X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Fir.pl;h=5b47194869a060c228a721d344d5a445d68534fd;hb=4923839ef41fc8c2fec0d27b300d1fa2ea655777;hp=ad850892238eb16f5ba8c7bfcf86951dc3fc931c;hpb=1e25131315e72036aa6df1d626011a761218d233;p=kivitendo-erp.git

diff --git a/bin/mozilla/ir.pl b/bin/mozilla/ir.pl
index ad8508922..5b4719486 100644
--- a/bin/mozilla/ir.pl
+++ b/bin/mozilla/ir.pl
@@ -37,6 +37,7 @@ use SL::PE;
 use List::Util qw(max);
 
 require "bin/mozilla/io.pl";
+require "bin/mozilla/invoice_io.pl";
 require "bin/mozilla/arap.pl";
 require "bin/mozilla/common.pl";
 require "bin/mozilla/drafts.pl";
@@ -48,6 +49,8 @@ require "bin/mozilla/drafts.pl";
 sub add {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   return $lxdebug->leave_sub() if (load_draft_maybe());
 
   $form->{title} = $locale->text('Add Vendor Invoice');
@@ -61,7 +64,9 @@ sub add {
 
 sub edit {
   $lxdebug->enter_sub();
-  $form->{"Watchdog::qty_1"} = 1;
+
+  $auth->assert('vendor_invoice_edit');
+
   # show history button
   $form->{javascript} = qq|<script type=text/javascript src=js/show_history.js></script>|;
   #/show hhistory button
@@ -78,6 +83,8 @@ sub edit {
 sub invoice_links {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   # create links
   $form->{webdav}   = $webdav;
   $form->{jsscript} = 1;
@@ -181,6 +188,8 @@ sub invoice_links {
 sub prepare_invoice {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   if ($form->{id}) {
 
     map { $form->{$_} =~ s/\"/&quot;/g } qw(invnumber ordnumber quonumber);
@@ -214,6 +223,8 @@ sub prepare_invoice {
 sub form_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   # set option selected
   foreach $item (qw(AP vendor currency department)) {
     $form->{"select$item"} =~ s/ selected//;
@@ -381,7 +392,7 @@ sub form_header {
          <input type=button name=invdate id="trigger1" value=| . $locale->text('button') . qq|></td>\n|;
   $button2 = qq|
      <td width="13"><input name=duedate id=duedate size=11 title="$myconfig{dateformat}" value="$form->{duedate}"  onBlur=\"check_right_date_format(this)\">
-                    <input type=button name=duedate id="trigger2" value=| . $locale->text('button') . qq|></td></td>\n|;
+                    <input type=button name=duedate id="trigger2" value=| . $locale->text('button') . qq|></td>\n|;
 
   #write Trigger
   $jsscript =
@@ -498,6 +509,8 @@ $jsscript
 sub form_footer {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   $form->{invtotal} = $form->{invsubtotal};
 
   if (($rows = $form->numtextrows($form->{notes}, 25, 8)) < 2) {
@@ -810,7 +823,7 @@ sub form_footer {
   }
 
   print $form->write_trigger(\%myconfig, scalar(@triggers) / 3, @triggers);
-  $form->hide_form(qw(rowcount callback draft_id draft_description login password));
+  $form->hide_form(qw(rowcount callback draft_id draft_description));
 
   # button for saving history
   if($form->{id} ne "") {
@@ -839,13 +852,19 @@ print qq|</form>
 
 sub mark_as_paid {
   $lxdebug->enter_sub();
+
+  $auth->assert('vendor_invoice_edit');
+
   &mark_as_paid_common(\%myconfig,"ap");  
+
   $lxdebug->leave_sub();
 }
 
 sub update {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) } qw(exchangerate creditlimit creditremaining);
 
   &check_name(vendor);
@@ -935,6 +954,8 @@ sub update {
 sub storno {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   if ($form->{storno}) {
     $form->error($locale->text('Cannot storno storno invoice!'));
   }
@@ -974,6 +995,8 @@ sub storno {
 sub use_as_template {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   map { delete $form->{$_} } qw(printed emailed queued invnumber invdate deliverydate id datepaid_1 source_1 memo_1 paid_1 exchangerate_1 AP_paid_1 storno);
   $form->{paidaccounts} = 1;
   $form->{rowcount}--;
@@ -986,6 +1009,8 @@ sub use_as_template {
 sub post_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   $form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
   for $i (1 .. $form->{paidaccounts}) {
     if ($form->{"paid_$i"}) {
@@ -1028,6 +1053,8 @@ sub post_payment {
 sub post {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   $form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
 
   $form->isblank("invdate", $locale->text('Invoice Date missing!'));
@@ -1101,6 +1128,8 @@ sub post {
 sub delete {
   $lxdebug->enter_sub();
 
+  $auth->assert('vendor_invoice_edit');
+
   $form->header;
   print qq|
 <body>
@@ -1112,6 +1141,7 @@ sub delete {
   map { delete $form->{$_} } qw(action header);
 
   foreach $key (keys %$form) {
+    next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
     $form->{$key} =~ s/\"/&quot;/g;
     print qq|<input type=hidden name=$key value="$form->{$key}">\n|;
   }
@@ -1133,6 +1163,9 @@ sub delete {
 
 sub yes {
   $lxdebug->enter_sub();
+
+  $auth->assert('vendor_invoice_edit');
+
   if (IR->delete_invoice(\%myconfig, \%$form)) {
     # saving the history
     if(!exists $form->{addition}) {