Revision 614c48e0
Von Moritz Bunkus vor fast 6 Jahren hinzugefügt
| bin/mozilla/is.pl | ||
|---|---|---|
| 58 | 58 |
|
| 59 | 59 |
# end of main |
| 60 | 60 |
|
| 61 |
sub _may_view_or_edit_this_invoice {
|
|
| 62 |
return 1 if $::auth->assert('invoice_edit', 1); # may edit all invoices
|
|
| 63 |
return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
|
|
| 64 |
return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
|
|
| 65 |
return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
|
|
| 66 |
} |
|
| 67 |
|
|
| 68 |
sub _assert_access {
|
|
| 69 |
my $cache = $::request->cache('is.pl::_assert_access');
|
|
| 70 |
|
|
| 71 |
$cache->{_may_view_or_edit_this_invoice} = _may_view_or_edit_this_invoice() if !exists $cache->{_may_view_or_edit_this_invoice};
|
|
| 72 |
$::form->show_generic_error($::locale->text("You do not have the permissions to access this function.")) if ! $cache->{_may_view_or_edit_this_invoice};
|
|
| 73 |
} |
|
| 74 |
|
|
| 61 | 75 |
sub add {
|
| 62 | 76 |
$main::lxdebug->enter_sub(); |
| 63 | 77 |
|
| ... | ... | |
| 92 | 106 |
sub edit {
|
| 93 | 107 |
$main::lxdebug->enter_sub(); |
| 94 | 108 |
|
| 109 |
# Delay access check to after the invoice's been loaded in |
|
| 110 |
# "invoice_links" so that project-specific invoice rights can be |
|
| 111 |
# evaluated. |
|
| 112 |
|
|
| 95 | 113 |
my $form = $main::form; |
| 96 | 114 |
my $locale = $main::locale; |
| 97 | 115 |
|
| 98 |
$main::auth->assert('invoice_edit');
|
|
| 99 |
|
|
| 100 | 116 |
$form->{show_details} = $::myconfig{show_form_details};
|
| 101 | 117 |
$form->{taxincluded_changed_by_user} = 1;
|
| 102 | 118 |
|
| ... | ... | |
| 134 | 150 |
sub invoice_links {
|
| 135 | 151 |
$main::lxdebug->enter_sub(); |
| 136 | 152 |
|
| 153 |
# Delay access check to after the invoice's been loaded so that |
|
| 154 |
# project-specific invoice rights can be evaluated. |
|
| 155 |
|
|
| 137 | 156 |
my $form = $main::form; |
| 138 | 157 |
my %myconfig = %main::myconfig; |
| 139 | 158 |
|
| 140 |
$main::auth->assert('invoice_edit');
|
|
| 141 |
|
|
| 142 | 159 |
$form->{vc} = 'customer';
|
| 143 | 160 |
|
| 144 | 161 |
# create links |
| 145 | 162 |
$form->create_links("AR", \%myconfig, "customer");
|
| 146 | 163 |
|
| 164 |
_assert_access(); |
|
| 165 |
|
|
| 147 | 166 |
my $editing = $form->{id};
|
| 148 | 167 |
|
| 149 | 168 |
$form->backup_vars(qw(payment_id language_id taxzone_id salesman_id |
| ... | ... | |
| 206 | 225 |
sub prepare_invoice {
|
| 207 | 226 |
$main::lxdebug->enter_sub(); |
| 208 | 227 |
|
| 228 |
_assert_access(); |
|
| 229 |
|
|
| 209 | 230 |
my $form = $main::form; |
| 210 | 231 |
my %myconfig = %main::myconfig; |
| 211 | 232 |
|
| 212 |
$main::auth->assert('invoice_edit');
|
|
| 213 |
|
|
| 214 | 233 |
if ($form->{type} eq "credit_note") {
|
| 215 | 234 |
$form->{type} = "credit_note";
|
| 216 | 235 |
$form->{formname} = "credit_note";
|
| ... | ... | |
| 258 | 277 |
my $change_on_same_day_only = $::instance_conf->get_is_changeable == 2 && ($form->current_date(\%::myconfig) ne $form->{gldate});
|
| 259 | 278 |
my $payments_balanced = ($::form->{oldtotalpaid} == 0);
|
| 260 | 279 |
my $has_storno = ($::form->{storno} && !$::form->{storno_id});
|
| 280 |
my $may_edit_create = $::auth->assert('invoice_edit', 1);
|
|
| 261 | 281 |
|
| 262 | 282 |
for my $bar ($::request->layout->get('actionbar')) {
|
| 263 | 283 |
$bar->add( |
| 264 | 284 |
action => [ |
| 265 | 285 |
t8('Update'),
|
| 266 | 286 |
submit => [ '#form', { action => "update" } ],
|
| 267 |
disabled => $form->{locked} ? t8('The billing period has already been locked.') : undef,
|
|
| 287 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 288 |
: $form->{locked} ? t8('The billing period has already been locked.')
