X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FController%2FOrder.pm;h=af7858a5d271f44a9d6713a54d56ba0f0ec0c21c;hb=0ca7f6f9d4603bb146c2c653a6edb73d70f609d5;hp=6571eecf8fef3dbb405a693fe3ba2de0438f1d23;hpb=95690f98a801314e53642e827f4701deec2669cb;p=kivitendo-erp.git diff --git a/SL/Controller/Order.pm b/SL/Controller/Order.pm index 6571eecf8..af7858a5d 100644 --- a/SL/Controller/Order.pm +++ b/SL/Controller/Order.pm @@ -56,6 +56,9 @@ use Rose::Object::MakeMethods::Generic # safety __PACKAGE__->run_before('check_auth'); +__PACKAGE__->run_before('check_auth_for_edit', + except => [ qw(edit show_customer_vendor_details_dialog price_popup load_second_rows) ]); + __PACKAGE__->run_before('recalc', only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_invoice_for_advance_payment save_and_final_invoice save_and_ap_transaction print send_email) ]); @@ -194,11 +197,19 @@ sub action_save { : ''; flash_later('info', $text); - my @redirect_params = ( - action => 'edit', - type => $self->type, - id => $self->order->id, - ); + my @redirect_params; + if ($::form->{back_to_caller}) { + @redirect_params = $::form->{callback} ? ($::form->{callback}) + : (controller => 'LoginScreen', action => 'user_login'); + + } else { + @redirect_params = ( + action => 'edit', + type => $self->type, + id => $self->order->id, + callback => $::form->{callback}, + ); + } $self->redirect_to(@redirect_params); } @@ -516,18 +527,20 @@ sub action_send_email { $::form->{id} = $self->order->id; # this is used in SL::Mailer to create a linked record to the mail $::form->send_email(\%::myconfig, $::form->{print_options}->{format}); - # internal notes - my $intnotes = $self->order->intnotes; - $intnotes .= "\n\n" if $self->order->intnotes; - $intnotes .= t8('[email]') . "\n"; - $intnotes .= t8('Date') . ": " . $::locale->format_date_object(DateTime->now_local, precision => 'seconds') . "\n"; - $intnotes .= t8('To (email)') . ": " . $::form->{email} . "\n"; - $intnotes .= t8('Cc') . ": " . $::form->{cc} . "\n" if $::form->{cc}; - $intnotes .= t8('Bcc') . ": " . $::form->{bcc} . "\n" if $::form->{bcc}; - $intnotes .= t8('Subject') . ": " . $::form->{subject} . "\n\n"; - $intnotes .= t8('Message') . ": " . SL::HTML::Util->strip($::form->{message}); + # internal notes unless no email journal + unless ($::instance_conf->get_email_journal) { + my $intnotes = $self->order->intnotes; + $intnotes .= "\n\n" if $self->order->intnotes; + $intnotes .= t8('[email]') . "\n"; + $intnotes .= t8('Date') . ": " . $::locale->format_date_object(DateTime->now_local, precision => 'seconds') . "\n"; + $intnotes .= t8('To (email)') . ": " . $::form->{email} . "\n"; + $intnotes .= t8('Cc') . ": " . $::form->{cc} . "\n" if $::form->{cc}; + $intnotes .= t8('Bcc') . ": " . $::form->{bcc} . "\n" if $::form->{bcc}; + $intnotes .= t8('Subject') . ": " . $::form->{subject} . "\n\n"; + $intnotes .= t8('Message') . ": " . SL::HTML::Util->strip($::form->{message}); - $self->order->update_attributes(intnotes => $intnotes); + $self->order->update_attributes(intnotes => $intnotes); + } $self->save_history('MAILED'); @@ -1370,6 +1383,17 @@ sub init_part_picker_classification_ids { sub check_auth { my ($self) = @_; + my $right_for = { map { $_ => $_.'_edit' . ' | ' . $_.'_view' } @{$self->valid_types} }; + + my $right = $right_for->{ $self->type }; + $right ||= 'DOES_NOT_EXIST'; + + $::auth->assert($right); +} + +sub check_auth_for_edit { + my ($self) = @_; + my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; my $right = $right_for->{ $self->type }; @@ -1664,7 +1688,7 @@ sub new_item { sub setup_order_from_cv { my ($order) = @_; - $order->$_($order->customervendor->$_) for (qw(taxzone_id payment_id delivery_term_id currency_id)); + $order->$_($order->customervendor->$_) for (qw(taxzone_id payment_id delivery_term_id currency_id language_id)); $order->intnotes($order->customervendor->notes); @@ -1831,7 +1855,10 @@ sub workflow_sales_or_request_for_quotation { my $destination_type = $::form->{type} eq sales_order_type() ? sales_quotation_type() : request_quotation_type(); $self->order(SL::DB::Order->new_from($self->order, destination_type => $destination_type)); - $self->{converted_from_oe_id} = delete $::form->{id}; + delete $::form->{id}; + + # no linked records from order to quotations + delete $::form->{$_} for qw(converted_from_oe_id converted_from_orderitems_ids); # set item ids to new fake id, to identify them as new items foreach my $item (@{$self->order->items_sorted}) { @@ -2018,6 +2045,11 @@ sub setup_edit_action_bar { $has_final_invoice = any {'SL::DB::Invoice' eq ref $_ && "final_invoice" eq $_->type} @$lr; } + my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; + my $right = $right_for->{ $self->type }; + $right ||= 'DOES_NOT_EXIST'; + my $may_edit_create = $::auth->assert($right, 'may fail'); + for my $bar ($::request->layout->get('actionbar')) { $bar->add( combobox => [ @@ -2029,6 +2061,18 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', ['kivi.validate_form','#order_form'], @req_trans_cost_art, @req_cusordnumber, ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, + ], + action => [ + t8('Save and Close'), + call => [ 'kivi.Order.save', 'save', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + 1 + ], + checks => [ 'kivi.Order.check_save_active_periodic_invoices', ['kivi.validate_form','#order_form'], + @req_trans_cost_art, @req_cusordnumber, + ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save as new'), @@ -2036,7 +2080,9 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : !$self->order->id ? t8('This object has not been saved yet.') + : undef, ], ], # end of combobox "Save" @@ -2049,23 +2095,27 @@ sub setup_edit_action_bar { submit => [ '#order_form', { action => "Order/sales_quotation" } ], checks => [ @req_trans_cost_art, @req_cusordnumber ], only_if => (any { $self->type eq $_ } (sales_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and RFQ'), submit => [ '#order_form', { action => "Order/request_for_quotation" } ], only_if => (any { $self->type eq $_ } (purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Sales Order'), submit => [ '#order_form', { action => "Order/sales_order" } ], checks => [ @req_trans_cost_art ], only_if => (any { $self->type eq $_ } (sales_quotation_type(), purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Purchase Order'), call => [ 'kivi.Order.purchase_order_check_for_direct_delivery' ], checks => [ @req_trans_cost_art, @req_cusordnumber ], only_if => (any { $self->type eq $_ } (sales_order_type(), request_quotation_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Delivery Order'), @@ -2075,7 +2125,8 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - only_if => (any { $self->type eq $_ } (sales_order_type(), purchase_order_type())) + only_if => (any { $self->type eq $_ } (sales_order_type(), purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Supplier Delivery Order'), @@ -2085,7 +2136,8 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - only_if => (any { $self->type eq $_ } (purchase_order_type())) + only_if => (any { $self->type eq $_ } (purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and Invoice'), @@ -2093,6 +2145,7 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ ($has_invoice_for_advance_payment ? t8('Save and Further Invoice for Advance Payment') : t8('Save and Invoice for Advance Payment')), @@ -2100,8 +2153,9 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - disabled => $has_final_invoice ? t8('This order has already a final invoice.') - : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : $has_final_invoice ? t8('This order has already a final invoice.') + : undef, only_if => (any { $self->type eq $_ } (sales_order_type())), ], action => [ @@ -2110,14 +2164,16 @@ sub setup_edit_action_bar { checks => [ 'kivi.Order.check_save_active_periodic_invoices', @req_trans_cost_art, @req_cusordnumber, ], - disabled => $has_final_invoice ? t8('This order has already a final invoice.') - : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : $has_final_invoice ? t8('This order has already a final invoice.') + : undef, only_if => (any { $self->type eq $_ } (sales_order_type())) && $has_invoice_for_advance_payment, ], action => [ t8('Save and AP Transaction'), call => [ 'kivi.Order.save', 'save_and_ap_transaction', $::instance_conf->get_order_warn_duplicate_parts ], - only_if => (any { $self->type eq $_ } (purchase_order_type())) + only_if => (any { $self->type eq $_ } (purchase_order_type())), + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], ], # end of combobox "Workflow" @@ -2128,25 +2184,29 @@ sub setup_edit_action_bar { ], action => [ t8('Save and preview PDF'), - call => [ 'kivi.Order.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts, - $::instance_conf->get_order_warn_no_deliverydate, - ], - checks => [ @req_trans_cost_art, @req_cusordnumber ], + call => [ 'kivi.Order.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + ], + checks => [ @req_trans_cost_art, @req_cusordnumber ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and print'), - call => [ 'kivi.Order.show_print_options', $::instance_conf->get_order_warn_duplicate_parts, - $::instance_conf->get_order_warn_no_deliverydate, - ], - checks => [ @req_trans_cost_art, @req_cusordnumber ], + call => [ 'kivi.Order.show_print_options', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + ], + checks => [ @req_trans_cost_art, @req_cusordnumber ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], action => [ t8('Save and E-mail'), - id => 'save_and_email_action', - call => [ 'kivi.Order.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts, - $::instance_conf->get_order_warn_no_deliverydate, - ], - disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef, + id => 'save_and_email_action', + call => [ 'kivi.Order.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts, + $::instance_conf->get_order_warn_no_deliverydate, + ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : !$self->order->id ? t8('This object has not been saved yet.') + : undef, ], action => [ t8('Download attachments of all parts'), @@ -2160,7 +2220,9 @@ sub setup_edit_action_bar { t8('Delete'), call => [ 'kivi.Order.delete_order' ], confirm => $::locale->text('Do you really want to delete this object?'), - disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef, + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') + : !$self->order->id ? t8('This object has not been saved yet.') + : undef, only_if => $deletion_allowed, ],