Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 2a72d256

Von Moritz Bunkus vor etwa 4 Jahren hinzugefügt

  • ID 2a72d256ee7268cb4ac1b7bf33797415937375ff
  • Vorgänger 3906bb6a
  • Nachfolger 3046a673

Kunden-/Lieferantenstammdaten: Berechtigungsmodell gefixt

Neues Modell sieht wie folgt aus:

1. Alle Personen haben Leserechte auf alle Kunden- &
Lieferantenstammdaten. Das betrifft nicht nur die Stammdatenmasken,
sondern auch die AJAJ-Autovervollständigung (Kunden-/
Lieferanten-Picker) oder die Detail-Popup-Fenster in Einkaufs-/
Verkaufsbelegmasken.

2. Personen mit »edit«-Recht aber ohne »edit all«-Recht dürfen nur die
eigenen Kundenstammdaten verändern (speichern/löschen), wobei
»eigen« definiert ist als »aktuelle Person ist Verkäufer*in des
Kunden«. Neue Kunden dürfen angelegt werden. Bei Lieferanten dürfen
hingegen alle Stammdaten bearbeitet werden.

3. Personen mit »edit all«-Recht haben Vollzugriff auf alle Kunden- &
Lieferantenstammdaten.

(cherry picked from commit 433f3b22eb2ebfa433f090b60bd27797d5dd3b04)

Unterschiede anzeigen:

SL/Controller/CustomerVendor.pm
use Data::Dumper;
use Rose::Object::MakeMethods::Generic (
scalar => [ qw(user_has_edit_rights) ],
'scalar --get_set_init' => [ qw(customer_models vendor_models zugferd_settings) ],
);
# safety
__PACKAGE__->run_before(
sub {
$::auth->assert('customer_vendor_edit');
},
except => [ qw(ajaj_autocomplete) ],
);
__PACKAGE__->run_before(
'_instantiate_args',
only => [
......
);
# make sure this comes after _load_customer_vendor
__PACKAGE__->run_before(
'_check_customer_vendor_all_edit',
only => [
'edit',
'show',
'update',
'delete',
'save',
'save_and_ap_transaction',
'save_and_ar_transaction',
'save_and_close',
'save_and_invoice',
'save_and_order',
'save_and_quotation',
'save_and_rfq',
'delete',
'delete_contact',
'delete_shipto',
]
);
__PACKAGE__->run_before('_check_auth');
__PACKAGE__->run_before(
'_create_customer_vendor',
......
if (1 == scalar @{ $exact_matches = $manager->get_all(
query => [
obsolete => 0,
(salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
or => [
name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
$number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
......
}
}
sub _check_customer_vendor_all_edit {
my ($self) = @_;
sub _check_auth {
my ($self, $action) = @_;
unless ($::auth->assert('customer_vendor_all_edit', 1)) {
die($::locale->text("You don't have the rights to edit this customer.") . "\n")
if $self->{cv}->is_customer and
SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
};
};
my $is_new = !$self->{cv} || !$self->{cv}->id;
my $is_own_customer = !$is_new
&& $self->{cv}->is_customer
&& (SL::DB::Manager::Employee->current->id == $self->{cv}->salesman_id);
my $has_edit_rights = $::auth->assert('customer_vendor_all_edit', 1);
$has_edit_rights ||= $::auth->assert('customer_vendor_edit', 1) && ($is_new || $is_own_customer);
my $needs_edit_rights = $action =~ m{^(?:add|save|delete|update)};
$self->user_has_edit_rights($has_edit_rights);
return 1 if $has_edit_rights;
return 0 if $needs_edit_rights;
return 1;
}
sub _create_customer_vendor {
my ($self) = @_;
......
sub _setup_form_action_bar {
my ($self) = @_;
my $no_rights = $self->user_has_edit_rights ? undef
: $self->{cv}->is_customer ? t8("You don't have the rights to edit this customer.")
: t8("You don't have the rights to edit this vendor.");
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
combobox => [
......
submit => [ '#form', { action => "CustomerVendor/save" } ],
checks => [ 'check_taxzone_and_ustid' ],
accesskey => 'enter',
disabled => $no_rights,
],
action => [
t8('Save and Close'),
submit => [ '#form', { action => "CustomerVendor/save_and_close" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
],
], # end of combobox "Save"
......
t8('Save and AP Transaction'),
submit => [ '#form', { action => "CustomerVendor/save_and_ap_transaction" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !!$self->is_vendor,
(action => [
t8('Save and AR Transaction'),
submit => [ '#form', { action => "CustomerVendor/save_and_ar_transaction" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !$self->is_vendor,
action => [
t8('Save and Invoice'),
submit => [ '#form', { action => "CustomerVendor/save_and_invoice" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
],
action => [
t8('Save and Order'),
submit => [ '#form', { action => "CustomerVendor/save_and_order" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
],
(action => [
t8('Save and RFQ'),
submit => [ '#form', { action => "CustomerVendor/save_and_rfq" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !!$self->is_vendor,
(action => [
t8('Save and Quotation'),
submit => [ '#form', { action => "CustomerVendor/save_and_quotation" } ],
checks => [ 'check_taxzone_and_ustid' ],
disabled => $no_rights,
]) x !$self->is_vendor,
], # end of combobox "Workflow"
......
confirm => t8('Do you really want to delete this object?'),
disabled => !$self->{cv}->id ? t8('This object has not been saved yet.')
: !$self->is_orphaned ? t8('This object has already been used.')
: undef,
: $no_rights,
],
'separator',
......
},
customernumber => t8('Customer Number'),
},
query => [
( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
],
);
}

Auch abrufbar als: Unified diff