diff --git a/py/webnotes/__init__.py b/py/webnotes/__init__.py
index 3a075d201b..d523e127c5 100644
--- a/py/webnotes/__init__.py
+++ b/py/webnotes/__init__.py
@@ -119,6 +119,7 @@ remote_ip = get_env_vars('REMOTE_ADDR') #Required for login from python shell
logger = None
def get_db_password(db_name):
+ """get db password from defs"""
import defs
if hasattr(defs, 'get_db_password'):
@@ -128,4 +129,24 @@ def get_db_password(db_name):
return defs.db_password
else:
- return db_name
\ No newline at end of file
+ return db_name
+
+whitelisted = []
+guest_methods = []
+def whitelist(allow_guest=False):
+ """
+ decorator for whitelisting a function
+
+ Note: if the function is allowed to be accessed by a guest user,
+ it must explicitly be marked as allow_guest=True
+ """
+ def innerfn(fn):
+ global whitelisted, guest_methods
+ whitelisted.append(fn)
+
+ if allow_guest:
+ guest_methods.append(fn)
+
+ return fn
+
+ return innerfn
\ No newline at end of file
diff --git a/py/webnotes/handler.py b/py/webnotes/handler.py
index 2822d6beb9..b27df0ee12 100755
--- a/py/webnotes/handler.py
+++ b/py/webnotes/handler.py
@@ -15,9 +15,7 @@ errmethod = ''
# Logs
-# refresh / start page
-# ------------------------------------------------------------------------------------
-
+@webnotes.whitelist(allow_guest=True)
def startup():
import webnotes
import webnotes.session_cache
@@ -32,10 +30,12 @@ def cleanup_docs():
# server calls
# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
def runserverobj(arg=None):
import webnotes.widgets.form.run_method
webnotes.widgets.form.run_method.runserverobj()
+@webnotes.whitelist()
def logout():
webnotes.login_manager.logout()
@@ -43,6 +43,7 @@ def logout():
# DocType Mapper
# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
def dt_map():
import webnotes
import webnotes.model.utils
@@ -65,6 +66,7 @@ def dt_map():
# Load Month Events
# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
def load_month_events():
import webnotes
form = webnotes.form
@@ -80,6 +82,7 @@ def load_month_events():
# Data import
# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
def import_csv():
import webnotes.model.import_docs
form = webnotes.form
@@ -92,6 +95,7 @@ def import_csv():
rhead = ''''''
webnotes.response['result']= rhead + r
+@webnotes.whitelist()
def get_template():
import webnotes.model.import_docs
webnotes.model.import_docs.get_template()
@@ -100,6 +104,7 @@ def get_template():
# File Upload
# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
def uploadfile():
import webnotes.utils.file_manager
if webnotes.form_dict.get('from_form'):
@@ -127,6 +132,7 @@ def uploadfile():
# File upload (from scripts)
# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
def upload_many():
from webnotes.model.code import get_obj
@@ -143,8 +149,7 @@ def upload_many():
webnotes.response['type'] = 'iframe'
-# File download
-# ------------------------------------------------------------------------------------
+@webnotes.whitelist()
def get_file():
import webnotes
import webnotes.utils.file_manager
@@ -162,6 +167,7 @@ def get_file():
else:
webnotes.msgprint('[get_file] Unknown file name')
+@webnotes.whitelist(allow_guest=True)
def reset_password():
form_dict = webnotes.form_dict
from webnotes.model.code import get_obj
@@ -198,6 +204,16 @@ def execute_cmd(cmd):
validate_cmd(cmd)
method = get_method(cmd)
+ # check if whitelisted
+ if webnotes.session['user'] == 'Guest':
+ if (method not in webnotes.guest_methods):
+ webnotes.msgprint('Not Allowed, %s' % str(method))
+ raise Exception, 'Not Allowed, %s' % str(method)
+ else:
+ if not method in webnotes.whitelisted:
+ webnotes.msgprint('Not Allowed, %s' % str(method))
+ raise Exception, 'Not Allowed, %s' % str(method)
+
if not webnotes.conn.in_transaction:
webnotes.conn.begin()
diff --git a/py/webnotes/model/__init__.py b/py/webnotes/model/__init__.py
index 38f9e8b608..5ba8eee11c 100644
--- a/py/webnotes/model/__init__.py
