# $locale->text('Nov')
# $locale->text('Dec')
+sub _may_view_or_edit_this_invoice {
+ return 1 if $::auth->assert('ap_transactions', 1); # may edit all invoices
+ return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
+ return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
+ return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
+}
+
+sub _assert_access {
+ my $cache = $::request->cache('ap.pl::_assert_access');
+
+ $cache->{_may_view_or_edit_this_invoice} = _may_view_or_edit_this_invoice() if !exists $cache->{_may_view_or_edit_this_invoice};
+ $::form->show_generic_error($::locale->text("You do not have the permissions to access this function.")) if ! $cache->{_may_view_or_edit_this_invoice};
+}
+
sub load_record_template {
$::auth->assert('ap_transactions');
sub edit {
$main::lxdebug->enter_sub();
- my $form = $main::form;
+ # Delay access check to after the invoice's been loaded in
+ # "create_links" so that project-specific invoice rights can be
+ # evaluated.
- $main::auth->assert('ap_transactions');
+ my $form = $main::form;
$form->{title} = "Edit";
sub display_form {
$main::lxdebug->enter_sub();
- my $form = $main::form;
+ _assert_access();
- $main::auth->assert('ap_transactions');
+ my $form = $main::form;
# get all files stored in the webdav folder
if ($form->{invnumber} && $::instance_conf->get_webdav) {
sub create_links {
$main::lxdebug->enter_sub();
+ # Delay access check to after the invoice's been loaded so that
+ # project-specific invoice rights can be evaluated.
+
my %params = @_;
my $form = $main::form;
my %myconfig = %main::myconfig;
- $main::auth->assert('ap_transactions');
-
$form->create_links("AP", \%myconfig, "vendor");
+
+ _assert_access();
+
my %saved;
if (!$params{dont_save}) {
%saved = map { ($_ => $form->{$_}) } qw(direct_debit taxincluded);
$form->{$_} = $saved{$_} for keys %saved;
$form->{rowcount} = 1;
- $form->{AP_chart_id} = $form->{acc_trans} && $form->{acc_trans}->{AP} ? $form->{acc_trans}->{AP}->[0]->{chart_id} : $form->{AP_links}->{AP}->[0]->{chart_id};
+ $form->{AP_chart_id} = $form->{acc_trans} && $form->{acc_trans}->{AP} ? $form->{acc_trans}->{AP}->[0]->{chart_id} : $::instance_conf->get_ap_chart_id || $form->{AP_links}->{AP}->[0]->{chart_id};
# build the popup menus
$form->{taxincluded} = ($form->{id}) ? $form->{taxincluded} : "checked";
sub form_header {
$main::lxdebug->enter_sub();
+ _assert_access();
+
my $form = $main::form;
my %myconfig = %main::myconfig;
my $locale = $main::locale;
my $cgi = $::request->{cgi};
- $main::auth->assert('ap_transactions');
-
$::form->{invoice_obj} = SL::DB::PurchaseInvoice->new(id => $::form->{id})->load if $::form->{id};
$form->{initial_focus} = !($form->{amount_1} * 1) ? 'vendor_id' : 'row_' . $form->{rowcount};
@{ $form->{ALL_CHARTS} }
);
- $form->{ALL_DEPARTMENTS} = SL::DB::Manager::Department->get_all;
+ $form->{ALL_DEPARTMENTS} = SL::DB::Manager::Department->get_all_sorted;
my %project_labels = ();
foreach my $item (@{ $form->{"ALL_PROJECTS"} }) {
my $follow_up_vc = $form->{vendor_id} ? SL::DB::Vendor->load_cached($form->{vendor_id})->name : '';
my $follow_up_trans_info = "$form->{invnumber} ($follow_up_vc)";
- $::request->layout->add_javascripts("autocomplete_chart.js", "autocomplete_customer.js", "show_vc_details.js", "show_history.js", "follow_up.js", "kivi.Draft.js", "kivi.GL.js", "kivi.RecordTemplate.js", "kivi.File.js", "kivi.AP.js");
+ $::request->layout->add_javascripts("autocomplete_chart.js", "show_vc_details.js", "show_history.js", "follow_up.js", "kivi.Draft.js", "kivi.GL.js", "kivi.RecordTemplate.js", "kivi.File.js", "kivi.AP.js", "kivi.CustomerVendor.js", "kivi.Validator.js");
my $transdate = $::form->{transdate} ? DateTime->from_kivitendo($::form->{transdate}) : DateTime->today_local;
my $first_taxchart;
