		dv = Document('DefaultValue')
-		dv.parent = parent
-		dv.parenttype = parenttype
-		dv.parentfield = 'defaults'
-		dv.defkey = defkey
-		dv.defvalue = defvalue
-		dv.save(1)
-		return dv.fields
-
-	# Add Permissions
-	# ----------------------
-	def add_permission(self,args=''):
-		parent, role, level = eval(args)
-		if sql("select name from tabDocPerm where parent=%s and role=%s and permlevel=%s", (parent, role, level)):
-			msgprint("This permission rule already exists!")
-			return
-		
-		d = Document('DocPerm')
-		d.parent = parent
-		d.parenttype = 'DocType'
-		d.parentfield = 'permissions'
-		d.role = role
-		d.permlevel = cint(level)
-		d.docstatus = 0
-		d.save(1)
-		
-		sql("update tabDocType set modified = %s where name = %s",(now(), parent))
-
-
-	# Update Permissions
-	# ----------------------
-	def update_permissions(self,args=''):
-		args = eval(args)
-		di = args['perm_dict']
-		doctype_keys = di.keys()	# ['Opportunity','Competitor','Zone','State']
-		for parent in doctype_keys:
-			for permlevel in di[parent].keys():
-				for role in di[parent][permlevel].keys(): 
-				
-					if role:
-				
-						# check if Permissions for that perm level and Role exists
-						exists = sql("select name from tabDocPerm where parent = %s and role = %s and ifnull(permlevel, 0) = %s",(parent, role, cint(permlevel)))
-	
-						# Get values of dictionary of Perm Level
-						pd = di[parent][permlevel][role]
-
-						# update
-						if exists and (1 in pd.values()):
-							sql("update tabDocPerm set `read` = %s, `write` = %s, `create` = %s, `submit` = %s, `cancel` = %s, `amend` = %s, `match`=%s where parent = %s and role = %s and permlevel = %s",(pd['read'],pd['write'],pd['create'],pd['submit'],pd['cancel'],pd['amend'], pd.get('match'), parent, role, permlevel))
-							
-						# new
-						elif not exists and (1 in pd.values()):
-
-							ch = Document('DocPerm')
-							ch.parentfield = 'permissions'
-							ch.parenttype = 'DocType'
-							ch.parent = parent
-							ch.role = role
-							ch.permlevel = cint(permlevel)
-							for key in pd.keys():
-								ch.fields[key] = pd.get(key, None)
-							ch.save(1)
-	
-						# delete
-						elif exists and (1 not in pd.values()):
-							sql("delete from tabDocPerm where parent = %s and role = %s and ifnull(permlevel,0) = %s",(parent, role, cint(permlevel)))
-						
-						sql("update tabDocType set modified = %s where name = %s",(now(), parent))
-
-
-		webnotes.clear_cache(doctype=parent)
-
-		msgprint("Permissions Updated")
-				
-	# Get Fields based on DocType and Permlevel
-	# ----------------------------------------------
-	def get_fields(self, args = ''):
-		ret = {}
-		args = eval(args)
-		table_fields_dict = {}
-		table_exists = sql("Select options from tabDocField where fieldtype = 'Table' and parent = %s",args['dt'])
-		if table_exists:
-			for d in table_exists:
-				table_fields_dict[d[0]]= sql("select label,fieldtype,fieldname,options from tabDocField where parent = %s and permlevel = %s",(d[0],args['permlevel']),as_dict = 1)
-			
-		parent_fields_dict = sql("select label, fieldtype, fieldname, options from tabDocField where parent = %s and permlevel = %s and fieldtype not in ('Section Break','Column Break')",(args['dt'],args['permlevel']),as_dict = 1)
-		
-		ret['parent_fields_dict'] = parent_fields_dict
-		ret['table_fields_dict'] = table_fields_dict
-	 
-		return ret
-		
diff --git a/setup/doctype/permission_control/permission_control.txt b/setup/doctype/permission_control/permission_control.txt
deleted file mode 100644
index 7441452492..0000000000
--- a/setup/doctype/permission_control/permission_control.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-[
- {
-  "owner": "saumil@webnotestech.com", 
-  "docstatus": 0, 
-  "creation": "2012-03-27 14:36:22", 
-  "modified_by": "Administrator", 
-  "modified": "2012-03-27 14:36:22"
- }, 
- {
-  "section_style": "Simple", 
-  "in_create": 1, 
-  "module": "Setup", 
-  "doctype": "DocType", 
-  "server_code_error": " ", 
-  "issingle": 1, 
-  "read_only": 1, 
-  "name": "__common__", 
-  "colour": "White:FFF", 
-  "show_in_menu": 0, 
-  "version": 15
- }, 
- {
-  "name": "Permission Control", 
-  "doctype": "DocType"
- }
-]
\ No newline at end of file
diff --git a/setup/page/permission_engine/__init__.py b/setup/page/permission_engine/__init__.py
deleted file mode 100644
index baffc48825..0000000000
--- a/setup/page/permission_engine/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-from __future__ import unicode_literals
diff --git a/setup/page/permission_engine/permission_engine.html b/setup/page/permission_engine/permission_engine.html
deleted file mode 100644
index 8d989586c3..0000000000
--- a/setup/page/permission_engine/permission_engine.html
+++ /dev/null
@@ -1,10 +0,0 @@
-<div class="layout_wrapper">
-<div id="pe_header"></div>
-<div id="perm_engine_div" style="margin: 16px;"></div>
-<div id="submittable_warning" class='help-box' style='display: None'>
-	One of the Roles has <b>Submit</b> permission. 
