Revision 3ad96f21
Von Bernd Bleßmann vor fast 3 Jahren hinzugefügt
SL/Controller/Order.pm | ||
---|---|---|
56 | 56 |
# safety |
57 | 57 |
__PACKAGE__->run_before('check_auth'); |
58 | 58 |
|
59 |
__PACKAGE__->run_before('check_auth_save', |
|
60 |
except => [ qw(edit show_customer_vendor_details_dialog price_popup load_second_rows) ]); |
|
61 |
|
|
59 | 62 |
__PACKAGE__->run_before('recalc', |
60 | 63 |
only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_invoice_for_advance_payment save_and_final_invoice save_and_ap_transaction |
61 | 64 |
print send_email) ]); |
... | ... | |
1370 | 1373 |
sub check_auth { |
1371 | 1374 |
my ($self) = @_; |
1372 | 1375 |
|
1376 |
my $right_for = { map { $_ => $_.'_edit' . ' | ' . $_.'_view' } @{$self->valid_types} }; |
|
1377 |
|
|
1378 |
my $right = $right_for->{ $self->type }; |
|
1379 |
$right ||= 'DOES_NOT_EXIST'; |
|
1380 |
|
|
1381 |
$::auth->assert($right); |
|
1382 |
} |
|
1383 |
|
|
1384 |
sub check_auth_save { |
|
1385 |
my ($self) = @_; |
|
1386 |
|
|
1373 | 1387 |
my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; |
1374 | 1388 |
|
1375 | 1389 |
my $right = $right_for->{ $self->type }; |
... | ... | |
2018 | 2032 |
$has_final_invoice = any {'SL::DB::Invoice' eq ref $_ && "final_invoice" eq $_->type} @$lr; |
2019 | 2033 |
} |
2020 | 2034 |
|
2035 |
my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; |
|
2036 |
my $right = $right_for->{ $self->type }; |
|
2037 |
$right ||= 'DOES_NOT_EXIST'; |
|
2038 |
|
|
2039 |
if ($::auth->assert($right, 1)) { |
|
2021 | 2040 |
for my $bar ($::request->layout->get('actionbar')) { |
2022 | 2041 |
$bar->add( |
2023 | 2042 |
combobox => [ |
... | ... | |
2164 | 2183 |
only_if => $deletion_allowed, |
2165 | 2184 |
], |
2166 | 2185 |
|
2186 |
); |
|
2187 |
} |
|
2188 |
} |
|
2189 |
|
|
2190 |
for my $bar ($::request->layout->get('actionbar')) { |
|
2191 |
$bar->add( |
|
2167 | 2192 |
combobox => [ |
2168 | 2193 |
action => [ |
2169 | 2194 |
t8('more') |
... | ... | |
2182 | 2207 |
], # end of combobox "more" |
2183 | 2208 |
); |
2184 | 2209 |
} |
2210 |
|
|
2185 | 2211 |
} |
2186 | 2212 |
|
2187 | 2213 |
sub generate_doc { |
SL/Controller/TopQuickSearch/PurchaseOrder.pm | ||
---|---|---|
5 | 5 |
|
6 | 6 |
use SL::Locale::String qw(t8); |
7 | 7 |
|
8 |
sub auth { 'purchase_order_edit' } |
|
8 |
sub auth { 'purchase_order_edit | purchase_order_view' }
|
|
9 | 9 |
|
10 | 10 |
sub name { 'purchase_order' } |
11 | 11 |
|
SL/Controller/TopQuickSearch/RequestForQuotation.pm | ||
---|---|---|
5 | 5 |
|
6 | 6 |
use SL::Locale::String qw(t8); |
7 | 7 |
|
8 |
sub auth { 'request_quotation_edit' } |
|
8 |
sub auth { 'request_quotation_edit | request_quotation_view' }
|
|
9 | 9 |
|
10 | 10 |
sub name { 'request_quotation' } |
11 | 11 |
|
SL/Controller/TopQuickSearch/SalesOrder.pm | ||
---|---|---|
5 | 5 |
|
6 | 6 |
use SL::Locale::String qw(t8); |
7 | 7 |
|
8 |
sub auth { 'sales_order_edit' } |
|
8 |
sub auth { 'sales_order_edit | sales_order_view' }
|
|
9 | 9 |
|
10 | 10 |
sub name { 'sales_order' } |
11 | 11 |
|