sub form_footer {
$::lxdebug->enter_sub;
- $::auth->assert('ap_transactions');
+
+ _assert_access();
my $num_due;
my $num_follow_ups;
my ($inline) = @_;
# check if there is a vendor, invoice, due date and invnumber
- $form->isblank("transdate", $locale->text("Invoice Date missing!"));
- $form->isblank("duedate", $locale->text("Due Date missing!"));
- $form->isblank("vendor_id", $locale->text('Vendor missing!'));
- $form->isblank("invnumber", $locale->text('Invoice Number missing!'));
+ $form->isblank("transdate", $locale->text("Invoice Date missing!"));
+ $form->isblank("duedate", $locale->text("Due Date missing!"));
+ $form->isblank("vendor_id", $locale->text('Vendor missing!'));
+ $form->isblank("invnumber", $locale->text('Invoice Number missing!'));
+ $form->isblank("AP_chart_id", $locale->text('No contra account selected!'));
if ($myconfig{mandatory_departments} && !$form->{department_id}) {
$form->{saved_message} = $::locale->text('You have to specify a department.');
# no restore_from_session_id needed. we like to have a newly generated
# list of invoices for bank transactions
print $form->redirect_header($form->{callback}) if ($form->{callback} =~ /BankTransaction/);
- $form->redirect($locale->text('AP transaction posted.')) unless $inline;
+ $form->redirect($locale->text('AP transaction posted.') . ' ' . $locale->text('ID') . ': ' . $form->{id}) unless $inline;
+ # TODO Add callback/return flag in myconfig
+ # With version 3.5 we can add documents, but only after posting. there should be a flag in myconfig for the user
+ # $form->{callback} ||= 'ap.pl?action=edit&id=' . $form->{id} if $myconfig{no_reset_arap};
+
} else {
$form->error($locale->text('Cannot post transaction!'));
}
sub search {
$main::lxdebug->enter_sub();
- $main::auth->assert('vendor_invoice_edit');
-
my $form = $main::form;
my %myconfig = %main::myconfig;
my $locale = $main::locale;
my %myconfig = %main::myconfig;
my $locale = $main::locale;
- $main::auth->assert('vendor_invoice_edit');
-
report_generator_set_default_sort('transdate', 1);
AP->ap_transactions(\%myconfig, \%$form);
action => [
$::locale->text('Search'),
submit => [ '#form', { action => "ap_transactions" } ],
+ checks => [ 'kivi.validate_form' ],
accesskey => 'enter',
],
);
}
+ $::request->layout->add_javascripts('kivi.Validator.js');
}
sub setup_ap_transactions_action_bar {
- my %params = @_;
+ my %params = @_;
+ my $may_edit_create = $::auth->assert('vendor_invoice_edit', 1);
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
action => [ t8('Add') ],
link => [
t8('Purchase Invoice'),
- link => [ 'ir.pl?action=add' ],
+ link => [ 'ir.pl?action=add' ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
+
],
link => [
t8('AP Transaction'),
- link => [ 'ap.pl?action=add' ],
+ link => [ 'ap.pl?action=add' ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
], # end of combobox "Add"
);
my $is_storno = IS->is_storno(\%::myconfig, $::form, 'ap', $::form->{id});
my $has_storno = IS->has_storno(\%::myconfig, $::form, 'ap');
+ my $may_edit_create = $::auth->assert('vendor_invoice_edit', 1);
+
+ my $has_sepa_exports;
+
+ if ($::form->{id}) {
+ my $invoice = SL::DB::Manager::PurchaseInvoice->find_by(id => $::form->{id});
+ $has_sepa_exports = 1 if ($invoice->find_sepa_export_items()->[0]);
+ }
+
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
action => [
t8('Update'),
submit => [ '#form', { action => "update" } ],
id => 'update_button',
+ checks => [ 'kivi.validate_form' ],
accesskey => 'enter',
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.') : undef,
],
combobox => [
action => [
t8('Post'),
submit => [ '#form', { action => "post" } ],
- checks => [ 'kivi.AP.check_fields_before_posting' ],
- disabled => $is_closed ? t8('The billing period has already been locked.')
