Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision 2e19657a

Von Bernd Bleßmann vor fast 3 Jahren hinzugefügt

  • ID 2e19657a12d946c4e9cdd1466af1bbab992284ee
  • Vorgänger dc154326
  • Nachfolger c7172f34

Recht: Ansehen von Lieferscheinen berücksichtigen (VK+EK/alter+neuer Controller)

Unterschiede anzeigen:

SL/Controller/DeliveryOrder.pm
58 58
__PACKAGE__->run_before('check_auth',
59 59
                        except => [ qw(update_stock_information) ]);
60 60

  
61
__PACKAGE__->run_before('check_auth_for_edit',
62
                        except => [ qw(update_stock_information edit show_customer_vendor_details_dialog price_popup stock_in_out_dialog load_second_rows) ]);
63

  
61 64
__PACKAGE__->run_before('get_unalterable_data',
62 65
                        only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_ap_transaction
63 66
                                     print send_email) ]);
......
1223 1226
sub check_auth {
1224 1227
  my ($self) = @_;
1225 1228

  
1226
  $::auth->assert($self->type_data->access || 'DOES_NOT_EXIST');
1229
  $::auth->assert($self->type_data->access('view') || 'DOES_NOT_EXIST');
1230
}
1231

  
1232
sub check_auth_for_edit {
1233
  my ($self) = @_;
1234

  
1235
  $::auth->assert($self->type_data->access('edit') || 'DOES_NOT_EXIST');
1227 1236
}
1228 1237

  
1229 1238
# build the selection box for contacts
......
1782 1791
  my ($self, %params) = @_;
1783 1792

  
1784 1793
  my $deletion_allowed = $self->type_data->show_menu("delete");
1794
  my $may_edit_create  = $::auth->assert($self->type_data->access('edit') || 'DOES_NOT_EXIST', 1);
1785 1795

  
1786 1796
  for my $bar ($::request->layout->get('actionbar')) {
1787 1797
    $bar->add(
......
1791 1801
          call     => [ 'kivi.DeliveryOrder.save', 'save', $::instance_conf->get_order_warn_duplicate_parts,
1792 1802
                                                           $::instance_conf->get_order_warn_no_deliverydate,
1793 1803
          ],
1804
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1794 1805
        ],
1795 1806
        action => [
1796 1807
          t8('Save as new'),
1797 1808
          call     => [ 'kivi.DeliveryOrder.save', 'save_as_new', $::instance_conf->get_order_warn_duplicate_parts ],
1798
          disabled => $self->type eq 'supplier_delivery_order' ? t8('Need a workflow for Supplier Delivery Order')
1809
          disabled => !$may_edit_create                        ? t8('You do not have the permissions to access this function.')
1810
                    : $self->type eq 'supplier_delivery_order' ? t8('Need a workflow for Supplier Delivery Order')
1799 1811
                    : !$self->order->id                        ? t8('This object has not been saved yet.')
1800 1812
                    :                                            undef,
1801 1813
        ],
......
1809 1821
          t8('Save and Quotation'),
1810 1822
          submit   => [ '#order_form', { action => "DeliveryOrder/sales_quotation" } ],
1811 1823
          only_if  => $self->type_data->show_menu("save_and_quotation"),
1824
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1812 1825
        ],
1813 1826
        action => [
1814 1827
          t8('Save and RFQ'),
1815 1828
          submit   => [ '#order_form', { action => "DeliveryOrder/request_for_quotation" } ],
1816 1829
          only_if  => $self->type_data->show_menu("save_and_rfq"),
1830
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1817 1831
        ],
1818 1832
        action => [
1819 1833
          t8('Save and Sales Order'),
1820 1834
          submit   => [ '#order_form', { action => "DeliveryOrder/sales_order" } ],
1821 1835
          only_if  => $self->type_data->show_menu("save_and_sales_order"),
1836
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1822 1837
        ],
1823 1838
        action => [
1824 1839
          t8('Save and Purchase Order'),
1825 1840
          call     => [ 'kivi.DeliveryOrder.purchase_order_check_for_direct_delivery' ],
1826 1841
          only_if  => $self->type_data->show_menu("save_and_purchase_order"),
1842
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1827 1843
        ],
1828 1844
        action => [
1829 1845
          t8('Save and Delivery Order'),
......
1831 1847
                                                                              $::instance_conf->get_order_warn_no_deliverydate,
1832 1848
          ],
1833 1849
          only_if  => $self->type_data->show_menu("save_and_delivery_order"),
1850
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1834 1851
        ],
1835 1852
        action => [
1836 1853
          t8('Save and Invoice'),
1837 1854
          call     => [ 'kivi.DeliveryOrder.save', 'save_and_invoice', $::instance_conf->get_order_warn_duplicate_parts ],
1838 1855
          only_if  => $self->type_data->show_menu("save_and_invoice"),
1856
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1839 1857
        ],
1840 1858
        action => [
1841 1859
          t8('Save and AP Transaction'),
1842 1860
          call     => [ 'kivi.DeliveryOrder.save', 'save_and_ap_transaction', $::instance_conf->get_order_warn_duplicate_parts ],
1843 1861
          only_if  => $self->type_data->show_menu("save_and_ap_transaction"),
1862
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1844 1863
        ],
1845 1864

