# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
- # - Limit to own invoices unless may edit all invoices.
- # - If may edit all, allow filtering by employee.
+ # - Limit to own invoices unless may edit all invoices or view invoices is allowed.
+ # - If may edit all or view invoices is allowed, allow filtering by employee.
my (@permission_where, @permission_values);
- if ($::auth->assert('vendor_invoice_edit', 1)) {
+ if ($::auth->assert('vendor_invoice_edit', 1) || $::auth->assert('purchase_invoice_view', 1)) {
if (!$::auth->assert('show_ap_transactions', 1)) {
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
- if (!$::auth->assert('purchase_all_edit', 1)) {
+ if (!$::auth->assert('purchase_all_edit', 1) && !$::auth->assert('purchase_invoice_view', 1)) {
# only show own invoices
push @permission_where, "a.employee_id = ?";
push @permission_values, SL::DB::Manager::Employee->current->id;
}
}
- if (@permission_where || !$::auth->assert('vendor_invoice_edit', 1)) {
+ if (@permission_where || (!$::auth->assert('vendor_invoice_edit', 1) && !$::auth->assert('purchase_invoice_view', 1))) {
my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : "";
$where .= qq|
AND ( (a.globalproject_id IN (
# Permissions:
# - Always return invoices & AR transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AR transactions if no permissions for them exist.
- # - Limit to own invoices unless may edit all invoices.
- # - If may edit all, allow filtering by employee/salesman.
+ # - Limit to own invoices unless may edit all invoices or view invoices is allowed.
+ # - If may edit all or view invoices is allowed, allow filtering by employee/salesman.
my (@permission_where, @permission_values);
- if ($::auth->assert('invoice_edit', 1)) {
+ if ($::auth->assert('invoice_edit', 1) || $::auth->assert('sales_invoice_view', 1)) {
if (!$::auth->assert('show_ar_transactions', 1) ) {
push @permission_where, "NOT invoice = 'f'"; # remove ar transactions from Sales -> Reports -> Invoices
}
- if (!$::auth->assert('sales_all_edit', 1)) {
+ if (!$::auth->assert('sales_all_edit', 1) && !$::auth->assert('sales_invoice_view', 1)) {
# only show own invoices
push @permission_where, "a.employee_id = ?";
push @permission_values, SL::DB::Manager::Employee->current->id;
}
}
- if (@permission_where || !$::auth->assert('invoice_edit', 1)) {
+ if (@permission_where || (!$::auth->assert('invoice_edit', 1) && !$::auth->assert('sales_invoice_view', 1))) {
my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : "";
$where .= qq|
AND ( (a.globalproject_id IN (
__PACKAGE__->run_before('check_auth',
except => [ qw(update_stock_information) ]);
+__PACKAGE__->run_before('check_auth_for_edit',
+ except => [ qw(update_stock_information edit show_customer_vendor_details_dialog price_popup stock_in_out_dialog load_second_rows) ]);
+
__PACKAGE__->run_before('get_unalterable_data',
only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_ap_transaction
print send_email) ]);
sub check_auth {
my ($self) = @_;
- $::auth->assert($self->type_data->access || 'DOES_NOT_EXIST');
+ $::auth->assert($self->type_data->access('view') || 'DOES_NOT_EXIST');
+}
+
+sub check_auth_for_edit {
+ my ($self) = @_;
+
+ $::auth->assert($self->type_data->access('edit') || 'DOES_NOT_EXIST');
}
# build the selection box for contacts
my ($self, %params) = @_;
my $deletion_allowed = $self->type_data->show_menu("delete");
+ my $may_edit_create = $::auth->assert($self->type_data->access('edit') || 'DOES_NOT_EXIST', 1);
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
combobox => [
action => [
t8('Save'),
- call => [ 'kivi.DeliveryOrder.save', 'save', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
+ call => [ 'kivi.DeliveryOrder.save', 'save', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save as new'),
- call => [ 'kivi.DeliveryOrder.save', 'save_as_new', $::instance_conf->get_order_warn_duplicate_parts ],
- disabled => $self->type eq 'supplier_delivery_order' ? t8('Need a workflow for Supplier Delivery Order')
- : !$self->order->id ? t8('This object has not been saved yet.')