-	You will have to <b>Cancel</b> and then <b>Amend</b> a submitted Document for making changes.
-</div>
-<hr>
-<div class="well">Note: A document is not accessible to a user if Permission at level 0 is not given.</div>
-</div>
diff --git a/setup/page/permission_engine/permission_engine.js b/setup/page/permission_engine/permission_engine.js
deleted file mode 100644
index 6edde4c236..0000000000
--- a/setup/page/permission_engine/permission_engine.js
+++ /dev/null
@@ -1,585 +0,0 @@
-// ERPNext - web based ERP (http://erpnext.com)
-// Copyright (C) 2012 Web Notes Technologies Pvt Ltd
-// 
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-// 
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-// 
-// You should have received a copy of the GNU General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-pscript['onload_Permission Engine'] = function() {
-	// header and toolbar
-	var h = new PageHeader('pe_header','Permissions Manager','Set specific permissions for Roles')
-	
-	if(!pscript.perm_engine) pscript.perm_engine = new pscript.PermEngine();
-}
-
-
-pscript.PermEngine = function() {
-	// create UI elements
-	this.wrapper = $i('perm_engine_div');
-	
-	this.head = $a(this.wrapper, 'div');
-	this.body = $a(this.wrapper, 'div');
-	this.footer = $a(this.wrapper, 'div');
-
-	var lab = $a(this.body,'div', '', {backgroundColor:'#FFD', padding:'8px', margin:'16px 0px'});
-	lab.innerHTML = 'Please select the item for which you want to set permissions';
-	
-	this.make_head();
-	this.load_options();
-}
-
-
-// Make Head
-// -------------
-pscript.PermEngine.prototype.make_head = function() {
-	var me = this;
-	
-	var make_select = function(label) {
-		var w = $a(me.head, 'div', '', {margin:'8px 0px'});
-		var t = make_table(w,1,2,'300px',['50%','50%']);
-		$td(t,0,0).innerHTML = label;
-		var s = $a($td(t,0,1),'select','',{width:'140px'});
-		s.wrapper = w;
-		return s;
-	}
-	
-	var make_button = function(label, parent, green) {
-		return $btn(parent, label, null, {margin:'8px 0px', display:'none'}, (green ? 'green' : null));
-	}
-	
-	
-	// Set Permissions for
-	this.type_select = make_select('Set Permissions For');
-	this.type_select.onchange = function() {
-		me.get_permissions();
-	}
-		
-	// Update Button
-	this.add_button = make_button('+ Add A New Rule', this.head, 0);
-	this.add_button.onclick = function() {
-		me.add_permission();
-	}
-
-	// Update Button
-	this.update_button = make_button('Update', this.footer, 1);
-	this.update_button.onclick = function() {
-		me.update_permissions();
-	}
-}
-
-// Add Permissions
-// -----------------
-pscript.PermEngine.prototype.add_permission = function() {
-	var me = this;
-	if(!this.add_permission_dialog) {
-		
-		// dialog
-		var d = new Dialog(400,400,'Add Permission');
-		d.make_body([['Select','Role'],['Select','Level'],['Button','Add']])
-
-		add_sel_options(d.widgets['Role'], this.roles, '');
-		add_sel_options(d.widgets['Level'], [0, 1, 2, 3, 4, 5, 6, 7, 8, 9], 0);
-
-		// add
-		d.widgets['Add'].onclick = function() {
-			if(!sel_val(d.widgets['Role'])) {
-				msgprint('Please select Role'); return;
-			}
-			var callback = function(r, rt) {
-				// reload
-				me.get_permissions();
-				d.hide();
-			}