+++ b/py/webnotes/model/__init__.py
@@ -35,7 +35,7 @@ def check_if_doc_is_linked(dt, dn):
if item:
webnotes.msgprint("Cannot delete %s %s because it is linked in %s %s" % (dt, dn, link_dt, item[0][0]), raise_exception=1)
-
+@webnotes.whitelist
def delete_doc(doctype=None, name=None, doclist = None, force=0):
"""
Deletes a doc(dt, dn) and validates if it is not submitted and not linked in a live record
diff --git a/py/webnotes/multi_tenant/__init__.py b/py/webnotes/multi_tenant/__init__.py
deleted file mode 100644
index f29b0ef95a..0000000000
--- a/py/webnotes/multi_tenant/__init__.py
+++ /dev/null
@@ -1 +0,0 @@
-shared_tables = ['DocType','DocPerm','DocField','Role','Print Format','Module Def']
diff --git a/py/webnotes/multi_tenant/query_parser.py b/py/webnotes/multi_tenant/query_parser.py
deleted file mode 100644
index 2bbf7447e2..0000000000
--- a/py/webnotes/multi_tenant/query_parser.py
+++ /dev/null
@@ -1,38 +0,0 @@
-import sqlparse
-import webnotes
-import webnotes.query_parser
-
-def get_tables(parsed):
- start = 0
- for t in parsed[0].tokens:
- if str(t.ttype)=='Token.Keyword' and t.value.lower()=='from':
- start = 1
- if start and type(t).__name__=='Identifier':
- return [(str(t.get_real_name())),]
-
- if start and type(t).__name__=='IdentifierList':
- return [str(i.get_real_name()) for i in t.get_identifiers()]
-
- return tl
-
-def add_condition(query):
- parsed = sqlparse.parse(query)
-
- # get the tables
- tl = get_tables(parsed)
-
- # rebuild the query till the where clause
- q = ''
- for t in parsed[0].tokens:
- q += str(t)
-
- # where clause comes here
- if type(t).__name__=='Where':
-
- # add the conditions for the tables
- for t in tl:
- if t not in webnotes.query_parser.shared_tables:
- q += ' and %s._tenant_id=%s' % (t, webnotes.tenant_id)
-
- return q
-
diff --git a/py/webnotes/multi_tenant/setup.py b/py/webnotes/multi_tenant/setup.py
deleted file mode 100644
index 5d9b9e3bd5..0000000000
--- a/py/webnotes/multi_tenant/setup.py
+++ /dev/null
@@ -1,19 +0,0 @@
-import webnotes
-
-# setup all tables for multi-tenant
-# ---------------------------------
-def setup_tables():
- import webnotes.multi_tenant
-
- tl = webnotes.conn.sql("show tables")
- for t in tl:
- add_tenant_id(t[0])
- change_primary_key(t[0])
-
-def add_tenant_id(tname):
- webnotes.conn.sql("alter table `%s` add column _tenant_id int(10) default 0 not null")
-
-def change_primary_key(tname):
- webnotes.conn.sql("alter table `%s` drop primary key name")
- webnotes.conn.sql("alter table `%s` add primary key (name, _tenant_id)")
-
diff --git a/py/webnotes/profile.py b/py/webnotes/profile.py
index b6dbe90d07..421f823323 100644
--- a/py/webnotes/profile.py
+++ b/py/webnotes/profile.py
@@ -148,6 +148,9 @@ class Profile:
and not (dt in child_tables):
r = webnotes.conn.sql("select recent_documents from tabProfile where name=%s", \
self.name)[0][0] or ''
+
+ if '~~~' in r:
+ r = '[]'
rdl = json.loads(r or '[]')
new_rd = [dt, dn]
@@ -205,6 +208,7 @@ class Profile:
self.roles = d['roles']
self.defaults = d['defaults']
+@webnotes.whitelist()
def get_user_img():
if not webnotes.form.getvalue('username'):
webnotes.response['message'] = 'no_img_m'
diff --git a/py/webnotes/session_cache.py b/py/webnotes/session_cache.py
index 72d8cda21d..ff7df92647 100644
--- a/py/webnotes/session_cache.py
+++ b/py/webnotes/session_cache.py
@@ -6,6 +6,7 @@ permission, homepage, control panel variables, system defaults etc
"""
import webnotes
+@webnotes.whitelist()
def clear():
"""clear all cache"""
clear_cache()
diff --git a/py/webnotes/utils/__init__.py b/py/webnotes/utils/__init__.py
index c0316d99ad..42f499ac45 100644
--- a/py/webnotes/utils/__init__.py
+++ b/py/webnotes/utils/__init__.py
@@ -516,6 +516,7 @@ def clear_recycle_bin():
# Send Error Report
# ==============================================================================
+@webnotes.whitelist()
def send_error_report():
sql = webnotes.conn.sql