- : undef,
+ call => [ 'kivi.DeliveryOrder.save', 'save_as_new', $::instance_conf->get_order_warn_duplicate_parts ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $self->type eq 'supplier_delivery_order' ? t8('Need a workflow for Supplier Delivery Order')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
],
], # end of combobox "Save"
t8('Save and Quotation'),
submit => [ '#order_form', { action => "DeliveryOrder/sales_quotation" } ],
only_if => $self->type_data->show_menu("save_and_quotation"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and RFQ'),
submit => [ '#order_form', { action => "DeliveryOrder/request_for_quotation" } ],
only_if => $self->type_data->show_menu("save_and_rfq"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Sales Order'),
submit => [ '#order_form', { action => "DeliveryOrder/sales_order" } ],
only_if => $self->type_data->show_menu("save_and_sales_order"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Purchase Order'),
- call => [ 'kivi.DeliveryOrder.purchase_order_check_for_direct_delivery' ],
+ call => [ 'kivi.DeliveryOrder.purchase_order_check_for_direct_delivery' ],
only_if => $self->type_data->show_menu("save_and_purchase_order"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Delivery Order'),
- call => [ 'kivi.DeliveryOrder.save', 'save_and_delivery_order', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
+ call => [ 'kivi.DeliveryOrder.save', 'save_and_delivery_order', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
only_if => $self->type_data->show_menu("save_and_delivery_order"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Invoice'),
- call => [ 'kivi.DeliveryOrder.save', 'save_and_invoice', $::instance_conf->get_order_warn_duplicate_parts ],
+ call => [ 'kivi.DeliveryOrder.save', 'save_and_invoice', $::instance_conf->get_order_warn_duplicate_parts ],
only_if => $self->type_data->show_menu("save_and_invoice"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and AP Transaction'),
- call => [ 'kivi.DeliveryOrder.save', 'save_and_ap_transaction', $::instance_conf->get_order_warn_duplicate_parts ],
+ call => [ 'kivi.DeliveryOrder.save', 'save_and_ap_transaction', $::instance_conf->get_order_warn_duplicate_parts ],
only_if => $self->type_data->show_menu("save_and_ap_transaction"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
], # end of combobox "Workflow"
],
action => [
t8('Save and preview PDF'),
- call => [ 'kivi.DeliveryOrder.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
+ call => [ 'kivi.DeliveryOrder.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and print'),
- call => [ 'kivi.DeliveryOrder.show_print_options', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
+ call => [ 'kivi.DeliveryOrder.show_print_options', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and E-mail'),
- id => 'save_and_email_action',
- call => [ 'kivi.DeliveryOrder.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
+ id => 'save_and_email_action',
+ call => [ 'kivi.DeliveryOrder.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
],
action => [
t8('Download attachments of all parts'),
call => [ 'kivi.File.downloadOrderitemsFiles', $::form->{type}, $::form->{id} ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
only_if => $::instance_conf->get_doc_storage,
],
], # end of combobox "Export"
id => 'delete_action',
call => [ 'kivi.DeliveryOrder.delete_order' ],
confirm => $::locale->text('Do you really want to delete this object?'),
- disabled => !$self->order->id ? t8('This object has not been saved yet.') :
- $self->order->delivered ? t8('The parts for this order have already been transferred') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : $self->order->delivered ? t8('The parts for this order have already been transferred')
+ : undef,
only_if => $self->type_data->show_menu("delete"),
],
combobox => [
action => [
t8('Transfer out'),
- id => 'transfer_out_action',
- call => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') :
- $self->order->delivered ? t8('The parts for this order have already been transferred') : undef,
- only_if => $self->type_data->properties('transfer') eq 'out',
+ id => 'transfer_out_action',
+ call => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : $self->order->delivered ? t8('The parts for this order have already been transferred')
+ : undef,
+ only_if => $self->type_data->properties('transfer') eq 'out',
confirm => t8('Do you really want to transfer the stock and set this order to delivered?'),
],
action => [
t8('Transfer in'),
- id => 'transfer_in_action',
- call => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') :
- $self->order->delivered ? t8('The parts for this order have already been transferred') : undef,