  
1846 1865
      ], # end of combobox "Workflow"
......
1854 1873
           call    => [ 'kivi.DeliveryOrder.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts,
1855 1874
                                                                  $::instance_conf->get_order_warn_no_deliverydate,
1856 1875
          ],
1876
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1857 1877
        ],
1858 1878
        action => [
1859 1879
          t8('Save and print'),
1860 1880
          call     => [ 'kivi.DeliveryOrder.show_print_options', $::instance_conf->get_order_warn_duplicate_parts,
1861 1881
                                                                 $::instance_conf->get_order_warn_no_deliverydate,
1862 1882
          ],
1883
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
1863 1884
        ],
1864 1885
        action => [
1865 1886
          t8('Save and E-mail'),
......
1867 1888
          call     => [ 'kivi.DeliveryOrder.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts,
1868 1889
                                                                                 $::instance_conf->get_order_warn_no_deliverydate,
1869 1890
          ],
1870
          disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
1891
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
1892
                    : !$self->order->id ? t8('This object has not been saved yet.')
1893
                    :                     undef,
1871 1894
        ],
1872 1895
        action => [
1873 1896
          t8('Download attachments of all parts'),
1874 1897
          call     => [ 'kivi.File.downloadOrderitemsFiles', $::form->{type}, $::form->{id} ],
1875
          disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
1898
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
1899
                    : !$self->order->id ? t8('This object has not been saved yet.')
1900
                    :                     undef,
1876 1901
          only_if  => $::instance_conf->get_doc_storage,
1877 1902
        ],
1878 1903
      ], # end of combobox "Export"
......
1882 1907
        id       => 'delete_action',
1883 1908
        call     => [ 'kivi.DeliveryOrder.delete_order' ],
1884 1909
        confirm  => $::locale->text('Do you really want to delete this object?'),
1885
        disabled => !$self->order->id       ? t8('This object has not been saved yet.')
1910
        disabled => !$may_edit_create       ? t8('You do not have the permissions to access this function.')
1911
                  : !$self->order->id       ? t8('This object has not been saved yet.')
1886 1912
                  : $self->order->delivered ? t8('The parts for this order have already been transferred')
1887 1913
                  :                           undef,
1888 1914
        only_if  => $self->type_data->show_menu("delete"),
......
1893 1919
          t8('Transfer out'),
1894 1920
          id       => 'transfer_out_action',
1895 1921
          call     => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
1896
          disabled => !$self->order->id       ? t8('This object has not been saved yet.')
1922
          disabled => !$may_edit_create       ? t8('You do not have the permissions to access this function.')
1923
                    : !$self->order->id       ? t8('This object has not been saved yet.')
1897 1924
                    : $self->order->delivered ? t8('The parts for this order have already been transferred')
1898 1925
                    :                           undef,
1899 1926
          only_if  => $self->type_data->properties('transfer') eq 'out',
......
1903 1930
          t8('Transfer in'),
1904 1931
          id       => 'transfer_in_action',
1905 1932
          call     => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
1906
          disabled => !$self->order->id       ? t8('This object has not been saved yet.')
1933
          disabled => !$may_edit_create       ? t8('You do not have the permissions to access this function.')
1934
                    : !$self->order->id       ? t8('This object has not been saved yet.')
1907 1935
                    : $self->order->delivered ? t8('The parts for this order have already been transferred')
1908 1936
                    :                           undef,
1909 1937
          only_if  => $self->type_data->properties('transfer') eq 'in',
SL/Controller/DeliveryOrder/TypeData.pm
51 51
}
52 52

