added whitelist check

py/webnotes/__init__.py

@@ -119,6 +119,7 @@ remote_ip = get_env_vars('REMOTE_ADDR')		#Required for login from python shell
 logger = None
 	
 def get_db_password(db_name):
+	"""get db password from defs"""
 	import defs
 	
 	if hasattr(defs, 'get_db_password'):
@@ -128,4 +129,24 @@ def get_db_password(db_name):
 		return defs.db_password
 		
 	else:
-		return db_name
+		return db_name
+
+whitelisted = []
+guest_methods = []
+def whitelist(allow_guest=False):
+	"""
+	decorator for whitelisting a function
+	
+	Note: if the function is allowed to be accessed by a guest user,
+	it must explicitly be marked as allow_guest=True
+	"""
+	def innerfn(fn):
+		global whitelisted, guest_methods
+		whitelisted.append(fn)
+
+		if allow_guest:
+			guest_methods.append(fn)
+
+		return fn
+
+	return innerfn

py/webnotes/handler.py

@@ -15,9 +15,7 @@ errmethod = ''
 
 # Logs
 
-# refresh / start page
-# ------------------------------------------------------------------------------------
-
+@webnotes.whitelist(allow_guest=True)
 def startup():
 	import webnotes
 	import webnotes.session_cache
@@ -32,10 +30,12 @@ def cleanup_docs():
 # server calls
 # ------------------------------------------------------------------------------------
 
+@webnotes.whitelist()
 def runserverobj(arg=None):
 	import webnotes.widgets.form.run_method
 	webnotes.widgets.form.run_method.runserverobj()
 
+@webnotes.whitelist()
 def logout():
 	webnotes.login_manager.logout()
 
@@ -43,6 +43,7 @@ def logout():
 # DocType Mapper
 # ------------------------------------------------------------------------------------
 
+@webnotes.whitelist()
 def dt_map():
 	import webnotes
 	import webnotes.model.utils
@@ -65,6 +66,7 @@ def dt_map():
 # Load Month Events
 # ------------------------------------------------------------------------------------
 
+@webnotes.whitelist()
 def load_month_events():
 	import webnotes
 	form = webnotes.form
@@ -80,6 +82,7 @@ def load_month_events():
 # Data import
 # ------------------------------------------------------------------------------------
 
+@webnotes.whitelist()
 def import_csv():
 	import webnotes.model.import_docs
 	form = webnotes.form
@@ -92,6 +95,7 @@ def import_csv():
 	rhead = '''<style>body, html {font-family: Arial; font-size: 12px;}</style>'''
 	webnotes.response['result']= rhead + r
 
+@webnotes.whitelist()
 def get_template():
 	import webnotes.model.import_docs
 	webnotes.model.import_docs.get_template()
@@ -100,6 +104,7 @@ def get_template():
 # File Upload
 # ------------------------------------------------------------------------------------
 
+@webnotes.whitelist()
 def uploadfile():
 	import webnotes.utils.file_manager
 	if webnotes.form_dict.get('from_form'):
@@ -127,6 +132,7 @@ def uploadfile():
 # File upload (from scripts)
 # ------------------------------------------------------------------------------------
 
+@webnotes.whitelist()
 def upload_many():
 	from webnotes.model.code import get_obj
 
@@ -143,8 +149,7 @@ def upload_many():
 	webnotes.response['type'] = 'iframe'
 
 
-# File download
-# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
 def get_file():
 	import webnotes
 	import webnotes.utils.file_manager
@@ -162,6 +167,7 @@ def get_file():
 	else:
 		webnotes.msgprint('[get_file] Unknown file name')
 
+@webnotes.whitelist(allow_guest=True)
 def reset_password():
 	form_dict = webnotes.form_dict
 	from webnotes.model.code import get_obj
@@ -198,6 +204,16 @@ def execute_cmd(cmd):
 	validate_cmd(cmd)
 	method = get_method(cmd)
 