SL/Controller/TopQuickSearch/SalesQuotation.pm | ||
---|---|---|
5 | 5 |
|
6 | 6 |
use SL::Locale::String qw(t8); |
7 | 7 |
|
8 |
sub auth { 'sales_quotation_edit' } |
|
8 |
sub auth { 'sales_quotation_edit | sales_quotation_view' }
|
|
9 | 9 |
|
10 | 10 |
sub name { 'sales_quotation' } |
11 | 11 |
|
bin/mozilla/oe.pl | ||
---|---|---|
84 | 84 |
'sales_quotation' => 'sales_quotation_edit', |
85 | 85 |
}; |
86 | 86 |
|
87 |
my $oe_view_access_map = { |
|
88 |
'sales_order' => 'sales_order_edit | sales_order_view', |
|
89 |
'purchase_order' => 'purchase_order_edit | purchase_order_view', |
|
90 |
'request_quotation' => 'request_quotation_edit | request_quotation_view', |
|
91 |
'sales_quotation' => 'sales_quotation_edit | sales_quotation_view', |
|
92 |
}; |
|
93 |
|
|
87 | 94 |
sub check_oe_access { |
95 |
my (%params) = @_; |
|
88 | 96 |
my $form = $main::form; |
89 | 97 |
|
90 |
my $right = $oe_access_map->{$form->{type}}; |
|
98 |
my $right = ($params{with_view}) ? $oe_view_access_map->{$form->{type}} : $oe_access_map->{$form->{type}};
|
|
91 | 99 |
$right ||= 'DOES_NOT_EXIST'; |
92 | 100 |
|
93 | 101 |
$main::auth->assert($right); |
... | ... | |
926 | 934 |
my %myconfig = %main::myconfig; |
927 | 935 |
my $locale = $main::locale; |
928 | 936 |
|
929 |
check_oe_access(); |
|
937 |
check_oe_access(with_view => 1);
|
|
930 | 938 |
|
931 | 939 |
if ($form->{type} eq 'purchase_order') { |
932 | 940 |
$form->{vc} = 'vendor'; |
... | ... | |
1017 | 1025 |
my $cgi = $::request->{cgi}; |
1018 | 1026 |
|
1019 | 1027 |
my %params = @_; |
1020 |
check_oe_access(); |
|
1028 |
check_oe_access(with_view => 1);
|
|
1021 | 1029 |
|
1022 | 1030 |
my $ordnumber = ($form->{type} =~ /_order$/) ? "ordnumber" : "quonumber"; |
1023 | 1031 |
|
menus/user/00-erp.yaml | ||
---|---|---|
275 | 275 |
name: Quotations |
276 | 276 |
icon: report_quotations |
277 | 277 |
order: 200 |
278 |
access: sales_quotation_edit |
|
278 |
access: sales_quotation_edit | sales_quotation_view
|
|
279 | 279 |
module: oe.pl |
280 | 280 |
params: |
281 | 281 |
action: search |
... | ... | |
285 | 285 |
name: Sales Orders |
286 | 286 |
icon: report_sales_orders |
287 | 287 |
order: 300 |
288 |
access: sales_order_edit |
|
288 |
access: sales_order_edit | sales_order_view
|
|
289 | 289 |
module: oe.pl |
290 | 290 |
params: |
291 | 291 |
action: search |
... | ... | |
446 | 446 |
name: RFQs |
447 | 447 |
icon: rfq_report |
448 | 448 |
order: 100 |
449 |
access: request_quotation_edit |
|
449 |
access: request_quotation_edit | request_quotation_view
|
|
450 | 450 |
module: oe.pl |
451 | 451 |
params: |
452 | 452 |
action: search |
... | ... | |
456 | 456 |
name: Purchase Orders |
457 | 457 |
icon: purchase_order_report |
458 | 458 |
order: 200 |
459 |
access: purchase_order_edit |
|
459 |
access: purchase_order_edit | purchase_order_view
|
|
460 | 460 |
module: oe.pl |
461 | 461 |
params: |
462 | 462 |
action: search |
Auch abrufbar als: Unified diff
Recht: Ansehen von Belegen bei Angebot und Auftrag berücksichtigen
Ansehen nur im neuen Auftrags-Controller