Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 2a72d256

Von Moritz Bunkus vor etwa 4 Jahren hinzugefügt

  • ID 2a72d256ee7268cb4ac1b7bf33797415937375ff
  • Vorgänger 3906bb6a
  • Nachfolger 3046a673

Kunden-/Lieferantenstammdaten: Berechtigungsmodell gefixt

Neues Modell sieht wie folgt aus:

1. Alle Personen haben Leserechte auf alle Kunden- &
Lieferantenstammdaten. Das betrifft nicht nur die Stammdatenmasken,
sondern auch die AJAJ-Autovervollständigung (Kunden-/
Lieferanten-Picker) oder die Detail-Popup-Fenster in Einkaufs-/
Verkaufsbelegmasken.

2. Personen mit »edit«-Recht aber ohne »edit all«-Recht dürfen nur die
eigenen Kundenstammdaten verändern (speichern/löschen), wobei
»eigen« definiert ist als »aktuelle Person ist Verkäufer*in des
Kunden«. Neue Kunden dürfen angelegt werden. Bei Lieferanten dürfen
hingegen alle Stammdaten bearbeitet werden.

3. Personen mit »edit all«-Recht haben Vollzugriff auf alle Kunden- &
Lieferantenstammdaten.

(cherry picked from commit 433f3b22eb2ebfa433f090b60bd27797d5dd3b04)

Unterschiede anzeigen:

