X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FController%2FCustomerVendor.pm;h=54702844fb0c96016dd9682a187a24fc6eba2963;hb=e5c8056bdb9276b3ad4ac8a700562216f09e6cc7;hp=8b10f2ca3c5ad3dd4c7bc11826662dfea6cbdb0c;hpb=ac7caac13e4a18ee4e2aa3f5f43882a3f3d79299;p=kivitendo-erp.git

diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm
index 8b10f2ca3..54702844f 100644
--- a/SL/Controller/CustomerVendor.pm
+++ b/SL/Controller/CustomerVendor.pm
@@ -10,7 +10,9 @@ use SL::DBUtils;
 use SL::Helper::Flash;
 use SL::Locale::String;
 use SL::Util qw(trim);
+use SL::VATIDNr;
 use SL::Webdav;
+use SL::ZUGFeRD;
 use SL::Controller::Helper::GetModels;
 use SL::Controller::Helper::ReportGenerator;
 use SL::Controller::Helper::ParseFilter;
@@ -40,16 +42,11 @@ use SL::DB::Order;
 use Data::Dumper;
 
 use Rose::Object::MakeMethods::Generic (
-  'scalar --get_set_init' => [ qw(customer_models vendor_models) ],
+  scalar                  => [ qw(user_has_edit_rights) ],
+  'scalar --get_set_init' => [ qw(customer_models vendor_models zugferd_settings) ],
 );
 
 # safety
-__PACKAGE__->run_before(
-  sub {
-    $::auth->assert('customer_vendor_edit');
-  },
-  except => [ qw(ajaj_autocomplete) ],
-);
 __PACKAGE__->run_before(
   '_instantiate_args',
   only => [
@@ -80,26 +77,7 @@ __PACKAGE__->run_before(
 );
 
 # make sure this comes after _load_customer_vendor
-__PACKAGE__->run_before(
-  '_check_customer_vendor_all_edit',
-  only => [
-    'edit',
-    'show',
-    'update',
-    'delete',
-    'save',
-    'save_and_ap_transaction',
-    'save_and_ar_transaction',
-    'save_and_close',
-    'save_and_invoice',
-    'save_and_order',
-    'save_and_quotation',
-    'save_and_rfq',
-    'delete',
-    'delete_contact',
-    'delete_shipto',
-  ]
-);
+__PACKAGE__->run_before('_check_auth');
 
 __PACKAGE__->run_before(
   '_create_customer_vendor',
@@ -115,7 +93,11 @@ sub action_add {
   my ($self) = @_;
 
   $self->_pre_render();
-  $self->{cv}->assign_attributes(hourly_rate => $::instance_conf->get_customer_hourly_rate) if $self->{cv}->is_customer;
+
+  if ($self->{cv}->is_customer) {
+    $self->{cv}->assign_attributes(hourly_rate => $::instance_conf->get_customer_hourly_rate);
+    $self->{cv}->salesman_id(SL::DB::Manager::Employee->current->id) if !$::auth->assert('customer_vendor_all_edit', 1);
+  }
 
   $self->render(
     'customer_vendor/form',
@@ -151,6 +133,62 @@ sub action_show {
   }
 }
 
+sub _check_ustid_taxnumber_unique {
+  my ($self) = @_;
+
+  my %cfg;
+  if ($self->is_vendor()) {
+    %cfg = (should_check  => $::instance_conf->get_vendor_ustid_taxnummer_unique,
+            manager_class => 'SL::DB::Manager::Vendor',
+            err_ustid     => t8('A vendor with the same VAT ID already exists.'),
+            err_taxnumber => t8('A vendor with the same taxnumber already exists.'),
+    );
+
+  } elsif ($self->is_customer()) {
+    %cfg = (should_check  => $::instance_conf->get_customer_ustid_taxnummer_unique,
+            manager_class => 'SL::DB::Manager::Customer',
+            err_ustid     => t8('A customer with the same VAT ID already exists.'),
+            err_taxnumber => t8('A customer with the same taxnumber already exists.'),
+    );
+
+  } else {
+    return;
+  }
+
+  my @errors;
+
+  if ($cfg{should_check}) {
+    my $do_clean_taxnumber = sub { my $n = $_[0]; $n //= ''; $n =~ s{[[:space:].-]+}{}g; return $n};
+
+    my $clean_ustid     = SL::VATIDNr->clean($self->{cv}->ustid);
+    my $clean_taxnumber = $do_clean_taxnumber->($self->{cv}->taxnumber);
+
+    if (!($clean_ustid || $clean_taxnumber)) {
+      return t8('VAT ID and/or taxnumber must be given.');
+
+    } else {
+      my $clean_number = $clean_ustid;
+      if ($clean_number) {
+        my $entries = $cfg{manager_class}->get_all(query => ['!id' => $self->{cv}->id, '!ustid' => undef, '!ustid' => ''], select => ['ustid'], distinct => 1);
+        if (any { $clean_number eq SL::VATIDNr->clean($_->ustid) } @$entries) {
+          push @errors, $cfg{err_ustid};
+        }
+      }
+
+      $clean_number = $clean_taxnumber;
+      if ($clean_number) {
+        my $entries = $cfg{manager_class}->get_all(query => ['!id' => $self->{cv}->id, '!taxnumber' => undef, '!taxnumber' => ''], select => ['taxnumber'], distinct => 1);
+        if (any { $clean_number eq $do_clean_taxnumber->($_->taxnumber) } @$entries) {
+          push @errors, $cfg{err_taxnumber};
+        }
+      }
+    }
+  }
+
+  return join "\n", @errors if @errors;
+  return;
+}
+
 sub _save {
   my ($self) = @_;
 