-			$c_obj('Permission Control','add_permission',JSON.stringify([sel_val(me.type_select), sel_val(d.widgets['Role']), sel_val(d.widgets['Level'])]), callback);
-		}
-
-		this.add_permission_dialog = d;
-	}
-	this.add_permission_dialog.show();
-}
-
-
-// Hide Fields
-// -----------------
-pscript.PermEngine.prototype.hide_fields = function() {
-	$dh(this.role_select.wrapper);
-	this.type_select.disabled = false;
-	this.body.innerHTML = '';
-}
-
-
-// Load Roles And Modules
-// -----------------------
-pscript.PermEngine.prototype.load_options = function() {
-	var me = this;
-	$dh(me.update_button);
-	$dh(me.add_button);
-
-	$c_obj('Permission Control','get_doctype_list','', function(r,rt) {		
-		me.roles = r.message.roles;
-		
-		// Type
-		empty_select(me.type_select);
-		add_sel_options(me.type_select,add_lists([''], r.message.doctypes));
-		
-	});
-}
-
-
-// Get DocType and Permissions related to module
-// --------------------------------------------------
-pscript.PermEngine.prototype.get_permissions = function() {
-	var me = this;
-	
-	if(!sel_val(me.type_select)) {
-		msgprint('Please select a type first!'); return;
-	}
-	
-	$c_obj('Permission Control','get_permissions',sel_val(me.type_select), function(r,rt) {		
-		 // Get permissions
-		if(r.message.perms.length) {
-			me.get_results(r.message);
-			pscript.is_submittable = cint(r.message.is_submittable);
-		}
-		else {
-			me.body.innerHTML = '<div style = "color : red; margin:8px 0px;">No Records Found</div>'
-			pscript.is_submittable = 0;
-		}
-		pscript.hide_submit_amend()
-	});
-}
-
-// Get Results
-// ------------------
-pscript.PermEngine.prototype.get_results = function(r){
-	var perms = r.perms;
-	var me = this;
-	var doctype = sel_val(me.type_select);
-	
-	// show update button
-	$ds(me.update_button);
-	$ds(me.add_button);
-
-	this.body.innerHTML = ''
-	pscript.all_checkboxes = [];
-	pscript.all_matches = [];
-	
-	var head = $a(this.body, 'h3'); head.innerHTML = 'Rules for ' + doctype;				
-	var permt = make_table(me.body, perms.length+1,9,'80%',[],{border:'1px solid #AAA', padding:'3px', verticalAlign:'middle', height:'30px'});
-	$(permt).attr('id', 'perm_table');
-		
-	// Create Grid for particular DocType
-	// ------------------------------------
-		
-	// Columns
-	var col_labels = ['Role','Level','Read','Write','Create','Submit','Cancel','Amend','Restrict By']
-	for(var n = 0; n < col_labels.length; n++){
-		$y($td(permt,0,n), {backgroundColor:'#DDD', width:(n==0?'30%':(n==8?'21%':'7%'))})
-		$td(permt,0,n).innerHTML = col_labels[n];
-		$td(permt,0,n).fieldname = col_labels[n].toLowerCase();
-	}
-		
-	// Rows for Column Level / Role
-	for(var j = 0; j < perms.length; j++){
-		var plevel = $a($td(permt,j+1,1), 'span', 'link_type');
-		plevel.innerHTML = perms[j].permlevel;
-		plevel.doctype = doctype;
-		plevel.value = perms[j].permlevel;
-		plevel.onclick = function() {me.get_fields(this.doctype, this.value)}
-
-		// role
-		$td(permt,j+1,0).innerHTML = perms[j].role;
-
-	}	
-		
-	// Get values
-	for(var l = 0; l < perms.length; l++){
-		for(var m = 0; m < 6; m++){														 // (read,write,create,submit,cancel,amend) 
-			var chk = $a_input($td(permt,l+1,m+2), 'checkbox');
-			var val = perms[l][$td(permt,0,m+2).fieldname];
-			if(val == 1) chk.checked = 1;
