From ec2435dcd4de16de26e158a5b0f4e8680f6bec75 Mon Sep 17 00:00:00 2001 From: Rushabh Mehta Date: Mon, 13 Feb 2012 16:50:58 +0530 Subject: [PATCH] added whitelist check --- py/webnotes/__init__.py | 23 +++- py/webnotes/handler.py | 26 ++++- py/webnotes/model/__init__.py | 2 +- py/webnotes/multi_tenant/__init__.py | 1 - py/webnotes/multi_tenant/query_parser.py | 38 ------- py/webnotes/multi_tenant/setup.py | 19 ---- py/webnotes/profile.py | 4 + py/webnotes/session_cache.py | 1 + py/webnotes/utils/__init__.py | 1 + py/webnotes/utils/backups.py | 2 +- py/webnotes/utils/email_lib/__init__.py | 5 +- py/webnotes/widgets/event.py | 5 +- py/webnotes/widgets/follow.py | 134 ----------------------- py/webnotes/widgets/form/assign_to.py | 5 +- py/webnotes/widgets/form/comments.py | 6 +- py/webnotes/widgets/form/load.py | 3 +- py/webnotes/widgets/form/print_format.py | 1 + py/webnotes/widgets/form/run_method.py | 1 + py/webnotes/widgets/form/save.py | 2 + py/webnotes/widgets/form/utils.py | 20 ++-- py/webnotes/widgets/menus.py | 25 +++-- py/webnotes/widgets/page.py | 5 +- py/webnotes/widgets/query_builder.py | 4 +- py/webnotes/widgets/search.py | 3 + py/webnotes/widgets/tags.py | 10 +- py/webnotes/widgets/todo.py | 49 --------- 26 files changed, 108 insertions(+), 287 deletions(-) delete mode 100644 py/webnotes/multi_tenant/__init__.py delete mode 100644 py/webnotes/multi_tenant/query_parser.py delete mode 100644 py/webnotes/multi_tenant/setup.py delete mode 100644 py/webnotes/widgets/follow.py delete mode 100644 py/webnotes/widgets/todo.py diff --git a/py/webnotes/__init__.py b/py/webnotes/__init__.py index 3a075d201b..d523e127c5 100644 --- a/py/webnotes/__init__.py +++ b/py/webnotes/__init__.py @@ -119,6 +119,7 @@ remote_ip = get_env_vars('REMOTE_ADDR') #Required for login from python shell logger = None def get_db_password(db_name): + """get db password from defs""" import defs if hasattr(defs, 'get_db_password'): @@ -128,4 +129,24 @@ def get_db_password(db_name): return defs.db_password else: - return db_name \ No newline at end of file + return db_name + +whitelisted = [] +guest_methods = [] +def whitelist(allow_guest=False): + """ + decorator for whitelisting a function + + Note: if the function is allowed to be accessed by a guest user, + it must explicitly be marked as allow_guest=True + """ + def innerfn(fn): + global whitelisted, guest_methods + whitelisted.append(fn) + + if allow_guest: + guest_methods.append(fn) + + return fn + + return innerfn \ No newline at end of file diff --git a/py/webnotes/handler.py b/py/webnotes/handler.py index 2822d6beb9..b27df0ee12 100755 --- a/py/webnotes/handler.py +++ b/py/webnotes/handler.py @@ -15,9 +15,7 @@ errmethod = '' # Logs -# refresh / start page -# ------------------------------------------------------------------------------------ - +@webnotes.whitelist(allow_guest=True) def startup(): import webnotes import webnotes.session_cache @@ -32,10 +30,12 @@ def cleanup_docs(): # server calls # ------------------------------------------------------------------------------------ +@webnotes.whitelist() def runserverobj(arg=None): import webnotes.widgets.form.run_method webnotes.widgets.form.run_method.runserverobj() +@webnotes.whitelist() def logout(): webnotes.login_manager.logout() @@ -43,6 +43,7 @@ def logout(): # DocType Mapper # ------------------------------------------------------------------------------------ +@webnotes.whitelist() def dt_map(): import webnotes import webnotes.model.utils @@ -65,6 +66,7 @@ def dt_map(): # Load Month Events # ------------------------------------------------------------------------------------ +@webnotes.whitelist() def load_month_events(): import webnotes form = webnotes.form @@ -80,6 +82,7 @@ def load_month_events(): # Data import # ------------------------------------------------------------------------------------ +@webnotes.whitelist() def import_csv(): import webnotes.model.import_docs form = webnotes.form @@ -92,6 +95,7 @@ def import_csv(): rhead = '''''' webnotes.response['result']= rhead + r +@webnotes.whitelist() def get_template(): import webnotes.model.import_docs webnotes.model.import_docs.get_template() @@ -100,6 +104,7 @@ def get_template(): # File Upload # ------------------------------------------------------------------------------------ +@webnotes.whitelist() def uploadfile(): import webnotes.utils.file_manager if webnotes.form_dict.get('from_form'): @@ -127,6 +132,7 @@ def uploadfile(): # File upload (from scripts) # ------------------------------------------------------------------------------------ +@webnotes.whitelist() def upload_many(): from webnotes.model.code import get_obj @@ -143,8 +149,7 @@ def upload_many(): webnotes.response['type'] = 'iframe' -# File download -# ------------------------------------------------------------------------------------ +@webnotes.whitelist() def get_file(): import webnotes import webnotes.utils.file_manager @@ -162,6 +167,7 @@ def get_file(): else: webnotes.msgprint('[get_file] Unknown file name') +@webnotes.whitelist(allow_guest=True) def reset_password(): form_dict = webnotes.form_dict from webnotes.model.code import get_obj @@ -198,6 +204,16 @@ def execute_cmd(cmd): validate_cmd(cmd) method = get_method(cmd) + # check if whitelisted + if webnotes.session['user'] == 'Guest': + if (method not in webnotes.guest_methods): + webnotes.msgprint('Not Allowed, %s' % str(method)) + raise Exception, 'Not Allowed, %s' % str(method) + else: + if not method in webnotes.whitelisted: + webnotes.msgprint('Not Allowed, %s' % str(method)) + raise Exception, 'Not Allowed, %s' % str(method) + if not webnotes.conn.in_transaction: webnotes.conn.begin() diff --git a/py/webnotes/model/__init__.py b/py/webnotes/model/__init__.py index 38f9e8b608..5ba8eee11c 100644 --- a/py/webnotes/model/__init__.py +++ b/py/webnotes/model/__init__.py @@ -35,7 +35,7 @@ def check_if_doc_is_linked(dt, dn): if item: webnotes.msgprint("Cannot delete %s %s because it is linked in %s %s" % (dt, dn, link_dt, item[0][0]), raise_exception=1) - +@webnotes.whitelist def delete_doc(doctype=None, name=None, doclist = None, force=0): """ Deletes a doc(dt, dn) and validates if it is not submitted and not linked in a live record diff --git a/py/webnotes/multi_tenant/__init__.py b/py/webnotes/multi_tenant/__init__.py deleted file mode 100644 index f29b0ef95a..0000000000 --- a/py/webnotes/multi_tenant/__init__.py +++ /dev/null @@ -1 +0,0 @@ -shared_tables = ['DocType','DocPerm','DocField','Role','Print Format','Module Def'] diff --git a/py/webnotes/multi_tenant/query_parser.py b/py/webnotes/multi_tenant/query_parser.py deleted file mode 100644 index 2bbf7447e2..0000000000 --- a/py/webnotes/multi_tenant/query_parser.py +++ /dev/null @@ -1,38 +0,0 @@ -import sqlparse -import webnotes -import webnotes.query_parser - -def get_tables(parsed): - start = 0 - for t in parsed[0].tokens: - if str(t.ttype)=='Token.Keyword' and t.value.lower()=='from': - start = 1 - if start and type(t).