|
|
| 289 |
: undef, |
|
| 268 | 290 |
id => 'update_button', |
| 269 | 291 |
checks => [ 'kivi.validate_form' ], |
| 270 | 292 |
accesskey => 'enter', |
| ... | ... | |
| 275 | 297 |
t8('Post'),
|
| 276 | 298 |
submit => [ '#form', { action => "post" } ],
|
| 277 | 299 |
checks => [ 'kivi.validate_form' ], |
| 278 |
disabled => $form->{locked} ? t8('The billing period has already been locked.')
|
|
| 300 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 301 |
: $form->{locked} ? t8('The billing period has already been locked.')
|
|
| 279 | 302 |
: $form->{storno} ? t8('A canceled invoice cannot be posted.')
|
| 280 | 303 |
: ($form->{id} && $change_never) ? t8('Changing invoices has been disabled in the configuration.')
|
| 281 | 304 |
: ($form->{id} && $change_on_same_day_only) ? t8('Invoices can only be changed on the day they are posted.')
|
| ... | ... | |
| 285 | 308 |
t8('Post Payment'),
|
| 286 | 309 |
submit => [ '#form', { action => "post_payment" } ],
|
| 287 | 310 |
checks => [ 'kivi.validate_form' ], |
| 288 |
disabled => !$form->{id} ? t8('This invoice has not been posted yet.') : undef,
|
|
| 311 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 312 |
: !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 313 |
: undef, |
|
| 289 | 314 |
], |
| 290 | 315 |
action => [ t8('Mark as paid'),
|
| 291 | 316 |
submit => [ '#form', { action => "mark_as_paid" } ],
|
| 292 | 317 |
confirm => t8('This will remove the invoice from showing as unpaid even if the unpaid amount does not match the amount. Proceed?'),
|
| 293 |
disabled => !$form->{id} ? t8('This invoice has not been posted yet.') : undef,
|
|
| 318 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 319 |
: !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 320 |
: undef, |
|
| 294 | 321 |
only_if => $::instance_conf->get_is_show_mark_as_paid, |
| 295 | 322 |
], |
| 296 | 323 |
], # end of combobox "Post" |
| ... | ... | |
| 300 | 327 |
submit => [ '#form', { action => "storno" } ],
|
| 301 | 328 |
confirm => t8('Do you really want to cancel this invoice?'),
|
| 302 | 329 |
checks => [ 'kivi.validate_form' ], |
| 303 |
disabled => !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 330 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 331 |
: !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 304 | 332 |
: !$payments_balanced ? t8('Cancelling is disallowed. Either undo or balance the current payments until the open amount matches the invoice amount')
|
| 305 | 333 |
: undef, |
| 306 | 334 |
], |
| ... | ... | |
| 308 | 336 |
submit => [ '#form', { action => "delete" } ],
|
| 309 | 337 |
confirm => t8('Do you really want to delete this object?'),
|
| 310 | 338 |
checks => [ 'kivi.validate_form' ], |
| 311 |
disabled => !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 339 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 340 |
: !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 312 | 341 |
: $form->{locked} ? t8('The billing period has already been locked.')