+	# check if whitelisted
+	if webnotes.session['user'] == 'Guest':
+		if (method not in webnotes.guest_methods):
+			webnotes.msgprint('Not Allowed, %s' % str(method))
+			raise Exception, 'Not Allowed, %s' % str(method)
+	else:
+		if not method in webnotes.whitelisted:
+			webnotes.msgprint('Not Allowed, %s' % str(method))
+			raise Exception, 'Not Allowed, %s' % str(method)
+		
 	if not webnotes.conn.in_transaction:
 		webnotes.conn.begin()
 

py/webnotes/model/__init__.py

@@ -35,7 +35,7 @@ def check_if_doc_is_linked(dt, dn):
 			if item:
 				webnotes.msgprint("Cannot delete %s <b>%s</b> because it is linked in %s <b>%s</b>" % (dt, dn, link_dt, item[0][0]), raise_exception=1)
 
-
+@webnotes.whitelist
 def delete_doc(doctype=None, name=None, doclist = None, force=0):
 	"""
 		Deletes a doc(dt, dn) and validates if it is not submitted and not linked in a live record

py/webnotes/multi_tenant/__init__.py

@@ -1 +0,0 @@
-shared_tables = ['DocType','DocPerm','DocField','Role','Print Format','Module Def']

py/webnotes/multi_tenant/query_parser.py

@@ -1,38 +0,0 @@
-import sqlparse
-import webnotes
-import webnotes.query_parser
-
-def get_tables(parsed):
-	start = 0
-	for t in parsed[0].tokens:
-		if str(t.ttype)=='Token.Keyword' and t.value.lower()=='from':
-			start = 1
-		if start and type(t).__name__=='Identifier':
-			return [(str(t.get_real_name())),]
-			
-		if start and type(t).__name__=='IdentifierList':
-			return [str(i.get_real_name()) for i in t.get_identifiers()]
-	
-	return tl
-				
-def add_condition(query):
-	parsed = sqlparse.parse(query)
-	
-	# get the tables
-	tl = get_tables(parsed)
-	
-	# rebuild the query till the where clause
-	q = ''
-	for t in parsed[0].tokens:
-		q += str(t)
-		
-		# where clause comes here
-		if type(t).__name__=='Where':
-		
-			# add the conditions for the tables
-			for t in tl:
-				if t not in webnotes.query_parser.shared_tables:
-					q += ' and %s._tenant_id=%s' % (t, webnotes.tenant_id)
-	
-	return q
-		

py/webnotes/multi_tenant/setup.py

@@ -1,19 +0,0 @@
-import webnotes
-
-# setup all tables for multi-tenant
-# ---------------------------------
-def setup_tables():
-	import webnotes.multi_tenant
-	
-	tl = webnotes.conn.sql("show tables")
-	for t in tl:
-		add_tenant_id(t[0])
-		change_primary_key(t[0])
-
-def add_tenant_id(tname):
-	webnotes.conn.sql("alter table `%s` add column _tenant_id int(10) default 0 not null")
-		
-def change_primary_key(tname):
-	webnotes.conn.sql("alter table `%s` drop primary key name")
-	webnotes.conn.sql("alter table `%s` add primary key (name, _tenant_id)")
-		

py/webnotes/profile.py

@@ -148,6 +148,9 @@ class Profile:
 			and not (dt in child_tables):
 			r = webnotes.conn.sql("select recent_documents from tabProfile where name=%s", \
 				self.name)[0][0] or ''
+
+			if '~~~' in r:
+				r = '[]'
 			
 			rdl = json.loads(r or '[]')
 			new_rd = [dt, dn]
@@ -205,6 +208,7 @@ class Profile:
 		self.roles = d['roles']
 		self.defaults = d['defaults']
 
+@webnotes.whitelist()
 def get_user_img():
 	if not webnotes.form.getvalue('username'):
 		webnotes.response['message'] = 'no_img_m'

py/webnotes/session_cache.py

@@ -6,6 +6,7 @@ permission, homepage, control panel variables, system defaults etc
 """
 import webnotes
 
