X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fam.pl;h=45333c1cd895b44c2d4e2a6509189ac4919cbeb3;hb=786b3862388eb8d4cdcc5dfc663a37fe0e9a82a1;hp=fbb5cfd3e46ebeb67d6cde08a0b1347dc754825a;hpb=e549422fb649ca2299e684dc10ffe4a0f8c7efb1;p=kivitendo-erp.git

diff --git a/bin/mozilla/am.pl b/bin/mozilla/am.pl
index fbb5cfd3e..45333c1cd 100644
--- a/bin/mozilla/am.pl
+++ b/bin/mozilla/am.pl
@@ -31,12 +31,14 @@
 #
 #======================================================================
 
+use SL::Auth;
 use SL::AM;
 use SL::CA;
 use SL::Form;
 use SL::User;
 use SL::USTVA;
 use SL::Iconv;
+use SL::TODO;
 use CGI::Ajax;
 use CGI;
 
@@ -57,13 +59,13 @@ sub continue { call_sub($form->{"nextsub"}); }
 sub add_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}     = "Add";
   $form->{charttype} = "A";
   AM->get_account(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_account&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=list_account" unless $form->{callback};
 
   &account_header;
   &form_footer;
@@ -74,6 +76,8 @@ sub add_account {
 sub edit_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
   AM->get_account(\%myconfig, \%$form);
 
@@ -90,6 +94,8 @@ sub edit_account {
 sub account_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   if ( $form->{action} eq 'edit_account') {
     $form->{account_exists} = '1';
   } 
@@ -348,12 +354,11 @@ sub account_header {
 sub form_footer {
   $lxdebug->enter_sub();
 
-  print qq|
+  $auth->assert('config');
 
-<input name=callback type=hidden value="$form->{callback}">
+  print qq|
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
+<input name=callback type=hidden value="| . H($form->{callback}) . qq|">
 
 <br>|;
   if ((!$form->{id}) || ($form->{id} && $form->{orphaned}) || (($form->{type} eq "account") && (!$form->{new_chart_valid}))) {
@@ -381,6 +386,8 @@ sub form_footer {
 sub save_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("accno",       $locale->text('Account Number missing!'));
   $form->isblank("description", $locale->text('Account Description missing!'));
   
@@ -398,6 +405,8 @@ sub save_account {
 sub list_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{callback}     = build_std_url('action=list_account');
   my $link_edit_account = build_std_url('action=edit_account', 'callback');
 
@@ -449,6 +458,8 @@ sub list_account_details {
 # Ajax Funktion aus list_account_details
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   my $chart_id = $form->{args};
 
   CA->all_accounts(\%myconfig, \%$form, $chart_id);
@@ -514,6 +525,8 @@ sub list_account_details {
 sub delete_account {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text('Delete Account');
 
   foreach $id (
@@ -534,12 +547,12 @@ sub delete_account {
 sub add_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
   $form->{role}  = "P";
 
-  $form->{callback} =
-    "$form->{script}?action=add_department&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_department" unless $form->{callback};
 
   &department_header;
   &form_footer;
@@ -550,6 +563,8 @@ sub add_department {
 sub edit_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_department(\%myconfig, \%$form);
@@ -563,10 +578,11 @@ sub edit_department {
 sub list_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->departments(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_department&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_department";
 
   $callback = $form->escape($form->{callback});
 
@@ -622,7 +638,7 @@ sub list_department {
     $profitcenter = ($ref->{role} eq "P") ? "X" : "";
 
     $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_department&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{description}</td>|;
+      qq|<td><a href="am.pl?action=edit_department&id=$ref->{id}&callback=$callback">$ref->{description}</td>|;
     $column_data{cost}   = qq|<td align=center>$costcenter</td>|;
     $column_data{profit} = qq|<td align=center>$profitcenter</td>|;
 
@@ -643,15 +659,12 @@ sub list_department {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=department>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -667,6 +680,8 @@ sub list_department {
 sub department_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text("$form->{title} Department");
 
   # $locale->text('Add Department')
@@ -690,7 +705,7 @@ sub department_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=department>
@@ -723,6 +738,8 @@ sub department_header {
 sub save_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   AM->save_department(\%myconfig, \%$form);
   $form->redirect($locale->text('Department saved!'));
@@ -733,6 +750,8 @@ sub save_department {
 sub delete_department {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_department(\%myconfig, \%$form);
   $form->redirect($locale->text('Department deleted!'));
 
