X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=bin%2Fmozilla%2Foe.pl;h=2a90fc6df0873af7d70069a64beb9af993bf560f;hb=d707f7ac60b9dbe7da50d733db1e73eae84952f7;hp=c7d289f119dc4632dc9bff4fff5cb357a40be47b;hpb=91ab1ef646193de9359076a876a33a74d7691145;p=kivitendo-erp.git

diff --git a/bin/mozilla/oe.pl b/bin/mozilla/oe.pl
index c7d289f11..2a90fc6df 100644
--- a/bin/mozilla/oe.pl
+++ b/bin/mozilla/oe.pl
@@ -33,12 +33,13 @@
 
 use POSIX qw(strftime);
 
+use SL::FU;
 use SL::OE;
 use SL::IR;
 use SL::IS;
 use SL::PE;
 use SL::ReportGenerator;
-use List::Util qw(max reduce);
+use List::Util qw(max reduce sum);
 
 require "bin/mozilla/io.pl";
 require "bin/mozilla/arap.pl";
@@ -59,9 +60,25 @@ require "bin/mozilla/reportgenerator.pl";
 # $locale->text('Workflow request_quotation');
 # $locale->text('Workflow sales_quotation');
 
+my $oe_access_map = {
+  'sales_order'       => 'sales_order_edit',
+  'purchase_order'    => 'purchase_order_edit',
+  'request_quotation' => 'request_quotation_edit',
+  'sales_quotation'   => 'sales_quotation_edit',
+};
+
+sub check_oe_access {
+  my $right   = $oe_access_map->{$form->{type}};
+  $right    ||= 'DOES_NOT_EXIST';
+
+  $auth->assert($right);
+}
+
 sub set_headings {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   my ($action) = @_;
 
   if ($form->{type} eq 'purchase_order') {
@@ -99,10 +116,12 @@ sub set_headings {
 sub add {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   set_headings("add");
 
   $form->{callback} =
-    "$form->{script}?action=add&type=$form->{type}&vc=$form->{vc}&login=$form->{login}&password=$form->{password}"
+    "$form->{script}?action=add&type=$form->{type}&vc=$form->{vc}"
     unless $form->{callback};
 
   &order_links;
@@ -114,6 +133,9 @@ sub add {
 
 sub edit {
   $lxdebug->enter_sub();
+
+  check_oe_access();
+
   # show history button
   $form->{javascript} = qq|<script type="text/javascript" src="js/show_history.js"></script>|;
   #/show hhistory button
@@ -161,6 +183,9 @@ sub edit {
 
 sub order_links {
   $lxdebug->enter_sub();
+
+  check_oe_access();
+
   # get customer/vendor
   $form->all_vc(\%myconfig, $form->{vc}, ($form->{vc} eq 'customer') ? "AR" : "AP");
 
@@ -279,6 +304,9 @@ sub order_links {
 
 sub prepare_order {
   $lxdebug->enter_sub();
+
+  check_oe_access();
+
   $form->{formname} = $form->{type} unless $form->{formname};
 
   my $i = 0;
@@ -301,6 +329,8 @@ sub form_header {
   $lxdebug->enter_sub();
   my @custom_hiddens;
 
+  check_oe_access();
+
   # Container for template variables. Unfortunately this has to be visible in form_footer too, so not my.
   our %TMPL_VAR = ();
 
@@ -402,6 +432,19 @@ sub form_header {
 
   $credittext = $locale->text('Credit Limit exceeded!!!');
 
