projects / kivitendo-erp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 64e2e51)
Recht: Ansehen von Belegen bei Angebot und Auftrag berücksichtigen
authorBernd Bleßmann <bernd@kivitendo-premium.de>
Wed, 2 Mar 2022 15:17:54 +0000 (16:17 +0100)
committerBernd Bleßmann <bernd@kivitendo-premium.de>
Wed, 2 Mar 2022 15:17:54 +0000 (16:17 +0100)
Ansehen nur im neuen Auftrags-Controller

SL/Controller/Order.pm patch | blob | history
SL/Controller/TopQuickSearch/PurchaseOrder.pm patch | blob | history
SL/Controller/TopQuickSearch/RequestForQuotation.pm patch | blob | history
SL/Controller/TopQuickSearch/SalesOrder.pm patch | blob | history
SL/Controller/TopQuickSearch/SalesQuotation.pm patch | blob | history
bin/mozilla/oe.pl patch | blob | history
menus/user/00-erp.yaml patch | blob | history

diff --git a/SL/Controller/Order.pm b/SL/Controller/Order.pm
index 6571eec..87a9e9c 100644 (file)
--- a/SL/Controller/Order.pm
+++ b/SL/Controller/Order.pm
@@ -56,6 +56,9 @@ use Rose::Object::MakeMethods::Generic
 # safety
 __PACKAGE__->run_before('check_auth');
 
+__PACKAGE__->run_before('check_auth_save',
+                        except => [ qw(edit show_customer_vendor_details_dialog price_popup load_second_rows) ]);
+
 __PACKAGE__->run_before('recalc',
                         only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_invoice_for_advance_payment save_and_final_invoice save_and_ap_transaction
                                      print send_email) ]);
@@ -1370,6 +1373,17 @@ sub init_part_picker_classification_ids {
 sub check_auth {
   my ($self) = @_;
 
+  my $right_for = { map { $_ => $_.'_edit' . ' | ' . $_.'_view' } @{$self->valid_types} };
+
+  my $right   = $right_for->{ $self->type };
+  $right    ||= 'DOES_NOT_EXIST';
+
+  $::auth->assert($right);
+}
+
+sub check_auth_save {
+  my ($self) = @_;
+
   my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} };
 
   my $right   = $right_for->{ $self->type };
@@ -2018,6 +2032,11 @@ sub setup_edit_action_bar {
     $has_final_invoice               = any {'SL::DB::Invoice' eq ref $_ && "final_invoice" eq $_->type} @$lr;
   }
 
+  my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} };
+  my $right     = $right_for->{ $self->type };
+  $right      ||= 'DOES_NOT_EXIST';
+
+  if ($::auth->assert($right, 1)) {
   for my $bar ($::request->layout->get('actionbar')) {
     $bar->add(
       combobox => [
@@ -2164,6 +2183,12 @@ sub setup_edit_action_bar {
         only_if  => $deletion_allowed,
       ],
 
+    );
+  }
+  }
+
+  for my $bar ($::request->layout->get('actionbar')) {
+    $bar->add(
       combobox => [
         action => [
           t8('more')
@@ -2182,6 +2207,7 @@ sub setup_edit_action_bar {
       ], # end of combobox "more"
     );
   }
+
 }
 
 sub generate_doc {
diff --git a/SL/Controller/TopQuickSearch/PurchaseOrder.pm b/SL/Controller/TopQuickSearch/PurchaseOrder.pm
index 4013c8a..f64fb83 100644 (file)
--- a/SL/Controller/TopQuickSearch/PurchaseOrder.pm
+++ b/SL/Controller/TopQuickSearch/PurchaseOrder.pm
@@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord);
 
 use SL::Locale::String qw(t8);
 
-sub auth { 'purchase_order_edit' }
+sub auth { 'purchase_order_edit | purchase_order_view' }
 
 sub name { 'purchase_order' }
 
diff --git a/SL/Controller/TopQuickSearch/RequestForQuotation.pm b/SL/Controller/TopQuickSearch/RequestForQuotation.pm
index 3b2adef..d957100 100644 (file)
--- a/SL/Controller/TopQuickSearch/RequestForQuotation.pm
+++ b/SL/Controller/TopQuickSearch/RequestForQuotation.pm
@@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord);
 
 use SL::Locale::String qw(t8);
 
