use SL::Helper::Flash;
use SL::Locale::String;
use SL::Util qw(trim);
+use SL::VATIDNr;
use SL::Webdav;
use SL::ZUGFeRD;
use SL::Controller::Helper::GetModels;
use Data::Dumper;
use Rose::Object::MakeMethods::Generic (
+ scalar => [ qw(user_has_edit_rights) ],
'scalar --get_set_init' => [ qw(customer_models vendor_models zugferd_settings) ],
);
# safety
-__PACKAGE__->run_before(
- sub {
- $::auth->assert('customer_vendor_edit');
- },
- except => [ qw(ajaj_autocomplete) ],
-);
__PACKAGE__->run_before(
'_instantiate_args',
only => [
);
# make sure this comes after _load_customer_vendor
-__PACKAGE__->run_before(
- '_check_customer_vendor_all_edit',
- only => [
- 'edit',
- 'show',
- 'update',
- 'delete',
- 'save',
- 'save_and_ap_transaction',
- 'save_and_ar_transaction',
- 'save_and_close',
- 'save_and_invoice',
- 'save_and_order',
- 'save_and_quotation',
- 'save_and_rfq',
- 'delete',
- 'delete_contact',
- 'delete_shipto',
- ]
-);
+__PACKAGE__->run_before('_check_auth');
__PACKAGE__->run_before(
'_create_customer_vendor',
my ($self) = @_;
$self->_pre_render();
- $self->{cv}->assign_attributes(hourly_rate => $::instance_conf->get_customer_hourly_rate) if $self->{cv}->is_customer;
+
+ if ($self->{cv}->is_customer) {
+ $self->{cv}->assign_attributes(hourly_rate => $::instance_conf->get_customer_hourly_rate);
+ $self->{cv}->salesman_id(SL::DB::Manager::Employee->current->id) if !$::auth->assert('customer_vendor_all_edit', 1);
+ }
$self->render(
'customer_vendor/form',
}
}
+sub _check_ustid_taxnumber_unique {
+ my ($self) = @_;
+
+ my %cfg;
+ if ($self->is_vendor()) {
+ %cfg = (should_check => $::instance_conf->get_vendor_ustid_taxnummer_unique,
+ manager_class => 'SL::DB::Manager::Vendor',
+ err_ustid => t8('A vendor with the same VAT ID already exists.'),
+ err_taxnumber => t8('A vendor with the same taxnumber already exists.'),
+ );
+
+ } elsif ($self->is_customer()) {
+ %cfg = (should_check => $::instance_conf->get_customer_ustid_taxnummer_unique,
+ manager_class => 'SL::DB::Manager::Customer',
+ err_ustid => t8('A customer with the same VAT ID already exists.'),
+ err_taxnumber => t8('A customer with the same taxnumber already exists.'),
+ );
+
+ } else {
+ return;
+ }
+
+ my @errors;
+
+ if ($cfg{should_check}) {
+ my $do_clean_taxnumber = sub { my $n = $_[0]; $n //= ''; $n =~ s{[[:space:].-]+}{}g; return $n};
+
+ my $clean_ustid = SL::VATIDNr->clean($self->{cv}->ustid);
+ my $clean_taxnumber = $do_clean_taxnumber->($self->{cv}->taxnumber);
+
+ if (!($clean_ustid || $clean_taxnumber)) {
+ return t8('VAT ID and/or taxnumber must be given.');
+
+ } else {
+ my $clean_number = $clean_ustid;
+ if ($clean_number) {
+ my $entries = $cfg{manager_class}->get_all(query => ['!id' => $self->{cv}->id, '!ustid' => undef, '!ustid' => ''], select => ['ustid'], distinct => 1);
+ if (any { $clean_number eq SL::VATIDNr->clean($_->ustid) } @$entries) {
+ push @errors, $cfg{err_ustid};
+ }
+ }
+
+ $clean_number = $clean_taxnumber;
+ if ($clean_number) {
+ my $entries = $cfg{manager_class}->get_all(query => ['!id' => $self->{cv}->id, '!taxnumber' => undef, '!taxnumber' => ''], select => ['taxnumber'], distinct => 1);
+ if (any { $clean_number eq $do_clean_taxnumber->($_->taxnumber) } @$entries) {
+ push @errors, $cfg{err_taxnumber};
+ }
+ }
+ }
+ }
+
+ return join "\n", @errors if @errors;
+ return;
+}
+
sub _save {
my ($self) = @_;
}
}
+ my $ustid_taxnumber_error = $self->_check_ustid_taxnumber_unique;
+ $::form->error($ustid_taxnumber_error) if $ustid_taxnumber_error;
+
$self->{cv}->save(cascade => 1);
SL::DB::Greeting->new(description => $self->{cv}->greeting)->save if $save_greeting;
