feat: Password protected salary slips (#17380)

* feat: Added check for encrypting salary slips and password policy field

* feat: make password policy mandatory if encrypt option is selected

* feat: added password logic to email_salary_slip

* fix: import error

* chore: Minor enhancement to validations in salary slip

* fix: travis patch

* feat: Modified email body for password protected salary slips
diff --git a/erpnext/hr/doctype/hr_settings/hr_settings.js b/erpnext/hr/doctype/hr_settings/hr_settings.js
index 6ab523e..58ce422 100644
--- a/erpnext/hr/doctype/hr_settings/hr_settings.js
+++ b/erpnext/hr/doctype/hr_settings/hr_settings.js
@@ -4,5 +4,18 @@
 frappe.ui.form.on('HR Settings', {
 	refresh: function(frm) {
 
+	},
+
+	encrypt_salary_slips_in_emails: function(frm) {
+		let encrypt_state = frm.doc.encrypt_salary_slips_in_emails;
+		frm.set_df_property('password_policy', 'reqd', encrypt_state);
+	},
+
+	validate: function(frm) {
+		let policy = frm.doc.password_policy;
+		if (policy.includes(' ') || policy.includes('--')) {
+			frappe.msgprint("Password policy cannot contain spaces or simultaneous hyphens. The format will be restructured automatically");
+		}
+		frm.set_value('password_policy', policy.split(new RegExp(" |-", 'g')).filter((token) => token).join('-'));
 	}
 });
diff --git a/erpnext/hr/doctype/hr_settings/hr_settings.json b/erpnext/hr/doctype/hr_settings/hr_settings.json
index 225785d..5502ce8 100644
--- a/erpnext/hr/doctype/hr_settings/hr_settings.json
+++ b/erpnext/hr/doctype/hr_settings/hr_settings.json
@@ -1,5 +1,6 @@
 {
  "allow_copy": 0, 
+ "allow_events_in_timeline": 0, 
  "allow_guest_to_view": 0, 
  "allow_import": 0, 
  "allow_rename": 0, 
@@ -13,10 +14,12 @@
  "fields": [
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "fetch_if_empty": 0, 
    "fieldname": "employee_settings", 
    "fieldtype": "Section Break", 
    "hidden": 0, 
@@ -43,12 +46,14 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "default": "", 
    "description": "Enter retirement age in years", 
+   "fetch_if_empty": 0, 
    "fieldname": "retirement_age", 
    "fieldtype": "Data", 
    "hidden": 0, 
@@ -76,12 +81,14 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "default": "Naming Series", 
    "description": "Employee record is created using selected field. ", 
+   "fetch_if_empty": 0, 
    "fieldname": "emp_created_by", 
    "fieldtype": "Select", 
    "hidden": 0, 
@@ -109,11 +116,13 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "default": "", 
+   "fetch_if_empty": 0, 
    "fieldname": "leave_approval_notification_template", 
    "fieldtype": "Link", 
    "hidden": 0, 
@@ -142,10 +151,12 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "fetch_if_empty": 0, 
    "fieldname": "leave_status_notification_template", 
    "fieldtype": "Link", 
    "hidden": 0, 
@@ -174,10 +185,12 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "fetch_if_empty": 0, 
    "fieldname": "column_break_4", 
    "fieldtype": "Column Break", 
    "hidden": 0, 
@@ -204,11 +217,13 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "description": "Don't send Employee Birthday Reminders", 
+   "fetch_if_empty": 0, 
    "fieldname": "stop_birthday_reminders", 
    "fieldtype": "Check", 
    "hidden": 0, 
@@ -235,10 +250,12 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "fetch_if_empty": 0, 
    "fieldname": "maintain_bill_work_hours_same", 
    "fieldtype": "Check", 
    "hidden": 0, 
@@ -266,11 +283,13 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "default": "1", 
+   "fetch_if_empty": 0, 
    "fieldname": "leave_approver_mandatory_in_leave_application", 
    "fieldtype": "Check", 
    "hidden": 0, 
@@ -298,11 +317,13 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "default": "1", 
+   "fetch_if_empty": 0, 
    "fieldname": "expense_approver_mandatory_in_expense_claim", 
    "fieldtype": "Check", 
    "hidden": 0, 
@@ -330,10 +351,13 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "depends_on": "", 
+   "fetch_if_empty": 0, 
    "fieldname": "payroll_settings", 
    "fieldtype": "Section Break", 
    "hidden": 0, 
@@ -360,11 +384,13 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "description": "If checked, Total no. of Working Days will include holidays, and this will reduce the value of Salary Per Day", 
+   "fetch_if_empty": 0, 
