Revision b638b6a1
Von Bernd Bleßmann vor etwa 5 Jahren hinzugefügt
| SL/AP.pm | ||
|---|---|---|
| 478 | 478 |
# Permissions: |
| 479 | 479 |
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say. |
| 480 | 480 |
# - Exclude AP transactions if no permissions for them exist. |
| 481 |
# - Filter by employee if requested. |
|
| 481 |
# - Limit to own invoices unless may edit all invoices. |
|
| 482 |
# - If may edit all, allow filtering by employee. |
|
| 482 | 483 |
my (@permission_where, @permission_values); |
| 483 | 484 |
|
| 484 | 485 |
if ($::auth->assert('vendor_invoice_edit', 1)) {
|
| ... | ... | |
| 486 | 487 |
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices |
| 487 | 488 |
} |
| 488 | 489 |
|
| 489 |
if ($form->{employee_id}) {
|
|
| 490 |
if (!$::auth->assert('purchase_all_edit', 1)) {
|
|
| 491 |
# only show own invoices |
|
| 490 | 492 |
push @permission_where, "a.employee_id = ?"; |
| 491 |
push @permission_values, conv_i($form->{employee_id});
|
|
| 493 |
push @permission_values, SL::DB::Manager::Employee->current->id; |
|
| 494 |
|
|
| 495 |
} else {
|
|
| 496 |
if ($form->{employee_id}) {
|
|
| 497 |
push @permission_where, "a.employee_id = ?"; |
|
| 498 |
push @permission_values, conv_i($form->{employee_id});
|
|
| 499 |
} |
|
| 492 | 500 |
} |
| 493 | 501 |
} |
| 494 | 502 |
|
| SL/Controller/CustomerVendor.pm | ||
|---|---|---|
| 479 | 479 |
sub action_get_delivery {
|
| 480 | 480 |
my ($self) = @_; |
| 481 | 481 |
|
| 482 |
$::auth->assert('sales_all_edit');
|
|
| 482 |
$::auth->assert('sales_all_edit') if $self->is_customer();
|
|
| 483 |
$::auth->assert('purchase_all_edit') if $self->is_vendor();
|
|
| 483 | 484 |
|
| 484 | 485 |
my $dbh = $::form->get_standard_dbh(); |
| 485 | 486 |
|
| SL/Controller/DeliveryPlan.pm | ||
|---|---|---|
| 338 | 338 |
} |
| 339 | 339 |
|
| 340 | 340 |
sub init_all_edit_right {
|
| 341 |
$::auth->assert('sales_all_edit', 1)
|
|
| 341 |
return $_[0]->vc eq 'customer' ? $::auth->assert('sales_all_edit', 1) : $::auth->assert('purchase_all_edit', 1);
|
|
| 342 | 342 |
} |
| 343 | 343 |
sub init_vc {
|
| 344 | 344 |
return $::form->{vc} if ($::form->{vc} eq 'customer' || $::form->{vc} eq 'vendor') || croak "self (DeliveryPlan) has no vc defined";
|
| SL/DO.pm | ||
|---|---|---|
| 129 | 129 |
push @where, "dord.$item = ?"; |
| 130 | 130 |
push @values, conv_i($form->{$item});
|
| 131 | 131 |
} |
| 132 |
if (!$main::auth->assert('sales_all_edit', 1)) {
|
|
| 132 |
if ( !(($vc eq 'customer' && $main::auth->assert('sales_all_edit', 1)) || ($vc eq 'vendor' && $main::auth->assert('purchase_all_edit', 1))) ) {
|
|
| 133 | 133 |
push @where, qq|dord.employee_id = (select id from employee where login= ?)|; |
| 134 | 134 |
push @values, $::myconfig{login};
|
| 135 | 135 |
} |
| SL/OE.pm | ||
|---|---|---|
| 183 | 183 |
push(@values, (like($form->{"cp_name"}))x2);
|
| 184 | 184 |
} |
| 185 | 185 |
|
| 186 |
if (!$main::auth->assert('sales_all_edit', 1)) {
|
|
| 186 |
if ( !(($vc eq 'customer' && $main::auth->assert('sales_all_edit', 1)) || ($vc eq 'vendor' && $main::auth->assert('purchase_all_edit', 1))) ) {
|
|
| 187 | 187 |
$query .= " AND o.employee_id = (select id from employee where login= ?)"; |
| 188 | 188 |
push @values, $::myconfig{login};
|
| 189 | 189 |
} |
| templates/webpages/customer_vendor/form.html | ||
|---|---|---|
| 16 | 16 |
|
| 17 | 17 |
[%- INCLUDE 'common/flash.html' %] |
| 18 | 18 |
|
| 19 |
[%- SET show_deliveries = ( SELF.cv.id && ((SELF.is_customer && AUTH.assert('sales_all_edit', 1)) || (SELF.is_vendor && AUTH.assert('purchase_all_edit', 1))) ) -%]
|
|
| 19 | 20 |
<div class="tabwidget" id="customer_vendor_tabs"> |
| 20 | 21 |
<ul> |
| 21 | 22 |
<li><a href="#billing">[% 'Billing Address' | $T8 %]</a></li> |
| 22 | 23 |
<li><a href="#bank">[% 'Bank account' | $T8 %]</a></li> |
| 23 | 24 |
<li><a href="#shipto">[% 'Shipping Address' | $T8 %]</a></li> |
| 24 | 25 |
<li><a href="#contacts">[% 'Contacts' | $T8 %]</a></li> |
| 25 |
[% IF ( SELF.cv.id && AUTH.assert('sales_all_edit', 1) ) %]
|
|
| 26 |
[% IF show_deliveries %]
|
|
| 26 | 27 |
<li><a href="#deliveries">[% 'Supplies' | $T8 %]</a></li> |
| 27 | 28 |
[%- IF INSTANCE_CONF.get_doc_storage %] |
| 28 | 29 |
<li><a href="controller.pl?action=File/list&file_type=attachment&object_type=[% FORM.db == 'vendor' ? 'vendor' : 'customer' %]&object_id=[% SELF.cv.id %]">[% 'Attachments' | $T8 %]</a></li> |
| ... | ... | |
| 60 | 61 |
[% PROCESS "customer_vendor/tabs/bank.html" %] |
| 61 | 62 |
[% PROCESS "customer_vendor/tabs/shipto.html" %] |
| 62 | 63 |
[% PROCESS "customer_vendor/tabs/contacts.html" %] |
| 63 |
[% IF ( SELF.cv.id && AUTH.assert('sales_all_edit', 1) ) %]
|
|
| 64 |
[% IF show_deliveries %]
|
|
| 64 | 65 |
[% PROCESS "customer_vendor/tabs/deliveries.html" %] |
| 65 | 66 |
[% END %] |
| 66 | 67 |
[% PROCESS "customer_vendor/tabs/vcnotes.html" %] |
Auch abrufbar als: Unified diff
Recht zum Einsehen von Einkaufsdokumenten aller Mitarbeiter anwenden
Trennung VK/EK in Berichten