+@webnotes.whitelist()
 def clear():
 	"""clear all cache"""
 	clear_cache()

py/webnotes/utils/__init__.py

@@ -516,6 +516,7 @@ def clear_recycle_bin():
 # Send Error Report
 # ==============================================================================
 
+@webnotes.whitelist()
 def send_error_report():
 	sql = webnotes.conn.sql
 	m = ''

py/webnotes/utils/backups.py

@@ -115,7 +115,7 @@ class BackupGenerator:
 		
 		return recipient_list
 		
-#-------------------------------------------------------------------------------
+@webnotes.whitelist()
 def get_backup():
 	"""
 		This function is executed when the user clicks on 

py/webnotes/utils/email_lib/__init__.py

@@ -72,7 +72,7 @@ def get_footer():
 	footer += (webnotes.conn.get_global('global_mail_footer') or '')
 	return footer
 
-
+@webnotes.whitelist()
 def send_form():
 	"""
 		Emails a print format (form)
@@ -82,12 +82,11 @@ def send_form():
 	from webnotes.utils.email_lib.form_email import FormEmail
 	FormEmail().send()
 
-
+@webnotes.whitelist()
 def get_contact_list():
 	"""
 		Returns contacts (from autosuggest)
 	"""
-	import webnotes
 
 	cond = ['`%s` like "%s%%"' % (f, webnotes.form.getvalue('txt')) for f in webnotes.form.getvalue('where').split(',')]
 	cl = webnotes.conn.sql("select `%s` from `tab%s` where %s" % (

py/webnotes/widgets/event.py

@@ -1,8 +1,9 @@
 # Event
 # -------------
+import webnotes
 
+@webnotes.whitelist()
 def get_cal_events(m_st, m_end):
-	import webnotes
 	import webnotes.model.doc
 	
 	sql = webnotes.conn.sql
@@ -34,8 +35,8 @@ def get_cal_events(m_st, m_end):
 # Load Month Events
 # -----------------
 
+@webnotes.whitelist()
 def load_month_events():
-	import webnotes
 	from webnotes.utils import cint
 	