@@ -204,6 +242,9 @@ sub _save {
       }
     }
 
+    my $ustid_taxnumber_error = $self->_check_ustid_taxnumber_unique;
+    $::form->error($ustid_taxnumber_error) if $ustid_taxnumber_error;
+
     $self->{cv}->save(cascade => 1);
 
     SL::DB::Greeting->new(description => $self->{cv}->greeting)->save if $save_greeting;
@@ -655,7 +696,6 @@ sub action_ajaj_autocomplete {
     if (1 == scalar @{ $exact_matches = $manager->get_all(
       query => [
         obsolete => 0,
-        (salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
         or => [
           name    => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
           $number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} },
@@ -911,15 +951,31 @@ sub _load_customer_vendor {
   }
 }
 
-sub _check_customer_vendor_all_edit {
-  my ($self) = @_;
+sub _may_access_action {
+  my ($self, $action)   = @_;
 
-  unless ($::auth->assert('customer_vendor_all_edit', 1)) {
-    die($::locale->text("You don't have the rights to edit this customer.") . "\n")
-      if $self->{cv}->is_customer and
-         SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
-  };
-};
+  my $is_new            = !$self->{cv} || !$self->{cv}->id;
+  my $is_own_customer   = !$is_new
+                       && $self->{cv}->is_customer
+                       && (SL::DB::Manager::Employee->current->id == $self->{cv}->salesman_id);
+  my $has_edit_rights   = $::auth->assert('customer_vendor_all_edit', 1);
+  $has_edit_rights    ||= $::auth->assert('customer_vendor_edit',     1) && ($is_new || $is_own_customer);
+  my $needs_edit_rights = $action =~ m{^(?:add|save|delete|update)};
+
+  $self->user_has_edit_rights($has_edit_rights);
+
+  return 1 if $has_edit_rights;
+  return 0 if $needs_edit_rights;
+  return 1;
+}
+
+sub _check_auth {
+  my ($self, $action) = @_;
+
+  if (!$self->_may_access_action($action)) {
+    $::auth->deny_access;
+  }
+}
 
 sub _create_customer_vendor {
   my ($self) = @_;
@@ -1074,6 +1130,10 @@ sub _pre_render {
 sub _setup_form_action_bar {
   my ($self) = @_;
 
+  my $no_rights = $self->user_has_edit_rights ? undef
+                : $self->{cv}->is_customer    ? t8("You don't have the rights to edit this customer.")
+                :                               t8("You don't have the rights to edit this vendor.");
+
   for my $bar ($::request->layout->get('actionbar')) {
     $bar->add(
       combobox => [
@@ -1082,11 +1142,13 @@ sub _setup_form_action_bar {
           submit    => [ '#form', { action => "CustomerVendor/save" } ],
           checks    => [ 'check_taxzone_and_ustid' ],
           accesskey => 'enter',
+          disabled  => $no_rights,
         ],
         action => [
           t8('Save and Close'),
           submit => [ '#form', { action => "CustomerVendor/save_and_close" } ],
           checks => [ 'check_taxzone_and_ustid' ],
+          disabled => $no_rights,
         ],
       ], # end of combobox "Save"
 
@@ -1096,31 +1158,37 @@ sub _setup_form_action_bar {
           t8('Save and AP Transaction'),
           submit => [ '#form', { action => "CustomerVendor/save_and_ap_transaction" } ],
           checks => [ 'check_taxzone_and_ustid' ],
+          disabled => $no_rights,
         ]) x !!$self->is_vendor,
         (action => [
           t8('Save and AR Transaction'),
           submit => [ '#form', { action => "CustomerVendor/save_and_ar_transaction" } ],
           checks => [ 'check_taxzone_and_ustid' ],
+          disabled => $no_rights,
         ]) x !$self->is_vendor,
         action => [
           t8('Save and Invoice'),
           submit => [ '#form', { action => "CustomerVendor/save_and_invoice" } ],
           checks => [ 'check_taxzone_and_ustid' ],
+          disabled => $no_rights,
         ],
         action => [
           t8('Save and Order'),
           submit => [ '#form', { action => "CustomerVendor/save_and_order" } ],
           checks => [ 'check_taxzone_and_ustid' ],
+          disabled => $no_rights,
         ],
         (action => [
           t8('Save and RFQ'),
           submit => [ '#form', { action => "CustomerVendor/save_and_rfq" } ],
           checks => [ 'check_taxzone_and_ustid' ],
+          disabled => $no_rights,
         ]) x !!$self->is_vendor,
         (action => [
           t8('Save and Quotation'),
           submit => [ '#form', { action => "CustomerVendor/save_and_quotation" } ],
           checks => [ 'check_taxzone_and_ustid' ],
+          disabled => $no_rights,
         ]) x !$self->is_vendor,
       ], # end of combobox "Workflow"
 
@@ -1130,7 +1198,7 @@ sub _setup_form_action_bar {
         confirm  => t8('Do you really want to delete this object?'),
         disabled => !$self->{cv}->id    ? t8('This object has not been saved yet.')
                   : !$self->is_orphaned ? t8('This object has already been used.')
-                  :                       undef,
+                  :                       $no_rights,
       ],
 
       'separator',
@@ -1213,9 +1281,6 @@ sub init_customer_models {
       },
       customernumber => t8('Customer Number'),
     },
-    query => [
-     ( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1),
-    ],
   );
 }
 
@@ -1235,6 +1300,13 @@ sub init_vendor_models {
   );
 }
 
+sub init_zugferd_settings {
+  return [
+    [ -1, t8('Use settings from client configuration') ],
+    @SL::ZUGFeRD::customer_settings,
+  ],
+}
+
 sub _new_customer_vendor_object {
   my ($self) = @_;