Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision a2212188

Von Tamino Steinert vor mehr als 1 Jahr hinzugefügt

FIX: Richtige Rechte für Beleg-Pdf-Download von Rechnungen/Gutschriften

Unterschiede anzeigen:

bin/mozilla/ar.pl
1537 1537
  $::request->layout->add_javascripts('kivi.Validator.js');
1538 1538
}
1539 1539

  
1540
sub webdav_pdf_export {
1540
sub _check_access_right_for_ids {
1541
  my ($ids) = @_;
1541 1542
  $main::lxdebug->enter_sub();
1542 1543

  
1543
  # TODO(Tamino): rights?
1544
  $::auth->assert('ar_transactions');
1545
  $::auth->assert('invoice_edit');
1544
  my $form = Form->new;
1545
  AR->ar_transactions(\%::myconfig, \%$form);
1546
  my %allowed_ids = ();
1547

  
1548
  my @allowed_ar_ids = map {$_->{id}} @{$form->{AR}};
1549
  foreach my $ar_id (@allowed_ar_ids) {
1550
    $allowed_ids{$ar_id} = 1 ;
1551
  }
1552
  foreach my $id (@$ids) {
1553
    unless ($allowed_ids{$id}) {
1554
      $::auth->deny_access();
1555
    }
1556
  }
1557

  
1558
  $main::lxdebug->leave_sub();
1559
}
1560

  
1561
sub webdav_pdf_export {
1562
  $main::lxdebug->enter_sub();
1546 1563

  
1547 1564
  my $form = $main::form;
1548 1565
  my $ids  = $form->{id};
1549 1566

  
1567
  _check_access_right_for_ids($ids);
1568

  
1550 1569
  my $invoices = SL::DB::Manager::Invoice->get_all(where => [ id => $ids ]);
1551 1570

  
1552 1571
  my %file_name_to_path = ();
......
1554 1573
  foreach my $invoice (@{$invoices}) {
1555 1574
    if ($invoice->type eq '') {
1556 1575
      $no_files .= $invoice->displayable_name() . "\n";
1557
      $main::lxdebug->dump(0, "TST: no_files loop", $no_files);
1558 1576
      next;
1559 1577
    }
1560 1578
    my $webdav = SL::Webdav->new(
......
1578 1596
sub files_pdf_export {
1579 1597
  $main::lxdebug->enter_sub();
1580 1598

  
1581
  # TODO(Tamino): rights?
1582
  $::auth->assert('ar_transactions');
1583
  $::auth->assert('invoice_edit');
1584

  
1585 1599
  my $form = $main::form;
1586 1600
  my $ids  = $form->{id};
1587 1601

  
1602
  _check_access_right_for_ids($ids);
1603

  
1588 1604
  my $invoices = SL::DB::Manager::Invoice->get_all(where => [ id => $ids ]);
1589 1605

  
1590 1606
  my %file_name_to_path = ();

Auch abrufbar als: Unified diff