added whitelist check

erpnext/accounts/__init__.py

@@ -2,6 +2,7 @@ import webnotes
 from webnotes.utils import flt
 from webnotes.model.code import get_obj
 
+@webnotes.whitelist()
 def get_default_bank_account():
 	"""
 		Get default bank account for a company
@@ -14,7 +15,7 @@ def get_default_bank_account():
 	
 	if res: return res[0][0]
 
-
+@webnotes.whitelist()
 def get_new_jv_details():
 	"""
 		Get details which will help create new jv on sales/purchase return

erpnext/home/page/dashboard/dashboard.py

@@ -54,11 +54,12 @@ dashboards = [
 	}
 ]
 
+import webnotes
+
 class DashboardWidget:
 	def __init__(self, company, start, end, interval):
 		from webnotes.utils import getdate
 		from webnotes.model.code import get_obj
-		import webnotes
 		
 		self.company = company
 		self.abbr = webnotes.conn.get_value('Company', company, 'abbr')
@@ -233,7 +234,7 @@ class DashboardWidget:
 		elif opts['type']=='creation':
 			return self.get_creation_trend(opts['doctype'], start, end)
 
-
+@webnotes.whitelist()
 def load_dashboard(args):
 	"""
 		Get dashboard based on

erpnext/home/page/event_updates/event_updates.py

@@ -1,6 +1,7 @@
 import webnotes
 from webnotes.utils import cint
 
+@webnotes.whitelist()
 def get_online_users():
 	# get users
 	return webnotes.conn.sql("""SELECT DISTINCT t1.user, t2.first_name, t2.last_name 
@@ -9,9 +10,7 @@ def get_online_users():
 		and t1.user not in ('Guest','Administrator')
 		and TIMESTAMPDIFF(HOUR,t1.lastupdate,NOW()) <= 1""", as_list=1) or []
 
-#
+@webnotes.whitelist()
-# get unread messages
-#
 def get_unread_messages():
 	"returns unread (docstatus-0 messages for a user)"
 	return cint(webnotes.conn.sql("""SELECT COUNT(*) FROM `tabComment Widget Record`
@@ -20,10 +19,9 @@ def get_unread_messages():
 	AND ifnull(docstatus,0)=0
 	""", webnotes.user.name)[0][0])
 
-#
+@webnotes.whitelist()
-# Get toolbar items
-#	
 def get_status_details(arg=None):
+	"""get toolbar items"""
 	from webnotes.utils import cint, date_diff, nowdate, get_defaults
 		
 	online = get_online_users()
@@ -43,6 +41,7 @@ def get_status_details(arg=None):
 	}
 	return ret
 
+@webnotes.whitelist()
 def get_setup_status():
 	"""
 		Returns the setup status of the current account

erpnext/home/page/my_company/my_company.py

@@ -6,13 +6,12 @@ from webnotes.model.doc import Document
 try: import json
 except: import simplejson as json
 
+@webnotes.whitelist()
 def get_account_settings_url(arg=''):
 	import server_tools.gateway_utils
 	return server_tools.gateway_utils.get_account_settings_url()
 
-#
+@webnotes.whitelist()
-# set max users
-#
 def get_max_users(arg=''):
 	from server_tools.gateway_utils import get_max_users_gateway
 	return {
@@ -20,16 +19,12 @@ def get_max_users(arg=''):
 		'enabled': cint(webnotes.conn.sql("select count(*) from tabProfile where ifnull(enabled,0)=1 and name not in ('Administrator', 'Guest')")[0][0])
 	}
 
-#
+@webnotes.whitelist()
-# enable profile in local
-#
 def enable_profile(arg=''):
 	webnotes.conn.sql("update tabProfile set enabled=1 where name=%s", arg)
 	return 1
 		
-#
+@webnotes.whitelist()
-# disable profile in local
-#
 def disable_profile(arg=''):
 	if arg=='Administrator':
 		return 'Cannot disable Administrator'
@@ -38,9 +33,7 @@ def disable_profile(arg=''):
 	webnotes.login_manager.logout(user=arg)
 	return 0
 
-#
+@webnotes.whitelist()
-# delete user
-#
 def delete_user(args):
 	args = json.loads(args)
 	webnotes.conn.sql("update tabProfile set enabled=0, docstatus=2 where name=%s", args['user'])
@@ -49,9 +42,7 @@ def delete_user(args):
 		from server_tools.gateway_utils import remove_user_gateway
 		remove_user_gateway(args['user'])
 
-#
+@webnotes.whitelist()
-# add user
-#
 def add_user(args):
 	args = json.loads(args)
 	# erpnext-saas
@@ -61,9 +52,7 @@ def add_user(args):
 	
 	add_profile(args)
 	
