X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FController%2FCustomerVendor.pm;h=1eea8a289e403f1a18b40e1185db72d3f4c81b1b;hb=1f4bfe674284bdbaca1f74c1d8b2ab15628fe6ef;hp=5d60deb57e81765d99bec87cea53e6e073da7af2;hpb=01c084af1ab0f2fd98dfcb3a2d4c7fdf8af7a95f;p=kivitendo-erp.git

diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm
index 5d60deb57..1eea8a289 100644
--- a/SL/Controller/CustomerVendor.pm
+++ b/SL/Controller/CustomerVendor.pm
@@ -61,6 +61,29 @@ __PACKAGE__->run_before(
     'ajaj_get_contact',
   ]
 );
+
+# make sure this comes after _load_customer_vendor
+__PACKAGE__->run_before(
+  '_check_customer_vendor_all_edit',
+  only => [
+    'edit',
+    'show',
+    'update',
+    'delete',
+    'save',
+    'save_and_ap_transaction',
+    'save_and_ar_transaction',
+    'save_and_close',
+    'save_and_invoice',
+    'save_and_order',
+    'save_and_quotation',
+    'save_and_rfq',
+    'delete',
+    'delete_contact',
+    'delete_shipto',
+  ]
+);
+
 __PACKAGE__->run_before(
   '_create_customer_vendor',
   only => [
@@ -241,7 +264,6 @@ sub _transaction {
 
   $self->_save();
 
-  my $callback = $::form->escape($::form->{callback}, 1);
   my $name = $::form->escape($self->{cv}->name, 1);
   my $db = $self->is_vendor() ? 'vendor' : 'customer';
 
@@ -252,7 +274,7 @@ sub _transaction {
     $db .'_id' => $self->{cv}->id,
     $db        => $name,
     type       => $::form->{type},
-    callback   => $callback,
+    callback   => $::form->{callback},
   );
 
   print $::form->redirect_header($url);
@@ -513,7 +535,7 @@ sub action_ajaj_get_shipto {
         my $name = 'shipto'. $_;
         $name => $self->{shipto}->$name;
       }
-      qw(_id name department_1 department_2 street zipcode city country contact phone fax email)
+      qw(_id name department_1 department_2 street zipcode city gln country contact phone fax email)
     )
   };
 
@@ -803,6 +825,16 @@ sub _load_customer_vendor {
   }
 }
 
+sub _check_customer_vendor_all_edit {
+  my ($self) = @_;
+
+  unless ($::auth->assert('customer_vendor_all_edit', 1)) {
+    die($::locale->text("You don't have the rights to edit this customer.") . "\n")
+      if $self->{cv}->is_customer and
+         SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
+  };
+};
+
 sub _create_customer_vendor {
   my ($self) = @_;