Revision e06619e8
Von Bernd Bleßmann vor fast 4 Jahren hinzugefügt
| SL/Controller/TimeRecording.pm | ||
|---|---|---|
| 18 | 18 |
use Rose::Object::MakeMethods::Generic |
| 19 | 19 |
( |
| 20 | 20 |
# scalar => [ qw() ], |
| 21 |
'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees can_view_all) ], |
|
| 21 |
'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees can_view_all can_edit_all) ],
|
|
| 22 | 22 |
); |
| 23 | 23 |
|
| 24 | 24 |
|
| 25 | 25 |
# safety |
| 26 | 26 |
__PACKAGE__->run_before('check_auth');
|
| 27 |
__PACKAGE__->run_before('check_auth_edit', only => [ qw(edit save delete) ]);
|
|
| 27 | 28 |
|
| 28 | 29 |
# |
| 29 | 30 |
# actions |
| ... | ... | |
| 132 | 133 |
$::auth->assert('time_recording_show_all', 1) || $::auth->assert('time_recording_edit_all', 1)
|
| 133 | 134 |
} |
| 134 | 135 |
|
| 136 |
sub init_can_edit_all {
|
|
| 137 |
$::auth->assert('time_recording_edit_all', 1)
|
|
| 138 |
} |
|
| 139 |
|
|
| 135 | 140 |
sub init_models {
|
| 136 | 141 |
my ($self) = @_; |
| 137 | 142 |
|
| ... | ... | |
| 159 | 164 |
$::auth->assert('time_recording');
|
| 160 | 165 |
} |
| 161 | 166 |
|
| 167 |
sub check_auth_edit {
|
|
| 168 |
my ($self) = @_; |
|
| 169 |
|
|
| 170 |
if (!$self->can_edit_all && ($self->time_recording->staff_member_id != SL::DB::Manager::Employee->current->id)) {
|
|
| 171 |
$::form->error(t8('You do not have permission to access this entry.'));
|
|
| 172 |
} |
|
| 173 |
} |
|
| 174 |
|
|
| 162 | 175 |
sub prepare_report {
|
| 163 | 176 |
my ($self) = @_; |
| 164 | 177 |
|
Auch abrufbar als: Unified diff
Zeiterfassung: Recht f. Bearbeitung aller Einträge berücksichtigen