 	form = webnotes.form

py/webnotes/widgets/follow.py

@@ -1,134 +0,0 @@
-"""
-Server side methods for the follower pattern (Follow button used in forms)
-"""
-
-import webnotes
-form = webnotes.form_dict
-
-#
-# Follow
-#
-def follow(dt=None, dn=None, user=None, verbose=0):
-	"Add as follower to a particular record. If no parameteres, then take from the http request (form)"
-	
-	if not dt: 
-		dt, dn, user = form.get('dt'), form.get('dn'), form.get('user')
-		verbose = 1
-
-	if not user: return
-
-	if not is_follower(dt, dn, user):
-		make_follower(dt, dn, user, verbose)
-	else:
-		if verbose: webnotes.msgprint("%s is already a follower!" % user)
-
-	return load_followers(dt, dn)
-
-def make_follower(dt, dn, user, verbose):
-	"Add the user as a follower"
-	if has_permission(dt, user):
-		from webnotes.model.doc import Document
-		d = Document('Follower')
-		d.doc_type = dt
-		d.doc_name = dn
-		d.owner = user
-		d.save(1)
-	else:
-		if verbose: webnotes.msgprint('%s does not have sufficient permission to follow' % user)
-		
-def has_permission(dt, user):
-	"Check to see if the user has permission to follow"
-
-	return webnotes.conn.sql("select name from tabDocPerm where parent=%s and ifnull(`read`,0)=1 and role in ('%s') limit 1" \
-		% ('%s', ("', '".join(webnotes.user.get_roles()))), dt)
-	
-def is_follower(dt, dn, user):
-	"returns true if given user is a follower"
-	
-	return webnotes.conn.sql("""
-		select name from tabFollower 
-		where ifnull(doc_type,'')=%s 
-		and ifnull(doc_name,'')=%s 
-		and owner=%s""", (dt, dn, user))
-#
-# Unfollow
-#
-def unfollow(dt=None, dn=None, user=None):
-	"Unfollow a particular record. If no parameteres, then take from the http request (form)"
-
-	if not dt:
-		dt, dn, user = form.get('dt'), form.get('dn'), form.get('user')
-
-	webnotes.conn.sql("delete from tabFollower where doc_name=%s and doc_type=%s and owner=%s", (dn, dt, user))
-
-	return load_followers(dt, dn)
-
-#
-# Load followers
-#
-def load_followers(dt=None, dn=None):
-	"returns list of followers (Full Names) for a particular object"
-
-	if not dt: dt, dn = form.get('dt'), form.get('dn')
-		
-	try:
-		return [t[0] for t in webnotes.conn.sql("""
-			SELECT IFNULL(CONCAT(t1.first_name, if(t1.first_name IS NULL, '', ' '), t1.last_name), t1.name)
-			FROM tabProfile t1, tabFollower t2 WHERE t2.doc_type=%s AND t2.doc_name=%s 
-			AND t1.name = t2.owner""", (dt, dn))]
-			
-	except Exception, e:
-		if e.args[0] in (1146, 1054): 
-			setup()
-			return []
-		else:
-			raise e
-
-#
-# Email followers
-#
-def email_followers(dt, dn, msg_html=None, msg_text=None):
-	"Send an email to all followers of this object"
-	pass
-
-#
-# Update feed
-#
-def on_docsave(doc):
-	"Add the owner and all linked Profiles as followers"
-	follow(doc.doctype, doc.name, doc.owner)
-	for p in get_profile_fields(doc.doctype):
-		follow(doc.doctype, doc.name, doc.fields.get(p))
-
-	update_followers(doc = doc)
-
-#
-# update the follower record timestamp and subject
-#
-def update_followers(dt=None, dn=None, subject=None, update_by=None, doc=None):
-	"Updates the timestamp and subject in follower table (for feed generation)"
-	from webnotes.utils import now
-	webnotes.conn.sql("update tabFollower set modified=%s, subject=%s, modified_by=%s where doc_type=%s and doc_name=%s", \
-		(now(), 
-		subject or doc.fields.get('subject'), \
-		update_by or webnotes.session['user'],\
-		dt or doc.doctype, 
-		dn or doc.name))
-
-#
-# get type of "Profile" fields
-#
-def get_profile_fields(dt):
-	"returns a list of all profile link fields from the doctype"
-	return [f[0] for f in \
-		webnotes.conn.sql("select fieldname from tabDocField where parent=%s and fieldtype='Link' and options='Profile'", dt)]
-
-#
-# setup - make followers table
-#
-def setup():
-	"Make table for followers - if missing"
-	webnotes.conn.commit()
-	from webnotes.modules.module_manager import reload_doc
-	reload_doc('core', 'doctype', 'follower')
-	webnotes.conn.begin()	

py/webnotes/widgets/form/assign_to.py

@@ -2,12 +2,14 @@
 
 import webnotes
 
+@webnotes.whitelist()
 def get():
 	"""get assigned to"""
 	return webnotes.conn.sql("""select owner from `tabToDo Item`
 		where reference_type=%(doctype)s and reference_name=%(name)s
 		order by modified desc limit 5""", webnotes.form_dict, as_dict=1)
 		