+  my $follow_up_vc                =  $form->{ $form->{vc} eq 'customer' ? 'customer' : 'vendor' };
+  $follow_up_vc                   =~ s/--.*?//;
+  $TMPL_VAR{follow_up_trans_info} =  ($form->{type} =~ /_quotation$/ ? $form->{quonumber} : $form->{ordnumber}) . " ($follow_up_vc)";
+
+  if ($form->{id}) {
+    my $follow_ups = FU->follow_ups('trans_id' => $form->{id});
+
+    if (scalar @{ $follow_ups }) {
+      $TMPL_VAR{num_follow_ups}     = scalar                    @{ $follow_ups };
+      $TMPL_VAR{num_due_follow_ups} = sum map { $_->{due} * 1 } @{ $follow_ups };
+    }
+  }
+
   $onload = ($form->{resubmit} && ($form->{format} eq "html")) ? "window.open('about:blank','Beleg'); document.oe.target = 'Beleg';document.oe.submit()"
           : ($form->{resubmit})                                ? "document.oe.submit()"
           : ($creditwarning)                                   ? "alert('$credittext')"
@@ -410,7 +453,7 @@ sub form_header {
   $onload .= qq|;setupDateFormat('|. $myconfig{dateformat} .qq|', '|. $locale->text("Falsches Datumsformat!") .qq|')|;
   $onload .= qq|;setupPoints('|.   $myconfig{numberformat} .qq|', '|. $locale->text("wrongformat") .qq|')|;
   $TMPL_VAR{onload} = $onload;
-  
+
   $form->{javascript} .= qq|<script type="text/javascript" src="js/show_form_details.js"></script>|;
   $form->{javascript} .= qq|<script type="text/javascript" src="js/show_history.js"></script>|;
   $form->{javascript} .= qq|<script type="text/javascript" src="js/show_vc_details.js"></script>|;
@@ -445,6 +488,8 @@ sub form_header {
 sub form_footer {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->{invtotal} = $form->{invsubtotal};
 
   $rows    = max 2, $form->numtextrows($form->{notes}, 25, 8);
@@ -510,9 +555,11 @@ sub update {
   
   my ($recursive_call) = shift;
 
+  check_oe_access();
+
   set_headings($form->{"id"} ? "edit" : "add");
 
-  map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) } qw(exchangerate creditlimit creditremaining) unless $recursive_call;
+  map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) } qw(exchangerate) unless $recursive_call;
   $form->{update} = 1;
       
   $payment_id = $form->{payment_id} if $form->{payment_id};
@@ -623,6 +670,8 @@ sub update {
 sub search {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   if ($form->{type} eq 'purchase_order') {
     $form->{title} = $locale->text('Purchase Orders');
     $form->{vc}    = 'vendor';
@@ -825,6 +874,8 @@ $employee_block
 	      <tr>
 		<td><input name="l_id" class=checkbox type=checkbox value=Y> | . $locale->text('ID') . qq|</td>
 		<td><input name="l_$ordnumber" class=checkbox type=checkbox value=Y checked> $ordlabel</td>
+	      </tr>
+	      <tr>
 		<td><input name="l_transdate" class=checkbox type=checkbox value=Y checked> | . $locale->text('Date') . qq|</td>
 		<td><input name="l_reqdate" class=checkbox type=checkbox value=Y checked> | . $locale->text('Required by') . qq|</td>
 	      </tr>
@@ -864,8 +915,6 @@ $jsscript
 
 <br>
 <input type=hidden name=nextsub value=orders>
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
 <input type=hidden name=vc value=$form->{vc}>
 <input type=hidden name=type value=$form->{type}>
 
@@ -901,6 +950,8 @@ sub create_subtotal_row {
 sub orders {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $ordnumber = ($form->{type} =~ /_order$/) ? "ordnumber" : "quonumber";
 
   ($form->{ $form->{vc} }, $form->{"${form->{vc}}_id"}) = split(/--/, $form->{ $form->{vc} });
@@ -979,7 +1030,7 @@ sub orders {
     'transaction_description' => { 'text' => $locale->text('Transaction description'), },
     'open'                    => { 'text' => $locale->text('Open'), },
     'delivered'               => { 'text' => $locale->text('Delivered'), },
-    'marge_total'                   => { 'text' => $locale->text('Ertrag'), },
+    'marge_total'             => { 'text' => $locale->text('Ertrag'), },
     'marge_percent'           => { 'text' => $locale->text('Ertrag prozentual'), }
   );
 
@@ -1121,6 +1172,8 @@ sub orders {
 sub check_delivered_flag {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   if (($form->{type} ne 'sales_order') && ($form->{type} ne 'purchase_order')) {
     return $lxdebug->leave_sub();
   }
@@ -1147,6 +1200,8 @@ sub check_delivered_flag {
 sub save_and_close {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
 
   if ($form->{type} =~ /_order$/) {
@@ -1246,6 +1301,8 @@ sub save_and_close {
 sub save {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
 