-#
+@webnotes.whitelist()
-# add profile record
-#
 def add_profile(args):
 	from webnotes.utils import validate_email_add, now
 	email = args['user']
@@ -99,6 +88,7 @@ def add_profile(args):
 
 	send_welcome_mail(email, args)
 
+@webnotes.whitelist()
 def send_welcome_mail(email, args):
 	"""send welcome mail to user with password and login url"""
 	pr = Document('Profile', email)

erpnext/home/page/profile_settings/profile_settings.py

@@ -2,6 +2,7 @@ import webnotes
 
 from webnotes.utils import load_json, cint, nowdate
 
+@webnotes.whitelist()
 def change_password(arg):
 	"""
 		Change password
@@ -15,12 +16,14 @@ def change_password(arg):
 	webnotes.conn.sql("update tabProfile set password=password(%s), modified=%s where name=%s",(arg['new_password'], nowdate(), webnotes.session['user']))
 	webnotes.msgprint('Password Updated');
 
+@webnotes.whitelist()
 def get_user_details(arg=None):
 	"""
 		Returns user first name, last name and bio
 	"""
 	return webnotes.conn.sql("select first_name, last_name, bio from tabProfile where name=%s", webnotes.user.name, as_dict=1)[0]
 	
+@webnotes.whitelist()
 def set_user_details(arg=None):
 	"""
 		updates user details given in argument
@@ -35,6 +38,7 @@ def set_user_details(arg=None):
 	p.save()
 	webnotes.msgprint('Updated')
 
+@webnotes.whitelist()
 def set_user_image(fid, fname):
 	"""
 		Set uploaded image as user image

erpnext/knowledge_base/page/question_view/question_view.py

@@ -1,19 +1,22 @@
 import webnotes
 from webnotes.utils import load_json, cstr, now
 
-# update the editable text item
+@webnotes.whitelist()
 def update_item(args):
 	args = load_json(args)
 	
 	webnotes.conn.sql("update `tab%s` set `%s`=%s, modified=%s where name=%s" \
 		% (args['dt'], args['fn'], '%s', '%s', '%s'), (args['text'], now(), args['dn']))
 
+@webnotes.whitelist()
 def has_answered(arg):
 	return webnotes.conn.sql("select name from tabAnswer where owner=%s and question=%s", (webnotes.user.name, arg)) and 'Yes' or 'No'
 
+@webnotes.whitelist()
 def get_question(arg):
 	return cstr(webnotes.conn.sql("select question from tabQuestion where name=%s", arg)[0][0])
 
+@webnotes.whitelist()
 def add_answer(args):
 	args = load_json(args)
 	

erpnext/knowledge_base/page/questions/questions.py

@@ -3,6 +3,7 @@ import webnotes
 from webnotes.utils import load_json, cint, cstr
 
 # add a new question
+@webnotes.whitelist()
 def add_question(arg):
 	args = load_json(arg)
 	
@@ -22,7 +23,7 @@ def add_question(arg):
 					'notify': 1
 				})
 	
-	
+@webnotes.whitelist()
 def vote(arg):
 	args = load_json(arg)
 	
@@ -36,6 +37,7 @@ def vote(arg):
 	
 	return p
 
+@webnotes.whitelist()
 def delete(arg):
 	"""
 		delete a question or answer (called from kb toolbar)

erpnext/selling/page/customers/customers.html

@@ -1 +0,0 @@
-<div id="dcv_customers"></div>

erpnext/selling/page/customers/customers.js

@@ -1,34 +0,0 @@
-//make tabs
-
-pscript.onload_customers = function() {
-	make_customer_tab($i('dcv_customers'));
-}
-
-function make_customer_tab(parent) {	
-	pscript.dcv_customers = new wn.widgets.DocColumnView('Customers', parent, 
-		['Customer Group', 'Customer', 'Contact'], {
-		'Customer Group': { 
-			show_fields : ['name'],
-			create_fields : ['name'],
-			search_fields : ['name'],
-			next_col: 'Customer'
-		},
-		'Customer': { 
-			show_fields : ['name', 'customer_name'],
-			create_fields : ['name', 'customer_name'],
-			search_fields : ['customer_name'],
-			filter_by : ['Customer Group', 'customer_group'],
-			next_col: 'Contact'
-		},
-		'Contact': { 
-			show_fields : ['name', 'first_name', 'last_name'],
-			create_fields : ['name','first_name', 'last_name'],
-			search_fields : ['first_name', 'last_name'],
-			conditions: ['is_customer=1'],
-			set_values: {'is_customer': 1 },
-			filter_by : ['Customer', 'customer']
-		},
-	})
-}
-
-