__name__=='Identifier': - return [(str(t.get_real_name())),] - - if start and type(t).__name__=='IdentifierList': - return [str(i.get_real_name()) for i in t.get_identifiers()] - - return tl - -def add_condition(query): - parsed = sqlparse.parse(query) - - # get the tables - tl = get_tables(parsed) - - # rebuild the query till the where clause - q = '' - for t in parsed[0].tokens: - q += str(t) - - # where clause comes here - if type(t).__name__=='Where': - - # add the conditions for the tables - for t in tl: - if t not in webnotes.query_parser.shared_tables: - q += ' and %s._tenant_id=%s' % (t, webnotes.tenant_id) - - return q - diff --git a/py/webnotes/multi_tenant/setup.py b/py/webnotes/multi_tenant/setup.py deleted file mode 100644 index 5d9b9e3bd5..0000000000 --- a/py/webnotes/multi_tenant/setup.py +++ /dev/null @@ -1,19 +0,0 @@ -import webnotes - -# setup all tables for multi-tenant -# --------------------------------- -def setup_tables(): - import webnotes.multi_tenant - - tl = webnotes.conn.sql("show tables") - for t in tl: - add_tenant_id(t[0]) - change_primary_key(t[0]) - -def add_tenant_id(tname): - webnotes.conn.sql("alter table `%s` add column _tenant_id int(10) default 0 not null") - -def change_primary_key(tname): - webnotes.conn.sql("alter table `%s` drop primary key name") - webnotes.conn.sql("alter table `%s` add primary key (name, _tenant_id)") - diff --git a/py/webnotes/profile.py b/py/webnotes/profile.py index b6dbe90d07..421f823323 100644 --- a/py/webnotes/profile.py +++ b/py/webnotes/profile.py @@ -148,6 +148,9 @@ class Profile: and not (dt in child_tables): r = webnotes.conn.sql("select recent_documents from tabProfile where name=%s", \ self.name)[0][0] or '' + + if '~~~' in r: + r = '[]' rdl = json.loads(r or '[]') new_rd = [dt, dn] @@ -205,6 +208,7 @@ class Profile: self.roles = d['roles'] self.defaults = d['defaults'] +@webnotes.whitelist() def get_user_img(): if not webnotes.form.getvalue('username'): webnotes.response['message'] = 'no_img_m' diff --git a/py/webnotes/session_cache.py b/py/webnotes/session_cache.py index 72d8cda21d..ff7df92647 100644 --- a/py/webnotes/session_cache.py +++ b/py/webnotes/session_cache.py @@ -6,6 +6,7 @@ permission, homepage, control panel variables, system defaults etc """ import webnotes +@webnotes.whitelist() def clear(): """clear all cache""" clear_cache() diff --git a/py/webnotes/utils/__init__.py b/py/webnotes/utils/__init__.py index c0316d99ad..42f499ac45 100644 --- a/py/webnotes/utils/__init__.py +++ b/py/webnotes/utils/__init__.py @@ -516,6 +516,7 @@ def clear_recycle_bin(): # Send Error Report # ============================================================================== +@webnotes.whitelist() def send_error_report(): sql = webnotes.conn.sql m = '' diff --git a/py/webnotes/utils/backups.py b/py/webnotes/utils/backups.py index 5c74ffe618..c32f356cff 100644 --- a/py/webnotes/utils/backups.py +++ b/py/webnotes/utils/backups.py @@ -115,7 +115,7 @@ class BackupGenerator: return recipient_list -#------------------------------------------------------------------------------- +@webnotes.whitelist() def get_backup(): """ This function is executed when the user clicks on diff --git a/py/webnotes/utils/email_lib/__init__.py b/py/webnotes/utils/email_lib/__init__.py index 9aa41a1583..6479620475 100644 --- a/py/webnotes/utils/email_lib/__init__.py +++ b/py/webnotes/utils/email_lib/__init__.py @@ -72,7 +72,7 @@ def get_footer(): footer += (webnotes.conn.get_global('global_mail_footer') or '') return footer - +@webnotes.whitelist() def send_form(): """ Emails a print format (form) @@ -82,12 +82,11 @@ def send_form(): from webnotes.utils.email_lib.form_email import FormEmail FormEmail().send() - +@webnotes.whitelist() def get_contact_list(): """ Returns contacts (from autosuggest) """ - import webnotes cond = ['`%s` like "%s%%"' % (f, webnotes.form.getvalue('txt')) for f in webnotes.form.getvalue('where').split(',')] cl = webnotes.conn.sql("select `%s` from `tab%s` where %s" % ( diff --git a/py/webnotes/widgets/event.py b/py/webnotes/widgets/event.py index 8bb999d04b..2f48a3eef8 100644 --- a/py/webnotes/widgets/event.py +++ b/py/webnotes/widgets/event.py @@ -1,8 +1,9 @@ # Event # ------------- +import webnotes +@webnotes.whitelist() def get_cal_events(m_st, m_end): - import webnotes import webnotes.model.doc sql = webnotes.conn.sql @@ -34,8 +35,8 @@ def get_cal_events(m_st, m_end): # Load Month Events # ----------------- +@webnotes.whitelist() def load_month_events(): - import webnotes from webnotes.utils import cint form = webnotes.form diff --git a/py/webnotes/widgets/follow.py b/py/webnotes/widgets/follow.py deleted file mode 100644 index 2766d742c6..0000000000 --- a/py/webnotes/widgets/follow.py +++ /dev/null @@ -1,134 +0,0 @@ -""" -Server side methods for the follower pattern (Follow button used in forms) -""" - -import webnotes -form = webnotes.form_dict - -# -# Follow -# -def follow(dt=None, dn=None, user=None, verbose=0): - "Add as follower to a particular record. If no parameteres, then take from the http request (form)" - - if not dt: - dt, dn, user = form.get('dt'), form.get('dn'), form.get('user') - verbose = 1 - - if not user: return - - if not is_follower(dt, dn, user): - make_follower(dt, dn, user, verbose) - else: - if verbose: webnotes.msgprint("%s is already a follower!" % user) - - return load_followers(dt, dn) - -def make_follower(dt, dn, user, verbose): - "Add the user as a follower" - if has_permission(dt, user): - from webnotes.model.doc import Document - d = Document('Follower') - d.doc_type = dt - d.doc_name = dn - d.owner = user - d.save(1) - else: - if verbose: webnotes.msgprint('%s does not have sufficient permission to follow' % user) - -def has_permission(dt, user): - "Check to see if the user has permission to follow" - - return webnotes.conn.sql("select name from tabDocPerm where parent=%s and ifnull(`read`,0)=1 and role in ('%s') limit 1" \ - % ('%s', ("', '".join(webnotes.user.get_roles()))), dt) - -def is_follower(dt, dn, user): - "returns true if given user is a follower" - - return webnotes.conn.sql(""" - select name from tabFollower - where ifnull(doc_type,'')=%s - and ifnull(doc_name,'')=%s - and owner=%s""", (dt, dn, user)) -# -# Unfollow -# -def unfollow(dt=None, dn=None, user=None): - "Unfollow a particular record. If no parameteres, then take from the http request (form)" - - if not dt: - dt, dn, user = form.get('dt'), form.get('dn'), form.get('user') - - webnotes.conn.sql("delete from tabFollower where doc_name=%s and doc_type=%s and owner=%s", (dn, dt, user)) - - return load_followers(dt, dn) - -# -# Load followers -# -def load_followers(dt=None, dn=None): - "returns list of followers (Full Names) for a particular object" - - if not dt: dt, dn = form.get('dt'), form.get('dn') - - try: - return [t[0] for t in webnotes.conn.sql(""" - SELECT IFNULL(CONCAT(t1.first_name, if(t1.first_name IS NULL, '', ' '), t1.last_name), t1.name) - FROM tabProfile