m = ''
diff --git a/py/webnotes/utils/backups.py b/py/webnotes/utils/backups.py
index 5c74ffe618..c32f356cff 100644
--- a/py/webnotes/utils/backups.py
+++ b/py/webnotes/utils/backups.py
@@ -115,7 +115,7 @@ class BackupGenerator:
return recipient_list
-#-------------------------------------------------------------------------------
+@webnotes.whitelist()
def get_backup():
"""
This function is executed when the user clicks on
diff --git a/py/webnotes/utils/email_lib/__init__.py b/py/webnotes/utils/email_lib/__init__.py
index 9aa41a1583..6479620475 100644
--- a/py/webnotes/utils/email_lib/__init__.py
+++ b/py/webnotes/utils/email_lib/__init__.py
@@ -72,7 +72,7 @@ def get_footer():
footer += (webnotes.conn.get_global('global_mail_footer') or '')
return footer
-
+@webnotes.whitelist()
def send_form():
"""
Emails a print format (form)
@@ -82,12 +82,11 @@ def send_form():
from webnotes.utils.email_lib.form_email import FormEmail
FormEmail().send()
-
+@webnotes.whitelist()
def get_contact_list():
"""
Returns contacts (from autosuggest)
"""
- import webnotes
cond = ['`%s` like "%s%%"' % (f, webnotes.form.getvalue('txt')) for f in webnotes.form.getvalue('where').split(',')]
cl = webnotes.conn.sql("select `%s` from `tab%s` where %s" % (
diff --git a/py/webnotes/widgets/event.py b/py/webnotes/widgets/event.py
index 8bb999d04b..2f48a3eef8 100644
--- a/py/webnotes/widgets/event.py
+++ b/py/webnotes/widgets/event.py
@@ -1,8 +1,9 @@
# Event
# -------------
+import webnotes
+@webnotes.whitelist()
def get_cal_events(m_st, m_end):
- import webnotes
import webnotes.model.doc
sql = webnotes.conn.sql
@@ -34,8 +35,8 @@ def get_cal_events(m_st, m_end):
# Load Month Events
# -----------------
+@webnotes.whitelist()
def load_month_events():
- import webnotes
from webnotes.utils import cint
form = webnotes.form
diff --git a/py/webnotes/widgets/follow.py b/py/webnotes/widgets/follow.py
deleted file mode 100644
index 2766d742c6..0000000000
--- a/py/webnotes/widgets/follow.py
+++ /dev/null
@@ -1,134 +0,0 @@
-"""
-Server side methods for the follower pattern (Follow button used in forms)
-"""
-
-import webnotes
-form = webnotes.form_dict
-
-#
-# Follow
-#
-def follow(dt=None, dn=None, user=None, verbose=0):
- "Add as follower to a particular record. If no parameteres, then take from the http request (form)"
-
- if not dt:
- dt, dn, user = form.get('dt'), form.get('dn'), form.get('user')
- verbose = 1
-
- if not user: return
-
- if not is_follower(dt, dn, user):
- make_follower(dt, dn, user, verbose)
- else:
- if verbose: webnotes.msgprint("%s is already a follower!" % user)
-
- return load_followers(dt, dn)
-
-def make_follower(dt, dn, user, verbose):
- "Add the user as a follower"
- if has_permission(dt, user):
- from webnotes.model.doc import Document
- d = Document('Follower')
- d.doc_type = dt
- d.doc_name = dn
- d.owner = user
- d.save(1)
- else:
- if verbose: webnotes.msgprint('%s does not have sufficient permission to follow' % user)
-
-def has_permission(dt, user):
- "Check to see if the user has permission to follow"
-
- return webnotes.conn.sql("select name from tabDocPerm where parent=%s and ifnull(`read`,0)=1 and role in ('%s') limit 1" \
- % ('%s', ("', '".join(webnotes.user.get_roles()))), dt)
-
-def is_follower(dt, dn, user):
- "returns true if given user is a follower"
-
- return webnotes.conn.sql("""
- select name from tabFollower
- where ifnull(doc_type,'')=%s
- and ifnull(doc_name,'')=%s
- and owner=%s""", (dt, dn, user))
-#
-# Unfollow
-#
-def unfollow(dt=None, dn=None, user=None):
- "Unfollow a particular record. If no parameteres, then take from the http request (form)"
-
- if not dt:
- dt, dn, user = form.get('dt'), form.get('dn'), form.get('user')
-
- webnotes.conn.sql("delete from tabFollower where doc_name=%s and doc_type=%s and owner=%s", (dn, dt, user))
-
- return load_followers(dt, dn)
-
-#
-# Load followers
-#
-def load_followers(dt=None, dn=None):