-			else chk.checked = 0;
-			//if(m==3) { chk.onclick = pscript.show_submittable }
-			chk.doctype = doctype;
-			chk.permlevel = perms[l].permlevel; chk.perm_type = col_labels[m+2].toLowerCase(); chk.role = perms[l].role;
-			pscript.all_checkboxes.push(chk);
-		}
-	}
-	
-	// add selects for match
-	me.add_match_select(r, perms, permt, doctype);
-
-}
-
-pscript.hide_submit_amend = function() {
-	var perm_table = $('#perm_table');
-	if (pscript.is_submittable) {
-		perm_table.find('td:nth-child(6)').each(function() { $(this).toggle(true); });
-		perm_table.find('td:nth-child(8)').each(function() { $(this).toggle(true); });
-		$('#submittable_warning').toggle(true);
-	} else {
-		perm_table.find('td:nth-child(6)').each(function() { $(this).toggle(false); });
-		perm_table.find('td:nth-child(8)').each(function() { $(this).toggle(false); });
-		$('#submittable_warning').toggle(false);
-	}
-}
-
-
-// render selects for match
-// --------------------------------------------
-
-pscript.PermEngine.prototype.add_match_select = function(r, perms, permt, doctype) {
-	var me = this;
-	
-	// add select for match
-	for(var i=0; i<perms.length; i++) {
-		if(perms[i].permlevel==0) {
-			// select
-			var sel = $a($td(permt,i+1,8),'select','',{width:'100%'});
-			add_sel_options(sel, r.fields);
-			sel.details = perms[i]; sel.details.parent = doctype;
-			sel.onchange = function() { 
-				if(sel_val(this) && sel_val(this)!='owner') $ds(this.div); 
-				else $dh(this.div); }
-			
-			// link
-			var div = $a($td(permt,i+1,8),'div','link_type',{marginTop: '2px', fontSize:'10px', display:'none'});
-			div.onclick = function() { this.details.match = sel_val(this.sel); me.show_match_dialog(this.details); }
-			div.innerHTML = 'Set Users / Roles';
-			div.details = perms[i];
-			sel.div = div; div.sel = sel;
-
-			// set the value
-			if(perms[i].match) { sel.value = perms[i].match; $ds(div); }
-			
-			pscript.all_matches.push(sel);
-		}
-	}
-}
-
-// match users Dialog
-// =======================================================
-
-pscript.PermEngine.prototype.show_match_dialog=function(details) {
-	if(!this.match_defaults_dialog) {
-		var d = new Dialog(750, 500, 'Permission Applies To');
-		d.make_body([['HTML','Body']]);
-		var w = d.widgets['Body'];
-		$y(w,{height:'350px', overflow:'auto'});
-		this.match_defaults_dialog = d;
-	}
-	
-	// dialog
-	this.match_defaults_dialog.show();
-	
-	// render the rules
-	var me = this;
-	var callback = function(r,rt) {
-		me.render_match_dialog(r, details);
-	}
-	// load the rules
-	$c_obj('Permission Control','get_defaults', {
-			match: details.match,
-			profiles: this.profiles ? "No" : "Yes",
-			doctype: sel_val(me.type_select)
-		}, callback);
-}
-
-// --------------------------------------------
-
-pscript.PermEngine.prototype.render_match_dialog=function(r, details) {
-	var d = this.match_defaults_dialog;
-	var w = d.widgets['Body'];
-	w.innerHTML = '<div style="background-color:#FFD; padding: 4px; color: #440; margin-bottom:16px">Please Note: Any action will also affect other permissions with similar rules!</div>'
-	
-	// header
-	var t=make_table($a(w,'div','',{borderBottom:'1px solid #AAA'}),1,3,'90%',['40%','40%','20%'],{fontWeight:'bold', padding:'3px', fontSize:'14px'});