if (1 == scalar @{ $exact_matches = $manager->get_all(
query => [
obsolete => 0,
- (salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
or => [
name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
$number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
}
}
-sub _check_customer_vendor_all_edit {
- my ($self) = @_;
+sub _may_access_action {
+ my ($self, $action) = @_;
- unless ($::auth->assert('customer_vendor_all_edit', 1)) {
- die($::locale->text("You don't have the rights to edit this customer.") . "\n")
- if $self->{cv}->is_customer and
- SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
- };
-};
+ my $is_new = !$self->{cv} || !$self->{cv}->id;
+ my $is_own_customer = !$is_new
+ && $self->{cv}->is_customer
+ && (SL::DB::Manager::Employee->current->id == $self->{cv}->salesman_id);
+ my $has_edit_rights = $::auth->assert('customer_vendor_all_edit', 1);
+ $has_edit_rights ||= $::auth->assert('customer_vendor_edit', 1) && ($is_new || $is_own_customer);
+ my $needs_edit_rights = $action =~ m{^(?:add|save|delete|update)};
+
+ $self->user_has_edit_rights($has_edit_rights);
+
+ return 1 if $has_edit_rights;
+ return 0 if $needs_edit_rights;
+ return 1;
+}
+
+sub _check_auth {
+ my ($self, $action) = @_;
+
+ if (!$self->_may_access_action($action)) {
+ $::auth->deny_access;
+ }
+}
sub _create_customer_vendor {
my ($self) = @_;
sub _setup_form_action_bar {
my ($self) = @_;
+ my $no_rights = $self->user_has_edit_rights ? undef
+ : $self->{cv}->is_customer ? t8("You don't have the rights to edit this customer.")
+ : t8("You don't have the rights to edit this vendor.");
+
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
combobox => [
submit => [ '#form', { action => "CustomerVendor/save" } ],
checks => [ 'check_taxzone_and_ustid' ],
accesskey => 'enter',
+ disabled => $no_rights,
],
action => [
t8('Save and Close'),
submit => [ '#form', { action => "CustomerVendor/save_and_close" } ],
checks => [ 'check_taxzone_and_ustid' ],
+ disabled => $no_rights,
],
], # end of combobox "Save"
t8('Save and AP Transaction'),
submit => [ '#form', { action => "CustomerVendor/save_and_ap_transaction" } ],
checks => [ 'check_taxzone_and_ustid' ],
+ disabled => $no_rights,
]) x !!$self->is_vendor,
(action => [
t8('Save and AR Transaction'),
submit => [ '#form', { action => "CustomerVendor/save_and_ar_transaction" } ],
checks => [ 'check_taxzone_and_ustid' ],
+ disabled => $no_rights,
]) x !$self->is_vendor,
action => [
t8('Save and Invoice'),
submit => [ '#form', { action => "CustomerVendor/save_and_invoice" } ],
checks => [ 'check_taxzone_and_ustid' ],
+ disabled => $no_rights,
],
action => [
t8('Save and Order'),
submit => [ '#form', { action => "CustomerVendor/save_and_order" } ],
checks => [ 'check_taxzone_and_ustid' ],
+ disabled => $no_rights,
],
(action => [
t8('Save and RFQ'),
submit => [ '#form', { action => "CustomerVendor/save_and_rfq" } ],
checks => [ 'check_taxzone_and_ustid' ],
+ disabled => $no_rights,
]) x !!$self->is_vendor,
(action => [
t8('Save and Quotation'),
submit => [ '#form', { action => "CustomerVendor/save_and_quotation" } ],
checks => [ 'check_taxzone_and_ustid' ],
+ disabled => $no_rights,
]) x !$self->is_vendor,
], # end of combobox "Workflow"
confirm => t8('Do you really want to delete this object?'),
disabled => !$self->{cv}->id ? t8('This object has not been saved yet.')
: !$self->is_orphaned ? t8('This object has already been used.')
- : undef,
+ : $no_rights,
],
'separator',
},
customernumber => t8('Customer Number'),
},
- query => [
- ( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
- ],
);
}