'ajaj_get_contact',
]
);
+
+# make sure this comes after _load_customer_vendor
+__PACKAGE__->run_before(
+ '_check_customer_vendor_all_edit',
+ only => [
+ 'edit',
+ 'show',
+ 'update',
+ 'delete',
+ 'save',
+ 'save_and_ap_transaction',
+ 'save_and_ar_transaction',
+ 'save_and_close',
+ 'save_and_invoice',
+ 'save_and_order',
+ 'save_and_quotation',
+ 'save_and_rfq',
+ 'delete',
+ 'delete_contact',
+ 'delete_shipto',
+ ]
+);
+
__PACKAGE__->run_before(
'_create_customer_vendor',
only => [
$self->_save();
- my $callback = $::form->escape($::form->{callback}, 1);
my $name = $::form->escape($self->{cv}->name, 1);
my $db = $self->is_vendor() ? 'vendor' : 'customer';
$db .'_id' => $self->{cv}->id,
$db => $name,
type => $::form->{type},
- callback => $callback,
+ callback => $::form->{callback},
);
print $::form->redirect_header($url);
my $name = 'shipto'. $_;
$name => $self->{shipto}->$name;
}
- qw(_id name department_1 department_2 street zipcode city country contact phone fax email)
+ qw(_id name department_1 department_2 street zipcode city gln country contact phone fax email)
)
};
if (1 == scalar @{ $exact_matches = $manager->get_all(
query => [
obsolete => 0,
+ (salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
or => [
name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
$number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
}
}
+sub _check_customer_vendor_all_edit {
+ my ($self) = @_;
+
+ unless ($::auth->assert('customer_vendor_all_edit', 1)) {
+ die($::locale->text("You don't have the rights to edit this customer.") . "\n")
+ if $self->{cv}->is_customer and
+ SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
+ };
+};
+
sub _create_customer_vendor {
my ($self) = @_;
},
customernumber => t8('Customer Number'),
},
+ query => [
+ ( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
+ ],
);
}
projects / kivitendo-erp.git / blobdiff