@@ -742,11 +761,11 @@ sub delete_department {
 sub add_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_lead&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_lead" unless $form->{callback};
 
   &lead_header;
   &form_footer;
@@ -757,6 +776,8 @@ sub add_lead {
 sub edit_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_lead(\%myconfig, \%$form);
@@ -772,10 +793,11 @@ sub edit_lead {
 sub list_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->lead(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_lead&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_lead";
 
   $callback = $form->escape($form->{callback});
 
@@ -818,8 +840,7 @@ sub list_lead {
 
 	$lead = $ref->{lead};
 	
-    $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_lead&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{lead}</td>|;
+    $column_data{description} = qq|<td><a href="am.pl?action=edit_lead&id=$ref->{id}&callback=$callback">$ref->{lead}</td>|;
 
     map { print "$column_data{$_}\n" } @column_index;
 
@@ -835,15 +856,12 @@ sub list_lead {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=lead>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -859,6 +877,8 @@ sub list_lead {
 sub lead_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text("$form->{title} Lead");
 
   # $locale->text('Add Lead')
@@ -874,7 +894,7 @@ sub lead_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=lead>
@@ -899,6 +919,8 @@ sub lead_header {
 sub save_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   AM->save_lead(\%myconfig, \%$form);
   $form->redirect($locale->text('lead saved!'));
@@ -909,6 +931,8 @@ sub save_lead {
 sub delete_lead {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_lead(\%myconfig, \%$form);
   $form->redirect($locale->text('lead deleted!'));
 
@@ -918,11 +942,11 @@ sub delete_lead {
 sub add_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_business&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_business" unless $form->{callback};
 
   &business_header;
   &form_footer;
@@ -948,10 +972,11 @@ sub edit_business {
 sub list_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->business(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_business&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_business";
 
   $callback = $form->escape($form->{callback});
 
@@ -1007,8 +1032,7 @@ sub list_business {
       $form->format_amount(\%myconfig, $ref->{discount} * 100);
     $description =
       $ref->{description};
-    $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_business&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$description</td>|;
+    $column_data{description} = qq|<td><a href="am.pl?action=edit_business&id=$ref->{id}&callback=$callback">$description</td>|;
     $column_data{discount}           = qq|<td align=right>$discount</td>|;
     $column_data{customernumberinit} =
       qq|<td align=right>$ref->{customernumberinit}</td>|;
@@ -1030,15 +1054,12 @@ sub list_business {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=business>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1054,6 +1075,8 @@ sub list_business {
 sub business_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Business");
 
   # $locale->text('Add Business')
@@ -1068,7 +1091,7 @@ sub business_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=business>
@@ -1101,6 +1124,8 @@ sub business_header {
 sub save_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   $form->{discount} = $form->parse_amount(\%myconfig, $form->{discount}) / 100;
   AM->save_business(\%myconfig, \%$form);
@@ -1112,6 +1137,8 @@ sub save_business {
 sub delete_business {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_business(\%myconfig, \%$form);
   $form->redirect($locale->text('Business deleted!'));
 
@@ -1121,11 +1148,11 @@ sub delete_business {
 sub add_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_language&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_language" unless $form->{callback};
 
   &language_header;
   &form_footer;
@@ -1136,6 +1163,8 @@ sub add_language {
 sub edit_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_language(\%myconfig, \%$form);
@@ -1151,10 +1180,11 @@ sub edit_language {
 sub list_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->language(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_language&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_language";
 
   $callback = $form->escape($form->{callback});
 
@@ -1220,7 +1250,7 @@ sub list_language {
 
 
     $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_language&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{description}</td>|;
+      qq|<td><a href="am.pl?action=edit_language&id=$ref->{id}&callback=$callback">$ref->{description}</td>|;
     $column_data{template_code}           = qq|<td align=right>$ref->{template_code}</td>|;
     $column_data{article_code} =
       qq|<td align=right>$ref->{article_code}</td>|;
@@ -1256,15 +1286,12 @@ sub list_language {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=language>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1280,6 +1307,8 @@ sub list_language {
 sub language_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Language");
 
