redesigned additional permissions via hooks and implemented in Event:

11 years ago · 563e70727e
--- a/hooks.md
+++ b/hooks.md
@@ -0,0 +1,38 @@
 ### List of Hooks

 #### Application Name and Details

 1. `app_name` - slugified name e.g. "webnotes"
 1. `app_title` - full title name e.g. "Web Notes"
 1. `app_publisher`
 1. `app_description`
 1. `app_version`
 1. `app_icon` - font-awesome icon or image url
 1. `app_color` - hex colour background of the app icon

 #### Install

 1. `before_install` - method
 1. `after_install` - method


 #### Javascript / CSS Builds

 1. `app_include_js` - include in "app"
 1. `app_include_css` - assets/webnotes/css/splash.css

 1. `web_include_js` - assets/js/webnotes-web.min.js
 1. `web_include_css` - assets/css/webnotes-web.css

 #### Desktop

 1. `get_desktop_icons` - method to get list of desktop icons

 #### Notifications

 1. `notification_config` - method to get notification configuration

 #### Permissions

 1. `permission_query_conditions:[doctype]` - method to return additional query conditions at time of report / list etc.
 1. `has_permission:[doctype]` - method to call permissions to check at individual level
--- a/webnotes/init.py
+++ b/webnotes/init.py
@@ -393,7 +393,7 @@ def get_installed_apps():
 	installed = json.loads(conn.get_global("installed_apps") or "[]")
 	return installed

 def get_hooks(app_name=None):
 def get_hooks(hook=None, app_name=None):
 	def load_app_hooks(app_name=None):
 		hooks = {}
 		for app in [app_name] if app_name else get_installed_apps():
@@ -404,9 +404,14 @@ def get_hooks(app_name=None):
 				hooks[key].append(value)
 		return hooks
 	if app_name:
 		return _dict(load_app_hooks(app_name))
 		hooks = _dict(load_app_hooks(app_name))
 	else:
 		return _dict(cache().get_value("app_hooks", load_app_hooks))
 		hooks = _dict(cache().get_value("app_hooks", load_app_hooks))
 		
 	if hook:
 		return hooks.get(hook) or []
 	else:
 		return hooks

 def setup_module_map():
 	_cache = cache()
@@ -544,7 +549,7 @@ def set_filters(jenv):
 	
 	# load jenv_filters from hooks.txt
 	for app in get_all_apps(True):
 		for jenv_filter in (get_hooks(app).jenv_filter or []):
 		for jenv_filter in (get_hooks(app_name=app).jenv_filter or []):
 			filter_name, filter_function = jenv_filter.split(":")
 			jenv.filters[filter_name] = get_attr(filter_function)

--- a/webnotes/core/doctype/event/event.py
+++ b/webnotes/core/doctype/event/event.py
@@ -16,7 +16,7 @@ class DocType:
 		if self.doc.starts_on and self.doc.ends_on and self.doc.starts_on > self.doc.ends_on:
 			webnotes.msgprint(webnotes._("Event End must be after Start"), raise_exception=True)
 			
 def get_match_conditions():
 def get_permission_query_conditions():
 	return """(tabEvent.event_type='Public' or tabEvent.owner='%(user)s'
 		or exists(select * from `tabEvent User` where 
 			`tabEvent User`.parent=tabEvent.name and `tabEvent User`.person='%(user)s')
@@ -27,7 +27,26 @@ def get_match_conditions():
 			"user": webnotes.session.user,
 			"roles": "', '".join(webnotes.get_roles(webnotes.session.user))
 		}
 			

 def has_permission(doc):
 	if doc.event_type=="Public" or doc.owner==webnotes.session.user:
 		return True
 		
 	# need full doclist to check roles and users
 	bean = webnotes.bean("Event", doc.name)
 		
 	if len(bean.doclist)==1:
 		return False
 	
 	if bean.doclist.get({"doctype":"Event User", "person":webnotes.session.user}):
 		return True
 		
 	if bean.doclist.get({"doctype":"Event Role", "role":("in", webnotes.get_roles())}):
 		return True
 		
 	return False


 def send_event_digest():
 	today = nowdate()
 	for user in webnotes.conn.sql("""select name, email, language 
--- a/webnotes/core/doctype/event/test_event.py
+++ b/webnotes/core/doctype/event/test_event.py
@@ -0,0 +1,67 @@
 # Copyright (c) 2013, Web Notes Technologies Pvt. Ltd. and Contributors
 # MIT License. See license.txt

