Revision 2a72d256
Von Moritz Bunkus vor etwa 4 Jahren hinzugefügt
SL/CT.pm | ||
---|---|---|
push @values, $form->{create_zugferd_invoices};
|
||
}
|
||
|
||
# Nur Kunden finden, bei denen ich selber der Verkäufer bin
|
||
# Gilt nicht für Lieferanten
|
||
if ($cv eq 'customer' && !$main::auth->assert('customer_vendor_all_edit', 1)) {
|
||
$where .= qq| AND ct.salesman_id = (select em.id from employee em where em.login = ?)|;
|
||
push(@values, $::myconfig{login});
|
||
}
|
||
|
||
my ($cvar_where, @cvar_values) = CVar->build_filter_query('module' => 'CT',
|
||
'trans_id_field' => 'ct.id',
|
||
'filter' => $form);
|
SL/Controller/Customer.pm | ||
---|---|---|
use SL::DB::Customer;
|
||
use SL::JSON;
|
||
|
||
# safety
|
||
__PACKAGE__->run_before(sub { $::auth->assert('customer_vendor_edit') });
|
||
|
||
sub action_get_hourly_rate {
|
||
my ($self, %params) = @_;
|
||
|
SL/Controller/CustomerVendor.pm | ||
---|---|---|
use Data::Dumper;
|
||
|
||
use Rose::Object::MakeMethods::Generic (
|
||
scalar => [ qw(user_has_edit_rights) ],
|
||
'scalar --get_set_init' => [ qw(customer_models vendor_models zugferd_settings) ],
|
||
);
|
||
|
||
# safety
|
||
__PACKAGE__->run_before(
|
||
sub {
|
||
$::auth->assert('customer_vendor_edit');
|
||
},
|
||
except => [ qw(ajaj_autocomplete) ],
|
||
);
|
||
__PACKAGE__->run_before(
|
||
'_instantiate_args',
|
||
only => [
|
||
... | ... | |
);
|
||
|
||
# make sure this comes after _load_customer_vendor
|
||
__PACKAGE__->run_before(
|
||
'_check_customer_vendor_all_edit',
|
||
only => [
|
||
'edit',
|
||
'show',
|
||
'update',
|
||
'delete',
|
||
'save',
|
||
'save_and_ap_transaction',
|
||
'save_and_ar_transaction',
|
||
'save_and_close',
|
||
'save_and_invoice',
|
||
'save_and_order',
|
||
'save_and_quotation',
|
||
'save_and_rfq',
|
||
'delete',
|
||
'delete_contact',
|
||
'delete_shipto',
|
||
]
|
||
);
|
||
__PACKAGE__->run_before('_check_auth');
|
||
|
||
__PACKAGE__->run_before(
|
||
'_create_customer_vendor',
|
||
... | ... | |
if (1 == scalar @{ $exact_matches = $manager->get_all(
|
||
query => [
|
||
obsolete => 0,
|
||
(salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
|
||
or => [
|
||
name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
|
||
$number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
|
||
... | ... | |
}
|
||
}
|
||
|
||
sub _check_customer_vendor_all_edit {
|
||
my ($self) = @_;
|
||
sub _check_auth {
|
||
my ($self, $action) = @_;
|
||
|
||
unless ($::auth->assert('customer_vendor_all_edit', 1)) {
|
||
die($::locale->text("You don't have the rights to edit this customer.") . "\n")
|
||
if $self->{cv}->is_customer and
|
||
SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
|
||
};
|
||
};
|
||
my $is_new = !$self->{cv} || !$self->{cv}->id;
|
||
my $is_own_customer = !$is_new
|
||
&& $self->{cv}->is_customer
|
||
&& (SL::DB::Manager::Employee->current->id == $self->{cv}->salesman_id);
|
||
my $has_edit_rights = $::auth->assert('customer_vendor_all_edit', 1);
|
||
$has_edit_rights ||= $::auth->assert('customer_vendor_edit', 1) && ($is_new || $is_own_customer);
|
||
my $needs_edit_rights = $action =~ m{^(?:add|save|delete|update)};
|
||
|
||
$self->user_has_edit_rights($has_edit_rights);
|
||
|
||
return 1 if $has_edit_rights;
|
||
return 0 if $needs_edit_rights;
|
||
return 1;
|
||
}
|
||
|
||
sub _create_customer_vendor {
|
||
my ($self) = @_;
|
||
... | ... | |
sub _setup_form_action_bar {
|
||
my ($self) = @_;
|
||
|
||
my $no_rights = $self->user_has_edit_rights ? undef
|
||
: $self->{cv}->is_customer ? t8("You don't have the rights to edit this customer.")