t1, tabFollower t2 WHERE t2.doc_type=%s AND t2.doc_name=%s - AND t1.name = t2.owner""", (dt, dn))] - - except Exception, e: - if e.args[0] in (1146, 1054): - setup() - return [] - else: - raise e - -# -# Email followers -# -def email_followers(dt, dn, msg_html=None, msg_text=None): - "Send an email to all followers of this object" - pass - -# -# Update feed -# -def on_docsave(doc): - "Add the owner and all linked Profiles as followers" - follow(doc.doctype, doc.name, doc.owner) - for p in get_profile_fields(doc.doctype): - follow(doc.doctype, doc.name, doc.fields.get(p)) - - update_followers(doc = doc) - -# -# update the follower record timestamp and subject -# -def update_followers(dt=None, dn=None, subject=None, update_by=None, doc=None): - "Updates the timestamp and subject in follower table (for feed generation)" - from webnotes.utils import now - webnotes.conn.sql("update tabFollower set modified=%s, subject=%s, modified_by=%s where doc_type=%s and doc_name=%s", \ - (now(), - subject or doc.fields.get('subject'), \ - update_by or webnotes.session['user'],\ - dt or doc.doctype, - dn or doc.name)) - -# -# get type of "Profile" fields -# -def get_profile_fields(dt): - "returns a list of all profile link fields from the doctype" - return [f[0] for f in \ - webnotes.conn.sql("select fieldname from tabDocField where parent=%s and fieldtype='Link' and options='Profile'", dt)] - -# -# setup - make followers table -# -def setup(): - "Make table for followers - if missing" - webnotes.conn.commit() - from webnotes.modules.module_manager import reload_doc - reload_doc('core', 'doctype', 'follower') - webnotes.conn.begin() diff --git a/py/webnotes/widgets/form/assign_to.py b/py/webnotes/widgets/form/assign_to.py index e610a126ea..49887fabed 100644 --- a/py/webnotes/widgets/form/assign_to.py +++ b/py/webnotes/widgets/form/assign_to.py @@ -2,12 +2,14 @@ import webnotes +@webnotes.whitelist() def get(): """get assigned to""" return webnotes.conn.sql("""select owner from `tabToDo Item` where reference_type=%(doctype)s and reference_name=%(name)s order by modified desc limit 5""", webnotes.form_dict, as_dict=1) +@webnotes.whitelist() def add(): """add in someone's to do list""" if webnotes.conn.sql("""select owner from `tabToDo Item` @@ -39,7 +41,8 @@ def add(): return get() - + +@webnotes.whitelist() def remove(): """remove from todo""" webnotes.conn.sql("""delete from `tabToDo Item` diff --git a/py/webnotes/widgets/form/comments.py b/py/webnotes/widgets/form/comments.py index 3062294bd9..e5a04a10d7 100644 --- a/py/webnotes/widgets/form/comments.py +++ b/py/webnotes/widgets/form/comments.py @@ -1,5 +1,6 @@ import webnotes +@webnotes.whitelist() def get_comments(doctype=None, docname=None, limit=5): """load last 5 comments""" nc, cl = 0, [] @@ -18,7 +19,7 @@ def get_comments(doctype=None, docname=None, limit=5): webnotes.response['n_comments'], webnotes.response['comment_list'] = nc, cl - +@webnotes.whitelist() def add_comment(): """add a new comment""" import time @@ -37,7 +38,8 @@ def add_comment(): import startup.event_handlers if hasattr(startup.event_handlers, 'comment_added'): startup.event_handlers.comment_added(cmt) - + +@webnotes.whitelist() def remove_comment(): """remove a comment""" args = webnotes.form_dict diff --git a/py/webnotes/widgets/form/load.py b/py/webnotes/widgets/form/load.py index 925f3762eb..ad916871df 100644 --- a/py/webnotes/widgets/form/load.py +++ b/py/webnotes/widgets/form/load.py @@ -1,6 +1,7 @@ import