Revision e06619e8
Von Bernd Bleßmann vor etwa 4 Jahren hinzugefügt
SL/Controller/TimeRecording.pm | ||
---|---|---|
18 | 18 |
use Rose::Object::MakeMethods::Generic |
19 | 19 |
( |
20 | 20 |
# scalar => [ qw() ], |
21 |
'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees can_view_all) ], |
|
21 |
'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees can_view_all can_edit_all) ],
|
|
22 | 22 |
); |
23 | 23 |
|
24 | 24 |
|
25 | 25 |
# safety |
26 | 26 |
__PACKAGE__->run_before('check_auth'); |
27 |
__PACKAGE__->run_before('check_auth_edit', only => [ qw(edit save delete) ]); |
|
27 | 28 |
|
28 | 29 |
# |
29 | 30 |
# actions |
... | ... | |
132 | 133 |
$::auth->assert('time_recording_show_all', 1) || $::auth->assert('time_recording_edit_all', 1) |
133 | 134 |
} |
134 | 135 |
|
136 |
sub init_can_edit_all { |
|
137 |
$::auth->assert('time_recording_edit_all', 1) |
|
138 |
} |
|
139 |
|
|
135 | 140 |
sub init_models { |
136 | 141 |
my ($self) = @_; |
137 | 142 |
|
... | ... | |
159 | 164 |
$::auth->assert('time_recording'); |
160 | 165 |
} |
161 | 166 |
|
167 |
sub check_auth_edit { |
|
168 |
my ($self) = @_; |
|
169 |
|
|
170 |
if (!$self->can_edit_all && ($self->time_recording->staff_member_id != SL::DB::Manager::Employee->current->id)) { |
|
171 |
$::form->error(t8('You do not have permission to access this entry.')); |
|
172 |
} |
|
173 |
} |
|
174 |
|
|
162 | 175 |
sub prepare_report { |
163 | 176 |
my ($self) = @_; |
164 | 177 |
|
Auch abrufbar als: Unified diff
Zeiterfassung: Recht f. Bearbeitung aller Einträge berücksichtigen