use SL::FU;
use SL::GL;
use SL::IS;
+use SL::DB::BankTransactionAccTrans;
use SL::DB::Business;
use SL::DB::Chart;
use SL::DB::Currency;
use SL::DB::Tax;
use SL::Helper::Flash qw(flash);
use SL::Locale::String qw(t8);
+use SL::Presenter::Tag;
+use SL::Presenter::Chart;
use SL::ReportGenerator;
require "bin/mozilla/common.pl";
# $locale->text('Nov')
# $locale->text('Dec')
+sub _may_view_or_edit_this_invoice {
+ return 1 if $::auth->assert('ar_transactions', 1); # may edit all invoices
+ return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
+ return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
+ return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
+}
+
+sub _assert_access {
+ my $cache = $::request->cache('ar.pl::_assert_access');
+
+ $cache->{_may_view_or_edit_this_invoice} = _may_view_or_edit_this_invoice() if !exists $cache->{_may_view_or_edit_this_invoice};
+ $::form->show_generic_error($::locale->text("You do not have the permissions to access this function.")) if ! $cache->{_may_view_or_edit_this_invoice};
+}
+
sub load_record_template {
$::auth->assert('ar_transactions');
sub edit {
$main::lxdebug->enter_sub();
- $main::auth->assert('ar_transactions');
+ # Delay access check to after the invoice's been loaded in
+ # "create_links" so that project-specific invoice rights can be
+ # evaluated.
my $form = $main::form;
sub display_form {
$main::lxdebug->enter_sub();
- $main::auth->assert('ar_transactions');
+ _assert_access();
my $form = $main::form;
sub create_links {
$main::lxdebug->enter_sub();
- $main::auth->assert('ar_transactions');
+ # Delay access check to after the invoice's been loaded so that
+ # project-specific invoice rights can be evaluated.
my %params = @_;
my $form = $main::form;
$form->create_links("AR", \%myconfig, "customer");
$form->{invoice_obj} = _retrieve_invoice_object();
+ _assert_access();
+
my %saved;
if (!$params{dont_save}) {
%saved = map { ($_ => $form->{$_}) } qw(direct_debit id taxincluded);
$form->{$_} = $saved{$_} for keys %saved;
$form->{rowcount} = 1;
- $form->{AR_chart_id} = $form->{acc_trans} && $form->{acc_trans}->{AR} ? $form->{acc_trans}->{AR}->[0]->{chart_id} : $form->{AR_links}->{AR}->[0]->{chart_id};
+ $form->{AR_chart_id} = $form->{acc_trans} && $form->{acc_trans}->{AR} ? $form->{acc_trans}->{AR}->[0]->{chart_id} : $::instance_conf->get_ar_chart_id || $form->{AR_links}->{AR}->[0]->{chart_id};
# currencies
$form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
sub form_header {
$main::lxdebug->enter_sub();
- $main::auth->assert('ar_transactions');
+ _assert_access();
my $form = $main::form;
my %myconfig = %main::myconfig;
my $selected_taxchart = $taxchart_to_use->id . '--' . $taxchart_to_use->rate;
$transaction->{selectAR_amount} =
- $::request->presenter->chart_picker("AR_amount_chart_id_$i", $amount_chart_id, style => "width: 400px", type => "AR_amount", class => ($form->{initial_focus} eq "row_$i" ? "initial_focus" : ""))
- . $::request->presenter->hidden_tag("previous_AR_amount_chart_id_$i", $amount_chart_id);
+ SL::Presenter::Chart::picker("AR_amount_chart_id_$i", $amount_chart_id, style => "width: 400px", type => "AR_amount", class => ($form->{initial_focus} eq "row_$i" ? "initial_focus" : ""))
+ . SL::Presenter::Tag::hidden_tag("previous_AR_amount_chart_id_$i", $amount_chart_id);
$transaction->{taxchart} =
NTI($cgi->popup_menu('-name' => "taxchart_$i",
sub form_footer {
$main::lxdebug->enter_sub();
- $main::auth->assert('ar_transactions');
+ _assert_access();
my $form = $main::form;
my %myconfig = %main::myconfig;
}
sub setup_ar_transactions_action_bar {
- my %params = @_;
+ my %params = @_;
+ my $may_edit_create = $::auth->assert('invoice_edit', 1);
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
action => [
$::locale->text('Print'),
call => [ 'kivi.MassInvoiceCreatePrint.showMassPrintOptionsOrDownloadDirectly' ],
- disabled => !$params{num_rows} ? $::locale->text('The report doesn\'t contain entries.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$params{num_rows} ? $::locale->text('The report doesn\'t contain entries.')
