X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FController%2FRequirementSpecOrder.pm;h=8c33d6ffdbf9a8f4d681b6b04e0032f81d1fdda3;hb=afb8e14695ac06126fff2084b3b67d517663f9f6;hp=2bfb1cffd328a88ec18094064c004be05b093d03;hpb=c6c877266db02ffaf6d9448d180286954b865b4e;p=kivitendo-erp.git diff --git a/SL/Controller/RequirementSpecOrder.pm b/SL/Controller/RequirementSpecOrder.pm index 2bfb1cffd..8c33d6ffd 100644 --- a/SL/Controller/RequirementSpecOrder.pm +++ b/SL/Controller/RequirementSpecOrder.pm @@ -54,9 +54,13 @@ sub action_new { sub action_create { my ($self) = @_; + if (!$::auth->assert($::form->{quotation} ? 'sales_quotation_edit' : 'sales_order_edit', 1)) { + return $self->js->flash('error', t8("You do not have the permissions to access this function."))->render($self); + } + # 1. Update sections with selected part IDs. my $section_attrs = $::form->{sections} || []; - my $sections = SL::DB::Manager::RequirementSpecItem->get_all(where => [ id => [ map { $_->{id} } @{ $section_attrs } ] ]); + my $sections = SL::DB::Manager::RequirementSpecItem->get_all_sorted(where => [ id => [ map { $_->{id} } @{ $section_attrs } ] ]); my %sections_by_id = map { ($_->{id} => $_) } @{ $sections }; $sections_by_id{ $_->{id} }->update_attributes(order_part_id => $_->{order_part_id}) for @{ $section_attrs }; @@ -93,6 +97,10 @@ sub action_update { my $order = $self->rs_order->order; my $sections = $self->requirement_spec->sections_sorted; + if (!$::auth->assert($order->quotation ? 'sales_quotation_edit' : 'sales_order_edit', 1)) { + return $self->js->flash('error', t8("You do not have the permissions to access this function."))->render($self); + } + my (@orderitems, %sections_seen); foreach my $item (@{ $order->items_sorted }) { my $section = first { my $num = $_->fb_number; $item->description =~ m{\b\Q${num}\E\b} && !$sections_seen{ $_->id } } @{ $sections }; @@ -204,7 +212,7 @@ sub action_delete { sub setup { my ($self) = @_; - $::auth->assert('sales_quotation_edit'); + $::auth->assert('requirement_spec_edit'); $::request->{layout}->use_stylesheet("${_}.css") for qw(jquery.contextMenu requirement_spec autocomplete_part); $::request->{layout}->use_javascript("${_}.js") for qw(jquery.jstree jquery/jquery.contextMenu client_js requirement_spec);