 """Use blog post test to test permission restriction logic"""

 test_records = [
 	[{
 		"doctype": "Event",
 		"subject":"_Test Event 1",
 		"starts_on": "2014-01-01",
 		"event_type": "Public",
 	}],
 	[{
 		"doctype": "Event",
 		"starts_on": "2014-01-01",
 		"subject":"_Test Event 2",
 		"event_type": "Private",
 	}],
 	[{
 		"doctype": "Event",
 		"starts_on": "2014-01-01",
 		"subject":"_Test Event 3",
 		"event_type": "Private",
 	}, {
 		"doctype": "Event User",
 		"parentfield": "event_individuals",
 		"person": "test1@example.com"
 	}],
 	
 ]

 import webnotes
 import webnotes.defaults
 import unittest

 class TestEvent(unittest.TestCase):
 	# def setUp(self):
 	# 	profile = webnotes.bean("Profile", "test1@example.com")
 	# 	profile.get_controller().add_roles("Website Manager")

 	def tearDown(self):
 		webnotes.set_user("Administrator")

 	def test_allowed_public(self):
 		webnotes.set_user("test1@example.com")
 		doc = webnotes.doc("Event", webnotes.conn.get_value("Event", {"subject":"_Test Event 1"}))
 		self.assertTrue(webnotes.has_permission("Event", refdoc=doc))
 				
 	def test_not_allowed_private(self):
 		webnotes.set_user("test1@example.com")
 		doc = webnotes.doc("Event", webnotes.conn.get_value("Event", {"subject":"_Test Event 2"}))
 		self.assertFalse(webnotes.has_permission("Event", refdoc=doc))

 	def test_allowed_private_if_in_event_user(self):
 		webnotes.set_user("test1@example.com")
 		doc = webnotes.doc("Event", webnotes.conn.get_value("Event", {"subject":"_Test Event 3"}))
 		self.assertTrue(webnotes.has_permission("Event", refdoc=doc))
 		
 	def test_event_list(self):
 		webnotes.set_user("test1@example.com")
 		res = webnotes.get_list("Event", filters=[["Event", "subject", "like", "_Test Event%"]], fields=["name", "subject"])
 		self.assertEquals(len(res), 2)
 		subjects = [r.subject for r in res]
 		self.assertTrue("_Test Event 1" in subjects)
 		self.assertTrue("_Test Event 3" in subjects)
 		self.assertFalse("_Test Event 2" in subjects)
 	