  
53 53
sub access {
54
  get($_[0]->c->type, "right");
54
  my ($self, $string) = @_;
55
  get3($_[0]->c->type, "rights", $string);
55 56
}
56 57

  
57 58
sub is_quotation {
SL/Controller/TopQuickSearch/PurchaseDeliveryOrder.pm
5 5

  
6 6
use SL::Locale::String qw(t8);
7 7

  
8
sub auth { 'purchase_delivery_order_edit' }
8
sub auth { 'purchase_delivery_order_edit | purchase_delivery_order_edit' }
9 9

  
10 10
sub name { 'purchase_delivery_order' }
11 11

  
SL/Controller/TopQuickSearch/SalesDeliveryOrder.pm
5 5

  
6 6
use SL::Locale::String qw(t8);
7 7

  
8
sub auth { 'sales_delivery_order_edit' }
8
sub auth { 'sales_delivery_order_edit | sales_delivery_order_view' }
9 9

  
10 10
sub name { 'sales_delivery_order' }
11 11

  
SL/DB/DeliveryOrder/TypeData.pm
47 47
      transnumber    => 'sdonumber',
48 48
    },
49 49
    part_classification_query => [ "used_for_sale" => 1 ],
50
    right => "sales_delivery_order_edit",
50
    rights => {
51
      edit => "sales_delivery_order_edit",
52
      view => "sales_delivery_order_edit | sales_delivery_order_view",
53
    },
51 54
  },
52 55
  PURCHASE_DELIVERY_ORDER_TYPE() => {
53 56
    text => {
......
76 79
      transnumber    => 'pdonumber',
77 80
    },
78 81
    part_classification_query => [ "used_for_purchase" => 1 ],
79
    right => "purchase_delivery_order_edit",
82
    rights => {
83
      edit => "purchase_delivery_order_edit",
84
      view => "purchase_delivery_order_edit | purchase_delivery_order_view",
85
    },
80 86
  },
81 87
  SUPPLIER_DELIVERY_ORDER_TYPE() => {
82 88
    text => {
......
105 111
      transnumber    => 'sudonumber',
106 112
    },
107 113
    part_classification_query => [ "used_for_purchase" => 1 ],
108
    right => "purchase_delivery_order_edit",
114
    rights => {
115
      edit => "purchase_delivery_order_edit",
116
      view => "purchase_delivery_order_edit | purchase_delivery_order_view",
117
    },
109 118
  },
110 119
  RMA_DELIVERY_ORDER_TYPE() => {
111 120
    text => {
......
134 143
      transnumber    => 'rdonumber',
135 144
    },
136 145
    part_classification_query => [ "used_for_sale" => 1 ],
137
    right => "sales_delivery_order_edit",
146
    rights => {
147
      edit => "sales_delivery_order_edit",
148
      view => "sales_delivery_order_edit | sales_delivery_order_view",
149
    },
138 150
  },
139 151
);
140 152

  
SL/DO.pm
134 134
    push @where, "dord.$item = ?";
135 135
    push @values, conv_i($form->{$item});
136 136
  }
137
  if ( !(($vc eq 'customer' && $main::auth->assert('sales_all_edit', 1)) || ($vc eq 'vendor' && $main::auth->assert('purchase_all_edit', 1))) ) {
137
  if ( !(    ($vc eq 'customer' && ($main::auth->assert('sales_all_edit',    1) || $main::auth->assert('sales_delivery_order_view',    1)))
138
          || ($vc eq 'vendor'   && ($main::auth->assert('purchase_all_edit', 1) || $main::auth->assert('purchase_delivery_order_view', 1))) ) ) {
138 139
    push @where, qq|dord.employee_id = (select id from employee where login= ?)|;
139 140
    push @values, $::myconfig{login};
140 141
  }
bin/mozilla/do.pl
57 57

  
58 58
# end of main
59 59

  
60
sub check_do_access_for_edit {
61
  validate_type($::form->{type});
62

  
63
  my $right = SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "edit");
64
  $main::auth->assert($right);
65
}
66

  
60 67
sub check_do_access {
61 68
  validate_type($::form->{type});
62 69

  
63
  my $right = SL::DB::DeliveryOrder::TypeData::get($::form->{type}, "right");
70
  my $right = SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "view");
64 71
  $main::auth->assert($right);
65 72
}
66 73