- only_if => $self->type_data->properties('transfer') eq 'in',
+ id => 'transfer_in_action',
+ call => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : $self->order->delivered ? t8('The parts for this order have already been transferred')
+ : undef,
+ only_if => $self->type_data->properties('transfer') eq 'in',
confirm => t8('Do you really want to transfer the stock and set this order to delivered?'),
],
],
}
sub access {
- get($_[0]->c->type, "right");
+ my ($self, $string) = @_;
+ get3($_[0]->c->type, "rights", $string);
}
sub is_quotation {
# safety
__PACKAGE__->run_before('check_auth');
+__PACKAGE__->run_before('check_auth_for_edit',
+ except => [ qw(edit show_customer_vendor_details_dialog price_popup load_second_rows) ]);
+
__PACKAGE__->run_before('recalc',
only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_invoice_for_advance_payment save_and_final_invoice save_and_ap_transaction
print send_email) ]);
sub check_auth {
my ($self) = @_;
+ my $right_for = { map { $_ => $_.'_edit' . ' | ' . $_.'_view' } @{$self->valid_types} };
+
+ my $right = $right_for->{ $self->type };
+ $right ||= 'DOES_NOT_EXIST';
+
+ $::auth->assert($right);
+}
+
+sub check_auth_for_edit {
+ my ($self) = @_;
+
my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} };
my $right = $right_for->{ $self->type };
$has_final_invoice = any {'SL::DB::Invoice' eq ref $_ && "final_invoice" eq $_->type} @$lr;
}
+ my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} };
+ my $right = $right_for->{ $self->type };
+ $right ||= 'DOES_NOT_EXIST';
+ my $may_edit_create = $::auth->assert($right, 'may fail');
+
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
combobox => [
checks => [ 'kivi.Order.check_save_active_periodic_invoices', ['kivi.validate_form','#order_form'],
@req_trans_cost_art, @req_cusordnumber,
],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save as new'),
checks => [ 'kivi.Order.check_save_active_periodic_invoices',
@req_trans_cost_art, @req_cusordnumber,
],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
],
], # end of combobox "Save"
submit => [ '#order_form', { action => "Order/sales_quotation" } ],
checks => [ @req_trans_cost_art, @req_cusordnumber ],
only_if => (any { $self->type eq $_ } (sales_order_type())),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and RFQ'),
submit => [ '#order_form', { action => "Order/request_for_quotation" } ],
only_if => (any { $self->type eq $_ } (purchase_order_type())),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Sales Order'),
submit => [ '#order_form', { action => "Order/sales_order" } ],
checks => [ @req_trans_cost_art ],
only_if => (any { $self->type eq $_ } (sales_quotation_type(), purchase_order_type())),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Purchase Order'),
call => [ 'kivi.Order.purchase_order_check_for_direct_delivery' ],
checks => [ @req_trans_cost_art, @req_cusordnumber ],
only_if => (any { $self->type eq $_ } (sales_order_type(), request_quotation_type())),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Delivery Order'),
checks => [ 'kivi.Order.check_save_active_periodic_invoices',
@req_trans_cost_art, @req_cusordnumber,
],
- only_if => (any { $self->type eq $_ } (sales_order_type(), purchase_order_type()))
+ only_if => (any { $self->type eq $_ } (sales_order_type(), purchase_order_type())),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Supplier Delivery Order'),
checks => [ 'kivi.Order.check_save_active_periodic_invoices',
@req_trans_cost_art, @req_cusordnumber,
],
- only_if => (any { $self->type eq $_ } (purchase_order_type()))
+ only_if => (any { $self->type eq $_ } (purchase_order_type())),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Invoice'),
checks => [ 'kivi.Order.check_save_active_periodic_invoices',
@req_trans_cost_art, @req_cusordnumber,
],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
($has_invoice_for_advance_payment ? t8('Save and Further Invoice for Advance Payment') : t8('Save and Invoice for Advance Payment')),
checks => [ 'kivi.Order.check_save_active_periodic_invoices',
@req_trans_cost_art, @req_cusordnumber,
],
- disabled => $has_final_invoice ? t8('This order has already a final invoice.')
- : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $has_final_invoice ? t8('This order has already a final invoice.')
+ : undef,
only_if => (any { $self->type eq $_ } (sales_order_type())),
],
action => [
checks => [ 'kivi.Order.check_save_active_periodic_invoices',
@req_trans_cost_art, @req_cusordnumber,
],
- disabled => $has_final_invoice ? t8('This order has already a final invoice.')
- : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $has_final_invoice ? t8('This order has already a final invoice.')
