X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FController%2FCustomerVendor.pm;h=1eea8a289e403f1a18b40e1185db72d3f4c81b1b;hb=eed856940a560915032452c19d98b88b1337f8bc;hp=f57c4b8bdd424774896ec3e83827b86e357f0591;hpb=a7177e631661ee3e6b74e24dc230571ab2b24837;p=kivitendo-erp.git diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm index f57c4b8bd..1eea8a289 100644 --- a/SL/Controller/CustomerVendor.pm +++ b/SL/Controller/CustomerVendor.pm @@ -61,6 +61,29 @@ __PACKAGE__->run_before( 'ajaj_get_contact', ] ); + +# make sure this comes after _load_customer_vendor +__PACKAGE__->run_before( + '_check_customer_vendor_all_edit', + only => [ + 'edit', + 'show', + 'update', + 'delete', + 'save', + 'save_and_ap_transaction', + 'save_and_ar_transaction', + 'save_and_close', + 'save_and_invoice', + 'save_and_order', + 'save_and_quotation', + 'save_and_rfq', + 'delete', + 'delete_contact', + 'delete_shipto', + ] +); + __PACKAGE__->run_before( '_create_customer_vendor', only => [ @@ -113,6 +136,18 @@ sub action_show { sub _save { my ($self) = @_; + my @errors = $self->{cv}->validate; + if (@errors) { + flash('error', @errors); + $self->_pre_render(); + $self->render( + 'customer_vendor/form', + title => ($self->is_vendor() ? t8('Edit Vendor') : t8('Edit Customer')), + %{$self->{template_args}} + ); + ::end_of_request(); + } + my $db = $self->{cv}->db; $db->do_transaction(sub { @@ -193,34 +228,23 @@ sub _save { sub action_save { my ($self) = @_; - if (!$self->{cv}->name) { - flash('error', t8('Customer missing!')); - $self->_pre_render(); - $self->render( - 'customer_vendor/form', - title => ($self->is_vendor() ? t8('Edit Vendor') : t8('Edit Customer')), - %{$self->{template_args}} - ); - } else { - - $self->_save(); - - my @redirect_params = ( - action => 'edit', - id => $self->{cv}->id, - db => ($self->is_vendor() ? 'vendor' : 'customer'), - ); + $self->_save(); - if ( $self->{contact}->cp_id ) { - push(@redirect_params, contact_id => $self->{contact}->cp_id); - } + my @redirect_params = ( + action => 'edit', + id => $self->{cv}->id, + db => ($self->is_vendor() ? 'vendor' : 'customer'), + ); - if ( $self->{shipto}->shipto_id ) { - push(@redirect_params, shipto_id => $self->{shipto}->shipto_id); - } + if ( $self->{contact}->cp_id ) { + push(@redirect_params, contact_id => $self->{contact}->cp_id); + } - $self->redirect_to(@redirect_params); + if ( $self->{shipto}->shipto_id ) { + push(@redirect_params, shipto_id => $self->{shipto}->shipto_id); } + + $self->redirect_to(@redirect_params); } sub action_save_and_close { @@ -240,7 +264,6 @@ sub _transaction { $self->_save(); - my $callback = $::form->escape($::form->{callback}, 1); my $name = $::form->escape($self->{cv}->name, 1); my $db = $self->is_vendor() ? 'vendor' : 'customer'; @@ -251,7 +274,7 @@ sub _transaction { $db .'_id' => $self->{cv}->id, $db => $name, type => $::form->{type}, - callback => $callback, + callback => $::form->{callback}, ); print $::form->redirect_header($url); @@ -493,7 +516,7 @@ sub action_get_delivery { LEFT JOIN oe ON (oe.ordnumber = ${arap}.ordnumber AND NOT ${arap}.ordnumber = '' - AND ". ($arap eq 'ar' ? 'oe.customer_id IS NOT NULL' : 'oe_vendor_id IS NOT NULL') ." ) + AND ". ($arap eq 'ar' ? 'oe.customer_id IS NOT NULL' : 'oe.vendor_id IS NOT NULL') ." ) ${where} ORDER BY ${arap}.transdate DESC LIMIT 15"; @@ -512,7 +535,7 @@ sub action_ajaj_get_shipto { my $name = 'shipto'. $_; $name => $self->{shipto}->$name; } - qw(_id name department_1 department_2 street zipcode city country contact phone fax email) + qw(_id name department_1 department_2 street zipcode city gln country contact phone fax email) ) }; @@ -596,6 +619,7 @@ sub action_ajaj_autocomplete { if (1 == scalar @{ $exact_matches = $manager->get_all( query => [ obsolete => 0, + (salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1), or => [ name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} }, $number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} }, @@ -611,7 +635,7 @@ sub action_ajaj_autocomplete { my @hashes = map { +{ - value => $_->name, + value => $_->displayable_name, label => $_->displayable_name, id => $_->id, $number => $_->$number, @@ -801,6 +825,16 @@ sub _load_customer_vendor { } } +sub _check_customer_vendor_all_edit { + my ($self) = @_; + + unless ($::auth->assert('customer_vendor_all_edit', 1)) { + die($::locale->text("You don't have the rights to edit this customer.") . "\n") + if $self->{cv}->is_customer and + SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id; + }; +}; + sub _create_customer_vendor { my ($self) = @_; @@ -953,11 +987,14 @@ sub init_customer_models { model => 'Customer', sorted => { _default => { - by => 'name', + by => 'customernumber', dir => 1, }, - name => t8('Name'), + customernumber => t8('Customer Number'), }, + query => [ + ( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1), + ], ); } @@ -969,10 +1006,10 @@ sub init_vendor_models { model => 'Vendor', sorted => { _default => { - by => 'name', + by => 'vendornumber', dir => 1, }, - name => t8('Name'), + vendornumber => t8('Vendor Number'), }, ); }