auf Hinweis von Sven hin:
statt $::auth->check_right($form->{login}, $right) assert benutzen: $::auth->assert($right, 1)
$form lässt sich leicht manipulieren.
my $where = '';
- unless ( $main::auth->check_right($form->{login}, 'show_ap_transactions') ) {
+ unless ( $::auth->assert('show_ap_transactions', 1) ) {
$where .= " AND NOT invoice = 'f' "; # remove ap transactions from Sales -> Reports -> Invoices
};
my $where = "1 = 1";
- unless ( $main::auth->check_right($form->{login}, 'show_ar_transactions') ) {
+ unless ( $::auth->assert('show_ar_transactions', 1) ) {
$where .= " AND NOT invoice = 'f' "; # remove ar transactions from Sales -> Reports -> Invoices
};