- "returns list of followers (Full Names) for a particular object"
-
- if not dt: dt, dn = form.get('dt'), form.get('dn')
-
- try:
- return [t[0] for t in webnotes.conn.sql("""
- SELECT IFNULL(CONCAT(t1.first_name, if(t1.first_name IS NULL, '', ' '), t1.last_name), t1.name)
- FROM tabProfile t1, tabFollower t2 WHERE t2.doc_type=%s AND t2.doc_name=%s
- AND t1.name = t2.owner""", (dt, dn))]
-
- except Exception, e:
- if e.args[0] in (1146, 1054):
- setup()
- return []
- else:
- raise e
-
-#
-# Email followers
-#
-def email_followers(dt, dn, msg_html=None, msg_text=None):
- "Send an email to all followers of this object"
- pass
-
-#
-# Update feed
-#
-def on_docsave(doc):
- "Add the owner and all linked Profiles as followers"
- follow(doc.doctype, doc.name, doc.owner)
- for p in get_profile_fields(doc.doctype):
- follow(doc.doctype, doc.name, doc.fields.get(p))
-
- update_followers(doc = doc)
-
-#
-# update the follower record timestamp and subject
-#
-def update_followers(dt=None, dn=None, subject=None, update_by=None, doc=None):
- "Updates the timestamp and subject in follower table (for feed generation)"
- from webnotes.utils import now
- webnotes.conn.sql("update tabFollower set modified=%s, subject=%s, modified_by=%s where doc_type=%s and doc_name=%s", \
- (now(),
- subject or doc.fields.get('subject'), \
- update_by or webnotes.session['user'],\
- dt or doc.doctype,
- dn or doc.name))
-
-#
-# get type of "Profile" fields
-#
-def get_profile_fields(dt):
- "returns a list of all profile link fields from the doctype"
- return [f[0] for f in \
- webnotes.conn.sql("select fieldname from tabDocField where parent=%s and fieldtype='Link' and options='Profile'", dt)]
-
-#
-# setup - make followers table
-#
-def setup():
- "Make table for followers - if missing"
- webnotes.conn.commit()
- from webnotes.modules.module_manager import reload_doc
- reload_doc('core', 'doctype', 'follower')
- webnotes.conn.begin()
diff --git a/py/webnotes/widgets/form/assign_to.py b/py/webnotes/widgets/form/assign_to.py
index e610a126ea..49887fabed 100644
--- a/py/webnotes/widgets/form/assign_to.py
+++ b/py/webnotes/widgets/form/assign_to.py
@@ -2,12 +2,14 @@
import webnotes
+@webnotes.whitelist()
def get():
"""get assigned to"""
return webnotes.conn.sql("""select owner from `tabToDo Item`
where reference_type=%(doctype)s and reference_name=%(name)s
order by modified desc limit 5""", webnotes.form_dict, as_dict=1)
+@webnotes.whitelist()
def add():
"""add in someone's to do list"""
if webnotes.conn.sql("""select owner from `tabToDo Item`
@@ -39,7 +41,8 @@ def add():
return get()
-
+
+@webnotes.whitelist()
def remove():
"""remove from todo"""
webnotes.conn.sql("""delete from `tabToDo Item`
diff --git a/py/webnotes/widgets/form/comments.py b/py/webnotes/widgets/form/comments.py
index 3062294bd9..e5a04a10d7 100644
--- a/py/webnotes/widgets/form/comments.py
+++ b/py/webnotes/widgets/form/comments.py
@@ -1,5 +1,6 @@
import webnotes
+@webnotes.whitelist()
def get_comments(doctype=None, docname=None, limit=5):
"""load last 5 comments"""
nc, cl = 0, []
@@ -18,7 +19,7 @@ def get_comments(doctype=None, docname=None, limit=5):
webnotes.response['n_comments'], webnotes.response['comment_list'] = nc, cl
-
+@webnotes.whitelist()
def add_comment():
"""add a new comment"""
import time
@@ -37,7 +38,8 @@ def add_comment():
import startup.event_handlers
if hasattr(startup.event_handlers, 'comment_added'):
startup.event_handlers.comment_added(cmt)
-
+
+@webnotes.whitelist()
def remove_comment():
"""remove a comment"""
args = webnotes.form_dict
diff --git a/py/webnotes/widgets/form/load.py b/py/webnotes/widgets/form/load.py
index 925f3762eb..ad916871df 100644
--- a/py/webnotes/widgets/form/load.py
+++ b/py/webnotes/widgets/form/load.py
@@ -1,6 +1,7 @@
import webnotes
import webnotes.model.doc
+@webnotes.whitelist()
def getdoc():
"""
Loads a doclist for a given document. This method is called directly from the client.