    "fieldname": "include_holidays_in_total_working_days", 
    "fieldtype": "Check", 
    "hidden": 0, 
@@ -391,12 +417,14 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
    "default": "1", 
    "description": "Emails salary slip to employee based on preferred email selected in Employee", 
+   "fetch_if_empty": 0, 
    "fieldname": "email_salary_slip_to_employee", 
    "fieldtype": "Check", 
    "hidden": 0, 
@@ -424,10 +452,82 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "depends_on": "eval: doc.email_salary_slip_to_employee == 1;", 
+   "description": "The salary slip emailed to the employee will be password protected, the password will be generated based on the password policy.", 
+   "fetch_if_empty": 0, 
+   "fieldname": "encrypt_salary_slips_in_emails", 
+   "fieldtype": "Check", 
+   "hidden": 0, 
+   "ignore_user_permissions": 0, 
+   "ignore_xss_filter": 0, 
+   "in_filter": 0, 
+   "in_global_search": 0, 
+   "in_list_view": 0, 
+   "in_standard_filter": 0, 
+   "label": "Encrypt Salary Slips in Emails", 
+   "length": 0, 
+   "no_copy": 0, 
+   "permlevel": 0, 
+   "precision": "", 
+   "print_hide": 0, 
+   "print_hide_if_no_value": 0, 
+   "read_only": 0, 
+   "remember_last_selected_value": 0, 
+   "report_hide": 0, 
+   "reqd": 0, 
+   "search_index": 0, 
+   "set_only_once": 0, 
+   "translatable": 0, 
+   "unique": 0
+  }, 
+  {
+   "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
+   "allow_on_submit": 0, 
+   "bold": 0, 
+   "collapsible": 0, 
+   "columns": 0, 
+   "depends_on": "eval: doc.encrypt_salary_slips_in_emails == 1", 
+   "description": "<b>Example:</b> SAL-{first_name}-{date_of_birth.year} <br>This will generate a password like SAL-Jane-1972", 
+   "fetch_if_empty": 0, 
+   "fieldname": "password_policy", 
+   "fieldtype": "Data", 
+   "hidden": 0, 
+   "ignore_user_permissions": 0, 
+   "ignore_xss_filter": 0, 
+   "in_filter": 0, 
+   "in_global_search": 0, 
+   "in_list_view": 1, 
+   "in_standard_filter": 0, 
+   "label": "Password Policy", 
+   "length": 0, 
+   "no_copy": 0, 
+   "permlevel": 0, 
+   "precision": "", 
+   "print_hide": 0, 
+   "print_hide_if_no_value": 0, 
+   "read_only": 0, 
+   "remember_last_selected_value": 0, 
+   "report_hide": 0, 
+   "reqd": 0, 
+   "search_index": 0, 
+   "set_only_once": 0, 
+   "translatable": 0, 
+   "unique": 0
+  }, 
+  {
+   "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
+   "allow_on_submit": 0, 
+   "bold": 0, 
+   "collapsible": 0, 
+   "columns": 0, 
+   "fetch_if_empty": 0, 
    "fieldname": "max_working_hours_against_timesheet", 
    "fieldtype": "Float", 
    "hidden": 0, 
@@ -455,10 +555,12 @@
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "fetch_if_empty": 0, 
    "fieldname": "leave_settings", 
    "fieldtype": "Section Break", 
    "hidden": 0, 
@@ -481,14 +583,17 @@
    "reqd": 0, 
    "search_index": 0, 
    "set_only_once": 0, 
+   "translatable": 0, 
    "unique": 0
   }, 
   {
    "allow_bulk_edit": 0, 
+   "allow_in_quick_entry": 0, 
    "allow_on_submit": 0, 
    "bold": 0, 
    "collapsible": 0, 
    "columns": 0, 
+   "fetch_if_empty": 0, 
    "fieldname": "show_leaves_of_all_department_members_in_calendar", 
    "fieldtype": "Check", 
    "hidden": 0, 
@@ -511,22 +616,21 @@
    "reqd": 0, 
    "search_index": 0, 
    "set_only_once": 0, 
+   "translatable": 0, 
    "unique": 0
   }
  ], 
  "has_web_view": 0, 
- "hide_heading": 0, 
  "hide_toolbar": 0, 
  "icon": "fa fa-cog", 
  "idx": 1, 
- "image_view": 0, 
  "in_create": 0, 
  "is_submittable": 0, 
  "issingle": 1, 
  "istable": 0, 
  "max_attachments": 0, 
- "modified": "2018-05-03 15:36:13.015466", 
- "modified_by": "Administrator", 
+ "modified": "2019-04-25 15:08:12.983571", 
+ "modified_by": "shivam@example.com", 
  "module": "HR", 
  "name": "HR Settings", 
  "owner": "Administrator", 
@@ -553,9 +657,9 @@
  ], 
  "quick_entry": 0, 
  "read_only": 0, 
- "read_only_onload": 0, 
  "show_name_in_global_search": 0, 
  "sort_order": "ASC", 
  "track_changes": 0, 
- "track_seen": 0
+ "track_seen": 0, 
+ "track_views": 0
 }
\ No newline at end of file
diff --git a/erpnext/hr/doctype/hr_settings/hr_settings.py b/erpnext/hr/doctype/hr_settings/hr_settings.py
index 964eaee..78095b3 100644
--- a/erpnext/hr/doctype/hr_settings/hr_settings.py
+++ b/erpnext/hr/doctype/hr_settings/hr_settings.py
@@ -5,11 +5,21 @@
 
