X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAR.pm;h=db8a4aca706870c25634237e6ba60f35791f0306;hb=d58f0807a72e7a791cded47b057e5f20116ca13f;hp=e227eb6e1360c270f625132fc0a9e38ba2256dd3;hpb=2d4626f98c3ef03c52cadde9e7bcee2330b02cd9;p=kivitendo-erp.git diff --git a/SL/AR.pm b/SL/AR.pm index e227eb6e1..db8a4aca7 100644 --- a/SL/AR.pm +++ b/SL/AR.pm @@ -134,18 +134,19 @@ sub _post_transaction { $query = qq|UPDATE ar set invnumber = ?, ordnumber = ?, transdate = ?, customer_id = ?, - taxincluded = ?, amount = ?, duedate = ?, paid = ?, + taxincluded = ?, amount = ?, duedate = ?, deliverydate = ?, tax_point = ?, paid = ?, currency_id = (SELECT id FROM currencies WHERE name = ?), netamount = ?, notes = ?, department_id = ?, employee_id = ?, storno = ?, storno_id = ?, globalproject_id = ?, - direct_debit = ? + direct_debit = ?, transaction_description = ? WHERE id = ?|; my @values = ($form->{invnumber}, $form->{ordnumber}, conv_date($form->{transdate}), conv_i($form->{customer_id}), $form->{taxincluded} ? 't' : 'f', $form->{amount}, - conv_date($form->{duedate}), $form->{paid}, + conv_date($form->{duedate}), conv_date($form->{deliverydate}), conv_date($form->{tax_point}), $form->{paid}, $form->{currency}, $form->{netamount}, $form->{notes}, conv_i($form->{department_id}), conv_i($form->{employee_id}), $form->{storno} ? 't' : 'f', $form->{storno_id}, - conv_i($form->{globalproject_id}), $form->{direct_debit} ? 't' : 'f', conv_i($form->{id})); + conv_i($form->{globalproject_id}), $form->{direct_debit} ? 't' : 'f', $form->{transaction_description}, + conv_i($form->{id})); do_query($form, $dbh, $query, @values); # add individual transactions for AR, amount and taxes @@ -481,11 +482,13 @@ sub ar_transactions { my $query = qq|SELECT DISTINCT a.id, a.invnumber, a.ordnumber, a.cusordnumber, a.transdate, | . + qq| a.donumber, a.deliverydate, | . qq| a.duedate, a.netamount, a.amount, a.paid, | . qq| a.invoice, a.datepaid, a.notes, a.shipvia, | . qq| a.shippingpoint, a.storno, a.storno_id, a.globalproject_id, | . qq| a.marge_total, a.marge_percent, | . qq| a.transaction_description, a.direct_debit, | . + qq| a.type, | . qq| pr.projectnumber AS globalprojectnumber, | . qq| c.name, c.customernumber, c.country, c.ustid, b.description as customertype, | . qq| c.id as customer_id, | . @@ -516,9 +519,46 @@ sub ar_transactions { my $where = "1 = 1"; - unless ( $::auth->assert('show_ar_transactions', 1) ) { - $where .= " AND NOT invoice = 'f' "; # remove ar transactions from Sales -> Reports -> Invoices - }; + # Permissions: + # - Always return invoices & AR transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say. + # - Exclude AR transactions if no permissions for them exist. + # - Limit to own invoices unless may edit all invoices or view invoices is allowed. + # - If may edit all or view invoices is allowed, allow filtering by employee/salesman. + my (@permission_where, @permission_values); + + if ($::auth->assert('invoice_edit', 1) || $::auth->assert('sales_invoice_view', 1)) { + if (!$::auth->assert('show_ar_transactions', 1) ) { + push @permission_where, "NOT invoice = 'f'"; # remove ar transactions from Sales -> Reports -> Invoices + } + + if (!$::auth->assert('sales_all_edit', 1) && !$::auth->assert('sales_invoice_view', 1)) { + # only show own invoices + push @permission_where, "a.employee_id = ?"; + push @permission_values, SL::DB::Manager::Employee->current->id; + + } else { + if ($form->{employee_id}) { + push @permission_where, "a.employee_id = ?"; + push @permission_values, conv_i($form->{employee_id}); + } + if ($form->{salesman_id}) { + push @permission_where, "a.salesman_id = ?"; + push @permission_values, conv_i($form->{salesman_id}); + } + } + } + + if (@permission_where || (!$::auth->assert('invoice_edit', 1) && !$::auth->assert('sales_invoice_view', 1))) { + my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : ""; + $where .= qq| + AND ( (a.globalproject_id IN ( + SELECT epi.project_id + FROM employee_project_invoices epi + WHERE epi.employee_id = ?)) + $permission_where_str) + |; + push @values, SL::DB::Manager::Employee->current->id, @permission_values; + } if ($form->{customer}) { $where .= " AND c.name ILIKE ?"; @@ -533,11 +573,11 @@ sub ar_transactions { $where .= " AND c.business_id = ?"; push(@values, $business_id); } - if ($form->{department_id}) { - $where .= " AND a.department_id = ?"; - push(@values, $form->{department_id}); + if ($form->{taxzone_id}) { + $where .= " AND a.taxzone_id = ?"; + push(@values, $form->{taxzone_id}); } - foreach my $column (qw(invnumber ordnumber cusordnumber notes transaction_description)) { + foreach my $column (qw(invnumber ordnumber cusordnumber notes transaction_description shipvia shippingpoint)) { if ($form->{$column}) { $where .= " AND a.$column ILIKE ?"; push(@values, like($form->{$column})); @@ -578,21 +618,6 @@ sub ar_transactions { } } - if (!$main::auth->assert('sales_all_edit', 1)) { - # only show own invoices - $where .= " AND a.employee_id = (select id from employee where login= ?)"; - push (@values, $::myconfig{login}); - } else { - if ($form->{employee_id}) { - $where .= " AND a.employee_id = ?"; - push @values, conv_i($form->{employee_id}); - } - if ($form->{salesman_id}) { - $where .= " AND a.salesman_id = ?"; - push @values, conv_i($form->{salesman_id}); - } - }; - if ($form->{parts_partnumber}) { $where .= <{parts_description}); } + if ($form->{show_not_mailed}) { + $where .= <{show_marked_as_closed}) { $query .= ' LEFT JOIN ( @@ -648,7 +685,7 @@ SQL my $sortdir = !defined $form->{sortdir} ? 'ASC' : $form->{sortdir} ? 'ASC' : 'DESC'; my $sortorder = join(', ', map { "$_ $sortdir" } @a); - if (grep({ $_ eq $form->{sort} } qw(id transdate duedate invnumber ordnumber cusordnumber name datepaid employee shippingpoint shipvia transaction_description))) { + if (grep({ $_ eq $form->{sort} } qw(id transdate duedate invnumber ordnumber cusordnumber donumber deliverydate name datepaid employee shippingpoint shipvia transaction_description department taxzone))) { $sortorder = $form->{sort} . " $sortdir"; }