   # $locale->text('Add Language')
@@ -1317,7 +1346,7 @@ sub language_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=language>
@@ -1368,6 +1397,8 @@ sub language_header {
 sub save_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Language missing!'));
   $form->isblank("template_code", $locale->text('Template Code missing!'));
   $form->isblank("article_code", $locale->text('Article Code missing!'));
@@ -1380,6 +1411,8 @@ sub save_language {
 sub delete_language {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_language(\%myconfig, \%$form);
   $form->redirect($locale->text('Language deleted!'));
 
@@ -1390,13 +1423,14 @@ sub delete_language {
 sub add_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   # $locale->text("Add Buchungsgruppe")
   # $locale->text("Edit Buchungsgruppe")
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_buchungsgruppe&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_buchungsgruppe" unless $form->{callback};
+
   AM->get_buchungsgruppe(\%myconfig, \%$form);
   $form->{"inventory_accno_id"} = $form->{"std_inventory_accno_id"};
   for (my $i = 0; 4 > $i; $i++) {
@@ -1413,6 +1447,8 @@ sub add_buchungsgruppe {
 sub edit_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_buchungsgruppe(\%myconfig, \%$form);
@@ -1427,10 +1463,11 @@ sub edit_buchungsgruppe {
 sub list_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->buchungsgruppe(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_buchungsgruppe&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_buchungsgruppe";
 
   $callback = $form->escape($form->{callback});
 
@@ -1512,9 +1549,7 @@ sub list_buchungsgruppe {
         </tr>
 |;
 
-  my $swap_link = qq|$form->{script}?action=swap_buchungsgruppen&|;
-  map({ $swap_link .= $_ . "=" . $form->escape($form->{$_}) . "&" }
-      qw(login password));
+  my $swap_link = qq|am.pl?action=swap_buchungsgruppen&|;
 
   my $row = 0;
   foreach $ref (@{ $form->{ALL} }) {
@@ -1548,8 +1583,7 @@ sub list_buchungsgruppe {
         qq|</a></td>|;
     }
 
-    $column_data{description} =
-      qq|<td><a href=$form->{script}?action=edit_buchungsgruppe&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{description}</td>|;
+    $column_data{description} = qq|<td><a href="am.pl?action=edit_buchungsgruppe&id=$ref->{id}&callback=$callback">$ref->{description}</td>|;
     $column_data{inventory_accno}           = qq|<td align=right>$ref->{inventory_accno}</td>|;
     $column_data{income_accno_0} =
       qq|<td align=right>$ref->{income_accno_0}</td>|;
@@ -1583,15 +1617,12 @@ sub list_buchungsgruppe {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=buchungsgruppe>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1607,6 +1638,8 @@ sub list_buchungsgruppe {
 sub buchungsgruppe_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Buchungsgruppe");
 
   # $locale->text('Add Accounting Group')
@@ -1721,7 +1754,7 @@ sub buchungsgruppe_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=buchungsgruppe>
@@ -1747,6 +1780,8 @@ sub buchungsgruppe_header {
 sub save_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
 
   AM->save_buchungsgruppe(\%myconfig, \%$form);
@@ -1758,6 +1793,8 @@ sub save_buchungsgruppe {
 sub delete_buchungsgruppe {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_buchungsgruppe(\%myconfig, \%$form);
   $form->redirect($locale->text('Accounting Group deleted!'));
 
@@ -1767,6 +1804,8 @@ sub delete_buchungsgruppe {
 sub swap_buchungsgruppen {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->swap_sortkeys(\%myconfig, $form, "buchungsgruppen");
   list_buchungsgruppe();
 
@@ -1777,11 +1816,11 @@ sub swap_buchungsgruppen {
 sub add_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_printer&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_printer" unless $form->{callback};
 
   &printer_header;
   &form_footer;
@@ -1792,6 +1831,8 @@ sub add_printer {
 sub edit_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_printer(\%myconfig, \%$form);
@@ -1807,10 +1848,11 @@ sub edit_printer {
 sub list_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->printer(\%myconfig, \%$form);
 
-  $form->{callback} =
-    "$form->{script}?action=list_printer&login=$form->{login}&password=$form->{password}";
+  $form->{callback} = "am.pl?action=list_printer";
 
   $callback = $form->escape($form->{callback});
 
@@ -1863,8 +1905,7 @@ sub list_printer {
 |;
 