+ : undef,
only_if => (any { $self->type eq $_ } (sales_order_type())) && $has_invoice_for_advance_payment,
],
action => [
t8('Save and AP Transaction'),
call => [ 'kivi.Order.save', 'save_and_ap_transaction', $::instance_conf->get_order_warn_duplicate_parts ],
- only_if => (any { $self->type eq $_ } (purchase_order_type()))
+ only_if => (any { $self->type eq $_ } (purchase_order_type())),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
], # end of combobox "Workflow"
],
action => [
t8('Save and preview PDF'),
- call => [ 'kivi.Order.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
- checks => [ @req_trans_cost_art, @req_cusordnumber ],
+ call => [ 'kivi.Order.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
+ checks => [ @req_trans_cost_art, @req_cusordnumber ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and print'),
- call => [ 'kivi.Order.show_print_options', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
- checks => [ @req_trans_cost_art, @req_cusordnumber ],
+ call => [ 'kivi.Order.show_print_options', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
+ checks => [ @req_trans_cost_art, @req_cusordnumber ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and E-mail'),
- id => 'save_and_email_action',
- call => [ 'kivi.Order.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts,
- $::instance_conf->get_order_warn_no_deliverydate,
- ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
+ id => 'save_and_email_action',
+ call => [ 'kivi.Order.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts,
+ $::instance_conf->get_order_warn_no_deliverydate,
+ ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
],
action => [
t8('Download attachments of all parts'),
t8('Delete'),
call => [ 'kivi.Order.delete_order' ],
confirm => $::locale->text('Do you really want to delete this object?'),
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
only_if => $deletion_allowed,
],
- combobox => [
- action => [
- t8('more')
- ],
- action => [
- t8('History'),
- call => [ 'set_history_window', $self->order->id, 'id' ],
- disabled => !$self->order->id ? t8('This record has not been saved yet.') : undef,
- ],
- action => [
- t8('Follow-Up'),
- call => [ 'kivi.Order.follow_up_window' ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
- only_if => $::auth->assert('productivity', 1),
- ],
- ], # end of combobox "more"
);
}
}
use SL::Locale::String qw(t8);
-sub auth { 'purchase_delivery_order_edit' }
+sub auth { 'purchase_delivery_order_edit | purchase_delivery_order_edit' }
sub name { 'purchase_delivery_order' }
use SL::Locale::String qw(t8);
-sub auth { 'purchase_order_edit' }
+sub auth { 'purchase_order_edit | purchase_order_view' }
sub name { 'purchase_order' }
use SL::Locale::String qw(t8);
-sub auth { 'request_quotation_edit' }
+sub auth { 'request_quotation_edit | request_quotation_view' }
sub name { 'request_quotation' }
use SL::Locale::String qw(t8);
-sub auth { 'sales_delivery_order_edit' }
+sub auth { 'sales_delivery_order_edit | sales_delivery_order_view' }
sub name { 'sales_delivery_order' }
use SL::Locale::String qw(t8);
-sub auth { 'sales_order_edit' }
+sub auth { 'sales_order_edit | sales_order_view' }
sub name { 'sales_order' }
use SL::Locale::String qw(t8);
-sub auth { 'sales_quotation_edit' }
+sub auth { 'sales_quotation_edit | sales_quotation_view' }
sub name { 'sales_quotation' }
transnumber => 'sdonumber',
},
part_classification_query => [ "used_for_sale" => 1 ],
- right => "sales_delivery_order_edit",
+ rights => {
+ edit => "sales_delivery_order_edit",
+ view => "sales_delivery_order_edit | sales_delivery_order_view",
+ },
},
PURCHASE_DELIVERY_ORDER_TYPE() => {
text => {
transnumber => 'pdonumber',
},
part_classification_query => [ "used_for_purchase" => 1 ],
- right => "purchase_delivery_order_edit",
+ rights => {
+ edit => "purchase_delivery_order_edit",
+ view => "purchase_delivery_order_edit | purchase_delivery_order_view",
+ },
},
SUPPLIER_DELIVERY_ORDER_TYPE() => {
text => {
transnumber => 'sudonumber',
},
part_classification_query => [ "used_for_purchase" => 1 ],