 from __future__ import unicode_literals
 import frappe
+from frappe import _
 
 from frappe.model.document import Document
 
 class HRSettings(Document):
 	def validate(self):
+		self.set_naming_series()
+		self.validate_password_policy()
+
+	def set_naming_series(self):
 		from erpnext.setup.doctype.naming_series.naming_series import set_by_naming_series
 		set_by_naming_series("Employee", "employee_number",
 			self.get("emp_created_by")=="Naming Series", hide_name_field=True)
+
+	def validate_password_policy(self):
+		if self.email_salary_slip_to_employee and self.encrypt_salary_slips_in_emails:
+			if not self.password_policy:
+				frappe.throw(_("Password policy for Salary Slips is not set"))
\ No newline at end of file
diff --git a/erpnext/hr/doctype/salary_slip/salary_slip.py b/erpnext/hr/doctype/salary_slip/salary_slip.py
index fbfa3af..5f6ddfc 100644
--- a/erpnext/hr/doctype/salary_slip/salary_slip.py
+++ b/erpnext/hr/doctype/salary_slip/salary_slip.py
@@ -520,13 +520,20 @@
 
 	def email_salary_slip(self):
 		receiver = frappe.db.get_value("Employee", self.employee, "prefered_email")
+		hr_settings = frappe.get_single("HR Settings")
+		message = "Please see attachment"
+		password = None
+		if hr_settings.encrypt_salary_slips_in_emails:
+			password = generate_password_for_pdf(hr_settings.password_policy, self.employee)
+			message += """<br>Note: Your salary slip is password protected,
+				the password to unlock the PDF is of the format {0}. """.format(hr_settings.password_policy)
 
 		if receiver:
 			email_args = {
 				"recipients": [receiver],
-				"message": _("Please see attachment"),
+				"message": _(message),
 				"subject": 'Salary Slip - from {0} to {1}'.format(self.start_date, self.end_date),
-				"attachments": [frappe.attach_print(self.doctype, self.name, file_name=self.name)],
+				"attachments": [frappe.attach_print(self.doctype, self.name, file_name=self.name, password=password)],
 				"reference_doctype": self.doctype,
 				"reference_name": self.name
 				}
@@ -843,3 +850,7 @@
 		for ss in linked_ss:
 			ss_doc = frappe.get_doc("Salary Slip", ss)
 			frappe.db.set_value("Salary Slip", ss_doc.name, "journal_entry", "")
+
+def generate_password_for_pdf(policy_template, employee):
+	employee = frappe.get_doc("Employee", employee)
+	return policy_template.format(**employee.as_dict())
diff --git a/erpnext/patches.txt b/erpnext/patches.txt
index 01270e4..bdc1ed4 100644
--- a/erpnext/patches.txt
+++ b/erpnext/patches.txt
@@ -512,6 +512,7 @@
 erpnext.patches.v11_0.move_leave_approvers_from_employee #13-06-2018
 erpnext.patches.v11_0.update_department_lft_rgt
 erpnext.patches.v11_0.add_default_email_template_for_leave
+execute:frappe.reload_doc("HR", "doctype", "HR Settings")
 erpnext.patches.v11_0.set_default_email_template_in_hr #08-06-2018
 erpnext.patches.v11_0.uom_conversion_data #30-06-2018
 erpnext.patches.v10_0.taxes_issue_with_pos
diff --git a/erpnext/patches/v11_0/set_default_email_template_in_hr.py b/erpnext/patches/v11_0/set_default_email_template_in_hr.py
index e895eae..14954fb 100644
--- a/erpnext/patches/v11_0/set_default_email_template_in_hr.py
+++ b/erpnext/patches/v11_0/set_default_email_template_in_hr.py
@@ -2,7 +2,6 @@
 import frappe
 
 def execute():
-
 	hr_settings = frappe.get_single("HR Settings")
 	hr_settings.leave_approval_notification_template = "Leave Approval Notification"
 	hr_settings.leave_status_notification_template = "Leave Status Notification"