 
@@ -1347,6 +1404,8 @@ sub save {
 sub delete {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->header;
 
   if ($form->{type} =~ /_order$/) {
@@ -1367,6 +1426,7 @@ sub delete {
   map { delete $form->{$_} } qw(action header);
 
   foreach $key (keys %$form) {
+    next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
     $form->{$key} =~ s/\"/&quot;/g;
     print qq|<input type=hidden name=$key value="$form->{$key}">\n|;
   }
@@ -1393,6 +1453,8 @@ sub delete {
 sub delete_order_quotation {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   if ($form->{type} =~ /_order$/) {
     $msg = $locale->text('Order deleted!');
     $err = $locale->text('Cannot delete order!');
@@ -1419,6 +1481,9 @@ sub delete_order_quotation {
 sub invoice {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+  $auth->assert($form->{type} eq 'purchase_order' || $form->{type} eq 'request_quotation' ? 'vendor_invoice_edit' : 'invoice_edit');
+
   $form->{old_employee_id} = $form->{employee_id};
   $form->{old_salesman_id} = $form->{salesman_id};
 
@@ -1528,9 +1593,6 @@ sub invoice {
 
   map { $form->{"select$_"} = "" } ($form->{vc}, currency);
 
-  map { $form->{$_} = $form->parse_amount(\%myconfig, $form->{$_}) }
-    qw(creditlimit creditremaining);
-
   $currency = $form->{currency};
   &invoice_links;
 
@@ -1583,6 +1645,9 @@ sub invoice {
 
 sub backorder_exchangerate {
   $lxdebug->enter_sub();
+
+  check_oe_access();
+
   my ($orddate, $buysell) = @_;
 
   $form->header;
@@ -1597,6 +1662,7 @@ sub backorder_exchangerate {
   map { delete $form->{$_} } qw(action header exchangerate);
 
   foreach $key (keys %$form) {
+    next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
     $form->{$key} =~ s/\"/&quot;/g;
     print qq|<input type=hidden name=$key value="$form->{$key}">\n|;
   }
@@ -1605,9 +1671,6 @@ sub backorder_exchangerate {
 
   print qq|
 
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
-
 <input type=hidden name=exchangeratedate value=$orddate>
 <input type=hidden name=buysell value=$buysell>
 
@@ -1733,6 +1796,8 @@ sub create_backorder {
 sub save_as_new {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->{saveasnew} = 1;
   $form->{closed}    = 0;
   map { delete $form->{$_} } qw(printed emailed queued);
@@ -1755,6 +1820,8 @@ sub save_as_new {
 sub check_for_direct_delivery_yes {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->{direct_delivery_checked} = 1;
   delete @{$form}{grep /^shipto/, keys %{ $form }};
   map { s/^CFDD_//; $form->{$_} = $form->{"CFDD_${_}"} } grep /^CFDD_/, keys %{ $form };
@@ -1766,6 +1833,8 @@ sub check_for_direct_delivery_yes {
 sub check_for_direct_delivery_no {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->{direct_delivery_checked} = 1;
   delete @{$form}{grep /^shipto/, keys %{ $form }};
   purchase_order();
@@ -1776,6 +1845,8 @@ sub check_for_direct_delivery_no {
 sub check_for_direct_delivery {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   if ($form->{direct_delivery_checked}
       || (!$form->{shiptoname} && !$form->{shiptostreet} && !$form->{shipto_id})) {
     $lxdebug->leave_sub();
@@ -1790,7 +1861,7 @@ sub check_for_direct_delivery {
   }
 
   delete $form->{action};
-  $form->{VARIABLES} = [ map { { "key" => $_, "value" => $form->{$_} } } grep { ref $_ eq "" } keys %{ $form } ];
+  $form->{VARIABLES} = [ map { { "key" => $_, "value" => $form->{$_} } } grep { ($_ ne 'login') && ($_ ne 'password') && (ref $_ eq "") } keys %{ $form } ];
 