--- a/webnotes/core/doctype/profile/profile.txt
+++ b/webnotes/core/doctype/profile/profile.txt
@@ -2,7 +2,7 @@
 {
  "creation": "2013-03-07 11:54:44", 
  "docstatus": 0, 
  "modified": "2014-01-22 16:05:34", 
  "modified": "2014-01-23 13:27:37", 
  "modified_by": "Administrator", 
  "owner": "Administrator"
 }, 
@@ -30,8 +30,7 @@
  "name": "__common__", 
  "parent": "Profile", 
  "parentfield": "fields", 
  "parenttype": "DocType", 
  "permlevel": 0
  "parenttype": "DocType"
 }, 
 {
  "cancel": 0, 
@@ -46,6 +45,13 @@
  "doctype": "DocType", 
  "name": "Profile"
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "sb0_5", 
  "fieldtype": "Section Break", 
  "label": "Personal Info", 
  "permlevel": 0
 }, 
 {
  "default": "1", 
  "doctype": "DocField", 
@@ -55,19 +61,16 @@
  "label": "Enabled", 
  "oldfieldname": "enabled", 
  "oldfieldtype": "Check", 
  "permlevel": 0, 
  "read_only": 1
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "sb0_5", 
  "fieldtype": "Section Break"
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "unsubscribed", 
  "fieldtype": "Check", 
  "hidden": 1, 
  "label": "Unsubscribed"
  "label": "Unsubscribed", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
@@ -77,6 +80,7 @@
  "label": "Email", 
  "oldfieldname": "email", 
  "oldfieldtype": "Data", 
  "permlevel": 0, 
  "reqd": 1, 
  "search_index": 0
 }, 
@@ -88,6 +92,7 @@
  "label": "First Name", 
  "oldfieldname": "first_name", 
  "oldfieldtype": "Data", 
  "permlevel": 0, 
  "reqd": 1
 }, 
 {
@@ -96,7 +101,8 @@
  "fieldtype": "Data", 
  "label": "Middle Name (Optional)", 
  "oldfieldname": "middle_name", 
  "oldfieldtype": "Data"
  "oldfieldtype": "Data", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
@@ -105,13 +111,15 @@
  "in_list_view": 1, 
  "label": "Last Name", 
  "oldfieldname": "last_name", 
  "oldfieldtype": "Data"
  "oldfieldtype": "Data", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "column_break0", 
  "fieldtype": "Column Break", 
  "oldfieldtype": "Column Break", 
  "permlevel": 0, 
  "print_width": "50%", 
  "width": "50%"
 }, 
@@ -121,7 +129,8 @@
  "fieldname": "language", 
  "fieldtype": "Select", 
  "label": "Language", 
  "options": "Loading..."
  "options": "Loading...", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
@@ -129,7 +138,8 @@
  "fieldtype": "Date", 
  "label": "Birth Date", 
  "oldfieldname": "birth_date", 
  "oldfieldtype": "Date"
  "oldfieldtype": "Date", 
  "permlevel": 0
 }, 
 {
  "default": "System User", 
@@ -140,6 +150,7 @@
  "oldfieldname": "user_type", 
  "oldfieldtype": "Select", 
  "options": "System User\nWebsite User", 
  "permlevel": 0, 
  "read_only": 1, 
  "reqd": 1
 }, 
@@ -151,19 +162,22 @@
  "oldfieldname": "gender", 
  "oldfieldtype": "Select", 
  "options": "\nMale\nFemale\nOther", 
  "permlevel": 0, 
  "search_index": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "change_password", 
  "fieldtype": "Section Break", 
  "label": "Set Password"
  "label": "Set Password", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "new_password", 
  "fieldtype": "Password", 
  "label": "New Password"
  "label": "New Password", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
@@ -171,6 +185,7 @@
  "fieldtype": "Data", 
  "hidden": 1, 
  "label": "Reset Password Key", 
  "permlevel": 0, 
  "print_hide": 1, 
  "read_only": 1
 }, 
@@ -179,45 +194,52 @@
  "doctype": "DocField", 
  "fieldname": "display_settings", 
  "fieldtype": "Section Break", 
  "label": "Display Settings"
  "label": "Display Settings", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "user_image", 
  "fieldtype": "Attach", 
  "hidden": 0, 
  "label": "User Image"
  "label": "User Image", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "background_image", 
  "fieldtype": "Attach", 
  "hidden": 0, 
  "label": "Background Image"
  "label": "Background Image", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "cb21", 
  "fieldtype": "Column Break"
  "fieldtype": "Column Break", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "user_image_show", 
  "fieldtype": "Image", 
  "label": "user_image_show", 
  "options": "user_image"
  "options": "user_image", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "short_bio", 
  "fieldtype": "Section Break", 
  "label": "Short Bio"
  "label": "Short Bio", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "bio", 