  
......
90 97
sub add {
91 98
  $main::lxdebug->enter_sub();
92 99

  
93
  check_do_access();
100
  check_do_access_for_edit();
94 101

  
95 102
  if (($::form->{type} =~ /purchase/) && !$::instance_conf->get_allow_new_purchase_invoice) {
96 103
    $::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
......
254 261
  if (ref $undo_date eq 'DateTime' && ref $insertdate eq 'DateTime') {
255 262
    $undo_transfer = $insertdate > $undo_date;
256 263
  }
264

  
265
  my $may_edit_create = $::auth->assert(SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "edit"), 1);
266

  
257 267
  for my $bar ($::request->layout->get('actionbar')) {
258 268
    $bar->add(
259 269
      action =>
260 270
        [ t8('Update'),
261 271
          submit    => [ '#form', { action => "update" } ],
272
          disabled  => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
262 273
          id        => 'update_button',
263 274
          accesskey => 'enter',
264 275
        ],
......
268 279
          t8('Save'),
269 280
          submit   => [ '#form', { action => "save" } ],
270 281
          checks   => [ 'kivi.validate_form' ],
271
          disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
282
          disabled => !$may_edit_create    ? t8('You do not have the permissions to access this function.')
283
                    : $::form->{delivered} ? t8('This record has already been delivered.')
284
                    :                        undef,
272 285
        ],
273 286
        action => [
274 287
          t8('Save as new'),
275 288
          submit   => [ '#form', { action => "save_as_new" } ],
276 289
          checks   => [ 'kivi.validate_form' ],
277
          disabled => !$::form->{id},
290
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
291
                    : !$::form->{id},
278 292
        ],
279 293
        action => [
280 294
          t8('Mark as closed'),
281 295
          submit   => [ '#form', { action => "mark_closed" } ],
282 296
          checks   => [ 'kivi.validate_form' ],
283 297
          confirm  => t8('This will remove the delivery order from showing as open even if contents are not delivered. Proceed?'),
284
          disabled => !$::form->{id}    ? t8('This record has not been saved yet.')
298
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
299
                    : !$::form->{id}    ? t8('This record has not been saved yet.')
285 300
                    : $::form->{closed} ? t8('This record has already been closed.')
286 301
                    :                     undef,
287 302
        ],
......
291 306
        t8('Delete'),
292 307
        submit   => [ '#form', { action => "delete" } ],
293 308
        confirm  => t8('Do you really want to delete this object?'),
294
        disabled => !$::form->{id}                                                                              ? t8('This record has not been saved yet.')
309
        disabled => !$may_edit_create                                                                           ? t8('You do not have the permissions to access this function.')
310
                  : !$::form->{id}                                                                              ? t8('This record has not been saved yet.')
295 311
                  : $::form->{delivered}                                                                        ? t8('This record has already been delivered.')
296 312
                  : ($::form->{vc} eq 'customer' && !$::instance_conf->get_sales_delivery_order_show_delete)    ? t8('Deleting this type of record has been disabled in the configuration.')
297 313
                  : ($::form->{vc} eq 'vendor'   && !$::instance_conf->get_purchase_delivery_order_show_delete) ? t8('Deleting this type of record has been disabled in the configuration.')
......
303 319
          t8('Transfer out'),
304 320
          submit   => [ '#form', { action => "transfer_out" } ],
305 321
          checks   => [ 'kivi.validate_form', @transfer_qty ],
306
          disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
322
          disabled => !$may_edit_create    ? t8('You do not have the permissions to access this function.')
323
                    : $::form->{delivered} ? t8('This record has already been delivered.')
324
                    :                        undef,
307 325
          only_if  => $is_customer,
308 326
        ],
309 327
        action => [
310 328
          t8('Transfer out via default'),
311 329
          submit   => [ '#form', { action => "transfer_out_default" } ],
312 330
          checks   => [ 'kivi.validate_form' ],
313
          disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
331
          disabled => !$may_edit_create    ? t8('You do not have the permissions to access this function.')
332
                    : $::form->{delivered} ? t8('This record has already been delivered.')
333
                    :                        undef,
314 334
          only_if  => $is_customer && $::instance_conf->get_transfer_default,
315 335
        ],
316 336
        action => [
317 337
          t8('Transfer in'),
318 338
          submit   => [ '#form', { action => "transfer_in" } ],
319 339
          checks   => [ 'kivi.validate_form', @transfer_qty ],
320
          disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
340
          disabled => !$may_edit_create    ? t8('You do not have the permissions to access this function.')
341
                    : $::form->{delivered} ? t8('This record has already been delivered.')
342
                    :                        undef,
321 343
          only_if  => !$is_customer,
322 344
        ],
323 345
        action => [
324 346
          t8('Transfer in via default'),
325 347
          submit   => [ '#form', { action => "transfer_in_default" } ],
326 348
          checks   => [ 'kivi.validate_form' ],
327
          disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
349
          disabled => !$may_edit_create    ? t8('You do not have the permissions to access this function.')
350
                    : $::form->{delivered} ? t8('This record has already been delivered.')
351
                    :                        undef,
328 352
          only_if  => !$is_customer && $::instance_conf->get_transfer_default,
329 353
        ],
330 354
        action => [
......
332 356
          submit   => [ '#form', { action => "delete_transfers" } ],
333 357
          checks   => [ 'kivi.validate_form' ],
334 358
          only_if  => $::form->{delivered},
335
          disabled => !$undo_transfer ? t8('Transfer date exceeds the maximum allowed interval.') : undef,
359
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
360
                    : !$undo_transfer   ? t8('Transfer date exceeds the maximum allowed interval.')
361
                    :                     undef,
336 362
        ],
337 363
      ], # end of combobox "Transfer out"
338 364

