From 85479bcbc02f00ccb99d4425a8e333412b9d54c3 Mon Sep 17 00:00:00 2001
From: Anand Doshi <anand@erpnext.com>
Date: Wed, 4 Jun 2014 18:15:43 +0530
Subject: [PATCH] Fixes for apply user permissions and momentjs

---
 .../purchase_invoice/purchase_invoice.json    | 12 +++----
 erpnext/home/doctype/feed/feed.py             |  8 +++--
 erpnext/hooks.py                              |  2 ++
 .../leave_application/leave_application.py    |  2 +-
 .../selling/doctype/quotation/quotation.js    |  4 ---
 erpnext/utilities/doctype/note/note.py        | 36 +++++++++++++------
 .../doctype/note_user/note_user.json          |  8 +++--
 7 files changed, 44 insertions(+), 28 deletions(-)

diff --git a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
index dfe57048ee..505a3ba79a 100755
--- a/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
+++ b/erpnext/accounts/doctype/purchase_invoice/purchase_invoice.json
@@ -744,17 +744,17 @@
  "icon": "icon-file-text", 
  "idx": 1, 
  "is_submittable": 1, 
- "modified": "2014-05-27 03:49:15.589404", 
+ "modified": "2014-06-04 08:45:25.582170", 
  "modified_by": "Administrator", 
  "module": "Accounts", 
  "name": "Purchase Invoice", 
  "owner": "Administrator", 
  "permissions": [
   {
-   "amend": 0, 
+   "amend": 1, 
    "apply_user_permissions": 1, 
-   "cancel": 0, 
-   "create": 0, 
+   "cancel": 1, 
+   "create": 1, 
    "delete": 0, 
    "email": 1, 
    "permlevel": 0, 
@@ -762,8 +762,8 @@
    "read": 1, 
    "report": 1, 
    "role": "Accounts User", 
-   "submit": 0, 
-   "write": 0
+   "submit": 1, 
+   "write": 1
   }, 
   {
    "amend": 0, 
diff --git a/erpnext/home/doctype/feed/feed.py b/erpnext/home/doctype/feed/feed.py
index 789ae1515b..80ef6df6cd 100644
--- a/erpnext/home/doctype/feed/feed.py
+++ b/erpnext/home/doctype/feed/feed.py
@@ -16,9 +16,11 @@ def on_doctype_update():
 		frappe.db.sql("""alter table `tabFeed`
 			add index feed_doctype_docname_index(doc_type, doc_name)""")
 
-def get_permission_query_conditions():
-	user_permissions = frappe.defaults.get_user_permissions()
-	can_read = frappe.user.get_can_read()
+def get_permission_query_conditions(user):
+	if not user: user = frappe.session.user
+
+	user_permissions = frappe.defaults.get_user_permissions(user)
+	can_read = frappe.get_user(user).get_can_read()
 
 	can_read_doctypes = ['"{}"'.format(doctype) for doctype in
 		list(set(can_read) - set(user_permissions.keys()))]
diff --git a/erpnext/hooks.py b/erpnext/hooks.py
index 1a5b81d847..8b147b0749 100644
--- a/erpnext/hooks.py
+++ b/erpnext/hooks.py
@@ -28,10 +28,12 @@ standard_queries = "Customer:erpnext.selling.doctype.customer.customer.get_custo
 
 permission_query_conditions = {
 		"Feed": "erpnext.home.doctype.feed.feed.get_permission_query_conditions",
+		"Note": "erpnext.utilities.doctype.note.note.get_permission_query_conditions"
 	}
 
 has_permission = {
 		"Feed": "erpnext.home.doctype.feed.feed.has_permission",
+		"Note": "erpnext.utilities.doctype.note.note.has_permission"
 	}
 
 
diff --git a/erpnext/hr/doctype/leave_application/leave_application.py b/erpnext/hr/doctype/leave_application/leave_application.py
index 18c1e11aa7..9ff02b2603 100755
--- a/erpnext/hr/doctype/leave_application/leave_application.py
+++ b/erpnext/hr/doctype/leave_application/leave_application.py
@@ -209,7 +209,7 @@ class LeaveApplication(Document):
 	def notify(self, args):
 		args = frappe._dict(args)
 		from frappe.core.page.messages.messages import post
-		post({"txt": args.message, "contact": args.message_to, "subject": args.subject,
+		post(**{"txt": args.message, "contact": args.message_to, "subject": args.subject,
 			"notify": cint(self.follow_via_email)})
 