 
-    $column_data{printer_description} =
-      qq|<td><a href=$form->{script}?action=edit_printer&id=$ref->{id}&login=$form->{login}&password=$form->{password}&callback=$callback>$ref->{printer_description}</td>|;
+    $column_data{printer_description} = qq|<td><a href="am.pl?action=edit_printer&id=$ref->{id}&callback=$callback">$ref->{printer_description}</td>|;
     $column_data{printer_command}           = qq|<td align=right>$ref->{printer_command}</td>|;
     $column_data{template_code} =
       qq|<td align=right>$ref->{template_code}</td>|;
@@ -1886,15 +1927,12 @@ sub list_printer {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=printer>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -1910,6 +1948,8 @@ sub list_printer {
 sub printer_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Printer");
 
   # $locale->text('Add Printer')
@@ -1925,7 +1965,7 @@ sub printer_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=printer>
@@ -1958,6 +1998,8 @@ sub printer_header {
 sub save_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("printer_description", $locale->text('Description missing!'));
   $form->isblank("printer_command", $locale->text('Printer Command missing!'));
   AM->save_printer(\%myconfig, \%$form);
@@ -1969,6 +2011,8 @@ sub save_printer {
 sub delete_printer {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_printer(\%myconfig, \%$form);
   $form->redirect($locale->text('Printer deleted!'));
 
@@ -1978,11 +2022,11 @@ sub delete_printer {
 sub add_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add_payment&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "am.pl?action=add_payment" unless $form->{callback};
 
   $form->{terms_netto} = 0;
   $form->{terms_skonto} = 0;
@@ -2000,6 +2044,8 @@ sub add_payment {
 sub edit_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = "Edit";
 
   AM->get_payment(\%myconfig, $form);
@@ -2017,6 +2063,8 @@ sub edit_payment {
 sub list_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->payment(\%myconfig, \%$form);
 
   $form->{callback} = build_std_url("action=list_payment");
@@ -2145,15 +2193,12 @@ sub list_payment {
 </table>
 
 <br>
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input name=callback type=hidden value="$form->{callback}">
 
 <input type=hidden name=type value=payment>
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input class=submit type=submit name=action value="|
     . $locale->text('Add') . qq|">
 
@@ -2169,6 +2214,8 @@ sub list_payment {
 sub payment_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}    = $locale->text("$form->{title} Payment Terms");
 
   # $locale->text('Add Payment Terms')
@@ -2183,7 +2230,7 @@ sub payment_header {
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
+<form method=post action=am.pl>
 
 <input type=hidden name=id value=$form->{id}>
 <input type=hidden name=type value=payment>
@@ -2275,6 +2322,8 @@ sub payment_header {
 sub save_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   $form->{"percent_skonto"} =
     $form->parse_amount(\%myconfig, $form->{percent_skonto}) / 100;
@@ -2287,6 +2336,8 @@ sub save_payment {
 sub delete_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_payment(\%myconfig, \%$form);
   $form->redirect($locale->text('Payment terms deleted!'));
 
@@ -2296,6 +2347,8 @@ sub delete_payment {
 sub swap_payment_terms {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->swap_sortkeys(\%myconfig, $form, "payment_terms");
   list_payment();
 
@@ -2438,6 +2491,8 @@ sub config {
 
   $myconfig{show_form_details}              = 1 unless (defined($myconfig{show_form_details}));
   $form->{"menustyle_$myconfig{menustyle}"} = 1;
+  $form->{CAN_CHANGE_PASSWORD}              = $auth->can_change_password();
+  $form->{todo_cfg}                         = { TODO->get_user_config('login' => $form->{login}) };
 
   $form->{title}                            = $locale->text('Edit Preferences for #1', $form->{login});
 
@@ -2452,10 +2507,9 @@ sub save_preferences {
 
   $form->{stylesheet} = $form->{usestylesheet};
 
-  $form->redirect($locale->text('Preferences saved!'))
-    if (
-     AM->save_preferences(\%myconfig, \%$form, $memberfile, $userspath, $webdav
-     ));
+  TODO->save_user_config('login' => $form->{login}, %{ $form->{todo_cfg} || { } });
+
+  $form->redirect($locale->text('Preferences saved!')) if (AM->save_preferences(\%myconfig, \%$form, $webdav));
   $form->error($locale->text('Cannot save preferences!'));
 
   $lxdebug->leave_sub();
@@ -2464,25 +2518,18 @@ sub save_preferences {
 sub audit_control {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} = $locale->text('Audit Control');
 
   AM->closedto(\%myconfig, \%$form);
 