-	$td(t,0,0).innerHTML = 'Who?'; $td(t,0,1).innerHTML = 'Is allowed if '+details.match+' equals';
-	
-	// existing defaults
-	var dl = r.message.dl; this.options = r.message.ol;
-	if(!this.profiles) {
-		this.profiles = r.message.pl;
-	}
-	
-	for(var i=0; i<dl.length; i++) {
-		new MatchDefaultValue(this, w, dl[i], details.match);
-	}
-	
-	this.add_new_match_row(details.match);
-}
-
-pscript.PermEngine.prototype.add_new_match_row = function(fieldname) {
-	// add new default
-	new MatchDefaultValue(this, this.match_defaults_dialog.widgets['Body'], null, fieldname, 1);
-}	
-	
-// --------------------------------------------
-
-MatchDefaultValue = function(pe, parent, details, fieldname, editable) {
-	this.pe = pe;
-	this.wrapper = $a(parent, 'div', '', {margin:'4px'});
-	this.clear();
-	this.details = details;
-	this.fieldname = fieldname;
-	this.render(editable);
-}
-
-
-// --------------------------------------------
-
-MatchDefaultValue.prototype.clear = function() {
-	this.wrapper.innerHTML = '';
-	this.tab = make_table(this.wrapper, 1, 3, '90%', ['40%','40%','20%'], {verticalAlign:'middle', padding:'3px'});
-}
-
-// --------------------------------------------
-
-MatchDefaultValue.prototype.render = function(editable) {
-
-	if(editable) {
-		this.render_editable();
-	} else {
-		this.render_static();
-	}
-}
-
-// --------------------------------------------
-
-MatchDefaultValue.prototype.render_editable = function() {
-	var me = this;
-
-	// profile or role
-	this.profile_or_role = $a($td(this.tab,0,0), 'select', '', {width:'60px', marginRight:'8px'});
-	add_sel_options(this.profile_or_role,['Profile', 'Role'], 'Profile');
-	this.profile_or_role.onchange = function() {
-		if(sel_val(this)=='Profile') { $di(me.profile_sel); $dh(me.role_sel); }
-		else { $dh(me.profile_sel); $di(me.role_sel); }
-	}
-
-	// role sel
-	this.role_sel = $a($td(this.tab,0,0), 'select', '', {width:'100px',display:'none'});
-	add_sel_options(this.role_sel,this.pe.roles);
-	
-	// profile sel
-	this.profile_sel = $a($td(this.tab,0,0), 'select', '', {width:'100px'});
-	add_sel_options(this.profile_sel,this.pe.profiles);
-
-	// options sel
-	this.options_sel = $a($td(this.tab,0,1), 'select', '', {width:'120px'});
-	add_sel_options(this.options_sel,this.pe.options);
-
-	 // add
-	var span = $a($td(this.tab,0,2),'span','link_type',{marginLeft:'8px'});
-	span.innerHTML = 'Add'
-	span.onclick = function() { me.save(); }
-}
-
-// --------------------------------------------
-
-MatchDefaultValue.prototype.render_static = function() {
-	var me = this;
-	
-	$td(this.tab,0,0).innerHTML = this.details.parenttype;
-	$td(this.tab,0,0).innerHTML += '&nbsp;' + this.details.parent;
-	$td(this.tab,0,1).innerHTML = this.details.defvalue;
-
-	 // delete
-	var span = $a($td(this.tab,0,2),'span','link_type',{marginLeft:'8px'});
-	span.innerHTML = 'Cancel'
-	span.onclick = function() { me.delete_def(); }
-}
-
-// --------------------------------------------
-
-MatchDefaultValue.prototype.delete_def = function() {	
-	var me = this;
-	this.wrapper.innerHTML = '<div style="color: #888; padding: 3px;">Deleting...</div>';
-	var callback = function(r,rt) {
-		$dh(me.wrapper);
-		if(r.exc) msgprint('There were errors!')
