use Rose::Object::MakeMethods::Generic
(
# scalar => [ qw() ],
- 'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees can_view_all) ],
+ 'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees can_view_all can_edit_all) ],
);
# safety
__PACKAGE__->run_before('check_auth');
+__PACKAGE__->run_before('check_auth_edit', only => [ qw(edit save delete) ]);
#
# actions
}
}
- $attributes{employee_id} = SL::DB::Manager::Employee->current->id;
+ # do not overwright staff member if you do not have the right
+ delete $attributes{staff_member_id} if !$_[0]->can_edit_all;
$attributes{staff_member_id} = SL::DB::Manager::Employee->current->id if $is_new;
+ $attributes{employee_id} = SL::DB::Manager::Employee->current->id;
+
$time_recording->assign_attributes(%attributes);
return $time_recording;
$::auth->assert('time_recording_show_all', 1) || $::auth->assert('time_recording_edit_all', 1)
}
+sub init_can_edit_all {
+ $::auth->assert('time_recording_edit_all', 1)
+}
+
sub init_models {
my ($self) = @_;
$::auth->assert('time_recording');
}
+sub check_auth_edit {
+ my ($self) = @_;
+
+ if (!$self->can_edit_all && ($self->time_recording->staff_member_id != SL::DB::Manager::Employee->current->id)) {
+ $::form->error(t8('You do not have permission to access this entry.'));
+ }
+}
+
sub prepare_report {
my ($self) = @_;
$report->set_options_from_form;
$self->models->disable_plugin('paginated') if $report->{options}{output_format} =~ /^(pdf|csv)$/i;
- #$self->models->add_additional_url_params();
+ $self->models->add_additional_url_params(filter => $::form->{filter});
$self->models->finalize;
$self->models->set_report_generator_sort_options(report => $report, sortable_columns => [keys %sort_columns]);
projects / kivitendo-erp.git / blobdiff