|
||
: t8("You don't have the rights to edit this vendor.");
|
||
|
||
for my $bar ($::request->layout->get('actionbar')) {
|
||
$bar->add(
|
||
combobox => [
|
||
... | ... | |
submit => [ '#form', { action => "CustomerVendor/save" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
accesskey => 'enter',
|
||
disabled => $no_rights,
|
||
],
|
||
action => [
|
||
t8('Save and Close'),
|
||
submit => [ '#form', { action => "CustomerVendor/save_and_close" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
disabled => $no_rights,
|
||
],
|
||
], # end of combobox "Save"
|
||
|
||
... | ... | |
t8('Save and AP Transaction'),
|
||
submit => [ '#form', { action => "CustomerVendor/save_and_ap_transaction" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
disabled => $no_rights,
|
||
]) x !!$self->is_vendor,
|
||
(action => [
|
||
t8('Save and AR Transaction'),
|
||
submit => [ '#form', { action => "CustomerVendor/save_and_ar_transaction" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
disabled => $no_rights,
|
||
]) x !$self->is_vendor,
|
||
action => [
|
||
t8('Save and Invoice'),
|
||
submit => [ '#form', { action => "CustomerVendor/save_and_invoice" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
disabled => $no_rights,
|
||
],
|
||
action => [
|
||
t8('Save and Order'),
|
||
submit => [ '#form', { action => "CustomerVendor/save_and_order" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
disabled => $no_rights,
|
||
],
|
||
(action => [
|
||
t8('Save and RFQ'),
|
||
submit => [ '#form', { action => "CustomerVendor/save_and_rfq" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
disabled => $no_rights,
|
||
]) x !!$self->is_vendor,
|
||
(action => [
|
||
t8('Save and Quotation'),
|
||
submit => [ '#form', { action => "CustomerVendor/save_and_quotation" } ],
|
||
checks => [ 'check_taxzone_and_ustid' ],
|
||
disabled => $no_rights,
|
||
]) x !$self->is_vendor,
|
||
], # end of combobox "Workflow"
|
||
|
||
... | ... | |
confirm => t8('Do you really want to delete this object?'),
|
||
disabled => !$self->{cv}->id ? t8('This object has not been saved yet.')
|
||
: !$self->is_orphaned ? t8('This object has already been used.')
|
||
: undef,
|
||
: $no_rights,
|
||
],
|
||
|
||
'separator',
|
||
... | ... | |
},
|
||
customernumber => t8('Customer Number'),
|
||
},
|
||
query => [
|
||
( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
|
||
],
|
||
);
|
||
}
|
||
|
SL/Controller/TopQuickSearch/Contact.pm | ||
---|---|---|
use SL::DBUtils qw(selectfirst_array_query like);
|
||
use SL::Locale::String qw(t8);
|
||
|
||
sub auth { 'customer_vendor_edit' }
|
||
sub auth { undef }
|
||
|
||
sub name { 'contact' }
|
||
|
SL/Controller/TopQuickSearch/Customer.pm | ||
---|---|---|
|
||
use SL::Locale::String qw(t8);
|
||
|
||
sub auth { 'customer_vendor_edit' }
|
||
sub auth { undef }
|
||
|
||
sub name { 'customer' }
|
||
|
SL/Controller/TopQuickSearch/Vendor.pm | ||
---|---|---|
|
||
use SL::Locale::String qw(t8);
|
||
|
||
sub auth { 'customer_vendor_edit' }
|
||
sub auth { undef }
|
||
|
||
sub name { 'vendor' }
|
||
|
bin/mozilla/ct.pl | ||
---|---|---|
sub search {
|
||
$main::lxdebug->enter_sub();
|
||
|
||
$main::auth->assert('customer_vendor_edit');
|
||
|
||
my $form = $main::form;
|
||
my $locale = $main::locale;
|
||
|
||
... | ... | |
|
||
sub search_contact {
|
||
$::lxdebug->enter_sub;
|
||
$::auth->assert('customer_vendor_edit');
|
||
|
||
