X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fbp.pl;h=8054af52bd18bdd6324828bd2a77f452547eedec;hb=8c7e44938a661e035f62840e1e177353240ace5d;hp=846aba18159aae4eee94aa2721cfc1d17a7b4093;hpb=3ced230b9d35b6f2665162d6789af124431f23aa;p=kivitendo-erp.git diff --git a/bin/mozilla/bp.pl b/bin/mozilla/bp.pl index 846aba181..8054af52b 100644 --- a/bin/mozilla/bp.pl +++ b/bin/mozilla/bp.pl @@ -40,9 +40,38 @@ require "bin/mozilla/common.pl"; # end of main +sub assert_bp_access { + my %access_map = ( + 'invoice' => 'invoice_edit', + 'sales_order' => 'sales_order_edit', + 'sales_quotation' => 'sales_quotation_edit', + 'purchase_order' => 'purchase_order_edit', + 'request_quotation' => 'request_quotation_edit', + 'check' => 'cash', + 'receipt' => 'cash', + ); + + if ($form->{type} && $access_map{$form->{type}}) { + $auth->assert($access_map{$form->{type}}); + + } elsif ($form->{type} eq 'packing_list') { + $lxdebug->message(0, "1"); + if (!$auth->assert('sales_order_edit', 1)) { + $lxdebug->message(0, "2"); + $auth->assert('invoice_edit') ; + } + $lxdebug->message(0, "3"); + + } else { + $auth->assert('DOES_NOT_EXIST'); + } +} + sub search { $lxdebug->enter_sub(); + assert_bp_access(); + # $locale->text('Sales Invoices') # $locale->text('Packing Lists') # $locale->text('Sales Orders') @@ -190,7 +219,7 @@ sub search { print qq| -
{script}> + {vc}> {type}> @@ -229,9 +258,6 @@ sub search { -{login}> -{password}> -
@@ -251,6 +277,8 @@ $jsscript sub remove { $lxdebug->enter_sub(); + assert_bp_access(); + $selected = 0; for $i (1 .. $form->{rowcount}) { @@ -269,12 +297,13 @@ sub remove { print qq| -{script}> + |; map { delete $form->{$_} } qw(action header); foreach $key (keys %$form) { + next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key})); print qq|\n|; } @@ -300,6 +329,8 @@ sub remove { sub yes { $lxdebug->enter_sub(); + assert_bp_access(); + $form->info($locale->text('Removing marked entries from queue ...')); $form->{callback} .= "&header=1" if $form->{callback}; @@ -313,6 +344,8 @@ sub yes { sub print { $lxdebug->enter_sub(); + assert_bp_access(); + $form->get_lists(printers => 'ALL_PRINTERS'); # use the command stored in the databse or fall back to $myconfig{printer} my $selected_printer = (grep { $_->{id} eq $form->{printer} } @{ $form->{ALL_PRINTERS} })[0]->{'printer_command'} || $myconfig{printer}; @@ -343,6 +376,8 @@ sub print { sub list_spool { $lxdebug->enter_sub(); + assert_bp_access(); + $form->{ $form->{vc} } = $form->unescape($form->{ $form->{vc} }); ($form->{ $form->{vc} }, $form->{"$form->{vc}_id"}) = split(/--/, $form->{ $form->{vc} }); @@ -350,12 +385,11 @@ sub list_spool { BP->get_spoolfiles(\%myconfig, \%$form); $title = $form->escape($form->{title}); - $href = - "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + $href = "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; $title = $form->escape($form->{title}, 1); $callback = - "$form->{script}?action=list_spool&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; if ($form->{ $form->{vc} }) { $callback .= "&$form->{vc}=" . $form->escape($form->{ $form->{vc} }, 1); @@ -454,7 +488,7 @@ sub list_spool { print qq| -{script}> + @@ -505,11 +539,11 @@ sub list_spool { } $column_data{invnumber} = - ""; + ""; $column_data{ordnumber} = - ""; + ""; $column_data{quonumber} = - ""; + ""; $column_data{name} = ""; $column_data{spoolfile} = qq| @@ -553,9 +587,6 @@ sub list_spool { - -{login}> -{password}> |; # if ($myconfig{printer}) { @@ -595,6 +626,8 @@ print qq||; sub select_all { $lxdebug->enter_sub(); + assert_bp_access(); + map { $form->{"checked_$_"} = 1 } (1 .. $form->{rowcount}); &list_spool;
{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{quonumber}{id}&type=$form->{type}&callback=$callback>$ref->{quonumber}$ref->{name}{spoolfile}>$ref->{spoolfile}