From 1cd96a136f203ea9b7de4d9eac4ed7df0527d62a Mon Sep 17 00:00:00 2001
From: Rushabh Mehta <rmehta@gmail.com>
Date: Fri, 24 Jan 2014 11:10:01 +0530
Subject: [PATCH] updates for restriction

---
 erpnext/hr/doctype/appraisal/appraisal.txt               | 4 ++--
 erpnext/hr/doctype/expense_claim/expense_claim.txt       | 4 ++--
 erpnext/hr/doctype/leave_allocation/leave_allocation.txt | 4 ++--
 erpnext/patches/4_0/update_user_properties.py            | 6 +++++-
 erpnext/projects/doctype/time_log/time_log.txt           | 4 ++--
 erpnext/selling/page/sales_browser/sales_browser.py      | 8 ++++----
 erpnext/utilities/doctype/note/note.txt                  | 5 +++--
 7 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/erpnext/hr/doctype/appraisal/appraisal.txt b/erpnext/hr/doctype/appraisal/appraisal.txt
index c82f8481bb2..da57097b525 100644
--- a/erpnext/hr/doctype/appraisal/appraisal.txt
+++ b/erpnext/hr/doctype/appraisal/appraisal.txt
@@ -2,7 +2,7 @@
  {
   "creation": "2013-01-10 16:34:12", 
   "docstatus": 0, 
-  "modified": "2014-01-20 17:48:22", 
+  "modified": "2014-01-22 16:05:34", 
   "modified_by": "Administrator", 
   "owner": "ashwini@webnotestech.com"
  }, 
@@ -233,7 +233,7 @@
   "cancel": 0, 
   "delete": 0, 
   "doctype": "DocPerm", 
-  "match": "owner", 
+  "restricted": 1, 
   "role": "Employee", 
   "submit": 0
  }, 
diff --git a/erpnext/hr/doctype/expense_claim/expense_claim.txt b/erpnext/hr/doctype/expense_claim/expense_claim.txt
index 98e17826971..ac7f78861d1 100644
--- a/erpnext/hr/doctype/expense_claim/expense_claim.txt
+++ b/erpnext/hr/doctype/expense_claim/expense_claim.txt
@@ -2,7 +2,7 @@
  {
   "creation": "2013-01-10 16:34:14", 
   "docstatus": 0, 
-  "modified": "2014-01-20 17:48:44", 
+  "modified": "2014-01-22 16:05:34", 
   "modified_by": "Administrator", 
   "owner": "harshada@webnotestech.com"
  }, 
@@ -223,7 +223,7 @@
  {
   "delete": 0, 
   "doctype": "DocPerm", 
-  "match": "owner", 
+  "restricted": 1, 
   "role": "Employee"
  }, 
  {
diff --git a/erpnext/hr/doctype/leave_allocation/leave_allocation.txt b/erpnext/hr/doctype/leave_allocation/leave_allocation.txt
index 41584c97bed..60f25239413 100644
--- a/erpnext/hr/doctype/leave_allocation/leave_allocation.txt
+++ b/erpnext/hr/doctype/leave_allocation/leave_allocation.txt
@@ -2,7 +2,7 @@
  {
   "creation": "2013-02-20 19:10:38", 
   "docstatus": 0, 
-  "modified": "2014-01-20 17:48:54", 
+  "modified": "2014-01-22 16:05:35", 
   "modified_by": "Administrator", 
   "owner": "Administrator"
  }, 
@@ -171,7 +171,7 @@
  }, 
  {
   "doctype": "DocPerm", 
-  "match": "owner", 
+  "restricted": 1, 
   "role": "HR User"
  }, 
  {
diff --git a/erpnext/patches/4_0/update_user_properties.py b/erpnext/patches/4_0/update_user_properties.py
index 085f2c18837..54aed648a8f 100644
--- a/erpnext/patches/4_0/update_user_properties.py
+++ b/erpnext/patches/4_0/update_user_properties.py
@@ -45,7 +45,11 @@ def update_user_match():
 		for profile in webnotes.conn.sql_list("""select name from `tabProfile`
 			where enabled=1 and user_type='System User'"""):
 			
