sub add {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
return $lxdebug->leave_sub() if (load_draft_maybe());
if ($form->{type} eq "credit_note") {
}
- $form->{callback} =
- "$form->{script}?action=add&type=$form->{type}&login=$form->{login}&password=$form->{password}"
- unless $form->{callback};
+ $form->{callback} = "$form->{script}?action=add&type=$form->{type}" unless $form->{callback};
$form{jsscript} = "date";
sub edit {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
# show history button
$form->{javascript} = qq|<script type="text/javascript" src="js/show_history.js"></script>|;
#/show hhistory button
sub invoice_links {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$form->{vc} = 'customer';
# create links
sub prepare_invoice {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
if ($form->{type} eq "credit_note") {
$form->{type} = "credit_note";
$form->{formname} = "credit_note";
sub form_header {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$form->{employee_id} = $form->{old_employee_id} if $form->{old_employee_id};
$form->{salesman_id} = $form->{old_salesman_id} if $form->{old_salesman_id};
}
}
- my $set_duedate_url = "$form->{script}?login=$form->{login}&password=$form->{password}&action=set_duedate";
+ my $set_duedate_url = "$form->{script}?action=set_duedate";
my $pjx = new CGI::Ajax( 'set_duedate' => $set_duedate_url );
push(@ { $form->{AJAX} }, $pjx);
$button2 = qq|
<td width="13"><input name="duedate" id="duedate" size="11" title="$myconfig{dateformat}" value="$form->{duedate}" onBlur=\"check_right_date_format(this)\">
<input type="button" name="duedate" id="trigger2" value="|
- . $locale->text('button') . qq|"></td></td>
+ . $locale->text('button') . qq|"></td>
|;
$button3 = qq|
<td width="13"><input name="deliverydate" id="deliverydate" size="11" title="$myconfig{dateformat}" value="$form->{deliverydate}" onBlur=\"check_right_date_format(this)\">
<input type="button" name="deliverydate" id="trigger3" value="|
- . $locale->text('button') . qq|"></td></td>
+ . $locale->text('button') . qq|"></td>
|;
#write Trigger
sub form_footer {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$form->{invtotal} = $form->{invsubtotal};
if (($rows = $form->numtextrows($form->{notes}, 26, 8)) < 2) {
| .
$cgi->hidden("-name" => "callback", "-value" => $form->{callback})
. $cgi->hidden('-name' => 'draft_id', '-default' => [$form->{draft_id}])
-. $cgi->hidden('-name' => 'draft_description', '-default' => [$form->{draft_description}]);
-map({ print $cgi->hidden("-name" => $_ , "-value" => $form->{$_});} qw(login password));
-print qq|
+. $cgi->hidden('-name' => 'draft_description', '-default' => [$form->{draft_description}])
+. qq|
</form>
</body>
sub mark_as_paid {
$lxdebug->enter_sub();
+
+ $auth->assert('invoice_edit');
+
&mark_as_paid_common(\%myconfig,"ar");
+
$lxdebug->leave_sub();
}
sub update {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
my ($recursive_call) = shift;
map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) } qw(exchangerate creditlimit creditremaining) unless $recursive_call;
sub post_payment {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
for $i (1 .. $form->{paidaccounts}) {
if ($form->{"paid_$i"}) {
sub post {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
$form->isblank("invdate", $locale->text('Invoice Date missing!'));
$form->isblank("customer", $locale->text('Customer missing!'));
sub print_and_post {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$old_form = new Form;
$print_post = 1;
$form->{print_and_post} = 1;
sub use_as_template {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
map { delete $form->{$_} } qw(printed emailed queued invnumber invdate deliverydate id datepaid_1 source_1 memo_1 paid_1 exchangerate_1 AP_paid_1 storno);
$form->{paidaccounts} = 1;
$form->{rowcount}--;
sub storno {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
if ($form->{storno}) {
$form->error($locale->text('Cannot storno storno invoice!'));
}
$form->error($locale->text("Invoice has already been storno'd!"));
}
- map({ my $key = $_; delete($form->{$key})
- unless (grep({ $key eq $_ } qw(login password id stylesheet type))); }
- keys(%{ $form }));
+ map({ my $key = $_; delete($form->{$key}) unless (grep({ $key eq $_ } qw(id login password stylesheet type))); } keys(%{ $form }));
invoice_links();
prepare_invoice();
sub preview {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$form->{preview} = 1;
$old_form = new Form;
for (keys %$form) { $old_form->{$_} = $form->{$_} }
sub delete {
$lxdebug->enter_sub();
+
+ $auth->assert('invoice_edit');
+
if ($form->{second_run}) {
$form->{print_and_post} = 0;
}
map { delete $form->{$_} } qw(action header);
foreach $key (keys %$form) {
+ next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
$form->{$key} =~ s/\"/"/g;
print qq|<input type="hidden" name="$key" value="$form->{$key}">\n|;
}
sub credit_note {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
$form->{transdate} = $form->{invdate} = $form->current_date(\%myconfig);
$form->{duedate} =
$form->current_date(\%myconfig, $form->{invdate}, $form->{terms} * 1);
sub yes {
$lxdebug->enter_sub();
+
+ $auth->assert('invoice_edit');
+
if (IS->delete_invoice(\%myconfig, \%$form, $spool)) {
# saving the history
if(!exists $form->{addition}) {
sub e_mail {
$lxdebug->enter_sub();
+ $auth->assert('invoice_edit');
+
if (!$form->{id}) {
$print_post = 1;
post();
- my %saved_vars;
- map({ $saved_vars{$_} = $form->{$_}; } qw(id invnumber));
- restore_form($saved_form);
- map({ $form->{$_} = $saved_vars{$_}; } qw(id invnumber));
+ restore_form($saved_form, 0, qw(id invnumber));
}
edit_e_mail();