Projekt

Allgemein

Profil

« Zurück | Weiter » 

Revision d53d7a0a

Von Bernd Bleßmann vor fast 3 Jahren hinzugefügt

  • ID d53d7a0a5ddc16d962ae32326ad4a8f8bf871978
  • Vorgänger b4ddf2d4
  • Nachfolger 51a586e7

Recht: Ansehen von Einkaufsrechnungen berücksichtigen

Unterschiede anzeigen:

SL/AP.pm
487 487
  # Permissions:
488 488
  # - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
489 489
  # - Exclude AP transactions if no permissions for them exist.
490
  # - Limit to own invoices unless may edit all invoices.
491
  # - If may edit all, allow filtering by employee.
490
  # - Limit to own invoices unless may edit all invoices or view invoices is allowed.
491
  # - If may edit all or view invoices is allowed, allow filtering by employee.
492 492
  my (@permission_where, @permission_values);
493 493

  
494
  if ($::auth->assert('vendor_invoice_edit', 1)) {
494
  if ($::auth->assert('vendor_invoice_edit', 1) || $::auth->assert('purchase_invoice_view', 1)) {
495 495
    if (!$::auth->assert('show_ap_transactions', 1)) {
496 496
      push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
497 497
    }
498 498

  
499
    if (!$::auth->assert('purchase_all_edit', 1)) {
499
    if (!$::auth->assert('purchase_all_edit', 1) && !$::auth->assert('purchase_invoice_view', 1)) {
500 500
      # only show own invoices
501 501
      push @permission_where,  "a.employee_id = ?";
502 502
      push @permission_values, SL::DB::Manager::Employee->current->id;
......
509 509
    }
510 510
  }
511 511

  
512
  if (@permission_where || !$::auth->assert('vendor_invoice_edit', 1)) {
512
  if (@permission_where || (!$::auth->assert('vendor_invoice_edit', 1) && !$::auth->assert('purchase_invoice_view', 1))) {
513 513
    my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : "";
514 514
    $where .= qq|
515 515
      AND (   (a.globalproject_id IN (
bin/mozilla/ir.pl
56 56
# end of main
57 57

  
58 58
sub _may_view_or_edit_this_invoice {
59
  return 1 if  $::auth->assert('ap_transactions', 1); # may edit all invoices
60
  return 0 if !$::form->{id};                         # creating new invoices isn't allowed without invoice_edit
61
  return 0 if !$::form->{globalproject_id};           # existing records without a project ID are not allowed
59
  return 1 if  $::auth->assert('ap_transactions', 1);       # may edit all invoices
60
  return 0 if !$::form->{id};                               # creating new invoices isn't allowed without invoice_edit
61
  return 1 if  $::auth->assert('purchase_invoice_view', 1); # viewing is allowed with this right
62
  return 0 if !$::form->{globalproject_id};                 # existing records without a project ID are not allowed
62 63
  return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
63 64
}
64 65

  

Auch abrufbar als: Unified diff