 @frappe.whitelist()
diff --git a/erpnext/selling/doctype/quotation/quotation.js b/erpnext/selling/doctype/quotation/quotation.js
index fa63975e42..022e2e4e59 100644
--- a/erpnext/selling/doctype/quotation/quotation.js
+++ b/erpnext/selling/doctype/quotation/quotation.js
@@ -13,10 +13,6 @@ cur_frm.cscript.sales_team_fname = "sales_team";
 {% include 'utilities/doctype/sms_control/sms_control.js' %}
 {% include 'accounts/doctype/sales_invoice/pos.js' %}
 
-frappe.ui.form.on("Quotation", "onload_post_render", function(frm) {
-	frm.get_field("quotation_details").grid.set_multiple_add("item_code");
-});
-
 erpnext.selling.QuotationController = erpnext.selling.SellingController.extend({
 	onload: function(doc, dt, dn) {
 		var me = this;
diff --git a/erpnext/utilities/doctype/note/note.py b/erpnext/utilities/doctype/note/note.py
index 280adf41d0..b54681587d 100644
--- a/erpnext/utilities/doctype/note/note.py
+++ b/erpnext/utilities/doctype/note/note.py
@@ -9,20 +9,34 @@ from frappe import _
 from frappe.model.document import Document
 
 class Note(Document):
-
 	def autoname(self):
 		# replace forbidden characters
 		import re
 		self.name = re.sub("[%'\"#*?`]", "", self.title.strip())
 
-	def onload(self):
-		if not self.public and frappe.session.user != self.owner:
-			if frappe.session.user not in [d.user for d in self.get("share_with")]:
-				frappe.throw(_("Not permitted"), frappe.PermissionError)
+def get_permission_query_conditions(user):
+	if not user: user = frappe.session.user
 
-	def validate(self):
-		if not self.get("__islocal"):
-			if frappe.session.user != self.owner:
-				if frappe.session.user not in frappe.db.sql_list("""select user from `tabNote User`
-					where parent=%s and permission='Edit'""", self.name):
-					frappe.throw(_("Not permitted"), frappe.PermissionError)
+	if user == "Administrator":
+		return ""
+
+	return """(`tabNote`.public=1 or `tabNote`.owner="{user}" or exists (
+		select name from `tabNote User`
+			where `tabNote User`.parent=`tabNote`.name
+			and `tabNote User`.user="{user}"))""".format(user=user)
+
+def has_permission(doc, ptype, user):
+	if doc.public == 1 or user == "Administrator":
+		return True
+
+	if user == doc.owner:
+		return True
+
+	note_user_map = dict((d.user, d) for d in doc.get("share_with"))
+	if user in note_user_map:
+		if ptype == "read":
+			return True
+		elif note_user_map.get(user).permission == "Edit":
+			return True
+
+	return False
diff --git a/erpnext/utilities/doctype/note_user/note_user.json b/erpnext/utilities/doctype/note_user/note_user.json
index f72f1bd291..e67a75cbce 100644
--- a/erpnext/utilities/doctype/note_user/note_user.json
+++ b/erpnext/utilities/doctype/note_user/note_user.json
@@ -1,5 +1,5 @@
 {
- "creation": "2013-05-24 14:24:48.000000", 
+ "creation": "2013-05-24 14:24:48", 
  "description": "List of users who can edit a particular Note", 
  "docstatus": 0, 
  "doctype": "DocType", 
@@ -8,6 +8,7 @@
   {
    "fieldname": "user", 
    "fieldtype": "Link", 
+   "ignore_user_permissions": 1, 
    "in_list_view": 1, 
    "label": "User", 
    "options": "User", 
@@ -26,9 +27,10 @@
  ], 
  "idx": 1, 
  "istable": 1, 
- "modified": "2013-12-20 19:23:23.000000", 
+ "modified": "2014-06-04 02:33:27.466061", 
  "modified_by": "Administrator", 
  "module": "Utilities", 
  "name": "Note User", 
- "owner": "Administrator"
+ "owner": "Administrator", 
+ "permissions": []
 }
\ No newline at end of file