  
......
353 379
        action => [ t8('Export') ],
354 380
        action => [
355 381
          t8('Print'),
356
          call   => [ 'kivi.SalesPurchase.show_print_dialog' ],
357
          checks => [ 'kivi.validate_form' ],
382
          call     => [ 'kivi.SalesPurchase.show_print_dialog' ],
383
          checks   => [ 'kivi.validate_form' ],
384
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
358 385
        ],
359 386
        action => [
360 387
          t8('E Mail'),
361 388
          call   => [ 'kivi.SalesPurchase.show_email_dialog' ],
362 389
          checks => [ 'kivi.validate_form' ],
363
          disabled => !$::form->{id} ? t8('This record has not been saved yet.') : undef,
390
          disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
391
                    : !$::form->{id} ?    t8('This record has not been saved yet.')
392
                    :                     undef,
364 393
        ],
365 394
      ], # end of combobox "Export"
366 395

  
......
913 942

  
914 943
  my (%params) = @_;
915 944

  
916
  check_do_access();
945
  check_do_access_for_edit();
917 946

  
918 947
  my $form     = $main::form;
919 948
  my %myconfig = %main::myconfig;
......
995 1024
sub delete {
996 1025
  $main::lxdebug->enter_sub();
997 1026

  
998
  check_do_access();
1027
  check_do_access_for_edit();
999 1028

  
1000 1029
  my $form     = $main::form;
1001 1030
  my %myconfig = %main::myconfig;
......
1021 1050
sub delete_transfers {
1022 1051
  $main::lxdebug->enter_sub();
1023 1052

  
1024
  check_do_access();
1053
  check_do_access_for_edit();
1025 1054

  
1026 1055
  my $form     = $main::form;
1027 1056
  my %myconfig = %main::myconfig;
......
1275 1304
sub save_as_new {
1276 1305
  $main::lxdebug->enter_sub();
1277 1306

  
1278
  check_do_access();
1307
  check_do_access_for_edit();
1279 1308

  
1280 1309
  my $form     = $main::form;
1281 1310

  
menus/user/00-erp.yaml
295 295
  name: Delivery Orders
296 296
  icon: delivery_order_report
297 297
  order: 400
298
  access: sales_delivery_order_edit
298
  access: sales_delivery_order_edit | sales_delivery_order_view
299 299
  module: do.pl
300 300
  params:
301 301
    action: search
......
465 465
  id: ap_reports_delivery_orders
466 466
  name: Delivery Orders
467 467
  order: 300
468
  access: purchase_delivery_order_edit
468
  access: purchase_delivery_order_edit | purchase_delivery_order_view
469 469
  module: do.pl
470 470
  params:
471 471
    action: search
......
474 474
  id: ap_reports_supplier_delivery_orders
475 475
  name: Supplier Delivery Orders
476 476
  order: 350
477
  access: purchase_delivery_order_edit
477
  access: purchase_delivery_order_edit | purchase_delivery_order_view
478 478
  module: do.pl
479 479
  params:
480 480
    action: search

Auch abrufbar als: Unified diff