webnotes import webnotes.model.doc +@webnotes.whitelist() def getdoc(): """ Loads a doclist for a given document. This method is called directly from the client. @@ -33,7 +34,7 @@ def getdoc(): webnotes.response['docs'] = doclist - +@webnotes.whitelist() def getdoctype(): """load doctype""" import webnotes.model.doctype diff --git a/py/webnotes/widgets/form/print_format.py b/py/webnotes/widgets/form/print_format.py index c378b33b8d..1bf59c927c 100644 --- a/py/webnotes/widgets/form/print_format.py +++ b/py/webnotes/widgets/form/print_format.py @@ -1,5 +1,6 @@ import webnotes +@webnotes.whitelist() def get(): """load print format by `name`""" import re diff --git a/py/webnotes/widgets/form/run_method.py b/py/webnotes/widgets/form/run_method.py index 24e8967261..23df29527c 100644 --- a/py/webnotes/widgets/form/run_method.py +++ b/py/webnotes/widgets/form/run_method.py @@ -1,5 +1,6 @@ import webnotes +@webnotes.whitelist() def runserverobj(): """ Run server objects diff --git a/py/webnotes/widgets/form/save.py b/py/webnotes/widgets/form/save.py index 278f7cb476..9671131800 100644 --- a/py/webnotes/widgets/form/save.py +++ b/py/webnotes/widgets/form/save.py @@ -1,4 +1,6 @@ import webnotes + +@webnotes.whitelist() def savedocs(): """save / submit / cancel / update doclist""" try: diff --git a/py/webnotes/widgets/form/utils.py b/py/webnotes/widgets/form/utils.py index 46337579a7..7ebd9d8c2c 100644 --- a/py/webnotes/widgets/form/utils.py +++ b/py/webnotes/widgets/form/utils.py @@ -1,9 +1,8 @@ +import webnotes -# remove attachment -#=========================================================================================== - +@webnotes.whitelist() def remove_attach(): - import webnotes + """remove attachment""" import webnotes.utils.file_manager fid = webnotes.form.getvalue('fid') @@ -12,10 +11,9 @@ def remove_attach(): # remove from dt dn return str(webnotes.utils.file_manager.remove_file_list(webnotes.form.getvalue('dt'), webnotes.form.getvalue('dn'), fid)) -# Get Fields - Counterpart to $c_get_fields -#=========================================================================================== +@webnotes.whitelist() def get_fields(): - import webnotes + """get fields""" r = {} args = { 'select':webnotes.form.getvalue('select') @@ -29,9 +27,9 @@ def get_fields(): r[f], i = ret[0][i], i+1 webnotes.response['message']=r -# validate link -#=========================================================================================== +@webnotes.whitelist() def validate_link(): + """validate link when updated by user""" import webnotes import webnotes.utils @@ -46,6 +44,8 @@ def validate_link(): # get fetch values if fetch: - webnotes.response['fetch_values'] = [webnotes.utils.parse_val(c) for c in webnotes.conn.sql("select %s from `tab%s` where name=%s" % (fetch, options, '%s'), value)[0]] + webnotes.response['fetch_values'] = [webnotes.utils.parse_val(c) \ + for c in webnotes.conn.sql("select %s from `tab%s` where name=%s" \ + % (fetch, options, '%s'), value)[0]] webnotes.response['message'] = 'Ok' diff --git a/py/webnotes/widgets/menus.py b/py/webnotes/widgets/menus.py index 1b414027ed..b3f39e2a7e 100644 --- a/py/webnotes/widgets/menus.py +++ b/py/webnotes/widgets/menus.py @@ -1,5 +1,7 @@ """ Server side methods called from DocBrowser + +Needs to be refactored """ import webnotes @@ -7,6 +9,7 @@ from webnotes.utils import cint, cstr sql = webnotes.conn.sql +@webnotes.whitelist() def get_menu_items(): """ Returns a list of items to show in `Options` of the Web Notes Toolbar @@ -39,9 +42,11 @@ def get_menu_items(): return menuitems -# -------------------------------------------------------------- +@webnotes.whitelist() def has_result(): - return sql("select name from `tab%s` limit 1" % webnotes.form_dict.get('dt')) and 'Yes' or 'No' + """return Yes if the given dt has any records""" + return sql("select name from `tab%s` limit 1" % \ + webnotes.form_dict.get('dt')) and 'Yes' or 'No' # -------------------------------------------------------------- @@ -91,6 +96,7 @@ def get_columns(out, sf, fl, dt, tag_fields): # NOTE: THIS SHOULD BE CACHED IN DOCTYPE CACHE # -------------------------------------------------------------- +@webnotes.whitelist() def get_dt_details(): """ Returns details called by DocBrowser this includes: @@ -148,19 +154,14 @@ def get_dt_details(): return out -# -------------------------------------------------------------- - +@webnotes.whitelist() def get_trend(): return {'trend': get_dt_trend(webnotes.form_dict.get('dt'))} - - - -# -# delete and archive in docbrowser -# +@webnotes.whitelist() def delete_items(): + """delete selected items""" il = eval(webnotes.form_dict.get('items')) from webnotes.model import delete_doc from webnotes.model.code import get_obj @@ -171,9 +172,9 @@ def delete_items(): dt_obj.on_trash() delete_doc(d[0], d[1]) -# -------------------------------------------------------------- - +@webnotes.whitelist() def archive_items(): + """archinve selected items""" il = eval(webnotes.form_dict.get('items')) from webnotes.utils.archive import archive_doc diff --git a/py/webnotes/widgets/page.py b/py/webnotes/widgets/page.py index 6523a994b1..25711f47f5 100644 --- a/py/webnotes/widgets/page.py +++ b/py/webnotes/widgets/page.py @@ -102,12 +102,14 @@ class Page: else: return [] +@webnotes.whitelist() def get(name): """ Return the :term:`doclist` of the `Page` specified by `name` """ return Page(name).load() +@webnotes.whitelist() def getpage(): """ Load the page from `webnotes.form` and send it via `webnotes.response` @@ -118,6 +120,7 @@ def getpage(): webnotes.response['docs'] = doclist def get_page_path(page_name, module): + """get path of the page html file""" import os import webnotes.defs from webnotes.modules import scrub @@ -125,7 +128,7 @@ def get_page_path(page_name, module): 'page', scrub(page_name), scrub(page_name) + '.html') def get_page_html(page_name): - """get html of page""" + """get html of page, called from webnotes.cms.index""" p = webnotes.conn.sql("""select module, content from tabPage where name=%s""", \ page_name, as_dict=1) diff --git a/py/webnotes/widgets/query_builder.py b/py/webnotes/widgets/query_builder.py index e88177d5a2..eeafdca55a 100644 --- a/py/webnotes/widgets/query_builder.py +++ b/py/webnotes/widgets/query_builder.py @@ -204,6 +204,7 @@ def build_description_standard(meta, tl): # Entry Point - Run the query # ==================================================================== +@webnotes.whitelist(allow_guest=True) def runquery(q='', ret=0, from_export=0): import webnotes.utils @@ -283,9 +284,8 @@ def runquery(q='', ret=0, from_export=0): out['n_values'] = webnotes.utils.cint(sql(qm)[0][0]) -# Export to CSV -# ==================================================================== +@webnotes.whitelist() def runquery_csv(): global out diff --git a/py/webnotes/widgets/search.py b/py/webnotes/widgets/search.py index 5b1e4f6d7e..db3ba38bac 100644 --- a/py/webnotes/widgets/search.py +++ b/py/webnotes/widgets/search.py @@ -2,6 +2,7 @@ import webnotes # this is called when a new doctype is setup for search - to set the filters +@webnotes.whitelist() def getsearchfields(): sf = webnotes.conn.sql("""\ SELECT value FROM `tabProperty Setter` @@ -72,6 +73,7 @@ def scrub_custom_query(query, key, txt): return query # this is called by the Link Field +@webnotes.whitelist() def search_link(): import webnotes.widgets.query_builder @@ -89,6 +91,7 @@ def search_link(): webnotes.response['results'] = build_for_autosuggest(res) # this is called by the search box +@webnotes.whitelist() def search_widget(): import webnotes.widgets.query_builder diff --git a/py/webnotes/widgets/tags.py b/py/webnotes/widgets/tags.py index 6fe4b1950c..e4682f05ff 100644 --- a/py/webnotes/widgets/tags.py +++ b/py/webnotes/widgets/tags.py @@ -20,6 +20,9 @@ Design: """ +import webnotes +from webnotes.utils import cint, cstr, load_json + def check_user_tags(dt): "if the user does not have a tags column, then it creates one" @@ -33,6 +36,7 @@ def check_user_tags(dt): # # Add a new tag # +@webnotes.whitelist() def add_tag(): "adds a new tag to a record, and creates the Tag master" @@ -47,6 +51,7 @@ def add_tag(): # # remove tag # +@webnotes.whitelist() def remove_tag(): "removes tag from the record" f = webnotes.form_dict @@ -55,9 +60,6 @@ def remove_tag(): DocTags(dt).remove(dn, tag) - -import webnotes -from webnotes.utils import cint, cstr, load_json class DocTags: """Tags for a particular doctype""" @@ -221,7 +223,6 @@ class TagCounter: - def get_top_field_tags(dt): from webnotes.model.doctype import get_property tf = get_property(dt, 'tag_fields') @@ -250,6 +251,7 @@ def get_top_field_tags(dt): # returns the top ranked 10 tags for the # doctype. # merges the top tags from fields and user tags +@webnotes.whitelist() def get_top_tags(args=''): "returns the top 10 tags for the doctype from fields (7) and users (3)" tl = None diff --git a/py/webnotes/widgets/todo.py b/py/webnotes/widgets/todo.py deleted file mode 100644 index 40a118cd97..0000000000 --- a/py/webnotes/widgets/todo.py +++ /dev/null @@ -1,49 +0,0 @@ -# ToDO and Reminder -# ----------------- - -def add_todo(user, date, priority, desc, ref_type, ref_name): - nlist = [] - if type(user)==list: - for i in user: - nlist.append(add_todo_item(i, date, priority, desc, ref_type, ref_name)) - return nlist - else: - return add_todo_item(user, date, priority, desc, ref_type, ref_name) - -def add_todo_item(user, date, priority, desc, ref_type, ref_name): - if not date: - date = nowdate() - - d = Document('ToDo Item') - d.owner = user - d.date = date - d.priority = priority - d.description = desc - d.reference_type = ref_type - d.reference_name = ref_name - d.save(1) - return d.name - -def remove_todo(name): - if type(name)==list: - for i in name: - sql("delete from `tabToDo Item` where name='%s'" % i) - else: - sql("delete from `tabToDo Item` where name='%s'" % name) - -def get_todo_list(): - c = getcursor() - try: - role_options = ["role = '"+r+"'" for r in roles] - role_options = role_options and ' OR ' + ' OR '.join(role_options) or '' - c.execute("select * from `tabToDo Item` where owner='%s' %s" % (session['user'], role_options)) - except: # deprecated - c.execute("select * from `tabToDo Item` where owner='%s'" % session['user']) - dataset = c.fetchall() - l = [] - for i in range(len(dataset)): - d = Document('ToDo Item') - d.loadfields(dataset, i, c.description) - l.append(d) - - return l \ No newline at end of file