X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fbp.pl;h=654a267767d1913402b34d285a727f1189b5946b;hb=0c19f07b648830f552b949573031894d3cbe4543;hp=457a35ebccdceefcd13c88698c2cf2c915a7c393;hpb=d629acd82a27e980899a044ca8b0f4becc8e94bb;p=kivitendo-erp.git diff --git a/bin/mozilla/bp.pl b/bin/mozilla/bp.pl index 457a35ebc..654a26776 100644 --- a/bin/mozilla/bp.pl +++ b/bin/mozilla/bp.pl @@ -33,6 +33,7 @@ use SL::BP; use Data::Dumper; +use List::Util qw(first); 1; @@ -40,9 +41,38 @@ require "bin/mozilla/common.pl"; # end of main +sub assert_bp_access { + my %access_map = ( + 'invoice' => 'invoice_edit', + 'sales_order' => 'sales_order_edit', + 'sales_quotation' => 'sales_quotation_edit', + 'purchase_order' => 'purchase_order_edit', + 'request_quotation' => 'request_quotation_edit', + 'check' => 'cash', + 'receipt' => 'cash', + ); + + if ($form->{type} && $access_map{$form->{type}}) { + $auth->assert($access_map{$form->{type}}); + + } elsif ($form->{type} eq 'packing_list') { + $lxdebug->message(0, "1"); + if (!$auth->assert('sales_order_edit', 1)) { + $lxdebug->message(0, "2"); + $auth->assert('invoice_edit') ; + } + $lxdebug->message(0, "3"); + + } else { + $auth->assert('DOES_NOT_EXIST'); + } +} + sub search { $lxdebug->enter_sub(); + assert_bp_access(); + # $locale->text('Sales Invoices') # $locale->text('Packing Lists') # $locale->text('Sales Orders') @@ -155,7 +185,7 @@ sub search { } # use JavaScript Calendar or not - $form->{jsscript} = $jscalendar; + $form->{jsscript} = 1; $jsscript = ""; if ($form->{jsscript}) { @@ -190,7 +220,7 @@ sub search { print qq| -
{script}> + {vc}> {type}> @@ -229,9 +259,6 @@ sub search { -{login}> -{password}> -
@@ -251,6 +278,8 @@ $jsscript sub remove { $lxdebug->enter_sub(); + assert_bp_access(); + $selected = 0; for $i (1 .. $form->{rowcount}) { @@ -269,12 +298,13 @@ sub remove { print qq| -{script}> + |; map { delete $form->{$_} } qw(action header); foreach $key (keys %$form) { + next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key})); print qq|\n|; } @@ -300,6 +330,8 @@ sub remove { sub yes { $lxdebug->enter_sub(); + assert_bp_access(); + $form->info($locale->text('Removing marked entries from queue ...')); $form->{callback} .= "&header=1" if $form->{callback}; @@ -313,9 +345,14 @@ sub yes { sub print { $lxdebug->enter_sub(); + assert_bp_access(); + $form->get_lists(printers => 'ALL_PRINTERS'); # use the command stored in the databse or fall back to $myconfig{printer} - my $selected_printer = (grep { $_->{id} eq $form->{printer} } @{ $form->{ALL_PRINTERS} })[0]->{'printer_command'} || $myconfig{printer}; + my $selected_printer = first { $_ } map ({ $_ ->{printer_command} } + grep { $_->{id} eq $form->{printer} } + @{ $form->{ALL_PRINTERS} }), + $myconfig{printer}; if ($form->{callback}) { map { $form->{callback} .= "&checked_$_=1" if $form->{"checked_$_"} } @@ -325,10 +362,9 @@ sub print { for $i (1 .. $form->{rowcount}) { if ($form->{"checked_$i"}) { - $form->{OUT} = "| $selected_printer"; $form->info($locale->text('Printing ... ')); - if (BP->print_spool(\%myconfig, \%$form, $spool)) { + if (BP->print_spool(\%myconfig, \%$form, $spool, "| $selected_printer")) { print $locale->text('done'); $form->redirect($locale->text('Marked entries printed!')); } @@ -344,6 +380,8 @@ sub print { sub list_spool { $lxdebug->enter_sub(); + assert_bp_access(); + $form->{ $form->{vc} } = $form->unescape($form->{ $form->{vc} }); ($form->{ $form->{vc} }, $form->{"$form->{vc}_id"}) = split(/--/, $form->{ $form->{vc} }); @@ -351,12 +389,11 @@ sub list_spool { BP->get_spoolfiles(\%myconfig, \%$form); $title = $form->escape($form->{title}); - $href = - "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + $href = "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; $title = $form->escape($form->{title}, 1); $callback = - "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; if ($form->{ $form->{vc} }) { $callback .= "&$form->{vc}=" . $form->escape($form->{ $form->{vc} }, 1); @@ -455,7 +492,7 @@ sub list_spool { print qq| -{script}> + @@ -506,11 +543,11 @@ sub list_spool { } $column_data{invnumber} = - ""; + ""; $column_data{ordnumber} = - ""; + ""; $column_data{quonumber} = - ""; + ""; $column_data{name} = ""; $column_data{spoolfile} = qq| @@ -554,9 +591,6 @@ sub list_spool { - -{login}> -{password}> |; # if ($myconfig{printer}) { @@ -578,7 +612,7 @@ sub list_spool { $form->get_lists(printers=>"ALL_PRINTERS"); print qq||; # } @@ -596,6 +630,8 @@ print qq||; sub select_all { $lxdebug->enter_sub(); + assert_bp_access(); + map { $form->{"checked_$_"} = 1 } (1 .. $form->{rowcount}); &list_spool;
{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{quonumber}{id}&type=$form->{type}&callback=$callback>$ref->{quonumber}$ref->{name}{spoolfile}>$ref->{spoolfile}