-			perms = webnotes.permissions.get_user_perms(meta, "read", profile)
+			user_roles = webnotes.get_roles(profile)
+			
+			perms = meta.get({"doctype": "DocPerm", "permlevel": 0, 
+				"role": ["in", [["All"] + user_roles]], "read": 1})
+
 			# user does not have required roles
 			if not perms:
 				continue
diff --git a/erpnext/projects/doctype/time_log/time_log.txt b/erpnext/projects/doctype/time_log/time_log.txt
index 556597a4a71..11fa7d6e6e0 100644
--- a/erpnext/projects/doctype/time_log/time_log.txt
+++ b/erpnext/projects/doctype/time_log/time_log.txt
@@ -2,7 +2,7 @@
  {
   "creation": "2013-04-03 16:38:41", 
   "docstatus": 0, 
-  "modified": "2014-01-20 17:49:34", 
+  "modified": "2014-01-22 16:05:35", 
   "modified_by": "Administrator", 
   "owner": "Administrator"
  }, 
@@ -205,7 +205,7 @@
  {
   "create": 1, 
   "doctype": "DocPerm", 
-  "match": "owner", 
+  "restricted": 1, 
   "role": "Projects User"
  }, 
  {
diff --git a/erpnext/selling/page/sales_browser/sales_browser.py b/erpnext/selling/page/sales_browser/sales_browser.py
index 6791ecf7519..bb1a094e767 100644
--- a/erpnext/selling/page/sales_browser/sales_browser.py
+++ b/erpnext/selling/page/sales_browser/sales_browser.py
@@ -7,17 +7,17 @@ import webnotes
 
 @webnotes.whitelist()
 def get_children():
-	ctype = webnotes.form_dict.get('ctype')
-	webnotes.form_dict['parent_field'] = 'parent_' + ctype.lower().replace(' ', '_')
+	ctype = webnotes.local.form_dict.get('ctype')
+	webnotes.local.form_dict['parent_field'] = 'parent_' + ctype.lower().replace(' ', '_')
 	if not webnotes.form_dict.get('parent'):
-		webnotes.form_dict['parent'] = ''
+		webnotes.local.form_dict['parent'] = ''
 		
 	return webnotes.conn.sql("""select name as value, 
 		if(is_group='Yes', 1, 0) as expandable
 		from `tab%(ctype)s`
 		where docstatus < 2
 		and ifnull(%(parent_field)s,'') = "%(parent)s"
-		order by name""" % webnotes.form_dict, as_dict=1)
+		order by name""" % webnotes.local.form_dict, as_dict=1)
 		
 @webnotes.whitelist()
 def add_node():
diff --git a/erpnext/utilities/doctype/note/note.txt b/erpnext/utilities/doctype/note/note.txt
index b7c4f8bab8c..94e5a0fbb34 100644
--- a/erpnext/utilities/doctype/note/note.txt
+++ b/erpnext/utilities/doctype/note/note.txt
@@ -2,7 +2,7 @@
  {
   "creation": "2013-05-24 13:41:00", 
   "docstatus": 0, 
-  "modified": "2014-01-20 17:48:58", 
+  "modified": "2014-01-22 16:05:35", 
   "modified_by": "Administrator", 
   "owner": "Administrator"
  }, 
@@ -25,7 +25,7 @@
   "permlevel": 0
  }, 
  {
-  "cancel": 1, 
+  "cancel": 0, 
   "create": 1, 
   "delete": 1, 
   "doctype": "DocPerm", 
@@ -37,6 +37,7 @@
   "permlevel": 0, 
   "print": 1, 
   "read": 1, 
+  "restricted": 1, 
   "role": "All", 
   "write": 1
  },