X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fbp.pl;h=edbd98486704eb39afd7e3a549d8016e359ba5ff;hb=786b3862388eb8d4cdcc5dfc663a37fe0e9a82a1;hp=6e7d9277a7d20d7d6b85d466f3c7b5714acd00bf;hpb=be4e11d36f40d90622fdf35eb07ab207422b5455;p=kivitendo-erp.git diff --git a/bin/mozilla/bp.pl b/bin/mozilla/bp.pl index 6e7d9277a..edbd98486 100644 --- a/bin/mozilla/bp.pl +++ b/bin/mozilla/bp.pl @@ -40,9 +40,38 @@ require "bin/mozilla/common.pl"; # end of main +sub assert_bp_access { + my %access_map = ( + 'invoice' => 'invoice_edit', + 'sales_order' => 'sales_order_edit', + 'sales_quotation' => 'sales_quotation_edit', + 'purchase_order' => 'purchase_order_edit', + 'request_quotation' => 'request_quotation_edit', + 'check' => 'cash', + 'receipt' => 'cash', + ); + + if ($form->{type} && $access_map{$form->{type}}) { + $auth->assert($access_map{$form->{type}}); + + } elsif ($form->{type} eq 'packing_list') { + $lxdebug->message(0, "1"); + if (!$auth->assert('sales_order_edit', 1)) { + $lxdebug->message(0, "2"); + $auth->assert('invoice_edit') ; + } + $lxdebug->message(0, "3"); + + } else { + $auth->assert('DOES_NOT_EXIST'); + } +} + sub search { $lxdebug->enter_sub(); + assert_bp_access(); + # $locale->text('Sales Invoices') # $locale->text('Packing Lists') # $locale->text('Sales Orders') @@ -155,7 +184,7 @@ sub search { } # use JavaScript Calendar or not - $form->{jsscript} = $jscalendar; + $form->{jsscript} = 1; $jsscript = ""; if ($form->{jsscript}) { @@ -190,7 +219,7 @@ sub search { print qq| -
{script}> + {vc}> {type}> @@ -229,10 +258,6 @@ sub search { -{path}> -{login}> -{password}> -
@@ -252,6 +277,8 @@ $jsscript sub remove { $lxdebug->enter_sub(); + assert_bp_access(); + $selected = 0; for $i (1 .. $form->{rowcount}) { @@ -270,12 +297,13 @@ sub remove { print qq| -{script}> + |; map { delete $form->{$_} } qw(action header); foreach $key (keys %$form) { + next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key})); print qq|\n|; } @@ -301,6 +329,8 @@ sub remove { sub yes { $lxdebug->enter_sub(); + assert_bp_access(); + $form->info($locale->text('Removing marked entries from queue ...')); $form->{callback} .= "&header=1" if $form->{callback}; @@ -314,6 +344,8 @@ sub yes { sub print { $lxdebug->enter_sub(); + assert_bp_access(); + $form->get_lists(printers => 'ALL_PRINTERS'); # use the command stored in the databse or fall back to $myconfig{printer} my $selected_printer = (grep { $_->{id} eq $form->{printer} } @{ $form->{ALL_PRINTERS} })[0]->{'printer_command'} || $myconfig{printer}; @@ -326,10 +358,9 @@ sub print { for $i (1 .. $form->{rowcount}) { if ($form->{"checked_$i"}) { - $form->{OUT} = "| $selected_printer"; $form->info($locale->text('Printing ... ')); - if (BP->print_spool(\%myconfig, \%$form, $spool)) { + if (BP->print_spool(\%myconfig, \%$form, $spool, "| $selected_printer")) { print $locale->text('done'); $form->redirect($locale->text('Marked entries printed!')); } @@ -345,6 +376,8 @@ sub print { sub list_spool { $lxdebug->enter_sub(); + assert_bp_access(); + $form->{ $form->{vc} } = $form->unescape($form->{ $form->{vc} }); ($form->{ $form->{vc} }, $form->{"$form->{vc}_id"}) = split(/--/, $form->{ $form->{vc} }); @@ -352,12 +385,11 @@ sub list_spool { BP->get_spoolfiles(\%myconfig, \%$form); $title = $form->escape($form->{title}); - $href = - "$form->{script}?action=list_spool&path=$form->{path}&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + $href = "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; $title = $form->escape($form->{title}, 1); $callback = - "$form->{script}?action=list_spool&path=$form->{path}&login=$form->{login}&password=$form->{password}&vc=$form->{vc}&type=$form->{type}&title=$title"; + "bp.pl?action=list_spool&vc=$form->{vc}&type=$form->{type}&title=$title"; if ($form->{ $form->{vc} }) { $callback .= "&$form->{vc}=" . $form->escape($form->{ $form->{vc} }, 1); @@ -456,7 +488,7 @@ sub list_spool { print qq| -{script}> + @@ -507,11 +539,11 @@ sub list_spool { } $column_data{invnumber} = - ""; + ""; $column_data{ordnumber} = - ""; + ""; $column_data{quonumber} = - ""; + ""; $column_data{name} = ""; $column_data{spoolfile} = qq| @@ -555,10 +587,6 @@ sub list_spool { - -{path}> -{login}> -{password}> |; # if ($myconfig{printer}) { @@ -580,7 +608,7 @@ sub list_spool { $form->get_lists(printers=>"ALL_PRINTERS"); print qq||; # } @@ -598,6 +626,8 @@ print qq||; sub select_all { $lxdebug->enter_sub(); + assert_bp_access(); + map { $form->{"checked_$_"} = 1 } (1 .. $form->{rowcount}); &list_spool;
{id}&path=$form->{path}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&type=$form->{type}&callback=$callback>$ref->{invnumber}{id}&path=$form->{path}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&type=$form->{type}&callback=$callback>$ref->{ordnumber}{id}&path=$form->{path}&login=$form->{login}&password=$form->{password}&type=$form->{type}&callback=$callback>$ref->{quonumber}{id}&type=$form->{type}&callback=$callback>$ref->{quonumber}$ref->{name}{spoolfile}>$ref->{spoolfile}