+@webnotes.whitelist()
 def add():
 	"""add in someone's to do list"""
 	if webnotes.conn.sql("""select owner from `tabToDo Item`
@@ -39,7 +41,8 @@ def add():
 	
 	
 	return get()
-	
+
+@webnotes.whitelist()
 def remove():
 	"""remove from todo"""
 	webnotes.conn.sql("""delete from `tabToDo Item`

py/webnotes/widgets/form/comments.py

@@ -1,5 +1,6 @@
 import webnotes
 
+@webnotes.whitelist()
 def get_comments(doctype=None, docname=None, limit=5):
 	"""load last 5 comments"""
 	nc, cl = 0, []
@@ -18,7 +19,7 @@ def get_comments(doctype=None, docname=None, limit=5):
 
 		webnotes.response['n_comments'], webnotes.response['comment_list'] = nc, cl
 
-	
+@webnotes.whitelist()
 def add_comment():
 	"""add a new comment"""
 	import time
@@ -37,7 +38,8 @@ def add_comment():
 	import startup.event_handlers
 	if hasattr(startup.event_handlers, 'comment_added'):
 		startup.event_handlers.comment_added(cmt)
-  			
+
+@webnotes.whitelist()
 def remove_comment():
 	"""remove a comment"""
 	args = webnotes.form_dict

py/webnotes/widgets/form/load.py

@@ -1,6 +1,7 @@
 import webnotes
 import webnotes.model.doc
 
+@webnotes.whitelist()
 def getdoc():
 	"""
 	Loads a doclist for a given document. This method is called directly from the client.
@@ -33,7 +34,7 @@ def getdoc():
 
 	webnotes.response['docs'] = doclist
 
-
+@webnotes.whitelist()
 def getdoctype():
 	"""load doctype"""
 	import webnotes.model.doctype

py/webnotes/widgets/form/print_format.py

@@ -1,5 +1,6 @@
 import webnotes
 
+@webnotes.whitelist()
 def get():
 	"""load print format by `name`"""
 	import re

py/webnotes/widgets/form/run_method.py

@@ -1,5 +1,6 @@
 import webnotes
 
+@webnotes.whitelist()
 def runserverobj():
 	"""
 		Run server objects

py/webnotes/widgets/form/save.py

@@ -1,4 +1,6 @@
 import webnotes
+
+@webnotes.whitelist()
 def savedocs():
 	"""save / submit / cancel / update doclist"""
 	try:

py/webnotes/widgets/form/utils.py

@@ -1,9 +1,8 @@
+import webnotes
 
-# remove attachment
-#===========================================================================================
-
+@webnotes.whitelist()
 def remove_attach():
-	import webnotes
+	"""remove attachment"""
 	import webnotes.utils.file_manager
 	
 	fid = webnotes.form.getvalue('fid')
@@ -12,10 +11,9 @@ def remove_attach():
 	# remove from dt dn
 	return str(webnotes.utils.file_manager.remove_file_list(webnotes.form.getvalue('dt'), webnotes.form.getvalue('dn'), fid))
 
-# Get Fields - Counterpart to $c_get_fields
-#===========================================================================================
+@webnotes.whitelist()
 def get_fields():
-	import webnotes
+	"""get fields"""
 	r = {}
 	args = {
 		'select':webnotes.form.getvalue('select')
@@ -29,9 +27,9 @@ def get_fields():
 			r[f], i = ret[0][i], i+1
 	webnotes.response['message']=r
 
-# validate link
-#===========================================================================================
+@webnotes.whitelist()
 def validate_link():
+	"""validate link when updated by user"""
 	import webnotes
 	import webnotes.utils
 	
@@ -46,6 +44,8 @@ def validate_link():
 	
 		# get fetch values
 		if fetch:
-			webnotes.response['fetch_values'] = [webnotes.utils.parse_val(c) for c in webnotes.conn.sql("select %s from `tab%s` where name=%s" % (fetch, options, '%s'), value)[0]]
+			webnotes.response['fetch_values'] = [webnotes.utils.parse_val(c) \
+				for c in webnotes.conn.sql("select %s from `tab%s` where name=%s" \
+					% (fetch, options, '%s'), value)[0]]
 	
 		webnotes.response['message'] = 'Ok'

py/webnotes/widgets/menus.py

@@ -1,5 +1,7 @@
 """
 Server side methods called from DocBrowser
+
+Needs to be refactored
 """
 
