From f17ce7bc6782b46c71eebef0067ecc2a6315bed3 Mon Sep 17 00:00:00 2001
From: Rushabh Mehta <rmehta@gmail.com>
Date: Mon, 13 Feb 2012 16:50:52 +0530
Subject: [PATCH] added whitelist check

---
 erpnext/accounts/__init__.py                  |  3 +-
 erpnext/home/page/dashboard/dashboard.py      |  5 +--
 .../home/page/event_updates/event_updates.py  | 11 +++---
 erpnext/home/page/my_company/my_company.py    | 26 +++++---------
 .../page/profile_settings/profile_settings.py |  4 +++
 .../page/question_view/question_view.py       |  7 ++--
 .../page/questions/questions.py               |  4 ++-
 erpnext/selling/page/customers/__init__.py    |  0
 erpnext/selling/page/customers/customers.html |  1 -
 erpnext/selling/page/customers/customers.js   | 34 -------------------
 erpnext/selling/page/customers/customers.txt  | 26 --------------
 .../doctype/manage_account/manage_account.py  |  9 +----
 .../doctype/setup_control/setup_control.py    |  2 +-
 erpnext/setup/page/people/__init__.py         |  0
 erpnext/setup/page/people/people.html         |  1 -
 erpnext/setup/page/people/people.js           | 32 -----------------
 erpnext/setup/page/people/people.txt          | 26 --------------
 erpnext/website/page/blog/blog.py             |  2 ++
 erpnext/website/page/contact/contact.py       |  1 +
 .../website/page/unsubscribe/unsubscribe.py   |  4 ++-
 20 files changed, 38 insertions(+), 160 deletions(-)
 delete mode 100644 erpnext/selling/page/customers/__init__.py
 delete mode 100644 erpnext/selling/page/customers/customers.html
 delete mode 100644 erpnext/selling/page/customers/customers.js
 delete mode 100644 erpnext/selling/page/customers/customers.txt
 delete mode 100644 erpnext/setup/page/people/__init__.py
 delete mode 100644 erpnext/setup/page/people/people.html
 delete mode 100644 erpnext/setup/page/people/people.js
 delete mode 100644 erpnext/setup/page/people/people.txt

diff --git a/erpnext/accounts/__init__.py b/erpnext/accounts/__init__.py
index c3c50052e4..65d023130e 100644
--- a/erpnext/accounts/__init__.py
+++ b/erpnext/accounts/__init__.py
@@ -2,6 +2,7 @@ import webnotes
 from webnotes.utils import flt
 from webnotes.model.code import get_obj
 
+@webnotes.whitelist()
 def get_default_bank_account():
 	"""
 		Get default bank account for a company
@@ -14,7 +15,7 @@ def get_default_bank_account():
 	
 	if res: return res[0][0]
 
-
+@webnotes.whitelist()
 def get_new_jv_details():
 	"""
 		Get details which will help create new jv on sales/purchase return
diff --git a/erpnext/home/page/dashboard/dashboard.py b/erpnext/home/page/dashboard/dashboard.py
index c2378d3155..e8f11fbc5c 100644
--- a/erpnext/home/page/dashboard/dashboard.py
+++ b/erpnext/home/page/dashboard/dashboard.py
@@ -54,11 +54,12 @@ dashboards = [
 	}
 ]
 
+import webnotes
+
 class DashboardWidget:
 	def __init__(self, company, start, end, interval):
 		from webnotes.utils import getdate
 		from webnotes.model.code import get_obj
-		import webnotes
 		
 		self.company = company
 		self.abbr = webnotes.conn.get_value('Company', company, 'abbr')
@@ -233,7 +234,7 @@ class DashboardWidget:
 		elif opts['type']=='creation':
 			return self.get_creation_trend(opts['doctype'], start, end)
 
-
+@webnotes.whitelist()
 def load_dashboard(args):
 	"""
 		Get dashboard based on
diff --git a/erpnext/home/page/event_updates/event_updates.py b/erpnext/home/page/event_updates/event_updates.py
index e4690d0086..cb27043e0e 100644
--- a/erpnext/home/page/event_updates/event_updates.py
+++ b/erpnext/home/page/event_updates/event_updates.py
@@ -1,6 +1,7 @@
 import webnotes
 from webnotes.utils import cint
 