  "fieldtype": "Small Text", 
  "label": "Bio"
  "label": "Bio", 
  "permlevel": 0
 }, 
 {
  "description": "Check / Uncheck roles assigned to the Profile. Click on the Role to find out what permissions that Role has.", 
@@ -225,6 +247,7 @@
  "fieldname": "sb1", 
  "fieldtype": "Section Break", 
  "label": "Roles", 
  "permlevel": 1, 
  "read_only": 1
 }, 
 {
@@ -232,29 +255,34 @@
  "fieldname": "roles_html", 
  "fieldtype": "HTML", 
  "label": "Roles HTML", 
  "permlevel": 0, 
  "read_only": 1
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "incoming_email_settings", 
  "fieldtype": "Section Break", 
  "label": "Email Settings"
  "label": "Email Settings", 
  "permlevel": 1
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "cb18", 
  "fieldtype": "Column Break"
  "fieldtype": "Column Break", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "email_signature", 
  "fieldtype": "Small Text", 
  "label": "Email Signature"
  "label": "Email Signature", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "cb20", 
  "fieldtype": "Column Break"
  "fieldtype": "Column Break", 
  "permlevel": 0
 }, 
 {
  "description": "Pull Emails from the Inbox and attach them as Communication records (for known contacts).", 
@@ -262,7 +290,8 @@
  "fieldname": "sync_inbox", 
  "fieldtype": "Check", 
  "hidden": 1, 
  "label": "Sync Inbox"
  "label": "Sync Inbox", 
  "permlevel": 0
 }, 
 {
  "description": "POP3 Mail Server (e.g. pop.gmail.com)", 
@@ -270,28 +299,32 @@
  "fieldname": "email_host", 
  "fieldtype": "Data", 
  "hidden": 1, 
  "label": "Email Host"
  "label": "Email Host", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "email_use_ssl", 
  "fieldtype": "Check", 
  "hidden": 1, 
  "label": "Email Use SSL"
  "label": "Email Use SSL", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "email_login", 
  "fieldtype": "Data", 
  "hidden": 1, 
  "label": "Email Login"
  "label": "Email Login", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "email_password", 
  "fieldtype": "Password", 
  "hidden": 1, 
  "label": "Email Password"
  "label": "Email Password", 
  "permlevel": 0
 }, 
 {
  "description": "These values will be automatically updated in transactions and also will be useful to restrict permissions for this user on transactions containing these values.", 
@@ -301,6 +334,7 @@
  "hidden": 1, 
  "label": "Defaults", 
  "oldfieldtype": "Column Break", 
  "permlevel": 1, 
  "print_width": "50%", 
  "read_only": 1, 
  "width": "50%"
@@ -312,7 +346,8 @@
  "fieldtype": "Table", 
  "hidden": 1, 
  "label": "Profile Defaults", 
  "options": "DefaultValue"
  "options": "DefaultValue", 
  "permlevel": 0
 }, 
 {
  "doctype": "DocField", 
@@ -320,6 +355,7 @@
  "fieldtype": "Section Break", 
  "label": "Security Settings", 
  "oldfieldtype": "Section Break", 
  "permlevel": 0, 
  "read_only": 1
 }, 
 {
@@ -328,6 +364,7 @@
  "fieldname": "login_after", 
  "fieldtype": "Int", 
  "label": "Login After", 
  "permlevel": 0, 
  "read_only": 1
 }, 
 {
@@ -336,6 +373,7 @@
  "fieldname": "login_before", 
  "fieldtype": "Int", 
  "label": "Login Before", 
  "permlevel": 0, 
  "read_only": 1
 }, 
 {
@@ -344,6 +382,7 @@
  "fieldname": "restrict_ip", 
  "fieldtype": "Data", 
  "label": "Restrict IP", 
  "permlevel": 0, 
  "read_only": 1
 }, 
 {
@@ -351,6 +390,7 @@
  "fieldname": "column_break1", 
  "fieldtype": "Column Break", 
  "oldfieldtype": "Column Break", 
  "permlevel": 0, 
  "print_width": "50%", 
  "width": "50%"
 }, 
@@ -362,6 +402,7 @@
  "label": "Last Login", 
  "oldfieldname": "last_login", 
  "oldfieldtype": "Read Only", 
  "permlevel": 0, 
  "read_only": 1, 
  "reqd": 0, 
  "search_index": 0
@@ -373,6 +414,7 @@
  "label": "Last IP", 
  "oldfieldname": "last_ip", 
  "oldfieldtype": "Read Only", 
  "permlevel": 0, 
  "read_only": 1
 }, 
 {
@@ -382,6 +424,7 @@
  "hidden": 1, 
  "label": "Roles Assigned To User", 
  "no_copy": 0, 
  "permlevel": 0, 
  "print_hide": 1, 
  "read_only": 1
 }, 
@@ -392,6 +435,7 @@
  "hidden": 1, 
  "label": "Roles Assigned", 
  "options": "UserRole", 
  "permlevel": 0, 
  "print_hide": 1, 
  "read_only": 1
 }, 
@@ -417,19 +461,6 @@
  "role": "All", 
  "write": 0
 }, 
 {
  "create": 0, 
  "delete": 0, 
  "doctype": "DocPerm", 
  "email": 1, 
  "permlevel": 0, 
  "print": 1, 
  "report": 1, 
  "restricted": 1, 
  "role": "All", 
  "submit": 0, 
  "write": 0
 }, 