erpnext/selling/page/customers/customers.txt

@@ -1,26 +0,0 @@
-[
-	{
-		'content': None,
-		'creation': '2011-03-25 13:48:50',
-		'docstatus': 0,
-		'doctype': 'Page',
-		'icon': None,
-		'idx': None,
-		'menu_index': None,
-		'modified': '2011-03-25 13:48:50',
-		'modified_by': 'Administrator',
-		'module': 'CRM',
-		'name': 'customers',
-		'owner': 'Administrator',
-		'page_name': 'Customers',
-		'parent': None,
-		'parent_node': None,
-		'parentfield': None,
-		'parenttype': None,
-		'script': None,
-		'show_in_menu': None,
-		'standard': 'Yes',
-		'static_content': None,
-		'style': None
-	}
-]

erpnext/setup/doctype/manage_account/manage_account.py

@@ -32,15 +32,8 @@ class DocType:
 		if bal:
 			return fmt_money(flt(bal[0][0])) + ' ' + bal[0][1]	
 	
-	def validate(self):
-		"""validate"""
-		if not (self.doc.account_url and (self.doc.account_url.startswith('http://') \
-			or self.doc.account_url.startswith('https://'))):
-			webnotes.msgprint("Account URL must start with 'http://' or 'https://'", raise_exception=1)
-	
 	def on_update(self):
 		"""update defaults"""
-		self.validate()
 		
 		for key in keydict:
 			webnotes.conn.set_default(key, self.doc.fields.get(keydict[key], ''))

erpnext/setup/doctype/setup_control/setup_control.py

@@ -140,7 +140,7 @@ class DocType:
 		for d in def_args.keys():
 			ma_obj.doc.fields[d] = def_args[d]
 		ma_obj.doc.save()
-		ma_obj.update_cp()
+		ma_obj.on_update()
 
 
 	# Set Control Panel Defaults

erpnext/setup/page/people/people.html

@@ -1 +0,0 @@
-<div id="crm_home"></div>

erpnext/setup/page/people/people.js

@@ -1,32 +0,0 @@
-//make tabs
-
-pscript.onload_people = function() {
-	make_customer_tab($i('crm_home'));
-}
-
-function make_customer_tab(parent) {	
-	new wn.widgets.DocColumnView('Customers', parent, ['Customer Group', 'Customer', 'Contact'], {
-		'Customer Group': { 
-			show_fields : ['name'],
-			create_fields : ['name'],
-			search_fields : ['name'],
-			next_col: 'Customer'
-		},
-		'Customer': { 
-			show_fields : ['name', 'customer_name'],
-			create_fields : ['name', 'customer_name'],
-			search_fields : ['customer_name'],
-			filter_by : ['Customer Group', 'customer_group'],
-			next_col: 'Contact'
-		},
-		'Contact': { 
-			show_fields : ['name', 'first_name', 'last_name'],
-			create_fields : ['name','first_name', 'last_name'],
-			search_fields : ['first_name', 'last_name'],
-			conditions: ['is_customer=1'],
-			filter_by : ['Customer', 'customer']
-		},
-	})
-}
-
-

erpnext/setup/page/people/people.txt

@@ -1,26 +0,0 @@
-[
-	{
-		'content': None,
-		'creation': '2011-03-21 12:12:32',
-		'docstatus': 0,
-		'doctype': 'Page',
-		'icon': None,
-		'idx': None,
-		'menu_index': None,
-		'modified': '2011-03-21 12:13:39',
-		'modified_by': 'Administrator',
-		'module': 'Setup',
-		'name': 'people',
-		'owner': 'Administrator',
-		'page_name': 'People',
-		'parent': None,
-		'parent_node': None,
-		'parentfield': None,
-		'parenttype': None,
-		'script': None,
-		'show_in_menu': None,
-		'standard': 'Yes',
-		'static_content': None,
-		'style': None
-	}
-]

erpnext/website/page/blog/blog.py

@@ -1,4 +1,6 @@
 import webnotes
+
+@webnotes.whitelist()
 def subscribe(arg):
 	"""subscribe to blog (blog_subscriber)"""
 	if webnotes.conn.sql("""select name from `tabBlog Subscriber` where name=%s""", arg):

erpnext/website/page/contact/contact.py

@@ -1,5 +1,6 @@
 import json, webnotes
 
+@webnotes.whitelist()
 def send(args):
 	"""create support ticket"""
 	args = json.loads(args)

erpnext/website/page/unsubscribe/unsubscribe.py

@@ -1,6 +1,8 @@
+import webnotes
+
+@webnotes.whitelist()
 def unsubscribe(arg):
 	"""unsubscribe from lists"""
-	import webnotes
 	lists = [['Blog Subscriber', 'name']]
 	for l in lists:
 		webnotes.conn.sql("""delete from `tab%s` where %s=%s""" % (l[0], l[1], '%s'), arg)