+ checks => [ 'kivi.validate_form', 'kivi.AP.check_fields_before_posting', 'kivi.AP.check_duplicate_invnumber' ],
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.')
+ : $is_closed ? t8('The billing period has already been locked.')
: $is_storno ? t8('A canceled invoice cannot be posted.')
: ($::form->{id} && $change_never) ? t8('Changing invoices has been disabled in the configuration.')
: ($::form->{id} && $change_on_same_day_only) ? t8('Invoices can only be changed on the day they are posted.')
action => [
t8('Post Payment'),
submit => [ '#form', { action => "post_payment" } ],
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef,
+ checks => [ 'kivi.validate_form' ],
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : undef,
],
action => [ t8('Mark as paid'),
submit => [ '#form', { action => "mark_as_paid" } ],
confirm => t8('This will remove the invoice from showing as unpaid even if the unpaid amount does not match the amount. Proceed?'),
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : undef,
only_if => $::instance_conf->get_is_show_mark_as_paid,
],
], # end of combobox "Post"
combobox => [
action => [ t8('Storno'),
submit => [ '#form', { action => "storno" } ],
- checks => [ 'kivi.AP.check_fields_before_posting' ],
+ checks => [ 'kivi.validate_form', 'kivi.AP.check_fields_before_posting' ],
confirm => t8('Do you really want to cancel this invoice?'),
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.')
- : $has_storno ? t8('This invoice has been canceled already.')
- : $is_storno ? t8('Reversal invoices cannot be canceled.')
- : $::form->{totalpaid} ? t8('Invoices with payments cannot be canceled.')
- : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : $has_storno ? t8('This invoice has been canceled already.')
+ : $is_storno ? t8('Reversal invoices cannot be canceled.')
+ : $::form->{totalpaid} ? t8('Invoices with payments cannot be canceled.')
+ : $has_sepa_exports ? t8('This invoice has been linked with a sepa export, undo this first.')
+ : undef,
],
action => [ t8('Delete'),
submit => [ '#form', { action => "delete" } ],
confirm => t8('Do you really want to delete this object?'),
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.')
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
: $change_never ? t8('Changing invoices has been disabled in the configuration.')
: $change_on_same_day_only ? t8('Invoices can only be changed on the day they are posted.')
: $has_storno ? t8('This invoice has been canceled already.')
: $is_closed ? t8('The billing period has already been locked.')
+ : $has_sepa_exports ? t8('This invoice has been linked with a sepa export, undo this first.')
: undef,
],
], # end of combobox "Storno"
action => [
t8('Use As New'),
submit => [ '#form', { action => "use_as_new" } ],
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef,
+ checks => [ 'kivi.validate_form' ],
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : undef,
],
], # end of combobox "Workflow"
],
action => [
t8('Record templates'),
- call => [ 'kivi.RecordTemplate.popup', 'ap_transaction' ],
+ call => [ 'kivi.RecordTemplate.popup', 'ap_transaction' ],
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.') : undef,
],
action => [
t8('Drafts'),
call => [ 'kivi.Draft.popup', 'ap', 'invoice', $::form->{draft_id}, $::form->{draft_description} ],
- disabled => $::form->{id} ? t8('This invoice has already been posted.')
- : $is_closed ? t8('The billing period has already been locked.')
- : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AP transaction.')
+ : $::form->{id} ? t8('This invoice has already been posted.')
+ : $is_closed ? t8('The billing period has already been locked.')
+ : undef,
],
], # end of combobox "more"
);
}
+ $::request->layout->add_javascripts('kivi.Validator.js');
}