 {
  "amend": 0, 
  "create": 0, 
--- a/webnotes/core/doctype/todo/todo.txt
+++ b/webnotes/core/doctype/todo/todo.txt
@@ -2,7 +2,7 @@
 {
  "creation": "2012-07-03 13:30:35", 
  "docstatus": 0, 
  "modified": "2013-12-20 19:24:39", 
  "modified": "2014-01-23 12:15:38", 
  "modified_by": "Administrator", 
  "owner": "Administrator"
 }, 
@@ -15,13 +15,13 @@
  "hide_heading": 0, 
  "hide_toolbar": 0, 
  "icon": "icon-check", 
  "in_create": 1, 
  "in_create": 0, 
  "in_dialog": 0, 
  "issingle": 0, 
  "max_attachments": 0, 
  "module": "Core", 
  "name": "__common__", 
  "read_only": 1, 
  "read_only": 0, 
  "read_only_onload": 0
 }, 
 {
@@ -34,6 +34,7 @@
 }, 
 {
  "create": 1, 
  "delete": 0, 
  "doctype": "DocPerm", 
  "email": 1, 
  "name": "__common__", 
@@ -42,12 +43,20 @@
  "parenttype": "DocType", 
  "permlevel": 0, 
  "print": 1, 
  "read": 1
  "read": 1, 
  "report": 1, 
  "write": 1
 }, 
 {
  "doctype": "DocType", 
  "name": "ToDo"
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "description_and_status", 
  "fieldtype": "Section Break", 
  "label": "Description and Status"
 }, 
 {
  "allow_on_submit": 0, 
  "doctype": "DocField", 
@@ -55,6 +64,7 @@
  "fieldtype": "Text", 
  "hidden": 0, 
  "in_filter": 0, 
  "in_list_view": 1, 
  "label": "Description", 
  "no_copy": 0, 
  "oldfieldname": "description", 
@@ -66,17 +76,32 @@
  "search_index": 0, 
  "width": "300px"
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "column_break_2", 
  "fieldtype": "Column Break"
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "status", 
  "fieldtype": "Select", 
  "in_list_view": 1, 
  "label": "Status", 
  "options": "Open\nClosed"
 }, 
 {
  "allow_on_submit": 0, 
  "doctype": "DocField", 
  "fieldname": "date", 
  "fieldtype": "Date", 
  "fieldname": "priority", 
  "fieldtype": "Select", 
  "hidden": 0, 
  "in_filter": 0, 
  "label": "Date", 
  "in_list_view": 1, 
  "label": "Priority", 
  "no_copy": 0, 
  "oldfieldname": "date", 
  "oldfieldtype": "Date", 
  "oldfieldname": "priority", 
  "oldfieldtype": "Data", 
  "options": "High\nMedium\nLow", 
  "print_hide": 0, 
  "report_hide": 0, 
  "reqd": 0, 
@@ -85,19 +110,26 @@
 {
  "allow_on_submit": 0, 
  "doctype": "DocField", 
  "fieldname": "priority", 
  "fieldtype": "Data", 
  "fieldname": "date", 
  "fieldtype": "Date", 
  "hidden": 0, 
  "in_filter": 0, 
  "label": "Priority", 
  "in_list_view": 1, 
  "label": "Due Date", 
  "no_copy": 0, 
  "oldfieldname": "priority", 
  "oldfieldtype": "Data", 
  "oldfieldname": "date", 
  "oldfieldtype": "Date", 
  "print_hide": 0, 
  "report_hide": 0, 
  "reqd": 0, 
  "search_index": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "section_break_6", 
  "fieldtype": "Section Break", 
  "label": "Reference"
 }, 
 {
  "allow_on_submit": 0, 
  "doctype": "DocField", 
@@ -137,7 +169,8 @@
  "fieldtype": "Check", 
  "hidden": 0, 
  "in_filter": 0, 
  "label": "Checked", 
  "in_list_view": 1, 
  "label": "Completed", 
  "no_copy": 0, 
  "oldfieldname": "checked", 
  "oldfieldtype": "Check", 
@@ -146,6 +179,11 @@
  "reqd": 0, 
  "search_index": 0
 }, 
 {
  "doctype": "DocField", 
  "fieldname": "column_break_10", 
  "fieldtype": "Column Break"
 }, 
 {
  "allow_on_submit": 0, 
  "doctype": "DocField", 
@@ -171,14 +209,16 @@
  "options": "Profile"
 }, 
 {
  "cancel": 0, 
  "doctype": "DocPerm", 
  "report": 0, 
  "export": 0, 
  "restricted": 1, 
  "role": "All", 
  "submit": 0
 }, 
 {
  "doctype": "DocPerm", 
  "report": 1, 
  "export": 1, 
  "role": "System Manager"
 }
 ]
--- a/webnotes/core/page/applications/applications.py
+++ b/webnotes/core/page/applications/applications.py
@@ -10,7 +10,7 @@ def get_app_list():
 	installed = webnotes.get_installed_apps()
 	for app in webnotes.get_all_apps(True):
 		out[app] = {}
 		app_hooks = webnotes.get_hooks(app)
 		app_hooks = webnotes.get_hooks(app_name=app)
 		for key in ("app_name", "app_title", "app_description", "app_icon",
 			"app_publisher", "app_version", "app_url", "app_color"):
 			out[app][key] = app_hooks.get(key)
--- a/webnotes/hooks.txt
+++ b/webnotes/hooks.txt
@@ -21,4 +21,9 @@ scheduler_event = daily:webnotes.utils.email_lib.bulk.clear_outbox
 scheduler_event = daily:webnotes.core.doctype.notification_count.notification_count.delete_event_notification_count
 scheduler_event = daily:webnotes.core.doctype.event.event.send_event_digest

