Revision 614c48e0
Von Moritz Bunkus vor fast 6 Jahren hinzugefügt
| SL/AR.pm | ||
|---|---|---|
| 516 | 516 |
|
| 517 | 517 |
my $where = "1 = 1"; |
| 518 | 518 |
|
| 519 |
unless ( $::auth->assert('show_ar_transactions', 1) ) {
|
|
| 520 |
$where .= " AND NOT invoice = 'f' "; # remove ar transactions from Sales -> Reports -> Invoices |
|
| 521 |
}; |
|
| 519 |
# Permissions: |
|
| 520 |
# - Always return invoices & AR transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say. |
|
| 521 |
# - Exclude AR transactions if no permissions for them exist. |
|
| 522 |
# - Limit to own invoices unless may edit all invoices. |
|
| 523 |
# - If may edit all, allow filtering by employee/salesman. |
|
| 524 |
my (@permission_where, @permission_values); |
|
| 525 |
|
|
| 526 |
if ($::auth->assert('invoice_edit', 1)) {
|
|
| 527 |
if (!$::auth->assert('show_ar_transactions', 1) ) {
|
|
| 528 |
push @permission_where, "NOT invoice = 'f'"; # remove ar transactions from Sales -> Reports -> Invoices |
|
| 529 |
} |
|
| 530 |
|
|
| 531 |
if (!$::auth->assert('sales_all_edit', 1)) {
|
|
| 532 |
# only show own invoices |
|
| 533 |
push @permission_where, "a.employee_id = ?"; |
|
| 534 |
push @permission_values, SL::DB::Manager::Employee->current->id; |
|
| 535 |
|
|
| 536 |
} else {
|
|
| 537 |
if ($form->{employee_id}) {
|
|
| 538 |
push @permission_where, "a.employee_id = ?"; |
|
| 539 |
push @permission_values, conv_i($form->{employee_id});
|
|
| 540 |
} |
|
| 541 |
if ($form->{salesman_id}) {
|
|
| 542 |
push @permission_where, "a.salesman_id = ?"; |
|
| 543 |
push @permission_values, conv_i($form->{salesman_id});
|
|
| 544 |
} |
|
| 545 |
} |
|
| 546 |
} |
|
| 547 |
|
|
| 548 |
if (@permission_where || !$::auth->assert('invoice_edit', 1)) {
|
|
| 549 |
my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : "";
|
|
| 550 |
$where .= qq| |
|
| 551 |
AND ( (a.globalproject_id IN ( |
|
| 552 |
SELECT epi.project_id |
|
| 553 |
FROM employee_project_invoices epi |
|
| 554 |
WHERE epi.employee_id = ?)) |
|
| 555 |
$permission_where_str) |
|
| 556 |
|; |
|
| 557 |
push @values, SL::DB::Manager::Employee->current->id, @permission_values; |
|
| 558 |
} |
|
| 522 | 559 |
|
| 523 | 560 |
if ($form->{customer}) {
|
| 524 | 561 |
$where .= " AND c.name ILIKE ?"; |
| ... | ... | |
| 578 | 615 |
} |
| 579 | 616 |
} |
| 580 | 617 |
|
| 581 |
if (!$main::auth->assert('sales_all_edit', 1)) {
|
|
| 582 |
# only show own invoices |
|
| 583 |
$where .= " AND a.employee_id = (select id from employee where login= ?)"; |
|
| 584 |
push (@values, $::myconfig{login});
|
|
| 585 |
} else {
|
|
| 586 |
if ($form->{employee_id}) {
|
|
| 587 |
$where .= " AND a.employee_id = ?"; |
|
| 588 |
push @values, conv_i($form->{employee_id});
|
|
| 589 |
} |
|
| 590 |
if ($form->{salesman_id}) {
|
|
| 591 |
$where .= " AND a.salesman_id = ?"; |
|
| 592 |
push @values, conv_i($form->{salesman_id});
|
|
| 593 |
} |
|
| 594 |
}; |
|
| 595 |
|
|
| 596 | 618 |
if ($form->{parts_partnumber}) {
|
| 597 | 619 |
$where .= <<SQL; |
| 598 | 620 |
AND EXISTS ( |
Auch abrufbar als: Unified diff
Berechtigung, Verkaufsrechnungen persönlich zugeordneter Projekte einzusehen
Man kann nun Mitarbeiter*innen zu Projekten zuordnen, indem man sie in
den Projektstammdaten hinzufügt.
Ist eine Mitarbeiter*in zu einem Projekt zugeordnet, so darf sie alle
Rechnungen ansehen, die über die Projektnummer der Rechnung (nicht der
Positionen) dem Projekt zugeordnet sind, auch dann, wenn sie nicht das
allgemeine Recht zum Erstellen und Ansehen von Rechnungen hat.
Verändern oder Ausdrucken der Rechnungen ist nicht gestattet.
Die Verwaltung dieser Projektberechtigungen ist über ein neues
Gruppenrecht eingeschränkt.
Betrifft Verkaufsrechnungen, Verkaufsgutschriften und Debitorenbuchungen.