projects
/
kivitendo-erp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Abteilungen bei Ansprechpersonen: SimpleSettings-Controller zum Editieren
[kivitendo-erp.git]
/
SL
/
AP.pm
diff --git
a/SL/AP.pm
b/SL/AP.pm
index
96e0c70
..
060b55a
100644
(file)
--- a/
SL/AP.pm
+++ b/
SL/AP.pm
@@
-478,7
+478,8
@@
sub ap_transactions {
# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
- # - Filter by employee if requested.
+ # - Limit to own invoices unless may edit all invoices.
+ # - If may edit all, allow filtering by employee.
my (@permission_where, @permission_values);
if ($::auth->assert('vendor_invoice_edit', 1)) {
my (@permission_where, @permission_values);
if ($::auth->assert('vendor_invoice_edit', 1)) {
@@
-486,9
+487,16
@@
sub ap_transactions {
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
- if ($form->{employee_id}) {
+ if (!$::auth->assert('purchase_all_edit', 1)) {
+ # only show own invoices
push @permission_where, "a.employee_id = ?";
push @permission_where, "a.employee_id = ?";
- push @permission_values, conv_i($form->{employee_id});
+ push @permission_values, SL::DB::Manager::Employee->current->id;
+
+ } else {
+ if ($form->{employee_id}) {
+ push @permission_where, "a.employee_id = ?";
+ push @permission_values, conv_i($form->{employee_id});
+ }
}
}
}
}
@@
-548,6
+556,14
@@
sub ap_transactions {
$where .= " AND a.transdate <= ?";
push(@values, trim($form->{transdateto}));
}
$where .= " AND a.transdate <= ?";
push(@values, trim($form->{transdateto}));
}
+ if ($form->{duedatefrom}) {
+ $where .= " AND a.duedate >= ?";
+ push(@values, trim($form->{duedatefrom}));
+ }
+ if ($form->{duedateto}) {
+ $where .= " AND a.duedate <= ?";
+ push(@values, trim($form->{duedateto}));
+ }
if ($form->{open} || $form->{closed}) {
unless ($form->{open} && $form->{closed}) {
$where .= " AND a.amount <> a.paid" if ($form->{open});
if ($form->{open} || $form->{closed}) {
unless ($form->{open} && $form->{closed}) {
$where .= " AND a.amount <> a.paid" if ($form->{open});
@@
-877,7
+893,7
@@
sub _storno {
$storno_row->{netamount} *= -1;
$storno_row->{paid} = $storno_row->{amount};
$storno_row->{netamount} *= -1;
$storno_row->{paid} = $storno_row->{amount};
- delete @$storno_row{qw(itime mtime)};
+ delete @$storno_row{qw(itime mtime
gldate
)};
$query = sprintf 'INSERT INTO ap (%s) VALUES (%s)', join(', ', keys %$storno_row), join(', ', map '?', values %$storno_row);
do_query($form, $dbh, $query, (values %$storno_row));
$query = sprintf 'INSERT INTO ap (%s) VALUES (%s)', join(', ', keys %$storno_row), join(', ', map '?', values %$storno_row);
do_query($form, $dbh, $query, (values %$storno_row));
@@
-897,7
+913,7
@@
sub _storno {
}
for my $row (@$rowref) {
}
for my $row (@$rowref) {
- delete @$row{qw(itime mtime link acc_trans_id)};
+ delete @$row{qw(itime mtime link acc_trans_id
gldate
)};
$query = sprintf 'INSERT INTO acc_trans (%s) VALUES (%s)', join(', ', keys %$row), join(', ', map '?', values %$row);
$row->{trans_id} = $new_id;
$row->{amount} *= -1;
$query = sprintf 'INSERT INTO acc_trans (%s) VALUES (%s)', join(', ', keys %$row), join(', ', map '?', values %$row);
$row->{trans_id} = $new_id;
$row->{amount} *= -1;