+ : undef,
],
combobox => [
action => [ $::locale->text('Create new') ],
action => [
$::locale->text('AR Transaction'),
- submit => [ '#create_new_form', { action => 'ar_transaction' } ],
+ submit => [ '#create_new_form', { action => 'ar_transaction' } ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
$::locale->text('Sales Invoice'),
- submit => [ '#create_new_form', { action => 'sales_invoice' } ],
+ submit => [ '#create_new_form', { action => 'sales_invoice' } ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
], # end of combobox "Create new"
);
sub search {
$main::lxdebug->enter_sub();
- $main::auth->assert('invoice_edit');
-
my $form = $main::form;
my %myconfig = %main::myconfig;
my $locale = $main::locale;
sub ar_transactions {
$main::lxdebug->enter_sub();
- $main::auth->assert('invoice_edit');
-
my $form = $main::form;
my %myconfig = %main::myconfig;
my $locale = $main::locale;
my @hidden_variables = map { "l_${_}" } @columns;
push @hidden_variables, "l_subtotal", qw(open closed customer invnumber ordnumber cusordnumber transaction_description notes project_id transdatefrom transdateto duedatefrom duedateto
- employee_id salesman_id business_id parts_partnumber parts_description department_id show_marked_as_closed);
+ employee_id salesman_id business_id parts_partnumber parts_description department_id show_marked_as_closed show_not_mailed);
push @hidden_variables, map { "cvar_$_->{name}" } @ct_searchable_custom_variables;
$href = build_std_url('action=ar_transactions', grep { $form->{$_} } @hidden_variables);
my %column_defs = (
- 'ids' => { raw_header_data => $::request->presenter->checkbox_tag("", id => "check_all", checkall => "[data-checkall=1]"), align => 'center' },
+ 'ids' => { raw_header_data => SL::Presenter::Tag::checkbox_tag("", id => "check_all", checkall => "[data-checkall=1]"), align => 'center' },
'transdate' => { 'text' => $locale->text('Date'), },
'id' => { 'text' => $locale->text('ID'), },
'type' => { 'text' => $locale->text('Type'), },
%column_defs_cvars,
);
- foreach my $name (qw(id transdate duedate invnumber ordnumber cusordnumber name datepaid employee shippingpoint shipvia transaction_description direct_debit)) {
+ foreach my $name (qw(id transdate duedate invnumber ordnumber cusordnumber name datepaid employee shippingpoint shipvia transaction_description direct_debit department)) {
my $sortdir = $form->{sort} eq $name ? 1 - $form->{sortdir} : $form->{sortdir};
$column_defs{$name}->{link} = $href . "&sort=$name&sortdir=$sortdir";
}
. "&id=" . E($ar->{id}) . "&callback=${callback}";
$row->{ids} = {
- raw_data => $::request->presenter->checkbox_tag("id[]", value => $ar->{id}, "data-checkall" => 1),
+ raw_data => SL::Presenter::Tag::checkbox_tag("id[]", value => $ar->{id}, "data-checkall" => 1),
valign => 'center',
align => 'center',
};
my $is_storno = IS->is_storno(\%::myconfig, $::form, 'ar', $::form->{id});
my $has_storno = IS->has_storno(\%::myconfig, $::form, 'ar');
+ my $may_edit_create = $::auth->assert('ar_transactions', 1);
+
+ my $is_linked_bank_transaction;
+ if ($::form->{id}
+ && SL::DB::Default->get->payments_changeable != 0
+ && SL::DB::Manager::BankTransactionAccTrans->find_by(ar_id => $::form->{id})) {
+ $is_linked_bank_transaction = 1;
+ }
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
action => [
submit => [ '#form', { action => "update" } ],
id => 'update_button',
checks => [ 'kivi.validate_form' ],
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.') : undef,
accesskey => 'enter',
],
t8('Post'),
submit => [ '#form', { action => "post" } ],
checks => [ 'kivi.validate_form', 'kivi.AR.check_fields_before_posting' ],
- disabled => $is_closed ? t8('The billing period has already been locked.')