SL/CT.pm
push @values, $form->{create_zugferd_invoices};
}
# Nur Kunden finden, bei denen ich selber der Verkäufer bin
# Gilt nicht für Lieferanten
if ($cv eq 'customer' && !$main::auth->assert('customer_vendor_all_edit', 1)) {
$where .= qq| AND ct.salesman_id = (select em.id from employee em where em.login = ?)|;
push(@values, $::myconfig{login});
}
my ($cvar_where, @cvar_values) = CVar->build_filter_query('module' => 'CT',
'trans_id_field' => 'ct.id',
'filter' => $form);
SL/Controller/Customer.pm
use SL::DB::Customer;
use SL::JSON;
# safety
__PACKAGE__->run_before(sub { $::auth->assert('customer_vendor_edit') });
sub action_get_hourly_rate {
my ($self, %params) = @_;
SL/Controller/CustomerVendor.pm
use Data::Dumper;
use Rose::Object::MakeMethods::Generic (
scalar => [ qw(user_has_edit_rights) ],
'scalar --get_set_init' => [ qw(customer_models vendor_models zugferd_settings) ],
);
# safety
__PACKAGE__->run_before(
sub {
$::auth->assert('customer_vendor_edit');
},
except => [ qw(ajaj_autocomplete) ],
);
__PACKAGE__->run_before(
'_instantiate_args',
only => [
......
);
# make sure this comes after _load_customer_vendor
__PACKAGE__->run_before(
'_check_customer_vendor_all_edit',
only => [
'edit',
'show',
'update',
'delete',
'save',
'save_and_ap_transaction',
'save_and_ar_transaction',
'save_and_close',
'save_and_invoice',
'save_and_order',
'save_and_quotation',
'save_and_rfq',
'delete',
'delete_contact',
'delete_shipto',
]
);
__PACKAGE__->run_before('_check_auth');
__PACKAGE__->run_before(
'_create_customer_vendor',
......
if (1 == scalar @{ $exact_matches = $manager->get_all(
query => [
obsolete => 0,
(salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
or => [
name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
$number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
......
}
}
sub _check_customer_vendor_all_edit {
my ($self) = @_;
sub _check_auth {
my ($self, $action) = @_;
unless ($::auth->assert('customer_vendor_all_edit', 1)) {
die($::locale->text("You don't have the rights to edit this customer.") . "\n")
if $self->{cv}->is_customer and
SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
};
};
my $is_new = !$self->{cv} || !$self->{cv}->id;
my $is_own_customer = !$is_new
&& $self->{cv}->is_customer
&& (SL::DB::Manager::Employee->current->id == $self->{cv}->salesman_id);
my $has_edit_rights = $::auth->assert('customer_vendor_all_edit', 1);
$has_edit_rights ||= $::auth->assert('customer_vendor_edit', 1) && ($is_new || $is_own_customer);
my $needs_edit_rights = $action =~ m{^(?:add|save|delete|update)};
$self->user_has_edit_rights($has_edit_rights);
return 1 if $has_edit_rights;
return 0 if $needs_edit_rights;
return 1;
}
sub _create_customer_vendor {
my ($self) = @_;
......
sub _setup_form_action_bar {
my ($self) = @_;
my $no_rights = $self->user_has_edit_rights ? undef
: $self->{cv}->is_customer ? t8("You don't have the rights to edit this customer.")
: t8("You don't have the rights to edit this vendor.");
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
combobox => [
......
submit => [ '#form', { action => "CustomerVendor/save" } ],
checks => [ 'check_taxzone_and_ustid' ],
accesskey => 'enter',
disabled => $no_rights,
],
action => [
t8('Save and Close'),
submit => [ '#form', { action => "CustomerVendor/save_and_close" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
],
], # end of combobox "Save"
......
t8('Save and AP Transaction'),
submit => [ '#form', { action => "CustomerVendor/save_and_ap_transaction" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !!$self->is_vendor,
(action => [
t8('Save and AR Transaction'),
submit => [ '#form', { action => "CustomerVendor/save_and_ar_transaction" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !$self->is_vendor,
action => [
t8('Save and Invoice'),
submit => [ '#form', { action => "CustomerVendor/save_and_invoice" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
],
action => [
t8('Save and Order'),
submit => [ '#form', { action => "CustomerVendor/save_and_order" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
],
(action => [
t8('Save and RFQ'),
submit => [ '#form', { action => "CustomerVendor/save_and_rfq" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !!$self->is_vendor,
(action => [
t8('Save and Quotation'),
submit => [ '#form', { action => "CustomerVendor/save_and_quotation" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !$self->is_vendor,
], # end of combobox "Workflow"
......
confirm => t8('Do you really want to delete this object?'),
disabled => !$self->{cv}->id ? t8('This object has not been saved yet.')
: !$self->is_orphaned ? t8('This object has already been used.')
: undef,
: $no_rights,
],
'separator',
......
},
customernumber => t8('Customer Number'),
},
query => [
( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
],
);
}
SL/Controller/TopQuickSearch/Contact.pm
use SL::DBUtils qw(selectfirst_array_query like);
use SL::Locale::String qw(t8);
sub auth { 'customer_vendor_edit' }
sub auth { undef }
sub name { 'contact' }
SL/Controller/TopQuickSearch/Customer.pm
use SL::Locale::String qw(t8);
sub auth { 'customer_vendor_edit' }
sub auth { undef }
sub name { 'customer' }
SL/Controller/TopQuickSearch/Vendor.pm
use SL::Locale::String qw(t8);
sub auth { 'customer_vendor_edit' }
sub auth { undef }
sub name { 'vendor' }
bin/mozilla/ct.pl
sub search {
$main::lxdebug->enter_sub();
$main::auth->assert('customer_vendor_edit');
my $form = $main::form;
my $locale = $main::locale;
......
sub search_contact {
$::lxdebug->enter_sub;
$::auth->assert('customer_vendor_edit');
$::form->{CUSTOM_VARIABLES} = CVar->get_configs('module' => 'Contacts');
($::form->{CUSTOM_VARIABLES_FILTER_CODE},
......
sub list_names {
$main::lxdebug->enter_sub();
$main::auth->assert('customer_vendor_edit');
my $form = $main::form;
my %myconfig = %main::myconfig;
my $locale = $main::locale;
......
sub list_contacts {
$::lxdebug->enter_sub;
$::auth->assert('customer_vendor_edit');
$::form->{sortdir} = 1 unless defined $::form->{sortdir};
locale/de/all
'You do not have permission to access this entry.' => 'Sie verfügen nicht über die Berechtigung, auf diesen Eintrag zuzugreifen.',
'You do not have the permissions to access this function.' => 'Sie verfügen nicht über die notwendigen Rechte, um auf diese Funktion zuzugreifen.',
'You don\'t have the rights to edit this customer.' => 'Sie verfügen nicht über die erforderlichen Rechte, um diesen Kunden zu bearbeiten.',
'You don\'t have the rights to edit this vendor.' => 'Sie verfügen nicht über die erforderlichen Rechte, um diesen Lieferanten zu bearbeiten.',
'You have changed the currency or exchange rate. Please check prices.' => 'Die Währung oder der Wechselkurs hat sich geändert. Bitte überprüfen Sie die Preise.',
'You have entered or selected the following shipping address for this customer:' => 'Sie haben die folgende Lieferadresse eingegeben oder ausgewählt:',
'You have never worked with currencies.' => 'Sie haben noch nie mit Währungen gearbeitet.',
menus/user/00-erp.yaml
name: Add Customer
icon: customer_add
order: 100
access: customer_vendor_edit
access: customer_vendor_edit|customer_vendor_all_edit
params:
action: CustomerVendor/add
db: customer
......
name: Add Vendor
icon: vendor_add
order: 200
access: customer_vendor_edit
access: customer_vendor_edit|customer_vendor_all_edit
params:
action: CustomerVendor/add
db: vendor
......
name: Customers
icon: customer_report
order: 100
access: customer_vendor_edit
params:
action: CustomerVendor/search
db: customer
......
name: Vendors
icon: vendor_report
order: 200
access: customer_vendor_edit
params:
action: CustomerVendor/search
db: vendor
......
id: master_data_reports_contacts
name: Contacts
order: 300
access: customer_vendor_edit
params:
action: CustomerVendor/search_contact
db: customer

Auch abrufbar als: Unified diff