 on_session_creation = webnotes.auth.notify_administrator_login
 on_session_creation = webnotes.auth.notify_administrator_login

 # permissions

 permission_query_conditions:Event = webnotes.core.doctype.event.event.get_permission_query_conditions
 has_permission:Event =  webnotes.core.doctype.event.event.has_permission
--- a/webnotes/permissions.py
+++ b/webnotes/permissions.py
@@ -30,16 +30,18 @@ def has_permission(doctype, ptype="read", refdoc=None, verbose=True):
 	# get user permissions
 	if not get_user_perms(meta).get(ptype):
 		return False
 	elif refdoc:
 		
 	if refdoc:
 		if isinstance(refdoc, basestring):
 			refdoc = webnotes.doc(meta[0].name, refdoc)
 		
 		if has_unrestricted_access(meta, refdoc, verbose=verbose):
 			return True
 		else:
 		if not has_unrestricted_access(meta, refdoc, verbose=verbose):
 			return False
 	else:
 		return True
 		
 		if not has_additional_permission(refdoc):
 			return False

 	return True
 		
 rights = ["read", "write", "create", "submit", "cancel", "amend",
 	"report", "import", "export", "print", "email", "restrict", "delete", "restricted"]
@@ -98,6 +100,14 @@ def has_unrestricted_access(meta, refdoc, verbose=True):
 	# check all restrictions before returning
 	return False if has_restricted_data else True
 	
 def has_additional_permission(doc):
 	condition_methods = webnotes.get_hooks("has_permission:" + doc.doctype)
 	for method in webnotes.get_hooks("has_permission:" + doc.doctype):
 		if not webnotes.get_attr(method)(doc):
 			return False
 		
 	return True
 	
 def can_restrict_user(user, doctype, docname=None):
 	if not can_restrict(doctype, docname):
 		return False
--- a/webnotes/public/css/common.css
+++ b/webnotes/public/css/common.css
@@ -53,6 +53,7 @@ div#freeze {
 /* listing */