@@ -33,7 +34,7 @@ def getdoc():
webnotes.response['docs'] = doclist
-
+@webnotes.whitelist()
def getdoctype():
"""load doctype"""
import webnotes.model.doctype
diff --git a/py/webnotes/widgets/form/print_format.py b/py/webnotes/widgets/form/print_format.py
index c378b33b8d..1bf59c927c 100644
--- a/py/webnotes/widgets/form/print_format.py
+++ b/py/webnotes/widgets/form/print_format.py
@@ -1,5 +1,6 @@
import webnotes
+@webnotes.whitelist()
def get():
"""load print format by `name`"""
import re
diff --git a/py/webnotes/widgets/form/run_method.py b/py/webnotes/widgets/form/run_method.py
index 24e8967261..23df29527c 100644
--- a/py/webnotes/widgets/form/run_method.py
+++ b/py/webnotes/widgets/form/run_method.py
@@ -1,5 +1,6 @@
import webnotes
+@webnotes.whitelist()
def runserverobj():
"""
Run server objects
diff --git a/py/webnotes/widgets/form/save.py b/py/webnotes/widgets/form/save.py
index 278f7cb476..9671131800 100644
--- a/py/webnotes/widgets/form/save.py
+++ b/py/webnotes/widgets/form/save.py
@@ -1,4 +1,6 @@
import webnotes
+
+@webnotes.whitelist()
def savedocs():
"""save / submit / cancel / update doclist"""
try:
diff --git a/py/webnotes/widgets/form/utils.py b/py/webnotes/widgets/form/utils.py
index 46337579a7..7ebd9d8c2c 100644
--- a/py/webnotes/widgets/form/utils.py
+++ b/py/webnotes/widgets/form/utils.py
@@ -1,9 +1,8 @@
+import webnotes
-# remove attachment
-#===========================================================================================
-
+@webnotes.whitelist()
def remove_attach():
- import webnotes
+ """remove attachment"""
import webnotes.utils.file_manager
fid = webnotes.form.getvalue('fid')
@@ -12,10 +11,9 @@ def remove_attach():
# remove from dt dn
return str(webnotes.utils.file_manager.remove_file_list(webnotes.form.getvalue('dt'), webnotes.form.getvalue('dn'), fid))
-# Get Fields - Counterpart to $c_get_fields
-#===========================================================================================
+@webnotes.whitelist()
def get_fields():
- import webnotes
+ """get fields"""
r = {}
args = {
'select':webnotes.form.getvalue('select')
@@ -29,9 +27,9 @@ def get_fields():
r[f], i = ret[0][i], i+1
webnotes.response['message']=r
-# validate link
-#===========================================================================================
+@webnotes.whitelist()
def validate_link():
+ """validate link when updated by user"""
import webnotes
import webnotes.utils
@@ -46,6 +44,8 @@ def validate_link():
# get fetch values
if fetch:
- webnotes.response['fetch_values'] = [webnotes.utils.parse_val(c) for c in webnotes.conn.sql("select %s from `tab%s` where name=%s" % (fetch, options, '%s'), value)[0]]
+ webnotes.response['fetch_values'] = [webnotes.utils.parse_val(c) \
+ for c in webnotes.conn.sql("select %s from `tab%s` where name=%s" \
+ % (fetch, options, '%s'), value)[0]]
webnotes.response['message'] = 'Ok'
diff --git a/py/webnotes/widgets/menus.py b/py/webnotes/widgets/menus.py
index 1b414027ed..b3f39e2a7e 100644
--- a/py/webnotes/widgets/menus.py
+++ b/py/webnotes/widgets/menus.py
@@ -1,5 +1,7 @@
"""
Server side methods called from DocBrowser
+
+Needs to be refactored
"""
import webnotes
@@ -7,6 +9,7 @@ from webnotes.utils import cint, cstr
sql = webnotes.conn.sql
+@webnotes.whitelist()
def get_menu_items():
"""
Returns a list of items to show in `Options` of the Web Notes Toolbar
@@ -39,9 +42,11 @@ def get_menu_items():
return menuitems
