# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
- # - Filter by employee if requested.
+ # - Limit to own invoices unless may edit all invoices.
+ # - If may edit all, allow filtering by employee.
my (@permission_where, @permission_values);
if ($::auth->assert('vendor_invoice_edit', 1)) {
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
- if ($form->{employee_id}) {
+ if (!$::auth->assert('purchase_all_edit', 1)) {
+ # only show own invoices
push @permission_where, "a.employee_id = ?";
- push @permission_values, conv_i($form->{employee_id});
+ push @permission_values, SL::DB::Manager::Employee->current->id;
+
+ } else {
+ if ($form->{employee_id}) {
+ push @permission_where, "a.employee_id = ?";
+ push @permission_values, conv_i($form->{employee_id});
+ }
}
}
$where .= " AND a.transdate <= ?";
push(@values, trim($form->{transdateto}));
}
+ if ($form->{duedatefrom}) {
+ $where .= " AND a.duedate >= ?";
+ push(@values, trim($form->{duedatefrom}));
+ }
+ if ($form->{duedateto}) {
+ $where .= " AND a.duedate <= ?";
+ push(@values, trim($form->{duedateto}));
+ }
if ($form->{open} || $form->{closed}) {
unless ($form->{open} && $form->{closed}) {
$where .= " AND a.amount <> a.paid" if ($form->{open});
$storno_row->{netamount} *= -1;
$storno_row->{paid} = $storno_row->{amount};
- delete @$storno_row{qw(itime mtime)};
+ delete @$storno_row{qw(itime mtime gldate)};
$query = sprintf 'INSERT INTO ap (%s) VALUES (%s)', join(', ', keys %$storno_row), join(', ', map '?', values %$storno_row);
do_query($form, $dbh, $query, (values %$storno_row));
}
for my $row (@$rowref) {
- delete @$row{qw(itime mtime link acc_trans_id)};
+ delete @$row{qw(itime mtime link acc_trans_id gldate)};
$query = sprintf 'INSERT INTO acc_trans (%s) VALUES (%s)', join(', ', keys %$row), join(', ', map '?', values %$row);
$row->{trans_id} = $new_id;
$row->{amount} *= -1;