Rechte unter Kunden&Lieferanten/Lieferungen beachten

fixt #2399

diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm
index e81e387..de77490 100644 (file)
--- a/SL/Controller/CustomerVendor.pm
+++ b/SL/Controller/CustomerVendor.pm
@@ -394,6 +394,8 @@ sub action_search_contact {
 sub action_get_delivery {
   my ($self) = @_;
 
+  $::auth->assert('sales_all_edit');
+
   my $dbh = $::form->get_standard_dbh();
 
   my ($arap, $db, $qty_sign);

diff --git a/templates/webpages/customer_vendor/form.html b/templates/webpages/customer_vendor/form.html
index c8ec6b0..a0d1ab9 100644 (file)
--- a/templates/webpages/customer_vendor/form.html
+++ b/templates/webpages/customer_vendor/form.html
@@ -18,7 +18,7 @@
       <li><a href="#billing">[% 'Billing Address' | $T8 %]</a></li>
       <li><a href="#shipto">[% 'Shipping Address' | $T8 %]</a></li>
       <li><a href="#contacts">[% 'Contacts' | $T8 %]</a></li>
-      [% IF ( SELF.cv.id ) %]
+      [% IF ( SELF.cv.id && AUTH.assert('sales_all_edit', 1) ) %]
         <li><a href="#deliveries">[% 'Supplies' | $T8 %]</a></li>
       [% END %]
       <li><a href="#vcnotes">[% 'Notes' | $T8 %]</a></li>
@@ -31,7 +31,7 @@
     [% PROCESS "customer_vendor/tabs/billing.html" %]
     [% PROCESS "customer_vendor/tabs/shipto.html" %]
     [% PROCESS "customer_vendor/tabs/contacts.html" %]
-    [% IF ( SELF.cv.id ) %]
+    [% IF ( SELF.cv.id && AUTH.assert('sales_all_edit', 1) ) %]
       [% PROCESS "customer_vendor/tabs/deliveries.html" %]
     [% END %]
     [% PROCESS "customer_vendor/tabs/vcnotes.html" %]