+@webnotes.whitelist()
 def get_online_users():
 	# get users
 	return webnotes.conn.sql("""SELECT DISTINCT t1.user, t2.first_name, t2.last_name 
@@ -9,9 +10,7 @@ def get_online_users():
 		and t1.user not in ('Guest','Administrator')
 		and TIMESTAMPDIFF(HOUR,t1.lastupdate,NOW()) <= 1""", as_list=1) or []
 
-#
-# get unread messages
-#
+@webnotes.whitelist()
 def get_unread_messages():
 	"returns unread (docstatus-0 messages for a user)"
 	return cint(webnotes.conn.sql("""SELECT COUNT(*) FROM `tabComment Widget Record`
@@ -20,10 +19,9 @@ def get_unread_messages():
 	AND ifnull(docstatus,0)=0
 	""", webnotes.user.name)[0][0])
 
-#
-# Get toolbar items
-#	
+@webnotes.whitelist()
 def get_status_details(arg=None):
+	"""get toolbar items"""
 	from webnotes.utils import cint, date_diff, nowdate, get_defaults
 		
 	online = get_online_users()
@@ -43,6 +41,7 @@ def get_status_details(arg=None):
 	}
 	return ret
 
+@webnotes.whitelist()
 def get_setup_status():
 	"""
 		Returns the setup status of the current account
diff --git a/erpnext/home/page/my_company/my_company.py b/erpnext/home/page/my_company/my_company.py
index 48566f2de1..8070c9d5f8 100644
--- a/erpnext/home/page/my_company/my_company.py
+++ b/erpnext/home/page/my_company/my_company.py
@@ -6,13 +6,12 @@ from webnotes.model.doc import Document
 try: import json
 except: import simplejson as json
 
+@webnotes.whitelist()
 def get_account_settings_url(arg=''):
 	import server_tools.gateway_utils
 	return server_tools.gateway_utils.get_account_settings_url()
 
-#
-# set max users
-#
+@webnotes.whitelist()
 def get_max_users(arg=''):
 	from server_tools.gateway_utils import get_max_users_gateway
 	return {
@@ -20,16 +19,12 @@ def get_max_users(arg=''):
 		'enabled': cint(webnotes.conn.sql("select count(*) from tabProfile where ifnull(enabled,0)=1 and name not in ('Administrator', 'Guest')")[0][0])
 	}
 
-#
-# enable profile in local
-#
+@webnotes.whitelist()
 def enable_profile(arg=''):
 	webnotes.conn.sql("update tabProfile set enabled=1 where name=%s", arg)
 	return 1
 		
-#
-# disable profile in local
-#
+@webnotes.whitelist()
 def disable_profile(arg=''):
 	if arg=='Administrator':
 		return 'Cannot disable Administrator'
@@ -38,9 +33,7 @@ def disable_profile(arg=''):
 	webnotes.login_manager.logout(user=arg)
 	return 0
 
-#
-# delete user
-#
+@webnotes.whitelist()
 def delete_user(args):
 	args = json.loads(args)
 	webnotes.conn.sql("update tabProfile set enabled=0, docstatus=2 where name=%s", args['user'])
@@ -49,9 +42,7 @@ def delete_user(args):
 		from server_tools.gateway_utils import remove_user_gateway
 		remove_user_gateway(args['user'])
 
-#
-# add user
-#
+@webnotes.whitelist()
 def add_user(args):
 	args = json.loads(args)
 	# erpnext-saas
@@ -61,9 +52,7 @@ def add_user(args):
 	
 	add_profile(args)
 	
-#
-# add profile record
-#
+@webnotes.whitelist()
 def add_profile(args):
 	from webnotes.utils import validate_email_add, now
 	email = args['user']
@@ -99,6 +88,7 @@ def add_profile(args):
 
 	send_welcome_mail(email, args)
 