-  if ($form->{revtrans}) {
-    $checked{Y} = "checked";
-  } else {
-    $checked{N} = "checked";
-  }
-
   $form->header;
 
   print qq|
 <body>
 
-<form method=post action=$form->{script}>
-
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
+<form method=post action=am.pl>
 
 <table width=100%>
   <tr><th class=listtop>$form->{title}</th></tr>
@@ -2490,15 +2537,6 @@ sub audit_control {
   <tr>
     <td>
       <table>
-	<tr>
-	  <td>|
-    . $locale->text('Enforce transaction reversal for all dates') . qq|</th>
-	  <td><input name=revtrans class=radio type=radio value="1" $checked{Y}> |
-    . $locale->text('Yes')
-    . qq| <input name=revtrans class=radio type=radio value="0" $checked{N}> |
-    . $locale->text('No')
-    . qq|</td>
-	</tr>
 	<tr>
 	  <th>| . $locale->text('Close Books up to') . qq|</th>
 	  <td><input name=closedto size=11 title="$myconfig{dateformat}" value=$form->{closedto}></td>
@@ -2528,19 +2566,16 @@ sub audit_control {
 sub doclose {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->closebooks(\%myconfig, \%$form);
 
-  if ($form->{revtrans}) {
+  if ($form->{closedto}) {
     $form->redirect(
-                 $locale->text('Transaction reversal enforced for all dates'));
+                    $locale->text('Books closed up to') . " "
+                      . $locale->date(\%myconfig, $form->{closedto}, 1));
   } else {
-    if ($form->{closedto}) {
-      $form->redirect(
-                     $locale->text('Transaction reversal enforced up to') . " "
-                       . $locale->date(\%myconfig, $form->{closedto}, 1));
-    } else {
-      $form->redirect($locale->text('Books are open'));
-    }
+    $form->redirect($locale->text('Books are open'));
   }
 
   $lxdebug->leave_sub();
@@ -2549,7 +2584,9 @@ sub doclose {
 sub edit_units {
   $lxdebug->enter_sub();
 
-  $units = AM->retrieve_units(\%myconfig, $form, $form->{"unit_type"}, "resolved_");
+  $auth->assert('config');
+
+  $units = AM->retrieve_units(\%myconfig, $form, "resolved_");
   AM->units_in_use(\%myconfig, $form, $units);
   map({ $units->{$_}->{"BASE_UNIT_DDBOX"} = AM->unit_select_data($units, $units->{$_}->{"base_unit"}, 1); } keys(%{$units}));
 
@@ -2573,12 +2610,12 @@ sub edit_units {
     $i++;
   }
 
-  $units = AM->retrieve_units(\%myconfig, $form, $form->{"unit_type"});
+  $units = AM->retrieve_units(\%myconfig, $form);
   $ddbox = AM->unit_select_data($units, undef, 1);
 
-  my $updownlink = build_std_url("action=swap_units", "unit_type");
+  my $updownlink = build_std_url("action=swap_units");
 
-  $form->{"title"} = sprintf($locale->text("Add and edit %s"), $form->{"unit_type"} eq "dimension" ? $locale->text("dimension units") : $locale->text("service units"));
+  $form->{"title"} = $locale->text("Add and edit units");
   $form->header();
   print($form->parse_html_template("am/edit_units",
                                    { "UNITS"               => \@unit_list,
@@ -2592,8 +2629,10 @@ sub edit_units {
 sub add_unit {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("new_name", $locale->text("The name is missing."));
-  $units = AM->retrieve_units(\%myconfig, $form, $form->{"unit_type"});
+  $units = AM->retrieve_units(\%myconfig, $form);
   $all_units = AM->retrieve_units(\%myconfig, $form);
   $form->show_generic_error($locale->text("A unit with this name does already exist.")) if ($all_units->{$form->{"new_name"}});
 
@@ -2616,7 +2655,7 @@ sub add_unit {
          });
   }
 
-  AM->add_unit(\%myconfig, $form, $form->{"new_name"}, $base_unit, $factor, $form->{"unit_type"}, \@languages);
+  AM->add_unit(\%myconfig, $form, $form->{"new_name"}, $base_unit, $factor, \@languages);
 
   $form->{"saved_message"} = $locale->text("The unit has been saved.");
 
@@ -2628,6 +2667,8 @@ sub add_unit {
 sub set_unit_languages {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   my ($unit, $languages, $idx) = @_;
 