|
| 313 | 342 |
: $change_never ? t8('Changing invoices has been disabled in the configuration.')
|
| 314 | 343 |
: $change_on_same_day_only ? t8('Invoices can only be changed on the day they are posted.')
|
| ... | ... | |
| 325 | 354 |
t8('Use As New'),
|
| 326 | 355 |
submit => [ '#form', { action => "use_as_new" } ],
|
| 327 | 356 |
checks => [ 'kivi.validate_form' ], |
| 328 |
disabled => !$form->{id} ? t8('This invoice has not been posted yet.') : undef,
|
|
| 357 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 358 |
: !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 359 |
: undef, |
|
| 329 | 360 |
], |
| 330 | 361 |
action => [ |
| 331 | 362 |
t8('Credit Note'),
|
| 332 | 363 |
submit => [ '#form', { action => "credit_note" } ],
|
| 333 | 364 |
checks => [ 'kivi.validate_form' ], |
| 334 |
disabled => $form->{type} eq "credit_note" ? t8('Credit notes cannot be converted into other credit notes.')
|
|
| 365 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 366 |
: $form->{type} eq "credit_note" ? t8('Credit notes cannot be converted into other credit notes.')
|
|
| 335 | 367 |
: !$form->{id} ? t8('This invoice has not been posted yet.')
|
| 336 | 368 |
: undef, |
| 337 | 369 |
], |
| ... | ... | |
| 349 | 381 |
($form->{id} ? t8('Print') : t8('Preview')),
|
| 350 | 382 |
call => [ 'kivi.SalesPurchase.show_print_dialog', $form->{id} ? 'print' : 'preview' ],
|
| 351 | 383 |
checks => [ 'kivi.validate_form' ], |
| 352 |
disabled => !$form->{id} && $form->{locked} ? t8('The billing period has already been locked.') : undef,
|
|
| 384 |
disabled => !$may_edit_create ? t8('You must not print this invoice.')
|
|
| 385 |
: !$form->{id} && $form->{locked} ? t8('The billing period has already been locked.')
|
|
| 386 |
: undef, |
|
| 353 | 387 |
], |
| 354 | 388 |
action => [ t8('Print and Post'),
|
| 355 | 389 |
call => [ 'kivi.SalesPurchase.show_print_dialog', $form->{id} ? 'print' : 'print_and_post' ],
|
| 356 | 390 |
checks => [ 'kivi.validate_form' ], |
| 357 |
disabled => $form->{id} ? t8('This invoice has already been posted.') : undef,,
|
|
| 391 |
disabled => !$may_edit_create ? t8('You must not print this invoice.')
|
|
| 392 |
: $form->{id} ? t8('This invoice has already been posted.')
|
|
| 393 |
: undef,, |
|
| 358 | 394 |
], |
| 359 | 395 |
action => [ t8('E Mail'),
|
| 360 | 396 |
call => [ 'kivi.SalesPurchase.show_email_dialog' ], |
| 361 | 397 |
checks => [ 'kivi.validate_form' ], |
| 362 |
disabled => !$form->{id} ? t8('This invoice has not been posted yet.') : undef,
|
|
| 398 |
disabled => !$may_edit_create ? t8('You must not print this invoice.')
|
|
| 399 |
: !$form->{id} ? t8('This invoice has not been posted yet.')
|
|
| 400 |
: undef, |
|
| 363 | 401 |
], |
| 364 | 402 |
], # end of combobox "Export" |
| 365 | 403 |
|
| ... | ... | |
| 378 | 416 |
action => [ |
| 379 | 417 |
t8('Drafts'),
|
| 380 | 418 |
call => [ 'kivi.Draft.popup', 'is', 'invoice', $form->{draft_id}, $form->{draft_description} ],
|
| 381 |
disabled => $form->{id} ? t8('This invoice has already been posted.')