-# --------------------------------------------------------------
+@webnotes.whitelist()
def has_result():
- return sql("select name from `tab%s` limit 1" % webnotes.form_dict.get('dt')) and 'Yes' or 'No'
+ """return Yes if the given dt has any records"""
+ return sql("select name from `tab%s` limit 1" % \
+ webnotes.form_dict.get('dt')) and 'Yes' or 'No'
# --------------------------------------------------------------
@@ -91,6 +96,7 @@ def get_columns(out, sf, fl, dt, tag_fields):
# NOTE: THIS SHOULD BE CACHED IN DOCTYPE CACHE
# --------------------------------------------------------------
+@webnotes.whitelist()
def get_dt_details():
"""
Returns details called by DocBrowser this includes:
@@ -148,19 +154,14 @@ def get_dt_details():
return out
-# --------------------------------------------------------------
-
+@webnotes.whitelist()
def get_trend():
return {'trend': get_dt_trend(webnotes.form_dict.get('dt'))}
-
-
-
-#
-# delete and archive in docbrowser
-#
+@webnotes.whitelist()
def delete_items():
+ """delete selected items"""
il = eval(webnotes.form_dict.get('items'))
from webnotes.model import delete_doc
from webnotes.model.code import get_obj
@@ -171,9 +172,9 @@ def delete_items():
dt_obj.on_trash()
delete_doc(d[0], d[1])
-# --------------------------------------------------------------
-
+@webnotes.whitelist()
def archive_items():
+ """archinve selected items"""
il = eval(webnotes.form_dict.get('items'))
from webnotes.utils.archive import archive_doc
diff --git a/py/webnotes/widgets/page.py b/py/webnotes/widgets/page.py
index 6523a994b1..25711f47f5 100644
--- a/py/webnotes/widgets/page.py
+++ b/py/webnotes/widgets/page.py
@@ -102,12 +102,14 @@ class Page:
else:
return []
+@webnotes.whitelist()
def get(name):
"""
Return the :term:`doclist` of the `Page` specified by `name`
"""
return Page(name).load()
+@webnotes.whitelist()
def getpage():
"""
Load the page from `webnotes.form` and send it via `webnotes.response`
@@ -118,6 +120,7 @@ def getpage():
webnotes.response['docs'] = doclist
def get_page_path(page_name, module):
+ """get path of the page html file"""
import os
import webnotes.defs
from webnotes.modules import scrub
@@ -125,7 +128,7 @@ def get_page_path(page_name, module):
'page', scrub(page_name), scrub(page_name) + '.html')
def get_page_html(page_name):
- """get html of page"""
+ """get html of page, called from webnotes.cms.index"""
p = webnotes.conn.sql("""select module, content from tabPage where name=%s""", \
page_name, as_dict=1)
diff --git a/py/webnotes/widgets/query_builder.py b/py/webnotes/widgets/query_builder.py
index e88177d5a2..eeafdca55a 100644
--- a/py/webnotes/widgets/query_builder.py
+++ b/py/webnotes/widgets/query_builder.py
@@ -204,6 +204,7 @@ def build_description_standard(meta, tl):
# Entry Point - Run the query
# ====================================================================
+@webnotes.whitelist(allow_guest=True)
def runquery(q='', ret=0, from_export=0):
import webnotes.utils
@@ -283,9 +284,8 @@ def runquery(q='', ret=0, from_export=0):
out['n_values'] = webnotes.utils.cint(sql(qm)[0][0])
-# Export to CSV
-# ====================================================================
+@webnotes.whitelist()
def runquery_csv():
global out
diff --git a/py/webnotes/widgets/search.py b/py/webnotes/widgets/search.py
index 5b1e4f6d7e..db3ba38bac 100644
--- a/py/webnotes/widgets/search.py
+++ b/py/webnotes/widgets/search.py
@@ -2,6 +2,7 @@
import webnotes