   $unit->{"LANGUAGES"} = [];
@@ -2646,7 +2687,9 @@ sub set_unit_languages {
 sub save_unit {
   $lxdebug->enter_sub();
 
-  $old_units = AM->retrieve_units(\%myconfig, $form, $form->{"unit_type"}, "resolved_");
+  $auth->assert('config');
+
+  $old_units = AM->retrieve_units(\%myconfig, $form, "resolved_");
   AM->units_in_use(\%myconfig, $form, $old_units);
 
   @languages = AM->language(\%myconfig, $form, 1);
@@ -2712,7 +2755,7 @@ sub save_unit {
     }
   }
 
-  AM->save_units(\%myconfig, $form, $form->{"unit_type"}, $new_units, \@delete_units);
+  AM->save_units(\%myconfig, $form, $new_units, \@delete_units);
 
   $form->{"saved_message"} = $locale->text("The units have been saved.");
 
@@ -2724,6 +2767,8 @@ sub save_unit {
 sub show_history_search {
 	$lxdebug->enter_sub();
 	
+  $auth->assert('config');
+
 	$form->{title} = $locale->text("History Search");
     $form->header();
     
@@ -2734,6 +2779,9 @@ sub show_history_search {
 
 sub show_am_history {
 	$lxdebug->enter_sub();
+
+  $auth->assert('config');
+
 	my %search = ( "Artikelnummer" => "parts",
 				   "Kundennummer"  => "customer",
 				   "Lieferantennummer" => "vendor",
@@ -2819,6 +2867,9 @@ sub show_am_history {
 
 sub get_employee_id {
 	$lxdebug->enter_sub();
+
+  $auth->assert('config');
+
 	my $query = qq|SELECT id FROM employee WHERE name = '| . $_[0] . qq|'|;
 	my $sth = $_[1]->prepare($query);
 	$sth->execute() || $form->dberror($query);
@@ -2831,10 +2882,10 @@ sub get_employee_id {
 sub swap_units {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   my $dir = $form->{"dir"} eq "down" ? "down" : "up";
-  my $unit_type = $form->{"unit_type"} eq "dimension" ?
-    "dimension" : "service";
-  AM->swap_units(\%myconfig, $form, $dir, $form->{"name"}, $unit_type);
+  AM->swap_units(\%myconfig, $form, $dir, $form->{"name"});
 
   edit_units();
 
@@ -2844,11 +2895,11 @@ sub swap_units {
 sub add_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} =  $locale->text('Add');
 
-  $form->{callback} =
-    "$form->{script}?action=add_tax&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} ||= "am.pl?action=add_tax";
 
   _get_taxaccount_selection();
 
@@ -2867,6 +2918,8 @@ sub add_tax {
 sub edit_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title} =  $locale->text('Edit');
 
   AM->get_tax(\%myconfig, \%$form);
@@ -2888,6 +2941,8 @@ sub edit_tax {
 sub list_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->taxes(\%myconfig, \%$form);
 
   map { $_->{rate} = $form->format_amount(\%myconfig, $_->{rate}, 2) } @{ $form->{TAX} };
@@ -2907,6 +2962,8 @@ sub list_tax {
 sub _get_taxaccount_selection{
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->get_tax_accounts(\%myconfig, \%$form);
 
   map { $_->{selected} = $form->{chart_id} == $_->{id} } @{ $form->{ACCOUNTS} };
@@ -2917,6 +2974,8 @@ sub _get_taxaccount_selection{
 sub save_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("rate", $locale->text('Taxrate missing!'));
   $form->isblank("taxdescription", $locale->text('Taxdescription  missing!'));
   $form->isblank("taxkey", $locale->text('Taxkey  missing!'));
@@ -2940,6 +2999,8 @@ sub save_tax {
 sub delete_tax {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_tax(\%myconfig, \%$form);
   $form->redirect($locale->text('Tax deleted!'));
 
@@ -2949,6 +3010,8 @@ sub delete_tax {
 sub add_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}      = $locale->text('Add Price Factor');
   $form->{callback} ||= build_std_url('action=add_price_factor');
   $form->{fokus}      = 'description';
@@ -2962,6 +3025,8 @@ sub add_price_factor {
 sub edit_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->{title}      = $locale->text('Edit Price Factor');
   $form->{callback} ||= build_std_url('action=add_price_factor');
   $form->{fokus}      = 'description';
@@ -2979,6 +3044,8 @@ sub edit_price_factor {
 sub list_price_factors {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->get_all_price_factors(\%myconfig, \%$form);
 
   my $previous;
@@ -3006,6 +3073,8 @@ sub list_price_factors {
 sub save_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   $form->isblank("description", $locale->text('Description missing!'));
   $form->isblank("factor", $locale->text('Factor missing!'));
 