$::form->{CUSTOM_VARIABLES} = CVar->get_configs('module' => 'Contacts');
|
||
($::form->{CUSTOM_VARIABLES_FILTER_CODE},
|
||
... | ... | |
sub list_names {
|
||
$main::lxdebug->enter_sub();
|
||
|
||
$main::auth->assert('customer_vendor_edit');
|
||
|
||
my $form = $main::form;
|
||
my %myconfig = %main::myconfig;
|
||
my $locale = $main::locale;
|
||
... | ... | |
|
||
sub list_contacts {
|
||
$::lxdebug->enter_sub;
|
||
$::auth->assert('customer_vendor_edit');
|
||
|
||
$::form->{sortdir} = 1 unless defined $::form->{sortdir};
|
||
|
locale/de/all | ||
---|---|---|
'You do not have permission to access this entry.' => 'Sie verfügen nicht über die Berechtigung, auf diesen Eintrag zuzugreifen.',
|
||
'You do not have the permissions to access this function.' => 'Sie verfügen nicht über die notwendigen Rechte, um auf diese Funktion zuzugreifen.',
|
||
'You don\'t have the rights to edit this customer.' => 'Sie verfügen nicht über die erforderlichen Rechte, um diesen Kunden zu bearbeiten.',
|
||
'You don\'t have the rights to edit this vendor.' => 'Sie verfügen nicht über die erforderlichen Rechte, um diesen Lieferanten zu bearbeiten.',
|
||
'You have changed the currency or exchange rate. Please check prices.' => 'Die Währung oder der Wechselkurs hat sich geändert. Bitte überprüfen Sie die Preise.',
|
||
'You have entered or selected the following shipping address for this customer:' => 'Sie haben die folgende Lieferadresse eingegeben oder ausgewählt:',
|
||
'You have never worked with currencies.' => 'Sie haben noch nie mit Währungen gearbeitet.',
|
menus/user/00-erp.yaml | ||
---|---|---|
name: Add Customer
|
||
icon: customer_add
|
||
order: 100
|
||
access: customer_vendor_edit
|
||
access: customer_vendor_edit|customer_vendor_all_edit
|
||
params:
|
||
action: CustomerVendor/add
|
||
db: customer
|
||
... | ... | |
name: Add Vendor
|
||
icon: vendor_add
|
||
order: 200
|
||
access: customer_vendor_edit
|
||
access: customer_vendor_edit|customer_vendor_all_edit
|
||
params:
|
||
action: CustomerVendor/add
|
||
db: vendor
|
||
... | ... | |
name: Customers
|
||
icon: customer_report
|
||
order: 100
|
||
access: customer_vendor_edit
|
||
params:
|
||
action: CustomerVendor/search
|
||
db: customer
|
||
... | ... | |
name: Vendors
|
||
icon: vendor_report
|
||
order: 200
|
||
access: customer_vendor_edit
|
||
params:
|
||
action: CustomerVendor/search
|
||
db: vendor
|
||
... | ... | |
id: master_data_reports_contacts
|
||
name: Contacts
|
||
order: 300
|
||
access: customer_vendor_edit
|
||
params:
|
||
action: CustomerVendor/search_contact
|
||
db: customer
|
Auch abrufbar als: Unified diff
Kunden-/Lieferantenstammdaten: Berechtigungsmodell gefixt
Neues Modell sieht wie folgt aus:
1. Alle Personen haben Leserechte auf alle Kunden- &
Lieferantenstammdaten. Das betrifft nicht nur die Stammdatenmasken,
sondern auch die AJAJ-Autovervollständigung (Kunden-/
Lieferanten-Picker) oder die Detail-Popup-Fenster in Einkaufs-/
Verkaufsbelegmasken.
2. Personen mit »edit«-Recht aber ohne »edit all«-Recht dürfen nur die
eigenen Kundenstammdaten verändern (speichern/löschen), wobei
»eigen« definiert ist als »aktuelle Person ist Verkäufer*in des
Kunden«. Neue Kunden dürfen angelegt werden. Bei Lieferanten dürfen
hingegen alle Stammdaten bearbeitet werden.
3. Personen mit »edit all«-Recht haben Vollzugriff auf alle Kunden- &
Lieferantenstammdaten.
(cherry picked from commit 433f3b22eb2ebfa433f090b60bd27797d5dd3b04)