-	}
-	$c_obj('Permission Control','delete_default'
-		,[this.details.parent, this.fieldname, this.details.defvalue].join('~~~')
-		,callback)
-}
-
-// --------------------------------------------
-
-MatchDefaultValue.prototype.save = function() {
-	var me= this;
-	
-	var callback = function(r,rt) {
-		me.details = r.message;
-		me.clear();
-		me.render();
-		me.pe.add_new_match_row(me.fieldname);
-	}
-		
-	// values
-	if(sel_val(this.profile_or_role)=='Profile') { var parent = sel_val(this.profile_sel); var parenttype = 'Profile'; }
-	else { var parent = sel_val(this.role_sel); var parenttype = 'Role'; }
-
-	if(!sel_val(this.options_sel) || !parent) { msgprint("Please select all values"); return; }
-		
-	$c_obj('Permission Control','add_default'
-		,[parent, parenttype, this.fieldname, sel_val(this.options_sel)].join('~~~')
-		,callback);
-			
-	this.wrapper.innerHTML = '<div style="color: #888; padding: 3px;">Adding...</div>';
-}
-
-
-// Make Dialog Box To Get Fields fro PermLevel
-// =======================================================
-
-pscript.PermEngine.prototype.make_fields_dialog=function(){
-	if(!pscript.get_field_dialog) {
-		pscript.get_field_dialog = new Dialog(750,500,'Fields');
-		pscript.get_field_dialog.make_body([['HTML','Fields','<div id="perm_engine_get_fields"></div>'],['Button','OK']]);
-	}
-	else $i('perm_engine_get_fields').innerHTML = '';
-}
-
-// Get Fields
-// --------------------
-pscript.PermEngine.prototype.get_fields = function(dt, permlevel) {
-	var me = this;
-	var callback = function(r,rt){
-		// Get Parent DocType Fields
-		var parent_fields_dict = r.message.parent_fields_dict;
-		
-		// Get Child Table Fields if any
-		var table_fields_dict = r.message.table_fields_dict;
-		
-		// Make Fields Dialog Box
-		me.make_fields_dialog();
-		
-		me.make_fields_table(dt, parent_fields_dict, table_fields_dict, permlevel);
-		
-		pscript.get_field_dialog.show();
-		pscript.get_field_dialog.widgets['OK'].onclick=function(){
-			pscript.get_field_dialog.hide();
-		}
-	}
-	var args = "{'dt':'"+dt+"','permlevel':"+permlevel+"}"
-	$c_obj('Permission Control','get_fields', args, callback);
-}
-
-
-
-// Make Table of Fields for Dialog Box
-// --------------------------------------
-pscript.PermEngine.prototype.make_fields_table = function(dt, parent_fields_dict, table_fields_dict, permlevel) {
-	
-	var make_grid = function(table, fields_dict) {
-		var col_labels = ['Label','Fieldtype','Fieldname','Options'];
-		for(var n = 0; n < col_labels.length; n++){
-			$a_input(($td(table,0,n)), 'data');
-			$td(table,0,n).innerHTML = '<b>'+col_labels[n]+'</b>';
-			$td(table,0,n).fieldname = col_labels[n].toLowerCase();
-		}
-		
-		// Add values
-		for(var i = 0; i < keys(fields_dict).length; i++){
-			for(var j = 0; j < 4; j++){
-				$a_input(($td(table,i+1,j)), 'data');
-				$td(table,i+1,j).innerHTML = cstr(fields_dict[i][$td(table,0,j).fieldname])
-			}
-		}
-	}
-
-	
-	$i('perm_engine_get_fields').innerHTML = '<b>'+ dt + ' Fields at Level '+ permlevel +':</b><br><br>';
-	var parent_field_table = make_table('perm_engine_get_fields',keys(parent_fields_dict).length+1, 4,'100%',['25%','25%','25%','25%'],{border:'1px solid #AAA',padding:'2px'});
-	make_grid(parent_field_table, parent_fields_dict);
-	
-	child_tables = keys(table_fields_dict)
-	if(child_tables.length > 0){
-		for(var k = 0; k < child_tables.length; k++){
-			var tab_fields_det = table_fields_dict[child_tables[k]];
-			if(keys(tab_fields_det).length > 0){
-				$i('perm_engine_get_fields').innerHTML += '<br><b>'+ child_tables[k] + ' Fields at Level '+ permlevel +':</b><br><br>'
-				var child_field_table = make_table('perm_engine_get_fields',keys(tab_fields_det).length+1, 4,'100%',['25%','25%','25%','25%'],{border:'1px solid #AAA',padding:'2px'});
-				make_grid(child_field_table, tab_fields_det);
-			}
-		}
-	}
-}
-
-
-// Update Permissions
-// -----------------------
-pscript.PermEngine.prototype.update_permissions = function() {
-	var me = this;
-	var out = {};
-
-	var add_to_out = function(doctype, permlevel, role, key, value) {
-		if(!out[doctype]) out[doctype] = {};
-		if(!out[doctype][permlevel]) out[doctype][permlevel] = {};
-		if(!out[doctype][permlevel][role]) out[doctype][permlevel][role] = {};
-		out[doctype][permlevel][role][key] = value; 
-	}
-
-	// check boxes
-	for(i in pscript.all_checkboxes) {
-		c = pscript.all_checkboxes[i];
-		add_to_out(c.doctype, c.permlevel, c.role, c.perm_type, c.checked ? 1 : 0);
-	}
-	
-	// matches
-	for(var i=0; i<pscript.all_matches.length; i++) {
-		var s = pscript.all_matches[i];
-		if(sel_val(s))
-			add_to_out(s.details.parent, s.details.permlevel, s.details.role, 'match', sel_val(s));
-	}
-
-	if(pscript.is_submittable) {
-		var doctype = sel_val(me.type_select);
-		var validated = false;
-		for(var role in out[doctype][0]) {
-			if(out[doctype][0][role]['submit']) {
-				validated = true;
-				break;
-			};
-		}
-		if(!validated) {
-			msgprint("Atleast one Role at Level 0 needs to have submit permission. \
-					 Please rectify and try again.")
