#
sub check_auth {
- $::auth->assert('edit_prices');
+ if ($::form->{vc} eq 'customer') {
+ $::auth->assert('sales_edit_prices');
+ } elsif ($::form->{vc} eq 'vendor') {
+ $::auth->assert('purchase_edit_prices');
+ } else {
+ $::auth->assert('no_such_right');
+ }
}
sub init_record {
}
1;
-
}
}
- my $edit_prices = $main::auth->assert('edit_prices', 1) && (!$::form->{"active_price_source_$i"} || !$price || $price->editable);
- my $edit_discounts = $main::auth->assert('edit_prices', 1) && !$::form->{"active_discount_source_$i"};
+ my $right_to_edit_prices = (!$is_purchase && $main::auth->assert('sales_edit_prices', 1)) || ($is_purchase && $main::auth->assert('purchase_edit_prices', 1));
+ my $edit_prices = $right_to_edit_prices && (!$::form->{"active_price_source_$i"} || !$price || $price->editable);
+ my $edit_discounts = $right_to_edit_prices && !$::form->{"active_discount_source_$i"};
$column_data{sellprice} = (!$edit_prices)
? $cgi->hidden( -name => "sellprice_$i", -id => "sellprice_$i", -value => $sellprice_value) . $sellprice_value
: $cgi->textfield(-name => "sellprice_$i", -id => "sellprice_$i", -size => 10, -class => "numeric", -value => $sellprice_value);
[%- USE LxERP %]
[% SET best_price = price_source.best_price %]
[% SET best_discount = price_source.best_discount %]
-[% SET price_editable = AUTH.assert('edit_prices', 1) %]
+[% SET price_editable = 0 %]
+[% IF (FORM.type == "sales_order" || FORM.type == "sales_quotation") %]
+ [% SET price_editable = AUTH.assert('sales_edit_prices', 1) %]
+[% END %]
+[% IF (FORM.type == "purchase_order" || FORM.type == "request_quotation") %]
+ [% SET price_editable = AUTH.assert('purchase_edit_prices', 1) %]
+[% END %]
<h2>[% 'Prices' | $T8 %]</h2>
<table>
ITEM.active_price_source.source_description _ ' | ' _ ITEM.active_discount_source.source_description,
name = "price_chooser_button") %]
</td>
+ [% SET RIGHT_TO_EDIT_PRICES = 0 %]
+ [% IF (SELF.type == "sales_order" || SELF.type == "sales_quotation") %]
+ [% SET RIGHT_TO_EDIT_PRICES = AUTH.assert('sales_edit_prices', 1) %]
+ [% END %]
+ [% IF (SELF.type == "purchase_order" || SELF.type == "request_quotation") %]
+ [% SET RIGHT_TO_EDIT_PRICES = AUTH.assert('purchase_edit_prices', 1) %]
+ [% END %]
<td>
[%- L.hidden_tag("order.orderitems[].active_price_source", ITEM.active_price_source.source) %]
- [%- SET EDIT_PRICE = (AUTH.assert('edit_prices', 1) && ITEM.active_price_source.source == '') %]
+ [%- SET EDIT_PRICE = (RIGHT_TO_EDIT_PRICES && ITEM.active_price_source.source == '') %]
<div name="editable_price" [%- IF !EDIT_PRICE %]style="display:none"[%- END %] class="numeric">
[%- L.input_tag("order.orderitems[].sellprice_as_number",
ITEM.sellprice_as_number,
</td>
<td>
[%- L.hidden_tag("order.orderitems[].active_discount_source", ITEM.active_discount_source.source) %]
- [%- SET EDIT_DISCOUNT = (AUTH.assert('edit_prices', 1) && ITEM.active_discount_source.source == '') %]
+ [%- SET EDIT_DISCOUNT = (RIGHT_TO_EDIT_PRICES && ITEM.active_discount_source.source == '') %]
<div name="editable_discount" [%- IF !EDIT_DISCOUNT %]style="display:none"[%- END %] class="numeric">
[%- L.input_tag("order.orderitems[].discount_as_percent",
ITEM.discount_as_percent,