X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fbp.pl;h=654a267767d1913402b34d285a727f1189b5946b;hb=ea84a15a3674ac95d9002eae9c77bacf392a8af0;hp=846aba18159aae4eee94aa2721cfc1d17a7b4093;hpb=d7f060429e809653d45e93e86b3c5c8d7129e0a9;p=kivitendo-erp.git diff --git a/bin/mozilla/bp.pl b/bin/mozilla/bp.pl index 846aba181..654a26776 100644 --- a/bin/mozilla/bp.pl +++ b/bin/mozilla/bp.pl @@ -33,6 +33,7 @@ use SL::BP; use Data::Dumper; +use List::Util qw(first); 1; @@ -40,9 +41,38 @@ require "bin/mozilla/common.pl"; # end of main +sub assert_bp_access { + my %access_map = ( + 'invoice' => 'invoice_edit', + 'sales_order' => 'sales_order_edit', + 'sales_quotation' => 'sales_quotation_edit', + 'purchase_order' => 'purchase_order_edit', + 'request_quotation' => 'request_quotation_edit', + 'check' => 'cash', + 'receipt' => 'cash', + ); + + if ($form->{type} && $access_map{$form->{type}}) { + $auth->assert($access_map{$form->{type}}); + + } elsif ($form->{type} eq 'packing_list') { + $lxdebug->message(0, "1"); + if (!$auth->assert('sales_order_edit', 1)) { + $lxdebug->message(0, "2"); + $auth->assert('invoice_edit') ; + } + $lxdebug->message(0, "3"); + + } else { + $auth->assert('DOES_NOT_EXIST'); + } +} + sub search { $lxdebug->enter_sub(); + assert_bp_access(); + # $locale->text('Sales Invoices') # $locale->text('Packing Lists') # $locale->text('Sales Orders') @@ -190,7 +220,7 @@ sub search { print qq| -
{script}> + {vc}> {type}> @@ -229,9 +259,6 @@ sub search { -{login}> -{password}> -
@@ -251,6 +278,8 @@ $jsscript sub remove { $lxdebug->enter_sub(); + assert_bp_access(); + $selected = 0; for $i (1 .. $form->{rowcount}) { @@ -269,12 +298,13 @@ sub remove { print qq| -{script}> + |; map { delete $form->{$_} } qw(action header); foreach $key (keys %$form) { + next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key})); print qq|\n|; } @@ -300,6 +330,8 @@ sub remove { sub yes { $lxdebug->enter_sub(); + assert_bp_access(); + $form->info($locale->text('Removing marked entries from queue ...')); $form->{callback} .= "&header=1" if $form->{callback}; @@ -313,9 +345,14 @@ sub yes { sub print { $lxdebug->enter_sub(); + assert_bp_access(); + $form->get_lists(printers => 'ALL_PRINTERS'); # use the command stored in the databse or fall back to $myconfig{printer} - my $selected_printer = (grep { $_->{id} eq $form->{printer} } @{ $form->{ALL_PRINTERS} })[0]->{'printer_command'} || $myconfig{printer}; + my $selected_printer = first { $_ } map ({ $_ ->{printer_command} } + grep { $_->{id} eq $form->{printer} } + @{ $form->{ALL_PRINTERS} }), + $myconfig{printer}; if ($form->{callback}) { map { $form->{callback} .= "&checked_$_=1" if $form->{"checked_$_"} } @@ -343,6 +380,8 @@ sub print { sub list_spool { $lxdebug->enter_sub(); + assert_bp_access(); + $form->{ $form->{vc} } = $form->unescape($form->{ $form->{vc} }); ($form->{ $form->{vc} }, $form->{"$form->{vc}_id"}) = split(/--/, $form->{ $form->{vc} }); @@ -350,12 +389,11 @@ sub list_spool { BP->get_spoolfiles(\%myconfig, \%$form); $title = $form->escape($form->{title}); - $href = - "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + $href = "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; $title = $form->escape($form->{title}, 1); $callback = - "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; if ($form->{ $form->{vc} }) { $callback .= "&$form->{vc}=" . $form->escape($form->{ $form->{vc} }, 1); @@ -454,7 +492,7 @@ sub list_spool { print qq| -{script}> + @@ -505,11 +543,11 @@ sub list_spool { } $column_data{invnumber} = - ""; + ""; $column_data{ordnumber} = - ""; + ""; $column_data{quonumber} = - ""; + ""; $column_data{name} = ""; $column_data{spoolfile} = qq| @@ -553,9 +591,6 @@ sub list_spool { - -{login}> -{password}> |; # if ($myconfig{printer}) { @@ -577,7 +612,7 @@ sub list_spool { $form->get_lists(printers=>"ALL_PRINTERS"); print qq||; # } @@ -595,6 +630,8 @@ print qq||; sub select_all { $lxdebug->enter_sub(); + assert_bp_access(); + map { $form->{"checked_$_"} = 1 } (1 .. $form->{rowcount}); &list_spool;
{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{quonumber}{id}&type=$form->{type}&callback=$callback>$ref->{quonumber}$ref->{name}{spoolfile}>$ref->{spoolfile}