The framework [wnframework](https://github.com/webnotes/wnframework) is used and seemingly developed in parallel.
The python code does not follow the guidelines in [PEP8](http://www.python.org/dev/peps/pep-0008/).
#### Database
2013-11-20 20:09:18 +00:00
wnframework contains a database model abstraction which is used in some places, though there are > 2000 places where raw SQL is composed using python's `'foo %s' % ('bar')` string formatting. I have managed to cause some minor SQL injections, I have not yet found any places where I can cause significant damage / data loss.
2013-11-20 19:07:56 +00:00
Not using a database abstraction model such as SQLAlchemy reduces storage portability and adds security overhead to ensure that no malicious queries can be executed.
Update: SQLAlchemy has a severe performance penalty based on our testing. Plus, SQL reduces the code complexity in many instances and has much better performance too. - *Rushabh*
2013-11-20 19:07:56 +00:00
In those places I have seen, no input sanitation was performed, although they were only SELECT queries. I suspect that you could alter database contents by modifiying a SELECT query, but I have not managed to do so myself.
Update: The library does not allow multiple SQL Queries to be executed, hence altering is not possible. There is possibility of overriding certain conditions. We will fix these on priority. - *Rushabh*
*It does not seem like it*. There are 'Cost Centers', but they do not seem to be usable in fund accounting.
Update: *Yes*. Cost Centers can be easily extended to manage funds. Each Income / Expense is tagged against cost center, so you can accurately track per Fund. Some of the terminology can be fixed if required - *Rushabh*
*No*. It does not seem like 'Cost Centers' can be used this way.
Update: *Yes*. Please see earlier comment, each fund can be a cost center and invoices, expenses can be booked against it. Even budgeting can be done against a cost center. - *Rushabh*
### Evaluation of [[Double-entry Accounting|UseCases/DoubleEntryAccounting]] UseCases
2013-11-20 19:51:14 +00:00
- Does the system implement pure double-entry accounting? In my judgement, yes. Money goes into one or more accounts, out of another one or more accounts.
- Does it have a [[the ability to explore transactions via documentation linkage|UseCases/TrackingDocumentation#document-link-explore]]? Yes, you can e.g. filter "Journal Vouchers" by "Bill No".
that can be later approved before officially being posted to the books? Yes. Each transaction has a Draft and Submitted status. And separate rights can be given to separate roles for doing approvals. Plus rule based approvals based on properties also exist.
- Is a [[the workflow configurable|UseCases/WorkFlow#workflow-configurable]] ? Yes - there is a workflow system [User Docs](https://docs.erpnext.com/workflows.html)
- [[Unaccrued Invoice|UseCases/WorkFlow#unaccrued-invioice]] ? Exists - You can check in Accounts Receivable
### Evaluation of the [[Storage API|UseCases/StorageAPI]]
2013-11-20 19:07:56 +00:00
It is a web application using JavaScript to communicate with the backend, so there is an API endpoint for everything you'll ever see in the application.
- Is the [[license both determined as Free Software by FSF and OSI-approved|USeCases/CommunityHealth#license-approved]]? Yes, it's [GPLv3](https://github.com/webnotes/erpnext/blob/master/license.txt), (CC-BY-SA 3.0 for documentation).
- Is the [[license GPL-compatible||USeCases/CommunityHealth#gpl-compatible]]? Yes, it's [GPLv3](https://github.com/webnotes/erpnext/blob/master/license.txt), (CC-BY-SA 3.0 for documentation).
[raised the issue on the ERPNext Developers' Forum](https://groups.google.com/forum/?_escaped_fragment_=msg/erpnext-developer-forum/jfsURU8Ew9A/HVDX1z3vvkgJ#!msg/erpnext-developer-forum/jfsURU8Ew9A/HVDX1z3vvkgJ).