 .show_filters {
 	padding-top: 15px;
 	padding-bottom: 15px;
 	margin-bottom: 15px;
 	border-bottom: 1px solid #c7c7c7;
--- a/webnotes/public/js/wn/app.js
+++ b/webnotes/public/js/wn/app.js
@@ -29,7 +29,7 @@ wn.Application = Class.extend({
 					wn.provide('wn.boot');
 					wn.boot = r;
 					if(wn.boot.profile.name==='Guest' || wn.boot.profile.user_type==="Website User") {
 						window.location = 'index.html';
 						window.location = 'index';
 						return;
 					}
 					me.startup();
--- a/webnotes/public/js/wn/form/assign_to.js
+++ b/webnotes/public/js/wn/form/assign_to.js
@@ -97,7 +97,7 @@ wn.ui.form.AssignTo = Class.extend({
 					{fieldtype:'Button', label:wn._("Add"), fieldname:'add_btn'}
 				]
 			});
 			
 						
 			me.dialog.fields_dict.restrict.$wrapper
 				.find(".assign-user-properties")
 				.on("click", function() {
@@ -141,6 +141,11 @@ wn.ui.form.AssignTo = Class.extend({
 		})();
 		
 		me.dialog.show();
 		
 		if(!wn.perm.get_perm(me.frm.doctype)[0].restricted) {
 			me.dialog.fields_dict.restrict.set_input(0);
 			me.dialog.fields_dict.restrict.$wrapper.toggle(false);
 		}
 	}
 });

--- a/webnotes/public/js/wn/form/control.js
+++ b/webnotes/public/js/wn/form/control.js
@@ -460,7 +460,7 @@ wn.ui.form.ControlCheck = wn.ui.form.ControlData.extend({
 	input_type: "checkbox",
 	make_wrapper: function() {
 		this.$wrapper = $('<div class="form-group row" style="margin: 0px;">\
 		<div class="col-md-offset-4 col-md-8">\
 		<div class="col-md-offset-3 col-md-8">\
 			<div class="checkbox" style="margin: 5px 0px">\
 				<label>\
 					<span class="input-area"></span>\
--- a/webnotes/templates/includes/login.js
+++ b/webnotes/templates/includes/login.js
@@ -65,7 +65,7 @@ login.do_login = function(){
 		statusCode: {
 			200: function(data) {
 				if(data.message=="Logged In") {
 					window.location.href = "app.html";
 					window.location.href = "app";
 				} else if(data.message=="No App") {
 					if(localStorage) {
 						var last_visited = localStorage.getItem("last_visited") || "index";
--- a/webnotes/widgets/reportview.py
+++ b/webnotes/widgets/reportview.py
@@ -171,7 +171,12 @@ def build_filter_conditions(filters, conditions):
 		if isinstance(f, basestring):
 			conditions.append(f)
 		else:
 			
 			if not isinstance(f, (list, tuple)):
 				webnotes.throw("Filter must be a tuple or list (in a list)")

 			if len(f) != 4:
 				webnotes.throw("Filter must have 4 values (doctype, fieldname, condition, value): " + str(f))
 				
 			tname = ('`tab' + f[0] + '`')
 			if not tname in webnotes.local.reportview_tables:
 				webnotes.local.reportview_tables.append(tname)
@@ -240,7 +245,7 @@ def build_match_conditions(doctype, fields=None, as_condition=True):
 										
 	if as_condition:
 		conditions = " and ".join(match_conditions)
 		doctype_conditions = get_doctype_conditions(doctype)
 		doctype_conditions = get_permission_query_conditions(doctype)
 		if doctype_conditions:
 			conditions += ' and ' + doctype_conditions if conditions else doctype_conditions
 			
@@ -255,12 +260,15 @@ def build_match_conditions(doctype, fields=None, as_condition=True):
 	else:
 		return match_filters
 		
 def get_doctype_conditions(doctype):
 	from webnotes.model.code import load_doctype_module
 	module = load_doctype_module(doctype)
 	if module and hasattr(module, 'get_match_conditions'):
 		return getattr(module, 'get_match_conditions')()

 def get_permission_query_conditions(doctype):
 	condition_methods = webnotes.get_hooks("permission_query_conditions:" + doctype)
 	if condition_methods:
 		conditions = []
 		for method in condition_methods:
 			conditions.append(webnotes.get_attr(method)())
 				
 		return " and ".join(conditions)
 		
 def get_tables(doctype, fields):
 	"""extract tables from fields"""
 	tables = ['`tab' + doctype + '`']