+@webnotes.whitelist()
 def send_welcome_mail(email, args):
 	"""send welcome mail to user with password and login url"""
 	pr = Document('Profile', email)
diff --git a/erpnext/home/page/profile_settings/profile_settings.py b/erpnext/home/page/profile_settings/profile_settings.py
index ef969ca46f..cbfb188b9d 100644
--- a/erpnext/home/page/profile_settings/profile_settings.py
+++ b/erpnext/home/page/profile_settings/profile_settings.py
@@ -2,6 +2,7 @@ import webnotes
 
 from webnotes.utils import load_json, cint, nowdate
 
+@webnotes.whitelist()
 def change_password(arg):
 	"""
 		Change password
@@ -15,12 +16,14 @@ def change_password(arg):
 	webnotes.conn.sql("update tabProfile set password=password(%s), modified=%s where name=%s",(arg['new_password'], nowdate(), webnotes.session['user']))
 	webnotes.msgprint('Password Updated');
 
+@webnotes.whitelist()
 def get_user_details(arg=None):
 	"""
 		Returns user first name, last name and bio
 	"""
 	return webnotes.conn.sql("select first_name, last_name, bio from tabProfile where name=%s", webnotes.user.name, as_dict=1)[0]
 	
+@webnotes.whitelist()
 def set_user_details(arg=None):
 	"""
 		updates user details given in argument
@@ -35,6 +38,7 @@ def set_user_details(arg=None):
 	p.save()
 	webnotes.msgprint('Updated')
 
+@webnotes.whitelist()
 def set_user_image(fid, fname):
 	"""
 		Set uploaded image as user image
diff --git a/erpnext/knowledge_base/page/question_view/question_view.py b/erpnext/knowledge_base/page/question_view/question_view.py
index a2eafbcf59..c711b9054f 100644
--- a/erpnext/knowledge_base/page/question_view/question_view.py
+++ b/erpnext/knowledge_base/page/question_view/question_view.py
@@ -1,19 +1,22 @@
 import webnotes
 from webnotes.utils import load_json, cstr, now
 
-# update the editable text item
+@webnotes.whitelist()
 def update_item(args):
 	args = load_json(args)
 	
 	webnotes.conn.sql("update `tab%s` set `%s`=%s, modified=%s where name=%s" \
 		% (args['dt'], args['fn'], '%s', '%s', '%s'), (args['text'], now(), args['dn']))
-		
+
+@webnotes.whitelist()
 def has_answered(arg):
 	return webnotes.conn.sql("select name from tabAnswer where owner=%s and question=%s", (webnotes.user.name, arg)) and 'Yes' or 'No'
 
+@webnotes.whitelist()
 def get_question(arg):
 	return cstr(webnotes.conn.sql("select question from tabQuestion where name=%s", arg)[0][0])
 
+@webnotes.whitelist()
 def add_answer(args):
 	args = load_json(args)
 	
diff --git a/erpnext/knowledge_base/page/questions/questions.py b/erpnext/knowledge_base/page/questions/questions.py
index 5f8b209fe2..d3f0d7c52e 100644
--- a/erpnext/knowledge_base/page/questions/questions.py
+++ b/erpnext/knowledge_base/page/questions/questions.py
@@ -3,6 +3,7 @@ import webnotes
 from webnotes.utils import load_json, cint, cstr
 
 # add a new question
+@webnotes.whitelist()
 def add_question(arg):
 	args = load_json(arg)
 	
@@ -22,7 +23,7 @@ def add_question(arg):
 					'notify': 1
 				})
 	
-	
+@webnotes.whitelist()
 def vote(arg):
 	args = load_json(arg)
 	
@@ -36,6 +37,7 @@ def vote(arg):
 	