-sub auth { 'request_quotation_edit' }
+sub auth { 'request_quotation_edit | request_quotation_view' }
 
 sub name { 'request_quotation' }
 
diff --git a/SL/Controller/TopQuickSearch/SalesOrder.pm b/SL/Controller/TopQuickSearch/SalesOrder.pm
index 1f5296e..8f91e6e 100644 (file)
--- a/SL/Controller/TopQuickSearch/SalesOrder.pm
+++ b/SL/Controller/TopQuickSearch/SalesOrder.pm
@@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord);
 
 use SL::Locale::String qw(t8);
 
-sub auth { 'sales_order_edit' }
+sub auth { 'sales_order_edit | sales_order_view' }
 
 sub name { 'sales_order' }
 
diff --git a/SL/Controller/TopQuickSearch/SalesQuotation.pm b/SL/Controller/TopQuickSearch/SalesQuotation.pm
index 28ec9fd..f7a6b77 100644 (file)
--- a/SL/Controller/TopQuickSearch/SalesQuotation.pm
+++ b/SL/Controller/TopQuickSearch/SalesQuotation.pm
@@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord);
 
 use SL::Locale::String qw(t8);
 
-sub auth { 'sales_quotation_edit' }
+sub auth { 'sales_quotation_edit | sales_quotation_view' }
 
 sub name { 'sales_quotation' }
 
diff --git a/bin/mozilla/oe.pl b/bin/mozilla/oe.pl
index 96764eb..610215b 100644 (file)
--- a/bin/mozilla/oe.pl
+++ b/bin/mozilla/oe.pl
@@ -84,10 +84,18 @@ my $oe_access_map = {
   'sales_quotation'   => 'sales_quotation_edit',
 };
 
+my $oe_view_access_map = {
+  'sales_order'       => 'sales_order_edit       | sales_order_view',
+  'purchase_order'    => 'purchase_order_edit    | purchase_order_view',
+  'request_quotation' => 'request_quotation_edit | request_quotation_view',
+  'sales_quotation'   => 'sales_quotation_edit   | sales_quotation_view',
+};
+
 sub check_oe_access {
+  my (%params) = @_;
   my $form     = $main::form;
 
-  my $right   = $oe_access_map->{$form->{type}};
+  my $right   = ($params{with_view}) ? $oe_view_access_map->{$form->{type}} : $oe_access_map->{$form->{type}};
   $right    ||= 'DOES_NOT_EXIST';
 
   $main::auth->assert($right);
@@ -926,7 +934,7 @@ sub search {
   my %myconfig = %main::myconfig;
   my $locale   = $main::locale;
 
-  check_oe_access();
+  check_oe_access(with_view => 1);
 
   if ($form->{type} eq 'purchase_order') {
     $form->{vc}        = 'vendor';
@@ -1017,7 +1025,7 @@ sub orders {
   my $cgi      = $::request->{cgi};
 
   my %params   = @_;
-  check_oe_access();
+  check_oe_access(with_view => 1);
 
   my $ordnumber = ($form->{type} =~ /_order$/) ? "ordnumber" : "quonumber";
 
diff --git a/menus/user/00-erp.yaml b/menus/user/00-erp.yaml
index 985b2cc..ecaaa31 100644 (file)
--- a/menus/user/00-erp.yaml
+++ b/menus/user/00-erp.yaml
@@ -275,7 +275,7 @@
   name: Quotations
   icon: report_quotations
   order: 200
-  access: sales_quotation_edit
+  access: sales_quotation_edit | sales_quotation_view
   module: oe.pl
   params:
     action: search
@@ -285,7 +285,7 @@
   name: Sales Orders
   icon: report_sales_orders
   order: 300
-  access: sales_order_edit
+  access: sales_order_edit | sales_order_view
   module: oe.pl
   params:
     action: search
@@ -446,7 +446,7 @@
   name: RFQs
   icon: rfq_report
   order: 100
-  access: request_quotation_edit
+  access: request_quotation_edit | request_quotation_view
   module: oe.pl
   params:
     action: search
@@ -456,7 +456,7 @@
   name: Purchase Orders
   icon: purchase_order_report
   order: 200
-  access: purchase_order_edit
+  access: purchase_order_edit | purchase_order_view
   module: oe.pl
   params:
     action: search
Unnamed repository; edit this file 'description' to name the repository.