- right => "purchase_delivery_order_edit",
+ rights => {
+ edit => "purchase_delivery_order_edit",
+ view => "purchase_delivery_order_edit | purchase_delivery_order_view",
+ },
},
RMA_DELIVERY_ORDER_TYPE() => {
text => {
transnumber => 'rdonumber',
},
part_classification_query => [ "used_for_sale" => 1 ],
- right => "sales_delivery_order_edit",
+ rights => {
+ edit => "sales_delivery_order_edit",
+ view => "sales_delivery_order_edit | sales_delivery_order_view",
+ },
},
);
push @where, "dord.$item = ?";
push @values, conv_i($form->{$item});
}
- if ( !(($vc eq 'customer' && $main::auth->assert('sales_all_edit', 1)) || ($vc eq 'vendor' && $main::auth->assert('purchase_all_edit', 1))) ) {
+ if ( !( ($vc eq 'customer' && ($main::auth->assert('sales_all_edit', 1) || $main::auth->assert('sales_delivery_order_view', 1)))
+ || ($vc eq 'vendor' && ($main::auth->assert('purchase_all_edit', 1) || $main::auth->assert('purchase_delivery_order_view', 1))) ) ) {
push @where, qq|dord.employee_id = (select id from employee where login= ?)|;
push @values, $::myconfig{login};
}
push(@values, (like($form->{"cp_name"}))x2);
}
- if ( !(($vc eq 'customer' && $main::auth->assert('sales_all_edit', 1)) || ($vc eq 'vendor' && $main::auth->assert('purchase_all_edit', 1))) ) {
+ if ( !( ($vc eq 'customer' && ($main::auth->assert('sales_all_edit', 1) || $main::auth->assert('sales_order_view', 1)))
+ || ($vc eq 'vendor' && ($main::auth->assert('purchase_all_edit', 1) || $main::auth->assert('purchase_order_view', 1))) ) ) {
$query .= " AND o.employee_id = (select id from employee where login= ?)";
push @values, $::myconfig{login};
}
# end of main
+sub check_do_access_for_edit {
+ validate_type($::form->{type});
+
+ my $right = SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "edit");
+ $main::auth->assert($right);
+}
+
sub check_do_access {
validate_type($::form->{type});
- my $right = SL::DB::DeliveryOrder::TypeData::get($::form->{type}, "right");
+ my $right = SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "view");
$main::auth->assert($right);
}
sub add {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
if (($::form->{type} =~ /purchase/) && !$::instance_conf->get_allow_new_purchase_invoice) {
$::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
if (ref $undo_date eq 'DateTime' && ref $insertdate eq 'DateTime') {
$undo_transfer = $insertdate > $undo_date;
}
+
+ my $may_edit_create = $::auth->assert(SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "edit"), 1);
+
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
action =>
[ t8('Update'),
submit => [ '#form', { action => "update" } ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
id => 'update_button',
accesskey => 'enter',
],
t8('Save'),
submit => [ '#form', { action => "save" } ],
checks => [ 'kivi.validate_form' ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
],
action => [
t8('Save as new'),
submit => [ '#form', { action => "save_as_new" } ],
checks => [ 'kivi.validate_form' ],
- disabled => !$::form->{id},
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id},
],
action => [
t8('Mark as closed'),
submit => [ '#form', { action => "mark_closed" } ],
checks => [ 'kivi.validate_form' ],
confirm => t8('This will remove the delivery order from showing as open even if contents are not delivered. Proceed?'),
- disabled => !$::form->{id} ? t8('This record has not been saved yet.')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id} ? t8('This record has not been saved yet.')
: $::form->{closed} ? t8('This record has already been closed.')
: undef,
],
t8('Delete'),
submit => [ '#form', { action => "delete" } ],
confirm => t8('Do you really want to delete this object?'),
- disabled => !$::form->{id} ? t8('This record has not been saved yet.')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id} ? t8('This record has not been saved yet.')
: $::form->{delivered} ? t8('This record has already been delivered.')
: ($::form->{vc} eq 'customer' && !$::instance_conf->get_sales_delivery_order_show_delete) ? t8('Deleting this type of record has been disabled in the configuration.')