-			return;
-		}
-	}
-	
-	var args = "{'perm_dict': "+JSON.stringify(out)+"}"
-	$c_obj('Permission Control','update_permissions', args, function(r,rt) {});
-}
-
-
-// Update Page Roles
-// ----------------------
-pscript.PermEngine.prototype.update_page_roles = function() {
-	var me = this;
-	var out = {};
-	for(i in pscript.all_pg_checkboxes) {
-		c = pscript.all_pg_checkboxes[i];
-		out[c.page_name] = c.checked ? 1 : 0
-	}
-	var args = "{'page_role_dict': "+JSON.stringify(out)+", 'role': '"+sel_val(me.role_select)+"'}"
-	$c_obj('Permission Control','update_page_role', args, function(r,rt) {});
-}
-
-// Reset Permission Engine
-// -------------------------
-pscript.PermEngine.prototype.reset_perm_engine = function(){
-	this.type_select.selectedIndex = 0;
-	this.load_options();
-}
diff --git a/setup/page/permission_engine/permission_engine.txt b/setup/page/permission_engine/permission_engine.txt
deleted file mode 100644
index 738291c390..0000000000
--- a/setup/page/permission_engine/permission_engine.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-[
- {
-  "owner": "saumil@webnotestech.com", 
-  "docstatus": 0, 
-  "creation": "2010-12-14 10:23:18", 
-  "modified_by": "Administrator", 
-  "modified": "2011-01-04 13:11:17"
- }, 
- {
-  "name": "__common__", 
-  "module": "Setup", 
-  "show_in_menu": 1, 
-  "page_name": "Permission Engine", 
-  "doctype": "Page", 
-  "standard": "Yes"
- }, 
- {
-  "parent": "Permission Engine", 
-  "name": "__common__", 
-  "doctype": "Page Role", 
-  "parenttype": "Page", 
-  "role": "System Manager", 
-  "parentfield": "roles"
- }, 
- {
-  "name": "Permission Engine", 
-  "doctype": "Page"
- }, 
- {
-  "doctype": "Page Role"
- }
-]
\ No newline at end of file

From 74d3363a7ef989f366c1ed5354075ad40e9f9f1c Mon Sep 17 00:00:00 2001
From: Rushabh Mehta <rmehta@gmail.com>
Date: Tue, 1 Jan 2013 19:56:51 +0530
Subject: [PATCH 3/3] new permission manager

---
 setup/page/setup/setup.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/page/setup/setup.html b/setup/page/setup/setup.html
index 676dd179ee..6cdc02d3e0 100644
--- a/setup/page/setup/setup.html
+++ b/setup/page/setup/setup.html
@@ -23,11 +23,11 @@
 				<span class="help">Add/remove users, set roles, passwords etc</span>
 			</p>
 			<p>
-				<b><a href="#user-properties">Permission Manager</a></b><br>
+				<b><a href="#permission-manager">Permission Manager</a></b><br>
 				<span class="help">Set permissions on transactions / masters</span>
 			</p>
 			<p>
-				<b><a href="#permission-manager">User Properties</a></b><br>
+				<b><a href="#user-properties">User Properties</a></b><br>
 				<span class="help">Set default values for users (also used for permissions).</span>
 			</p>
 			<p>