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.')
+ : $is_closed ? t8('The billing period has already been locked.')
: $is_storno ? t8('A canceled invoice cannot be posted.')
: ($::form->{id} && $change_never) ? t8('Changing invoices has been disabled in the configuration.')
: ($::form->{id} && $change_on_same_day_only) ? t8('Invoices can only be changed on the day they are posted.')
+ : $is_linked_bank_transaction ? t8('This transaction is linked with a bank transaction. Please undo and redo the bank transaction booking if needed.')
: undef,
],
action => [
t8('Post Payment'),
submit => [ '#form', { action => "post_payment" } ],
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : $is_linked_bank_transaction ? t8('This transaction is linked with a bank transaction. Please undo and redo the bank transaction booking if needed.')
+ : undef,
],
action => [ t8('Mark as paid'),
submit => [ '#form', { action => "mark_as_paid" } ],
confirm => t8('This will remove the invoice from showing as unpaid even if the unpaid amount does not match the amount. Proceed?'),
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : undef,
only_if => $::instance_conf->get_is_show_mark_as_paid,
],
], # end of combobox "Post"
submit => [ '#form', { action => "storno" } ],
checks => [ 'kivi.validate_form', 'kivi.AR.check_fields_before_posting' ],
confirm => t8('Do you really want to cancel this invoice?'),
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.')
- : $has_storno ? t8('This invoice has been canceled already.')
- : $is_storno ? t8('Reversal invoices cannot be canceled.')
- : $::form->{totalpaid} ? t8('Invoices with payments cannot be canceled.')
- : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : $has_storno ? t8('This invoice has been canceled already.')
+ : $is_storno ? t8('Reversal invoices cannot be canceled.')
+ : $::form->{totalpaid} ? t8('Invoices with payments cannot be canceled.')
+ : undef,
],
action => [ t8('Delete'),
submit => [ '#form', { action => "delete" } ],
confirm => t8('Do you really want to delete this object?'),
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.')
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
: $change_never ? t8('Changing invoices has been disabled in the configuration.')
: $change_on_same_day_only ? t8('Invoices can only be changed on the day they are posted.')
: $is_closed ? t8('The billing period has already been locked.')
t8('Use As New'),
submit => [ '#form', { action => "use_as_new" } ],
checks => [ 'kivi.validate_form' ],
- disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.')
+ : !$::form->{id} ? t8('This invoice has not been posted yet.')
+ : undef,
],
], # end of combobox "Workflow"
],
action => [
t8('Record templates'),
- call => [ 'kivi.RecordTemplate.popup', 'ar_transaction' ],
+ call => [ 'kivi.RecordTemplate.popup', 'ar_transaction' ],
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.') : undef,
],
action => [
t8('Drafts'),
call => [ 'kivi.Draft.popup', 'ar', 'invoice', $::form->{draft_id}, $::form->{draft_description} ],
- disabled => $::form->{id} ? t8('This invoice has already been posted.')
- : $is_closed ? t8('The billing period has already been locked.')
- : undef,
+ disabled => !$may_edit_create ? t8('You must not change this AR transaction.')
+ : $::form->{id} ? t8('This invoice has already been posted.')
+ : $is_closed ? t8('The billing period has already been locked.')
+ : undef,
],
], # end of combobox "more"
);
projects / kivitendo-erp.git / blobdiff