 	return p
 
+@webnotes.whitelist()
 def delete(arg):
 	"""
 		delete a question or answer (called from kb toolbar)
diff --git a/erpnext/selling/page/customers/__init__.py b/erpnext/selling/page/customers/__init__.py
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/erpnext/selling/page/customers/customers.html b/erpnext/selling/page/customers/customers.html
deleted file mode 100644
index 9f3d19c0c9..0000000000
--- a/erpnext/selling/page/customers/customers.html
+++ /dev/null
@@ -1 +0,0 @@
-<div id="dcv_customers"></div>
\ No newline at end of file
diff --git a/erpnext/selling/page/customers/customers.js b/erpnext/selling/page/customers/customers.js
deleted file mode 100644
index 7902e2476b..0000000000
--- a/erpnext/selling/page/customers/customers.js
+++ /dev/null
@@ -1,34 +0,0 @@
-//make tabs
-
-pscript.onload_customers = function() {
-	make_customer_tab($i('dcv_customers'));
-}
-
-function make_customer_tab(parent) {	
-	pscript.dcv_customers = new wn.widgets.DocColumnView('Customers', parent, 
-		['Customer Group', 'Customer', 'Contact'], {
-		'Customer Group': { 
-			show_fields : ['name'],
-			create_fields : ['name'],
-			search_fields : ['name'],
-			next_col: 'Customer'
-		},
-		'Customer': { 
-			show_fields : ['name', 'customer_name'],
-			create_fields : ['name', 'customer_name'],
-			search_fields : ['customer_name'],
-			filter_by : ['Customer Group', 'customer_group'],
-			next_col: 'Contact'
-		},
-		'Contact': { 
-			show_fields : ['name', 'first_name', 'last_name'],
-			create_fields : ['name','first_name', 'last_name'],
-			search_fields : ['first_name', 'last_name'],
-			conditions: ['is_customer=1'],
-			set_values: {'is_customer': 1 },
-			filter_by : ['Customer', 'customer']
-		},
-	})
-}
-
-
diff --git a/erpnext/selling/page/customers/customers.txt b/erpnext/selling/page/customers/customers.txt
deleted file mode 100644
index 7f44ab45e7..0000000000
--- a/erpnext/selling/page/customers/customers.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-[
-	{
-		'content': None,
-		'creation': '2011-03-25 13:48:50',
-		'docstatus': 0,
-		'doctype': 'Page',
-		'icon': None,
-		'idx': None,
-		'menu_index': None,
-		'modified': '2011-03-25 13:48:50',
-		'modified_by': 'Administrator',
-		'module': 'CRM',
-		'name': 'customers',
-		'owner': 'Administrator',
-		'page_name': 'Customers',
-		'parent': None,
-		'parent_node': None,
-		'parentfield': None,
-		'parenttype': None,
-		'script': None,
-		'show_in_menu': None,
-		'standard': 'Yes',
-		'static_content': None,
-		'style': None
-	}
-]
\ No newline at end of file
diff --git a/erpnext/setup/doctype/manage_account/manage_account.py b/erpnext/setup/doctype/manage_account/manage_account.py
index 757d323fef..eed566e55e 100644
--- a/erpnext/setup/doctype/manage_account/manage_account.py
+++ b/erpnext/setup/doctype/manage_account/manage_account.py
@@ -30,17 +30,10 @@ class DocType:
 		from webnotes.utils import fmt_money, flt
 		bal = webnotes.conn.sql("select `tabAccount Balance`.balance,`tabAccount`.debit_or_credit from `tabAccount`,`tabAccount Balance` where `tabAccount Balance`.account=%s and `tabAccount Balance`.period=%s and `tabAccount Balance`.account=`tabAccount`.name ",(arg,self.doc.current_fiscal_year))
 		if bal:
-			return fmt_money(flt(bal[0][0])) + ' ' + bal[0][1]
-	
-	def validate(self):
-		"""validate"""
-		if not (self.doc.account_url and (self.doc.account_url.startswith('http://') \
-			or self.doc.account_url.startswith('https://'))):
-			webnotes.msgprint("Account URL must start with 'http://' or 'https://'", raise_exception=1)
+			return fmt_money(flt(bal[0][0])) + ' ' + bal[0][1]	
 	
 	def on_update(self):
 		"""update defaults"""
-		self.validate()
 		
 		for key in keydict:
 			webnotes.conn.set_default(key, self.doc.fields.get(keydict[key], ''))
diff --git a/erpnext/setup/doctype/setup_control/setup_control.py b/erpnext/setup/doctype/setup_control/setup_control.py
index 6616338e42..f217402360 100644
--- a/erpnext/setup/doctype/setup_control/setup_control.py
+++ b/erpnext/setup/doctype/setup_control/setup_control.py
@@ -140,7 +140,7 @@ class DocType:
 		for d in def_args.keys():
 			ma_obj.doc.fields[d] = def_args[d]
 		ma_obj.doc.save()
-		ma_obj.update_cp()
+		ma_obj.on_update()
 
