Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision d53d7a0a

Von Bernd Bleßmann vor mehr als 2 Jahren hinzugefügt

  • ID d53d7a0a5ddc16d962ae32326ad4a8f8bf871978
  • Vorgänger b4ddf2d4
  • Nachfolger 51a586e7

Recht: Ansehen von Einkaufsrechnungen berücksichtigen

Unterschiede anzeigen:

SL/AP.pm
487 487 
  # Permissions:
488 488 
  # - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
489 489 
  # - Exclude AP transactions if no permissions for them exist.
490 
  # - Limit to own invoices unless may edit all invoices.
491 
  # - If may edit all, allow filtering by employee.
490 
  # - Limit to own invoices unless may edit all invoices or view invoices is allowed.
491 
  # - If may edit all or view invoices is allowed, allow filtering by employee.
492 492 
  my (@permission_where, @permission_values);
493 493 

  		




  494
  
  
    
  if ($::auth->assert('vendor_invoice_edit', 1)) {


  		




  
  494
  
    
  if ($::auth->assert('vendor_invoice_edit', 1) || $::auth->assert('purchase_invoice_view', 1)) {


  		




  495
  495
  
    
    if (!$::auth->assert('show_ap_transactions', 1)) {


  		




  496
  496
  
    
      push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices


  		




  497
  497
  
    
    }


  		




  498
  498
  
    

  		




  499
  
  
    
    if (!$::auth->assert('purchase_all_edit', 1)) {


  		




  
  499
  
    
    if (!$::auth->assert('purchase_all_edit', 1) && !$::auth->assert('purchase_invoice_view', 1)) {


  		




  500
  500
  
    
      # only show own invoices


  		




  501
  501
  
    
      push @permission_where,  "a.employee_id = ?";


  		




  502
  502
  
    
      push @permission_values, SL::DB::Manager::Employee->current->id;


  		




  ......




  509
  509
  
    
    }


  		




  510
  510
  
    
  }


  		




  511
  511
  
    

  		




  512
  
  
    
  if (@permission_where || !$::auth->assert('vendor_invoice_edit', 1)) {


  		




  
  512
  
    
  if (@permission_where || (!$::auth->assert('vendor_invoice_edit', 1) && !$::auth->assert('purchase_invoice_view', 1))) {


  		




  513
  513
  
    
    my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : "";


  		




  514
  514
  
    
    $where .= qq|


  		




  515
  515
  
    
      AND (   (a.globalproject_id IN (


  		












  

    
      bin/mozilla/ir.pl
    
  





  56
  56
  
    
# end of main


  		




  57
  57
  
    

  		




  58
  58
  
    
sub _may_view_or_edit_this_invoice {


  		




  59
  
  
    
  return 1 if  $::auth->assert('ap_transactions', 1); # may edit all invoices


  		




  60
  
  
    
  return 0 if !$::form->{id};                         # creating new invoices isn't allowed without invoice_edit


  		




  61
  
  
    
  return 0 if !$::form->{globalproject_id};           # existing records without a project ID are not allowed


  		




  
  59
  
    
  return 1 if  $::auth->assert('ap_transactions', 1);       # may edit all invoices


  		




  
  60
  
    
  return 0 if !$::form->{id};                               # creating new invoices isn't allowed without invoice_edit


  		




  
  61
  
    
  return 1 if  $::auth->assert('purchase_invoice_view', 1); # viewing is allowed with this right


  		




  
  62
  
    
  return 0 if !$::form->{globalproject_id};                 # existing records without a project ID are not allowed


  		




  62
  63
  
    
  return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);


  		




  63
  64
  
    
}


  		




  64
  65
  
    

  		












Auch abrufbar als:  Unified diff