X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Foe.pl;h=2a90fc6df0873af7d70069a64beb9af993bf560f;hb=9dc9cfefd45e66cb4298dd572e3582613ae547a6;hp=be239299ddd25592094627846f3f656df923e7f5;hpb=50d3e0096d2dec732dad862a3ae6154e0415e824;p=kivitendo-erp.git
diff --git a/bin/mozilla/oe.pl b/bin/mozilla/oe.pl
index be239299d..2a90fc6df 100644
--- a/bin/mozilla/oe.pl
+++ b/bin/mozilla/oe.pl
@@ -33,12 +33,13 @@
use POSIX qw(strftime);
+use SL::FU;
use SL::OE;
use SL::IR;
use SL::IS;
use SL::PE;
use SL::ReportGenerator;
-use List::Util qw(max reduce);
+use List::Util qw(max reduce sum);
require "bin/mozilla/io.pl";
require "bin/mozilla/arap.pl";
@@ -59,9 +60,25 @@ require "bin/mozilla/reportgenerator.pl";
# $locale->text('Workflow request_quotation');
# $locale->text('Workflow sales_quotation');
+my $oe_access_map = {
+ 'sales_order' => 'sales_order_edit',
+ 'purchase_order' => 'purchase_order_edit',
+ 'request_quotation' => 'request_quotation_edit',
+ 'sales_quotation' => 'sales_quotation_edit',
+};
+
+sub check_oe_access {
+ my $right = $oe_access_map->{$form->{type}};
+ $right ||= 'DOES_NOT_EXIST';
+
+ $auth->assert($right);
+}
+
sub set_headings {
$lxdebug->enter_sub();
+ check_oe_access();
+
my ($action) = @_;
if ($form->{type} eq 'purchase_order') {
@@ -99,10 +116,12 @@ sub set_headings {
sub add {
$lxdebug->enter_sub();
+ check_oe_access();
+
set_headings("add");
$form->{callback} =
- "$form->{script}?action=add&type=$form->{type}&vc=$form->{vc}&login=$form->{login}&password=$form->{password}"
+ "$form->{script}?action=add&type=$form->{type}&vc=$form->{vc}"
unless $form->{callback};
&order_links;
@@ -114,6 +133,9 @@ sub add {
sub edit {
$lxdebug->enter_sub();
+
+ check_oe_access();
+
# show history button
$form->{javascript} = qq||;
#/show hhistory button
@@ -161,6 +183,9 @@ sub edit {
sub order_links {
$lxdebug->enter_sub();
+
+ check_oe_access();
+
# get customer/vendor
$form->all_vc(\%myconfig, $form->{vc}, ($form->{vc} eq 'customer') ? "AR" : "AP");
@@ -279,6 +304,9 @@ sub order_links {
sub prepare_order {
$lxdebug->enter_sub();
+
+ check_oe_access();
+
$form->{formname} = $form->{type} unless $form->{formname};
my $i = 0;
@@ -301,6 +329,8 @@ sub form_header {
$lxdebug->enter_sub();
my @custom_hiddens;
+ check_oe_access();
+
# Container for template variables. Unfortunately this has to be visible in form_footer too, so not my.
our %TMPL_VAR = ();
@@ -402,6 +432,19 @@ sub form_header {
$credittext = $locale->text('Credit Limit exceeded!!!');
+ my $follow_up_vc = $form->{ $form->{vc} eq 'customer' ? 'customer' : 'vendor' };
+ $follow_up_vc =~ s/--.*?//;
+ $TMPL_VAR{follow_up_trans_info} = ($form->{type} =~ /_quotation$/ ? $form->{quonumber} : $form->{ordnumber}) . " ($follow_up_vc)";
+
+ if ($form->{id}) {
+ my $follow_ups = FU->follow_ups('trans_id' => $form->{id});
+
+ if (scalar @{ $follow_ups }) {
+ $TMPL_VAR{num_follow_ups} = scalar @{ $follow_ups };
+ $TMPL_VAR{num_due_follow_ups} = sum map { $_->{due} * 1 } @{ $follow_ups };
+ }
+ }
+
$onload = ($form->{resubmit} && ($form->{format} eq "html")) ? "window.open('about:blank','Beleg'); document.oe.target = 'Beleg';document.oe.submit()"
: ($form->{resubmit}) ? "document.oe.submit()"
: ($creditwarning) ? "alert('$credittext')"
@@ -410,7 +453,7 @@ sub form_header {
$onload .= qq|;setupDateFormat('|. $myconfig{dateformat} .qq|', '|. $locale->text("Falsches Datumsformat!") .qq|')|;
$onload .= qq|;setupPoints('|. $myconfig{numberformat} .qq|', '|. $locale->text("wrongformat") .qq|')|;
$TMPL_VAR{onload} = $onload;
-
+
$form->{javascript} .= qq||;
$form->{javascript} .= qq||;
$form->{javascript} .= qq||;
@@ -445,6 +488,8 @@ sub form_header {
sub form_footer {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->{invtotal} = $form->{invsubtotal};
$rows = max 2, $form->numtextrows($form->{notes}, 25, 8);
@@ -510,9 +555,11 @@ sub update {
my ($recursive_call) = shift;
+ check_oe_access();
+
set_headings($form->{"id"} ? "edit" : "add");