 
 	# Set Control Panel Defaults
diff --git a/erpnext/setup/page/people/__init__.py b/erpnext/setup/page/people/__init__.py
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/erpnext/setup/page/people/people.html b/erpnext/setup/page/people/people.html
deleted file mode 100644
index ad31e38510..0000000000
--- a/erpnext/setup/page/people/people.html
+++ /dev/null
@@ -1 +0,0 @@
-<div id="crm_home"></div>
\ No newline at end of file
diff --git a/erpnext/setup/page/people/people.js b/erpnext/setup/page/people/people.js
deleted file mode 100644
index fd316bf098..0000000000
--- a/erpnext/setup/page/people/people.js
+++ /dev/null
@@ -1,32 +0,0 @@
-//make tabs
-
-pscript.onload_people = function() {
-	make_customer_tab($i('crm_home'));
-}
-
-function make_customer_tab(parent) {	
-	new wn.widgets.DocColumnView('Customers', parent, ['Customer Group', 'Customer', 'Contact'], {
-		'Customer Group': { 
-			show_fields : ['name'],
-			create_fields : ['name'],
-			search_fields : ['name'],
-			next_col: 'Customer'
-		},
-		'Customer': { 
-			show_fields : ['name', 'customer_name'],
-			create_fields : ['name', 'customer_name'],
-			search_fields : ['customer_name'],
-			filter_by : ['Customer Group', 'customer_group'],
-			next_col: 'Contact'
-		},
-		'Contact': { 
-			show_fields : ['name', 'first_name', 'last_name'],
-			create_fields : ['name','first_name', 'last_name'],
-			search_fields : ['first_name', 'last_name'],
-			conditions: ['is_customer=1'],
-			filter_by : ['Customer', 'customer']
-		},
-	})
-}
-
-
diff --git a/erpnext/setup/page/people/people.txt b/erpnext/setup/page/people/people.txt
deleted file mode 100644
index 3e7bba297f..0000000000
--- a/erpnext/setup/page/people/people.txt
+++ /dev/null
@@ -1,26 +0,0 @@
-[
-	{
-		'content': None,
-		'creation': '2011-03-21 12:12:32',
-		'docstatus': 0,
-		'doctype': 'Page',
-		'icon': None,
-		'idx': None,
-		'menu_index': None,
-		'modified': '2011-03-21 12:13:39',
-		'modified_by': 'Administrator',
-		'module': 'Setup',
-		'name': 'people',
-		'owner': 'Administrator',
-		'page_name': 'People',
-		'parent': None,
-		'parent_node': None,
-		'parentfield': None,
-		'parenttype': None,
-		'script': None,
-		'show_in_menu': None,
-		'standard': 'Yes',
-		'static_content': None,
-		'style': None
-	}
-]
\ No newline at end of file
diff --git a/erpnext/website/page/blog/blog.py b/erpnext/website/page/blog/blog.py
index 6e7a62e6aa..2773624f4b 100644
--- a/erpnext/website/page/blog/blog.py
+++ b/erpnext/website/page/blog/blog.py
@@ -1,4 +1,6 @@
 import webnotes
+
+@webnotes.whitelist()
 def subscribe(arg):
 	"""subscribe to blog (blog_subscriber)"""
 	if webnotes.conn.sql("""select name from `tabBlog Subscriber` where name=%s""", arg):
diff --git a/erpnext/website/page/contact/contact.py b/erpnext/website/page/contact/contact.py
index a6566a9b84..2fd00f7681 100644
--- a/erpnext/website/page/contact/contact.py
+++ b/erpnext/website/page/contact/contact.py
@@ -1,5 +1,6 @@
 import json, webnotes
 
+@webnotes.whitelist()
 def send(args):
 	"""create support ticket"""
 	args = json.loads(args)
diff --git a/erpnext/website/page/unsubscribe/unsubscribe.py b/erpnext/website/page/unsubscribe/unsubscribe.py
index 57d1d47f86..c310c61dec 100644
--- a/erpnext/website/page/unsubscribe/unsubscribe.py
+++ b/erpnext/website/page/unsubscribe/unsubscribe.py
@@ -1,6 +1,8 @@
+import webnotes
+
+@webnotes.whitelist()
 def unsubscribe(arg):
 	"""unsubscribe from lists"""
-	import webnotes
 	lists = [['Blog Subscriber', 'name']]
 	for l in lists:
 		webnotes.conn.sql("""delete from `tab%s` where %s=%s""" % (l[0], l[1], '%s'), arg)