projects
/
kivitendo-erp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Datenbank-Upgrade-Skripte für Release 3.5.5
[kivitendo-erp.git]
/
SL
/
AP.pm
diff --git
a/SL/AP.pm
b/SL/AP.pm
index
96e0c70
..
79b1fa8
100644
(file)
--- a/
SL/AP.pm
+++ b/
SL/AP.pm
@@
-478,7
+478,8
@@
sub ap_transactions {
# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
- # - Filter by employee if requested.
+ # - Limit to own invoices unless may edit all invoices.
+ # - If may edit all, allow filtering by employee.
my (@permission_where, @permission_values);
if ($::auth->assert('vendor_invoice_edit', 1)) {
my (@permission_where, @permission_values);
if ($::auth->assert('vendor_invoice_edit', 1)) {
@@
-486,9
+487,16
@@
sub ap_transactions {
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
- if ($form->{employee_id}) {
+ if (!$::auth->assert('purchase_all_edit', 1)) {
+ # only show own invoices
push @permission_where, "a.employee_id = ?";
push @permission_where, "a.employee_id = ?";
- push @permission_values, conv_i($form->{employee_id});
+ push @permission_values, SL::DB::Manager::Employee->current->id;
+
+ } else {
+ if ($form->{employee_id}) {
+ push @permission_where, "a.employee_id = ?";
+ push @permission_values, conv_i($form->{employee_id});
+ }
}
}
}
}
@@
-548,6
+556,14
@@
sub ap_transactions {
$where .= " AND a.transdate <= ?";
push(@values, trim($form->{transdateto}));
}
$where .= " AND a.transdate <= ?";
push(@values, trim($form->{transdateto}));
}
+ if ($form->{duedatefrom}) {
+ $where .= " AND a.duedate >= ?";
+ push(@values, trim($form->{duedatefrom}));
+ }
+ if ($form->{duedateto}) {
+ $where .= " AND a.duedate <= ?";
+ push(@values, trim($form->{duedateto}));
+ }
if ($form->{open} || $form->{closed}) {
unless ($form->{open} && $form->{closed}) {
$where .= " AND a.amount <> a.paid" if ($form->{open});
if ($form->{open} || $form->{closed}) {
unless ($form->{open} && $form->{closed}) {
$where .= " AND a.amount <> a.paid" if ($form->{open});