X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FController%2FOrder.pm;h=43e8dc4eb1555e91fbc234f637feaaf7a7092aae;hb=5a07eafc9d215ad427e1d0e1f1682294703f45ce;hp=b14d764384ab7446861dedd257c35e564b565a75;hpb=4e5b5b9af6890d18732f658eb5875aabf8c4d760;p=kivitendo-erp.git diff --git a/SL/Controller/Order.pm b/SL/Controller/Order.pm index b14d76438..43e8dc4eb 100644 --- a/SL/Controller/Order.pm +++ b/SL/Controller/Order.pm @@ -56,6 +56,9 @@ use Rose::Object::MakeMethods::Generic # safety __PACKAGE__->run_before('check_auth'); +__PACKAGE__->run_before('check_auth_for_edit', + except => [ qw(edit show_customer_vendor_details_dialog price_popup load_second_rows) ]); + __PACKAGE__->run_before('recalc', only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_invoice_for_advance_payment save_and_final_invoice save_and_ap_transaction print send_email) ]); @@ -194,11 +197,19 @@ sub action_save { : ''; flash_later('info', $text); - my @redirect_params = ( - action => 'edit', - type => $self->type, - id => $self->order->id, - ); + my @redirect_params; + if ($::form->{back_to_caller}) { + @redirect_params = $::form->{callback} ? ($::form->{callback}) + : (controller => 'LoginScreen', action => 'user_login'); + + } else { + @redirect_params = ( + action => 'edit', + type => $self->type, + id => $self->order->id, + callback => $::form->{callback}, + ); + } $self->redirect_to(@redirect_params); } @@ -435,12 +446,16 @@ sub action_save_and_show_email_dialog { $user && !!trim($user->get_config_value('email')); } @{ SL::DB::Manager::Employee->get_all_sorted(query => [ deleted => 0 ]) }; + + my $all_partner_email_addresses = $self->order->customervendor->get_all_email_addresses(); + my $dialog_html = $self->render('common/_send_email_dialog', { output => 0 }, email_form => $email_form, show_bcc => $::auth->assert('email_bcc', 'may fail'), FILES => \%files, is_customer => $self->cv eq 'customer', ALL_EMPLOYEES => \@employees_with_email, + ALL_PARTNER_EMAIL_ADDRESSES => $all_partner_email_addresses, ); $self->js @@ -466,6 +481,12 @@ sub action_send_email { $self->js_reset_order_and_item_ids_after_save; my $email_form = delete $::form->{email_form}; + + if ($email_form->{additional_to}) { + $email_form->{to} = join ', ', grep { $_ } $email_form->{to}, @{$email_form->{additional_to}}; + delete $email_form->{additional_to}; + } + my %field_names = (to => 'email'); $::form->{ $field_names{$_} // $_ } = $email_form->{$_} for keys %{ $email_form }; @@ -1372,6 +1393,17 @@ sub init_part_picker_classification_ids { sub check_auth { my ($self) = @_; + my $right_for = { map { $_ => $_.'_edit' . ' | ' . $_.'_view' } @{$self->valid_types} }; + + my $right = $right_for->{ $self->type }; + $right ||= 'DOES_NOT_EXIST'; + + $::auth->assert($right); +} + +sub check_auth_for_edit { + my ($self) = @_; + my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; my $right = $right_for->{ $self->type }; @@ -1666,7 +1698,7 @@ sub new_item { sub setup_order_from_cv { my ($order) = @_; - $order->$_($order->customervendor->$_) for (qw(taxzone_id payment_id delivery_term_id currency_id)); + $order->$_($order->customervendor->$_) for (qw(taxzone_id payment_id delivery_term_id currency_id language_id)); $order->intnotes($order->customervendor->notes); @@ -1833,7 +1865,10 @@ sub workflow_sales_or_request_for_quotation { my $destination_type = $::form->{type} eq sales_order_type() ? sales_quotation_type() : request_quotation_type(); $self->order(SL::DB::Order->new_from($self->order, destination_type => $destination_type)); - $self->{converted_from_oe_id} = delete $::form->{id}; + delete $::form->{id}; + + # no linked records from order to quotations + delete $::form->{$_} for qw(converted_from_oe_id converted_from_orderitems_ids); # set item ids to new fake id, to identify them as new items foreach my $item (@{$self->order->items_sorted}) { @@ -1933,7 +1968,7 @@ sub pre_render { $self->{all_taxzones} = SL::DB::Manager::TaxZone->get_all_sorted(); $self->{all_currencies} = SL::DB::Manager::Currency->get_all_sorted(); $self->{all_departments} = SL::DB::Manager::Department->get_all_sorted(); - $self->{all_languages} = SL::DB::Manager::Language->get_all_sorted(); + $self->{all_languages} = SL::DB::Manager::Language->get_all_sorted( query => [ or => [ obsolete => 0, id => $self->order->language_id ] ] ); $self->{all_employees} = SL::DB::Manager::Employee->get_all(where => [ or => [ id => $self->order->employee_id, deleted => 0 ] ], sort_by => 'name'); @@ -2020,6 +2055,11 @@ sub setup_edit_action_bar { $has_final_invoice = any {'SL::DB::Invoice' eq ref $_ && "final_invoice" eq $_->type} @$lr; } + my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; + my $right = $right_for->{ $self->type }; + $right ||= 'DOES_NOT_EXIST'; + my $may_edit_create = $::auth->assert($right, 'may fail'); + for my $bar ($::request->layout->get('actionbar')) { $bar->add( combobox => [ @@ -2031,6 +2071,18 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', ['kivi.validate_form','#order_form'], @req_trans_cost_art, @req_cusordnumber, ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, + ], + action => [ + t8('Save and Close'), + call => [ 'kivi.Order.save', 'save', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + 1 + ], + checks => [ 'kivi.Order.check_save_active_periodic_invoices', ['kivi.validate_form','#order_form'], + @req_trans_cost_art, @req_cusordnumber, + ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save as new'), @@ -2038,7 +2090,9 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : !$self->order->id ? t8('This object has not been saved yet.') + : undef, ], ], # end of combobox "Save" @@ -2051,23 +2105,27 @@ sub setup_edit_action_bar { submit => [ '#order_form', { action => "Order/sales_quotation" } ], checks => [ @req_trans_cost_art, @req_cusordnumber ], only_if => (any { $self->type eq $_ } (sales_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and RFQ'), submit => [ '#order_form', { action => "Order/request_for_quotation" } ], only_if => (any { $self->type eq $_ } (purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Sales Order'), submit => [ '#order_form', { action => "Order/sales_order" } ], checks => [ @req_trans_cost_art ], only_if => (any { $self->type eq $_ } (sales_quotation_type(), purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Purchase Order'), call => [ 'kivi.Order.purchase_order_check_for_direct_delivery' ], checks => [ @req_trans_cost_art, @req_cusordnumber ], only_if => (any { $self->type eq $_ } (sales_order_type(), request_quotation_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Delivery Order'), @@ -2077,7 +2135,8 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - only_if => (any { $self->type eq $_ } (sales_order_type(), purchase_order_type())) + only_if => (any { $self->type eq $_ } (sales_order_type(), purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Supplier Delivery Order'), @@ -2087,7 +2146,8 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - only_if => (any { $self->type eq $_ } (purchase_order_type())) + only_if => (any { $self->type eq $_ } (purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Invoice'), @@ -2095,6 +2155,7 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ ($has_invoice_for_advance_payment ? t8('Save and Further Invoice for Advance Payment') : t8('Save and Invoice for Advance Payment')), @@ -2102,8 +2163,9 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - disabled => $has_final_invoice ? t8('This order has already a final invoice.') - : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : $has_final_invoice ? t8('This order has already a final invoice.') + : undef, only_if => (any { $self->type eq $_ } (sales_order_type())), ], action => [ @@ -2112,14 +2174,16 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - disabled => $has_final_invoice ? t8('This order has already a final invoice.') - : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : $has_final_invoice ? t8('This order has already a final invoice.') + : undef, only_if => (any { $self->type eq $_ } (sales_order_type())) && $has_invoice_for_advance_payment, ], action => [ t8('Save and AP Transaction'), call => [ 'kivi.Order.save', 'save_and_ap_transaction', $::instance_conf->get_order_warn_duplicate_parts ], - only_if => (any { $self->type eq $_ } (purchase_order_type())) + only_if => (any { $self->type eq $_ } (purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], ], # end of combobox "Workflow" @@ -2130,25 +2194,29 @@ sub setup_edit_action_bar { ], action => [ t8('Save and preview PDF'), - call => [ 'kivi.Order.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts, - $::instance_conf->get_order_warn_no_deliverydate, - ], - checks => [ @req_trans_cost_art, @req_cusordnumber ], + call => [ 'kivi.Order.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + ], + checks => [ @req_trans_cost_art, @req_cusordnumber ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and print'), - call => [ 'kivi.Order.show_print_options', $::instance_conf->get_order_warn_duplicate_parts, - $::instance_conf->get_order_warn_no_deliverydate, - ], - checks => [ @req_trans_cost_art, @req_cusordnumber ], + call => [ 'kivi.Order.show_print_options', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + ], + checks => [ @req_trans_cost_art, @req_cusordnumber ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and E-mail'), - id => 'save_and_email_action', - call => [ 'kivi.Order.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts, - $::instance_conf->get_order_warn_no_deliverydate, - ], - disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef, + id => 'save_and_email_action', + call => [ 'kivi.Order.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : !$self->order->id ? t8('This object has not been saved yet.') + : undef, ], action => [ t8('Download attachments of all parts'), @@ -2162,7 +2230,9 @@ sub setup_edit_action_bar { t8('Delete'), call => [ 'kivi.Order.delete_order' ], confirm => $::locale->text('Do you really want to delete this object?'), - disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : !$self->order->id ? t8('This object has not been saved yet.') + : undef, only_if => $deletion_allowed, ],