@@ -3023,6 +3092,8 @@ sub save_price_factor {
 sub delete_price_factor {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->delete_price_factor(\%myconfig, \%$form);
 
   $form->{callback} .= '&MESSAGE=' . $form->escape($locale->text('Price factor deleted!')) if ($form->{callback});
@@ -3035,9 +3106,139 @@ sub delete_price_factor {
 sub swap_price_factors {
   $lxdebug->enter_sub();
 
+  $auth->assert('config');
+
   AM->swap_sortkeys(\%myconfig, $form, 'price_factors');
   list_price_factors();
 
   $lxdebug->leave_sub();
 }
 
+sub add_warehouse {
+  $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
+  $form->{title}      = $locale->text('Add Warehouse');
+  $form->{callback} ||= build_std_url('action=add_warehouse');
+  $form->{fokus}      = 'description';
+
+  $form->header();
+  print $form->parse_html_template('am/edit_warehouse');
+
+  $lxdebug->leave_sub();
+}
+
+sub edit_warehouse {
+  $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
+  AM->get_warehouse(\%myconfig, $form);
+
+  $form->get_lists('employees' => 'EMPLOYEES');
+
+  $form->{title}      = $locale->text('Edit Warehouse');
+  $form->{callback} ||= build_std_url('action=list_warehouses');
+  $form->{fokus}      = 'description';
+
+  $form->header();
+  print $form->parse_html_template('am/edit_warehouse');
+
+  $lxdebug->leave_sub();
+}
+
+sub list_warehouses {
+  $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
+  AM->get_all_warehouses(\%myconfig, $form);
+
+  my $previous;
+  foreach my $current (@{ $form->{WAREHOUSES} }) {
+    if ($previous) {
+      $previous->{next_id}    = $current->{id};
+      $current->{previous_id} = $previous->{id};
+    }
+
+    $previous = $current;
+  }
+
+  $form->{callback} = build_std_url('action=list_warehouses');
+  $form->{title}    = $locale->text('Warehouses');
+  $form->{url_base} = build_std_url('callback');
+
+  $form->header();
+  print $form->parse_html_template('am/list_warehouses');
+
+  $lxdebug->leave_sub();
+}
+
+sub save_warehouse {
+  $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
+  $form->isblank("description", $locale->text('Description missing!'));
+
+  $form->{number_of_new_bins} = $form->parse_amount(\%myconfig, $form->{number_of_new_bins});
+
+  AM->save_warehouse(\%myconfig, $form);
+
+  $form->{callback} .= '&saved_message=' . E($locale->text('Warehouse saved.')) if ($form->{callback});
+
+  $form->redirect($locale->text('Warehouse saved.'));
+
+  $lxdebug->leave_sub();
+}
+
+sub swap_warehouses {
+  $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
+  AM->swap_sortkeys(\%myconfig, $form, 'warehouse');
+  list_warehouses();
+
+  $lxdebug->leave_sub();
+}
+
+sub delete_warehouse {
+  $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
+  if (!$form->{confirmed}) {
+    $form->{title} = $locale->text('Confirmation');
+
+    $form->header();
+    print $form->parse_html_template('am/confirm_delete_warehouse');
+    exit 0;
+  }
+
+  if (AM->delete_warehouse(\%myconfig, $form)) {
+    $form->{callback} .= '&saved_message=' . E($locale->text('Warehouse deleted.')) if ($form->{callback});
+    $form->redirect($locale->text('Warehouse deleted.'));
+
+  } else {
+    $form->error($locale->text('The warehouse could not be deleted because it has already been used.'));
+  }
+
+  $lxdebug->leave_sub();
+}
+
+sub save_bin {
+  $lxdebug->enter_sub();
+
+  $auth->assert('config');
+
+  AM->save_bins(\%myconfig, $form);
+
+  $form->{callback} .= '&saved_message=' . E($locale->text('Bins saved.')) if ($form->{callback});
+
+  $form->redirect($locale->text('Bins saved.'));
+
+  $lxdebug->leave_sub();
+}
+