# this is called when a new doctype is setup for search - to set the filters
+@webnotes.whitelist()
def getsearchfields():
sf = webnotes.conn.sql("""\
SELECT value FROM `tabProperty Setter`
@@ -72,6 +73,7 @@ def scrub_custom_query(query, key, txt):
return query
# this is called by the Link Field
+@webnotes.whitelist()
def search_link():
import webnotes.widgets.query_builder
@@ -89,6 +91,7 @@ def search_link():
webnotes.response['results'] = build_for_autosuggest(res)
# this is called by the search box
+@webnotes.whitelist()
def search_widget():
import webnotes.widgets.query_builder
diff --git a/py/webnotes/widgets/tags.py b/py/webnotes/widgets/tags.py
index 6fe4b1950c..e4682f05ff 100644
--- a/py/webnotes/widgets/tags.py
+++ b/py/webnotes/widgets/tags.py
@@ -20,6 +20,9 @@ Design:
"""
+import webnotes
+from webnotes.utils import cint, cstr, load_json
+
def check_user_tags(dt):
"if the user does not have a tags column, then it creates one"
@@ -33,6 +36,7 @@ def check_user_tags(dt):
#
# Add a new tag
#
+@webnotes.whitelist()
def add_tag():
"adds a new tag to a record, and creates the Tag master"
@@ -47,6 +51,7 @@ def add_tag():
#
# remove tag
#
+@webnotes.whitelist()
def remove_tag():
"removes tag from the record"
f = webnotes.form_dict
@@ -55,9 +60,6 @@ def remove_tag():
DocTags(dt).remove(dn, tag)
-
-import webnotes
-from webnotes.utils import cint, cstr, load_json
class DocTags:
"""Tags for a particular doctype"""
@@ -221,7 +223,6 @@ class TagCounter:
-
def get_top_field_tags(dt):
from webnotes.model.doctype import get_property
tf = get_property(dt, 'tag_fields')
@@ -250,6 +251,7 @@ def get_top_field_tags(dt):
# returns the top ranked 10 tags for the
# doctype.
# merges the top tags from fields and user tags
+@webnotes.whitelist()
def get_top_tags(args=''):
"returns the top 10 tags for the doctype from fields (7) and users (3)"
tl = None
diff --git a/py/webnotes/widgets/todo.py b/py/webnotes/widgets/todo.py
deleted file mode 100644
index 40a118cd97..0000000000
--- a/py/webnotes/widgets/todo.py
+++ /dev/null
@@ -1,49 +0,0 @@
-# ToDO and Reminder
-# -----------------
-
-def add_todo(user, date, priority, desc, ref_type, ref_name):
- nlist = []
- if type(user)==list:
- for i in user:
- nlist.append(add_todo_item(i, date, priority, desc, ref_type, ref_name))
- return nlist
- else:
- return add_todo_item(user, date, priority, desc, ref_type, ref_name)
-
-def add_todo_item(user, date, priority, desc, ref_type, ref_name):
- if not date:
- date = nowdate()
-
- d = Document('ToDo Item')
- d.owner = user
- d.date = date
- d.priority = priority
- d.description = desc
- d.reference_type = ref_type
- d.reference_name = ref_name
- d.save(1)
- return d.name
-
-def remove_todo(name):
- if type(name)==list:
- for i in name:
- sql("delete from `tabToDo Item` where name='%s'" % i)
- else:
- sql("delete from `tabToDo Item` where name='%s'" % name)
-
-def get_todo_list():
- c = getcursor()
- try:
- role_options = ["role = '"+r+"'" for r in roles]
- role_options = role_options and ' OR ' + ' OR '.join(role_options) or ''
- c.execute("select * from `tabToDo Item` where owner='%s' %s" % (session['user'], role_options))
- except: # deprecated
- c.execute("select * from `tabToDo Item` where owner='%s'" % session['user'])
- dataset = c.fetchall()
- l = []
- for i in range(len(dataset)):
- d = Document('ToDo Item')
- d.loadfields(dataset, i, c.description)
- l.append(d)
-
- return l
\ No newline at end of file