   $form->header();
   print $form->parse_html_template("oe/check_for_direct_delivery");
@@ -1803,6 +1874,9 @@ sub check_for_direct_delivery {
 sub purchase_order {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+  $auth->assert('purchase_order_edit');
+
   if ($form->{type} eq 'sales_order') {
     check_for_direct_delivery();
   }
@@ -1830,6 +1904,9 @@ sub purchase_order {
 sub sales_order {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+  $auth->assert('sales_order_edit');
+
   if (   $form->{type} eq 'sales_quotation'
       || $form->{type} eq 'request_quotation') {
     OE->close_order(\%myconfig, $form);
@@ -1853,6 +1930,9 @@ sub sales_order {
 sub poso {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+  $auth->assert('purchase_order_edit | sales_order_edit');
+
   $form->{transdate} = $form->current_date(\%myconfig);
   delete $form->{duedate};
 
@@ -1882,17 +1962,63 @@ sub poso {
       qw(partnumber description unit);
   }
 
-  map { $form->{$_} = $form->format_amount(\%myconfig, $form->{$_}, 0, "0") }
-    qw(creditlimit creditremaining);
-
   &update;
 
   $lxdebug->leave_sub();
 }
 
+sub delivery_order {
+  $lxdebug->enter_sub();
+
+  if ($form->{type} =~ /^sales/) {
+    $auth->assert('sales_delivery_order_edit');
+
+    $form->{vc}    = 'customer';
+    $form->{type}  = 'sales_delivery_order';
+
+  } else {
+    $auth->assert('purchase_delivery_order_edit');
+
+    $form->{vc}    = 'vendor';
+    $form->{type}  = 'purchase_delivery_order';
+  }
+
+  require "bin/mozilla/do.pl";
+
+  $form->{cp_id}           *= 1;
+  $form->{transdate}        = $form->current_date(\%myconfig);
+  delete $form->{duedate};
+
+  $form->{closed}           = 0;
+
+  $form->{old_employee_id}  = $form->{employee_id};
+  $form->{old_salesman_id}  = $form->{salesman_id};
+
+  # reset
+  map { delete $form->{$_} } qw(id subject message cc bcc printed emailed queued creditlimit creditremaining discount tradediscount oldinvtotal);
+
+  for $i (1 .. $form->{rowcount}) {
+    map { $form->{"${_}_${i}"} = $form->parse_amount(\%myconfig, $form->{"${_}_${i}"}) if ($form->{"${_}_${i}"}) } qw(ship qty sellprice listprice basefactor);
+  }
+
+  my %old_values = map { $_ => $form->{$_} } qw(customer_id oldcustomer customer vendor_id oldvendor vendor);
+
+  order_links();
+
+  prepare_order();
+
+  map { $form->{$_} = $old_values{$_} if ($old_values{$_}) } keys %old_values;
+
+  update();
+
+  $lxdebug->leave_sub();
+}
+
 sub e_mail {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
   $form->{print_and_save} = 1;
 
   $print_post = 1;
@@ -1901,10 +2027,7 @@ sub e_mail {
 
   save();
 
-  my %saved_vars;
-  map({ $saved_vars{$_} = $form->{$_}; } qw(id ordnumber quonumber));
-  restore_form($saved_form);
-  map({ $form->{$_} = $saved_vars{$_}; } qw(id ordnumber quonumber));
+  restore_form($saved_form, 0, qw(id ordnumber quonumber));
 
   edit_e_mail();
 
@@ -1925,6 +2048,10 @@ sub no {
 sub display_form {
   $lxdebug->enter_sub();
 
+  check_oe_access();
+
+  retrieve_partunits() if ($form->{type} =~ /_delivery_order$/);
+
   $form->{"taxaccounts"} =~ s/\s*$//;
   $form->{"taxaccounts"} =~ s/^\s*//;
   foreach my $accno (split(/\s*/, $form->{"taxaccounts"})) {
@@ -1953,3 +2080,21 @@ sub display_form {
   $lxdebug->leave_sub();
 }
 
+sub report_for_todo_list {
+  $lxdebug->enter_sub();
+
+  my $quotations = OE->transactions_for_todo_list();
+  my $content;
+
+  if (@{ $quotations }) {
+    my $edit_url = build_std_url('script=oe.pl', 'action=edit', 'type=sales_quotation', 'vc=customer');
+
+    $content     = $form->parse_html_template('oe/report_for_todo_list', { 'QUOTATIONS' => $quotations,
+                                                                           'edit_url'   => $edit_url });
+  }
+
+  $lxdebug->leave_sub();
+
+  return $content;
+}
+