$query =
qq|UPDATE ar set
invnumber = ?, ordnumber = ?, transdate = ?, customer_id = ?,
- taxincluded = ?, amount = ?, duedate = ?, paid = ?,
+ taxincluded = ?, amount = ?, duedate = ?, deliverydate = ?, tax_point = ?, paid = ?,
currency_id = (SELECT id FROM currencies WHERE name = ?),
netamount = ?, notes = ?, department_id = ?,
employee_id = ?, storno = ?, storno_id = ?, globalproject_id = ?,
direct_debit = ?
WHERE id = ?|;
my @values = ($form->{invnumber}, $form->{ordnumber}, conv_date($form->{transdate}), conv_i($form->{customer_id}), $form->{taxincluded} ? 't' : 'f', $form->{amount},
- conv_date($form->{duedate}), $form->{paid},
+ conv_date($form->{duedate}), conv_date($form->{deliverydate}), conv_date($form->{tax_point}), $form->{paid},
$form->{currency},
$form->{netamount}, $form->{notes}, conv_i($form->{department_id}),
conv_i($form->{employee_id}), $form->{storno} ? 't' : 'f', $form->{storno_id},
my $query =
qq|SELECT DISTINCT a.id, a.invnumber, a.ordnumber, a.cusordnumber, a.transdate, | .
+ qq| a.donumber, a.deliverydate, | .
qq| a.duedate, a.netamount, a.amount, a.paid, | .
qq| a.invoice, a.datepaid, a.notes, a.shipvia, | .
qq| a.shippingpoint, a.storno, a.storno_id, a.globalproject_id, | .
my $where = "1 = 1";
- unless ( $::auth->assert('show_ar_transactions', 1) ) {
- $where .= " AND NOT invoice = 'f' "; # remove ar transactions from Sales -> Reports -> Invoices
- };
+ # Permissions:
+ # - Always return invoices & AR transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
+ # - Exclude AR transactions if no permissions for them exist.
+ # - Limit to own invoices unless may edit all invoices.
+ # - If may edit all, allow filtering by employee/salesman.
+ my (@permission_where, @permission_values);
+
+ if ($::auth->assert('invoice_edit', 1)) {
+ if (!$::auth->assert('show_ar_transactions', 1) ) {
+ push @permission_where, "NOT invoice = 'f'"; # remove ar transactions from Sales -> Reports -> Invoices
+ }
+
+ if (!$::auth->assert('sales_all_edit', 1)) {
+ # only show own invoices
+ push @permission_where, "a.employee_id = ?";
+ push @permission_values, SL::DB::Manager::Employee->current->id;
+
+ } else {
+ if ($form->{employee_id}) {
+ push @permission_where, "a.employee_id = ?";
+ push @permission_values, conv_i($form->{employee_id});
+ }
+ if ($form->{salesman_id}) {
+ push @permission_where, "a.salesman_id = ?";
+ push @permission_values, conv_i($form->{salesman_id});
+ }
+ }
+ }
+
+ if (@permission_where || !$::auth->assert('invoice_edit', 1)) {
+ my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : "";
+ $where .= qq|
+ AND ( (a.globalproject_id IN (
+ SELECT epi.project_id
+ FROM employee_project_invoices epi
+ WHERE epi.employee_id = ?))
+ $permission_where_str)
+ |;
+ push @values, SL::DB::Manager::Employee->current->id, @permission_values;
+ }
if ($form->{customer}) {
$where .= " AND c.name ILIKE ?";
}
}
- if (!$main::auth->assert('sales_all_edit', 1)) {
- # only show own invoices
- $where .= " AND a.employee_id = (select id from employee where login= ?)";
- push (@values, $::myconfig{login});
- } else {
- if ($form->{employee_id}) {
- $where .= " AND a.employee_id = ?";
- push @values, conv_i($form->{employee_id});
- }
- if ($form->{salesman_id}) {
- $where .= " AND a.salesman_id = ?";
- push @values, conv_i($form->{salesman_id});
- }
- };
-
if ($form->{parts_partnumber}) {
$where .= <<SQL;
AND EXISTS (
push @values, like($form->{parts_description});
}
+ if ($form->{show_not_mailed}) {
+ $where .= <<SQL;
+ AND NOT EXISTS (
+ SELECT rl.to_id
+ FROM record_links rl
+ WHERE (rl.from_id = a.id)
+ AND (rl.to_table = 'email_journal')
+ LIMIT 1
+ )
+SQL
+ }
+
if ($form->{show_marked_as_closed}) {
$query .= '
LEFT JOIN (
my $sortdir = !defined $form->{sortdir} ? 'ASC' : $form->{sortdir} ? 'ASC' : 'DESC';
my $sortorder = join(', ', map { "$_ $sortdir" } @a);
- if (grep({ $_ eq $form->{sort} } qw(id transdate duedate invnumber ordnumber cusordnumber name datepaid employee shippingpoint shipvia transaction_description))) {
+ if (grep({ $_ eq $form->{sort} } qw(id transdate duedate invnumber ordnumber cusordnumber donumber deliverydate name datepaid employee shippingpoint shipvia transaction_description department))) {
$sortorder = $form->{sort} . " $sortdir";
}