qq| v.vendornumber, v.country, v.ustid, | .
qq| tz.description AS taxzone, | .
qq| pt.description AS payment_terms, | .
+ qq| department.description AS department, | .
qq{ ( SELECT ch.accno || ' -- ' || ch.description
FROM acc_trans at
LEFT JOIN chart ch ON ch.id = at.chart_id
qq|LEFT JOIN employee e ON (a.employee_id = e.id) | .
qq|LEFT JOIN project pr ON (a.globalproject_id = pr.id) | .
qq|LEFT JOIN tax_zones tz ON (tz.id = a.taxzone_id)| .
- qq|LEFT JOIN payment_terms pt ON (pt.id = a.payment_id)|;
+ qq|LEFT JOIN payment_terms pt ON (pt.id = a.payment_id)| .
+ qq|LEFT JOIN department ON (department.id = a.department_id)|;
my $where = '';
# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
- # - Filter by employee if requested.
+ # - Limit to own invoices unless may edit all invoices.
+ # - If may edit all, allow filtering by employee.
my (@permission_where, @permission_values);
if ($::auth->assert('vendor_invoice_edit', 1)) {
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
- if ($form->{employee_id}) {
+ if (!$::auth->assert('purchase_all_edit', 1)) {
+ # only show own invoices
push @permission_where, "a.employee_id = ?";
- push @permission_values, conv_i($form->{employee_id});
+ push @permission_values, SL::DB::Manager::Employee->current->id;
+
+ } else {
+ if ($form->{employee_id}) {
+ push @permission_where, "a.employee_id = ?";
+ push @permission_values, conv_i($form->{employee_id});
+ }
}
}
my $sortdir = !defined $form->{sortdir} ? 'ASC' : $form->{sortdir} ? 'ASC' : 'DESC';
my $sortorder = join(', ', map { "$_ $sortdir" } @a);
- if (grep({ $_ eq $form->{sort} } qw(transdate id invnumber ordnumber name netamount tax amount paid datepaid due duedate notes employee transaction_description direct_debit))) {
+ if (grep({ $_ eq $form->{sort} } qw(transdate id invnumber ordnumber name netamount tax amount paid datepaid due duedate notes employee transaction_description direct_debit department))) {
$sortorder = $form->{sort} . " $sortdir";
}