 import webnotes
@@ -7,6 +9,7 @@ from webnotes.utils import cint, cstr
 
 sql = webnotes.conn.sql
 
+@webnotes.whitelist()
 def get_menu_items():
 	"""
 	   Returns a list of items to show in `Options` of the Web Notes Toolbar
@@ -39,9 +42,11 @@ def get_menu_items():
 		
 	return menuitems
 	
-# --------------------------------------------------------------
+@webnotes.whitelist()
 def has_result():
-	return sql("select name from `tab%s` limit 1" % webnotes.form_dict.get('dt')) and 'Yes' or 'No'
+	"""return Yes if the given dt has any records"""
+	return sql("select name from `tab%s` limit 1" % \
+		webnotes.form_dict.get('dt')) and 'Yes' or 'No'
 
 # --------------------------------------------------------------
 
@@ -91,6 +96,7 @@ def get_columns(out, sf, fl, dt, tag_fields):
 # NOTE: THIS SHOULD BE CACHED IN DOCTYPE CACHE
 # --------------------------------------------------------------
 
+@webnotes.whitelist()
 def get_dt_details():
 	"""
 		Returns details called by DocBrowser this includes:
@@ -148,19 +154,14 @@ def get_dt_details():
 	return out
 
 
-# --------------------------------------------------------------
-
+@webnotes.whitelist()
 def get_trend():
 	return {'trend': get_dt_trend(webnotes.form_dict.get('dt'))}
 
 
-
-
-
-#
-# delete and archive in docbrowser
-#
+@webnotes.whitelist()
 def delete_items():
+	"""delete selected items"""
 	il = eval(webnotes.form_dict.get('items'))
 	from webnotes.model import delete_doc
 	from webnotes.model.code import get_obj
@@ -171,9 +172,9 @@ def delete_items():
 			dt_obj.on_trash()
 		delete_doc(d[0], d[1])
 
-# --------------------------------------------------------------
-
+@webnotes.whitelist()
 def archive_items():
+	"""archinve selected items"""
 	il = eval(webnotes.form_dict.get('items'))
 	
 	from webnotes.utils.archive import archive_doc

py/webnotes/widgets/page.py

@@ -102,12 +102,14 @@ class Page:
 		else:
 			return []
 
+@webnotes.whitelist()
 def get(name):
 	"""
 	   Return the :term:`doclist` of the `Page` specified by `name`
 	"""
 	return Page(name).load()
 
+@webnotes.whitelist()
 def getpage():
 	"""
 	   Load the page from `webnotes.form` and send it via `webnotes.response`
@@ -118,6 +120,7 @@ def getpage():
 	webnotes.response['docs'] = doclist
 
 def get_page_path(page_name, module):
+	"""get path of the page html file"""
 	import os
 	import webnotes.defs
 	from webnotes.modules import scrub
@@ -125,7 +128,7 @@ def get_page_path(page_name, module):
 		'page', scrub(page_name), scrub(page_name) + '.html')
 	
 def get_page_html(page_name):
-	"""get html of page"""
+	"""get html of page, called from webnotes.cms.index"""
 	p = webnotes.conn.sql("""select module, content from tabPage where name=%s""", \
 		page_name, as_dict=1)
 

py/webnotes/widgets/query_builder.py

@@ -204,6 +204,7 @@ def build_description_standard(meta, tl):
 # Entry Point - Run the query
 # ====================================================================
 
+@webnotes.whitelist(allow_guest=True)
 def runquery(q='', ret=0, from_export=0):
 	import webnotes.utils
 
@@ -283,9 +284,8 @@ def runquery(q='', ret=0, from_export=0):
 
 		out['n_values'] = webnotes.utils.cint(sql(qm)[0][0])
 
-# Export to CSV
-# ====================================================================
 