- map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) } qw(exchangerate creditlimit creditremaining) unless $recursive_call;
+ map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) } qw(exchangerate) unless $recursive_call;
$form->{update} = 1;
$payment_id = $form->{payment_id} if $form->{payment_id};
@@ -623,6 +670,8 @@ sub update {
sub search {
$lxdebug->enter_sub();
+ check_oe_access();
+
if ($form->{type} eq 'purchase_order') {
$form->{title} = $locale->text('Purchase Orders');
$form->{vc} = 'vendor';
@@ -825,6 +874,8 @@ $employee_block
| . $locale->text('ID') . qq| |
$ordlabel |
+
+
| . $locale->text('Date') . qq| |
| . $locale->text('Required by') . qq| |
@@ -864,8 +915,6 @@ $jsscript
-{login}>
-{password}>
{vc}>
{type}>
@@ -901,6 +950,8 @@ sub create_subtotal_row {
sub orders {
$lxdebug->enter_sub();
+ check_oe_access();
+
$ordnumber = ($form->{type} =~ /_order$/) ? "ordnumber" : "quonumber";
($form->{ $form->{vc} }, $form->{"${form->{vc}}_id"}) = split(/--/, $form->{ $form->{vc} });
@@ -1121,6 +1172,8 @@ sub orders {
sub check_delivered_flag {
$lxdebug->enter_sub();
+ check_oe_access();
+
if (($form->{type} ne 'sales_order') && ($form->{type} ne 'purchase_order')) {
return $lxdebug->leave_sub();
}
@@ -1147,6 +1200,8 @@ sub check_delivered_flag {
sub save_and_close {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
if ($form->{type} =~ /_order$/) {
@@ -1246,6 +1301,8 @@ sub save_and_close {
sub save {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
@@ -1347,6 +1404,8 @@ sub save {
sub delete {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->header;
if ($form->{type} =~ /_order$/) {
@@ -1367,6 +1426,7 @@ sub delete {
map { delete $form->{$_} } qw(action header);
foreach $key (keys %$form) {
+ next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
$form->{$key} =~ s/\"/"/g;
print qq|\n|;
}
@@ -1393,6 +1453,8 @@ sub delete {
sub delete_order_quotation {
$lxdebug->enter_sub();
+ check_oe_access();
+
if ($form->{type} =~ /_order$/) {
$msg = $locale->text('Order deleted!');
$err = $locale->text('Cannot delete order!');
@@ -1419,6 +1481,9 @@ sub delete_order_quotation {
sub invoice {
$lxdebug->enter_sub();
+ check_oe_access();
+ $auth->assert($form->{type} eq 'purchase_order' || $form->{type} eq 'request_quotation' ? 'vendor_invoice_edit' : 'invoice_edit');
+
$form->{old_employee_id} = $form->{employee_id};
$form->{old_salesman_id} = $form->{salesman_id};
@@ -1528,9 +1593,6 @@ sub invoice {
map { $form->{"select$_"} = "" } ($form->{vc}, currency);
- map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) }
- qw(creditlimit creditremaining);
-
$currency = $form->{currency};
&invoice_links;
@@ -1583,6 +1645,9 @@ sub invoice {
sub backorder_exchangerate {
$lxdebug->enter_sub();
+
+ check_oe_access();
+
my ($orddate, $buysell) = @_;
$form->header;
@@ -1597,6 +1662,7 @@ sub backorder_exchangerate {
map { delete $form->{$_} } qw(action header exchangerate);
foreach $key (keys %$form) {
+ next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
$form->{$key} =~ s/\"/"/g;
print qq|\n|;
}
@@ -1605,9 +1671,6 @@ sub backorder_exchangerate {
print qq|
-{login}>
-{password}>
-
@@ -1733,6 +1796,8 @@ sub create_backorder {
sub save_as_new {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->{saveasnew} = 1;
$form->{closed} = 0;
map { delete $form->{$_} } qw(printed emailed queued);
@@ -1755,6 +1820,8 @@ sub save_as_new {
sub check_for_direct_delivery_yes {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->{direct_delivery_checked} = 1;
delete @{$form}{grep /^shipto/, keys %{ $form }};
map { s/^CFDD_//; $form->{$_} = $form->{"CFDD_${_}"} } grep /^CFDD_/, keys %{ $form };
@@ -1766,6 +1833,8 @@ sub check_for_direct_delivery_yes {
sub check_for_direct_delivery_no {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->{direct_delivery_checked} = 1;
delete @{$form}{grep /^shipto/, keys %{ $form }};
purchase_order();
@@ -1776,6 +1845,8 @@ sub check_for_direct_delivery_no {
sub check_for_direct_delivery {
$lxdebug->enter_sub();