|
|
| 382 |
: $form->{locked} ? t8('The billing period has already been locked.')
|
|
| 383 |
: undef, |
|
| 419 |
disabled => !$may_edit_create ? t8('You must not change this invoice.')
|
|
| 420 |
: $form->{id} ? t8('This invoice has already been posted.')
|
|
| 421 |
: $form->{locked} ? t8('The billing period has already been locked.')
|
|
| 422 |
: undef, |
|
| 384 | 423 |
], |
| 385 | 424 |
], # end of combobox "more" |
| 386 | 425 |
); |
| ... | ... | |
| 391 | 430 |
sub form_header {
|
| 392 | 431 |
$main::lxdebug->enter_sub(); |
| 393 | 432 |
|
| 433 |
_assert_access(); |
|
| 434 |
|
|
| 394 | 435 |
my $form = $main::form; |
| 395 | 436 |
my %myconfig = %main::myconfig; |
| 396 | 437 |
my $locale = $main::locale; |
| 397 | 438 |
my $cgi = $::request->{cgi};
|
| 398 | 439 |
|
| 399 |
$main::auth->assert('invoice_edit');
|
|
| 400 |
|
|
| 401 | 440 |
my %TMPL_VAR = (); |
| 402 | 441 |
my @custom_hiddens; |
| 403 | 442 |
|
| ... | ... | |
| 526 | 565 |
sub form_footer {
|
| 527 | 566 |
$main::lxdebug->enter_sub(); |
| 528 | 567 |
|
| 568 |
_assert_access(); |
|
| 569 |
|
|
| 529 | 570 |
my $form = $main::form; |
| 530 | 571 |
my %myconfig = %main::myconfig; |
| 531 | 572 |
my $locale = $main::locale; |
| 532 | 573 |
|
| 533 |
$main::auth->assert('invoice_edit');
|
|
| 534 |
|
|
| 535 | 574 |
$form->{invtotal} = $form->{invsubtotal};
|
| 536 | 575 |
|
| 537 | 576 |
# note rows |
| ... | ... | |
| 658 | 697 |
sub update {
|
| 659 | 698 |
$main::lxdebug->enter_sub(); |
| 660 | 699 |
|
| 700 |
_assert_access(); |
|
| 701 |
|
|
| 661 | 702 |
my $form = $main::form; |
| 662 | 703 |
my %myconfig = %main::myconfig; |
| 663 | 704 |
|
| 664 |
$main::auth->assert('invoice_edit');
|
|
| 665 |
|
|
| 666 | 705 |
my ($recursive_call) = @_; |
| 667 | 706 |
|
| 668 | 707 |
$form->{print_and_post} = 0 if $form->{second_run};
|
| ... | ... | |
| 1180 | 1219 |
sub display_form {
|
| 1181 | 1220 |
$::lxdebug->enter_sub; |
| 1182 | 1221 |
|
| 1183 |
$::auth->assert('invoice_edit');
|
|
| 1222 |
_assert_access();
|
|
| 1184 | 1223 |
|
| 1185 | 1224 |
relink_accounts(); |
| 1186 | 1225 |
|
Auch abrufbar als: Unified diff
Berechtigung, Verkaufsrechnungen persönlich zugeordneter Projekte einzusehen
Man kann nun Mitarbeiter*innen zu Projekten zuordnen, indem man sie in
den Projektstammdaten hinzufügt.
Ist eine Mitarbeiter*in zu einem Projekt zugeordnet, so darf sie alle
Rechnungen ansehen, die über die Projektnummer der Rechnung (nicht der
Positionen) dem Projekt zugeordnet sind, auch dann, wenn sie nicht das
allgemeine Recht zum Erstellen und Ansehen von Rechnungen hat.
Verändern oder Ausdrucken der Rechnungen ist nicht gestattet.
Die Verwaltung dieser Projektberechtigungen ist über ein neues
Gruppenrecht eingeschränkt.
Betrifft Verkaufsrechnungen, Verkaufsgutschriften und Debitorenbuchungen.