+@webnotes.whitelist()
 def runquery_csv():
 	global out
 

py/webnotes/widgets/search.py

@@ -2,6 +2,7 @@
 import webnotes
 
 # this is called when a new doctype is setup for search - to set the filters
+@webnotes.whitelist()
 def getsearchfields():
 	sf = webnotes.conn.sql("""\
 		SELECT value FROM `tabProperty Setter`
@@ -72,6 +73,7 @@ def scrub_custom_query(query, key, txt):
 	return query
 
 # this is called by the Link Field
+@webnotes.whitelist()
 def search_link():
 	import webnotes.widgets.query_builder
 
@@ -89,6 +91,7 @@ def search_link():
 	webnotes.response['results'] = build_for_autosuggest(res)
 
 # this is called by the search box
+@webnotes.whitelist()
 def search_widget():
 	import webnotes.widgets.query_builder
 

py/webnotes/widgets/tags.py

@@ -20,6 +20,9 @@ Design:
 
 """
 
+import webnotes
+from webnotes.utils import cint, cstr, load_json
+
 
 def check_user_tags(dt):
 	"if the user does not have a tags column, then it creates one"
@@ -33,6 +36,7 @@ def check_user_tags(dt):
 #
 # Add a new tag
 #
+@webnotes.whitelist()
 def add_tag():
 	"adds a new tag to a record, and creates the Tag master"
 	
@@ -47,6 +51,7 @@ def add_tag():
 #
 # remove tag
 #
+@webnotes.whitelist()
 def remove_tag():
 	"removes tag from the record"
 	f = webnotes.form_dict
@@ -55,9 +60,6 @@ def remove_tag():
 	DocTags(dt).remove(dn, tag)
 
 
-
-import webnotes
-from webnotes.utils import cint, cstr, load_json
 		
 class DocTags:
 	"""Tags for a particular doctype"""
@@ -221,7 +223,6 @@ class TagCounter:
 
 
 
-
 def get_top_field_tags(dt):
 	from webnotes.model.doctype import get_property
 	tf = get_property(dt, 'tag_fields')
@@ -250,6 +251,7 @@ def get_top_field_tags(dt):
 # returns the top ranked 10 tags for the
 # doctype. 
 # merges the top tags from fields and user tags
+@webnotes.whitelist()
 def get_top_tags(args=''):
 	"returns the top 10 tags for the doctype from fields (7) and users (3)"
 	tl = None

py/webnotes/widgets/todo.py

@@ -1,49 +0,0 @@
-# ToDO and Reminder
-# -----------------
-
-def add_todo(user, date, priority, desc, ref_type, ref_name):
-	nlist = []
-	if type(user)==list:
-		for i in user:
-			nlist.append(add_todo_item(i, date, priority, desc, ref_type, ref_name))
-		return nlist
-	else:
-		return add_todo_item(user, date, priority, desc, ref_type, ref_name)	
-	
-def add_todo_item(user, date, priority, desc, ref_type, ref_name):
-	if not date:
-		date = nowdate()
-
-	d = Document('ToDo Item')
-	d.owner = user
-	d.date = date
-	d.priority = priority
-	d.description = desc
-	d.reference_type = ref_type
-	d.reference_name = ref_name
-	d.save(1)
-	return d.name
-	
-def remove_todo(name):
-	if type(name)==list:
-		for i in name:
-			sql("delete from `tabToDo Item` where name='%s'" % i)
-	else:
-		sql("delete from `tabToDo Item` where name='%s'" % name)
-
-def get_todo_list():
-	c = getcursor()
-	try:
-		role_options = ["role = '"+r+"'" for r in roles]
-		role_options = role_options and ' OR ' + ' OR '.join(role_options) or ''
-		c.execute("select * from `tabToDo Item` where owner='%s' %s" % (session['user'], role_options))
-	except: # deprecated
-		c.execute("select * from `tabToDo Item` where owner='%s'" % session['user'])
-	dataset = c.fetchall()
-	l = []
-	for i in range(len(dataset)):
-		d = Document('ToDo Item')
-		d.loadfields(dataset, i, c.description)
-		l.append(d)
-		
-	return l