X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FController%2FRecordLinks.pm;h=03d7b81c76e4d9728099dbf6b3c02ec241600956;hb=24bb9ded832e2ed1054973fd025cfa6c5fec021e;hp=3d48b0586f5b58882b6788e55f77e6bf0534f309;hpb=0c09beb40eea289ceebb36aa53b447051fb82857;p=kivitendo-erp.git

diff --git a/SL/Controller/RecordLinks.pm b/SL/Controller/RecordLinks.pm
index 3d48b0586..03d7b81c7 100644
--- a/SL/Controller/RecordLinks.pm
+++ b/SL/Controller/RecordLinks.pm
@@ -14,6 +14,7 @@ use SL::DB::Letter;
 use SL::DB::PurchaseInvoice;
 use SL::DB::RecordLink;
 use SL::DB::RequirementSpec;
+use SL::DBUtils qw(like);
 use SL::JSON;
 use SL::Locale::String;
 
@@ -22,6 +23,7 @@ use Rose::Object::MakeMethods::Generic
   scalar => [ qw(object object_model object_id link_type link_direction link_type_desc) ],
 );
 
+__PACKAGE__->run_before('check_auth');
 __PACKAGE__->run_before('check_object_params', only => [ qw(ajax_list ajax_delete ajax_add_select_type ajax_add_filter ajax_add_list ajax_add_do) ]);
 __PACKAGE__->run_before('check_link_params',   only => [ qw(                                                           ajax_add_list ajax_add_do) ]);
 
@@ -124,10 +126,10 @@ sub action_ajax_add_list {
   my $filter      = $self->link_type_desc->{filter};
 
   my @where = $filter && $manager->can($filter) ? $manager->$filter($self->link_type) : ();
-  push @where, ("${vc}.${vc}number"     => { ilike => '%' . $::form->{vc_number} . '%' })               if $::form->{vc_number};
-  push @where, ("${vc}.name"            => { ilike => '%' . $::form->{vc_name}   . '%' })               if $::form->{vc_name};
-  push @where, ($description            => { ilike => '%' . $::form->{transaction_description} . '%' }) if $::form->{transaction_description};
-  push @where, ($project_id             => $::form->{globalproject_id})                                 if $::form->{globalproject_id} && $manager->can($project_id);
+  push @where, ("${vc}.${vc}number"     => { ilike => like($::form->{vc_number}) })               if $::form->{vc_number};
+  push @where, ("${vc}.name"            => { ilike => like($::form->{vc_name}) })                 if $::form->{vc_name};
+  push @where, ($description            => { ilike => like($::form->{transaction_description}) }) if $::form->{transaction_description};
+  push @where, ($project_id             => $::form->{globalproject_id})                           if $::form->{globalproject_id} && $manager->can($project_id);
 
   my @with_objects = ($vc);
   push @with_objects, $project if $manager->can($project_id);
@@ -216,4 +218,8 @@ sub check_link_params {
   return 1;
 }
 
+sub check_auth {
+  $::auth->assert('record_links');
+}
+
 1;