# end of main
+sub assert_bp_access {
+ my %access_map = (
+ 'invoice' => 'invoice_edit',
+ 'sales_order' => 'sales_order_edit',
+ 'sales_quotation' => 'sales_quotation_edit',
+ 'purchase_order' => 'purchase_order_edit',
+ 'request_quotation' => 'request_quotation_edit',
+ 'check' => 'cash',
+ 'receipt' => 'cash',
+ );
+
+ if ($form->{type} && $access_map{$form->{type}}) {
+ $auth->assert($access_map{$form->{type}});
+
+ } elsif ($form->{type} eq 'packing_list') {
+ $lxdebug->message(0, "1");
+ if (!$auth->assert('sales_order_edit', 1)) {
+ $lxdebug->message(0, "2");
+ $auth->assert('invoice_edit') ;
+ }
+ $lxdebug->message(0, "3");
+
+ } else {
+ $auth->assert('DOES_NOT_EXIST');
+ }
+}
+
sub search {
$lxdebug->enter_sub();
+ assert_bp_access();
+
# $locale->text('Sales Invoices')
# $locale->text('Packing Lists')
# $locale->text('Sales Orders')
}
# use JavaScript Calendar or not
- $form->{jsscript} = $jscalendar;
+ $form->{jsscript} = 1;
$jsscript = "";
if ($form->{jsscript}) {
print qq|
<body onLoad="$onload">
-<form method=post action=$form->{script}>
+<form method=post action=bp.pl>
<input type=hidden name=vc value=$form->{vc}>
<input type=hidden name=type value=$form->{type}>
<input type=hidden name=nextsub value=list_spool>
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
<br>
<input class=submit type=submit name=action value="|
. $locale->text('Continue') . qq|">
sub remove {
$lxdebug->enter_sub();
+ assert_bp_access();
+
$selected = 0;
for $i (1 .. $form->{rowcount}) {
print qq|
<body>
-<form method=post action=$form->{script}>
+<form method=post action=bp.pl>
|;
map { delete $form->{$_} } qw(action header);
foreach $key (keys %$form) {
+ next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
print qq|<input type=hidden name=$key value="$form->{$key}">\n|;
}
sub yes {
$lxdebug->enter_sub();
+ assert_bp_access();
+
$form->info($locale->text('Removing marked entries from queue ...'));
$form->{callback} .= "&header=1" if $form->{callback};
sub print {
$lxdebug->enter_sub();
+ assert_bp_access();
+
$form->get_lists(printers => 'ALL_PRINTERS');
# use the command stored in the databse or fall back to $myconfig{printer}
my $selected_printer = (grep { $_->{id} eq $form->{printer} } @{ $form->{ALL_PRINTERS} })[0]->{'printer_command'} || $myconfig{printer};
for $i (1 .. $form->{rowcount}) {
if ($form->{"checked_$i"}) {
- $form->{OUT} = "| $selected_printer";
$form->info($locale->text('Printing ... '));
- if (BP->print_spool(\%myconfig, \%$form, $spool)) {
+ if (BP->print_spool(\%myconfig, \%$form, $spool, "| $selected_printer")) {
print $locale->text('done');
$form->redirect($locale->text('Marked entries printed!'));
}
sub list_spool {
$lxdebug->enter_sub();
+ assert_bp_access();
+
$form->{ $form->{vc} } = $form->unescape($form->{ $form->{vc} });
($form->{ $form->{vc} }, $form->{"$form->{vc}_id"}) =
split(/--/, $form->{ $form->{vc} });
BP->get_spoolfiles(\%myconfig, \%$form);
$title = $form->escape($form->{title});
- $href =
- "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title";
+ $href = "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title";
$title = $form->escape($form->{title}, 1);
$callback =
- "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title";
+ "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title";
if ($form->{ $form->{vc} }) {
$callback .= "&$form->{vc}=" . $form->escape($form->{ $form->{vc} }, 1);
print qq|
<body>
-<form method=post action=$form->{script}>
+<form method=post action=bp.pl>
<table width=100%>
<tr>
}
$column_data{invnumber} =
- "<td><a href=$module?action=edit&id=$ref->{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{invnumber}</a></td>";
+ "<td><a href=$module?action=edit&id=$ref->{id}&type=$form->{type}&callback=$callback>$ref->{invnumber}</a></td>";
$column_data{ordnumber} =
- "<td><a href=$module?action=edit&id=$ref->{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{ordnumber}</a></td>";
+ "<td><a href=$module?action=edit&id=$ref->{id}&type=$form->{type}&callback=$callback>$ref->{ordnumber}</a></td>";
$column_data{quonumber} =
- "<td><a href=$module?action=edit&id=$ref->{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{quonumber}</a></td>";
+ "<td><a href=$module?action=edit&id=$ref->{id}&type=$form->{type}&callback=$callback>$ref->{quonumber}</a></td>";
$column_data{name} = "<td>$ref->{name}</td>";
$column_data{spoolfile} =
qq|<td><a href=$spool/$ref->{spoolfile}>$ref->{spoolfile}</a></td>
<input type=hidden name=sort value="$form->{sort}">
<input type=hidden name=account value="$form->{account}">
-
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
|;
# if ($myconfig{printer}) {
$form->get_lists(printers=>"ALL_PRINTERS");
print qq|<select name="printer">|;
-print map(qq|<option value="$_->{id}">| . $form->quote_html($_->{printer_description}) . qq|</option>|, @{ $form->{ALL_PRINTERS} });
+print map(qq|<option value="$_->{id}">| . H($_->{printer_description}) . qq|</option>|, @{ $form->{ALL_PRINTERS} });
print qq|</select>|;
# }
sub select_all {
$lxdebug->enter_sub();
+ assert_bp_access();
+
map { $form->{"checked_$_"} = 1 } (1 .. $form->{rowcount});
&list_spool;