+ check_oe_access();
+
if ($form->{direct_delivery_checked}
|| (!$form->{shiptoname} && !$form->{shiptostreet} && !$form->{shipto_id})) {
$lxdebug->leave_sub();
@@ -1790,7 +1861,7 @@ sub check_for_direct_delivery {
}
delete $form->{action};
- $form->{VARIABLES} = [ map { { "key" => $_, "value" => $form->{$_} } } grep { ref $_ eq "" } keys %{ $form } ];
+ $form->{VARIABLES} = [ map { { "key" => $_, "value" => $form->{$_} } } grep { ($_ ne 'login') && ($_ ne 'password') && (ref $_ eq "") } keys %{ $form } ];
$form->header();
print $form->parse_html_template("oe/check_for_direct_delivery");
@@ -1803,6 +1874,9 @@ sub check_for_direct_delivery {
sub purchase_order {
$lxdebug->enter_sub();
+ check_oe_access();
+ $auth->assert('purchase_order_edit');
+
if ($form->{type} eq 'sales_order') {
check_for_direct_delivery();
}
@@ -1830,6 +1904,9 @@ sub purchase_order {
sub sales_order {
$lxdebug->enter_sub();
+ check_oe_access();
+ $auth->assert('sales_order_edit');
+
if ( $form->{type} eq 'sales_quotation'
|| $form->{type} eq 'request_quotation') {
OE->close_order(\%myconfig, $form);
@@ -1853,6 +1930,9 @@ sub sales_order {
sub poso {
$lxdebug->enter_sub();
+ check_oe_access();
+ $auth->assert('purchase_order_edit | sales_order_edit');
+
$form->{transdate} = $form->current_date(\%myconfig);
delete $form->{duedate};
@@ -1882,17 +1962,63 @@ sub poso {
qw(partnumber description unit);
}
- map { $form->{$_} = $form->format_amount(\%myconfig, $form->{$_}, 0, "0") }
- qw(creditlimit creditremaining);
-
&update;
$lxdebug->leave_sub();
}
+sub delivery_order {
+ $lxdebug->enter_sub();
+
+ if ($form->{type} =~ /^sales/) {
+ $auth->assert('sales_delivery_order_edit');
+
+ $form->{vc} = 'customer';
+ $form->{type} = 'sales_delivery_order';
+
+ } else {
+ $auth->assert('purchase_delivery_order_edit');
+
+ $form->{vc} = 'vendor';
+ $form->{type} = 'purchase_delivery_order';
+ }
+
+ require "bin/mozilla/do.pl";
+
+ $form->{cp_id} *= 1;
+ $form->{transdate} = $form->current_date(\%myconfig);
+ delete $form->{duedate};
+
+ $form->{closed} = 0;
+
+ $form->{old_employee_id} = $form->{employee_id};
+ $form->{old_salesman_id} = $form->{salesman_id};
+
+ # reset
+ map { delete $form->{$_} } qw(id subject message cc bcc printed emailed queued creditlimit creditremaining discount tradediscount oldinvtotal);
+
+ for $i (1 .. $form->{rowcount}) {
+ map { $form->{"${_}_${i}"} = $form->parse_amount(\%myconfig, $form->{"${_}_${i}"}) if ($form->{"${_}_${i}"}) } qw(ship qty sellprice listprice basefactor);
+ }
+
+ my %old_values = map { $_ => $form->{$_} } qw(customer_id oldcustomer customer vendor_id oldvendor vendor);
+
+ order_links();
+
+ prepare_order();
+
+ map { $form->{$_} = $old_values{$_} if ($old_values{$_}) } keys %old_values;
+
+ update();
+
+ $lxdebug->leave_sub();
+}
+
sub e_mail {
$lxdebug->enter_sub();
+ check_oe_access();
+
$form->{print_and_save} = 1;
$print_post = 1;
@@ -1901,10 +2027,7 @@ sub e_mail {
save();
- my %saved_vars;
- map({ $saved_vars{$_} = $form->{$_}; } qw(id ordnumber quonumber));
- restore_form($saved_form);
- map({ $form->{$_} = $saved_vars{$_}; } qw(id ordnumber quonumber));
+ restore_form($saved_form, 0, qw(id ordnumber quonumber));
edit_e_mail();
@@ -1925,6 +2048,10 @@ sub no {
sub display_form {
$lxdebug->enter_sub();
+ check_oe_access();
+
+ retrieve_partunits() if ($form->{type} =~ /_delivery_order$/);
+
$form->{"taxaccounts"} =~ s/\s*$//;
$form->{"taxaccounts"} =~ s/^\s*//;
foreach my $accno (split(/\s*/, $form->{"taxaccounts"})) {
@@ -1953,3 +2080,21 @@ sub display_form {
$lxdebug->leave_sub();
}
+sub report_for_todo_list {
+ $lxdebug->enter_sub();
+
+ my $quotations = OE->transactions_for_todo_list();
+ my $content;
+
+ if (@{ $quotations }) {
+ my $edit_url = build_std_url('script=oe.pl', 'action=edit', 'type=sales_quotation', 'vc=customer');
+
+ $content = $form->parse_html_template('oe/report_for_todo_list', { 'QUOTATIONS' => $quotations,
+ 'edit_url' => $edit_url });
+ }
+
+ $lxdebug->leave_sub();
+
+ return $content;
+}
+