: ($::form->{vc} eq 'vendor' && !$::instance_conf->get_purchase_delivery_order_show_delete) ? t8('Deleting this type of record has been disabled in the configuration.')
t8('Transfer out'),
submit => [ '#form', { action => "transfer_out" } ],
checks => [ 'kivi.validate_form', @transfer_qty ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => $is_customer,
],
action => [
t8('Transfer out via default'),
submit => [ '#form', { action => "transfer_out_default" } ],
checks => [ 'kivi.validate_form' ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => $is_customer && $::instance_conf->get_transfer_default,
],
action => [
t8('Transfer in'),
submit => [ '#form', { action => "transfer_in" } ],
checks => [ 'kivi.validate_form', @transfer_qty ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => !$is_customer,
],
action => [
t8('Transfer in via default'),
submit => [ '#form', { action => "transfer_in_default" } ],
checks => [ 'kivi.validate_form' ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => !$is_customer && $::instance_conf->get_transfer_default,
],
action => [
submit => [ '#form', { action => "delete_transfers" } ],
checks => [ 'kivi.validate_form' ],
only_if => $::form->{delivered},
- disabled => !$undo_transfer ? t8('Transfer date exceeds the maximum allowed interval.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$undo_transfer ? t8('Transfer date exceeds the maximum allowed interval.')
+ : undef,
],
], # end of combobox "Transfer out"
action => [ t8('Export') ],
action => [
t8('Print'),
- call => [ 'kivi.SalesPurchase.show_print_dialog' ],
- checks => [ 'kivi.validate_form' ],
+ call => [ 'kivi.SalesPurchase.show_print_dialog' ],
+ checks => [ 'kivi.validate_form' ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('E Mail'),
call => [ 'kivi.SalesPurchase.show_email_dialog' ],
checks => [ 'kivi.validate_form' ],
- disabled => !$::form->{id} ? t8('This record has not been saved yet.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id} ? t8('This record has not been saved yet.')
+ : undef,
],
], # end of combobox "Export"
my (%params) = @_;
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
my %myconfig = %main::myconfig;
sub delete {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
my %myconfig = %main::myconfig;
sub delete_transfers {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
my %myconfig = %main::myconfig;
sub save_as_new {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
sub display_form {
$::lxdebug->enter_sub;
- $::auth->assert('purchase_delivery_order_edit | sales_delivery_order_edit');
+ check_do_access();
relink_accounts();
retrieve_partunits();
# end of main
sub _may_view_or_edit_this_invoice {
- return 1 if $::auth->assert('ap_transactions', 1); # may edit all invoices
- return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
- return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
+ return 1 if $::auth->assert('ap_transactions', 1); # may edit all invoices
+ return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
+ return 1 if $::auth->assert('purchase_invoice_view', 1); # viewing is allowed with this right
+ return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
}
# end of main
sub _may_view_or_edit_this_invoice {
- return 1 if $::auth->assert('invoice_edit', 1); # may edit all invoices
- return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
- return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
+ return 1 if $::auth->assert('invoice_edit', 1); # may edit all invoices
+ return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit
+ return 1 if $::auth->assert('sales_invoice_view', 1); # viewing is allowed with this right
+ return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed
return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current);
}
'sales_quotation' => 'sales_quotation_edit',
};
+my $oe_view_access_map = {
+ 'sales_order' => 'sales_order_edit | sales_order_view',
+ 'purchase_order' => 'purchase_order_edit | purchase_order_view',
+ 'request_quotation' => 'request_quotation_edit | request_quotation_view',
+ 'sales_quotation' => 'sales_quotation_edit | sales_quotation_view',
+};
+
sub check_oe_access {
+ my (%params) = @_;
my $form = $main::form;
- my $right = $oe_access_map->{$form->{type}};
+ my $right = ($params{with_view}) ? $oe_view_access_map->{$form->{type}} : $oe_access_map->{$form->{type}};
$right ||= 'DOES_NOT_EXIST';
$main::auth->assert($right);
my %myconfig = %main::myconfig;
my $locale = $main::locale;
- check_oe_access();
+ check_oe_access(with_view => 1);
if ($form->{type} eq 'purchase_order') {
$form->{vc} = 'vendor';
my $cgi = $::request->{cgi};
my %params = @_;
- check_oe_access();
+ check_oe_access(with_view => 1);
my $ordnumber = ($form->{type} =~ /_order$/) ? "ordnumber" : "quonumber";
'Version actions' => 'Aktionen für Versionen',
'Version number' => 'Versionsnummer',
'Versions' => 'Versionen',
+ 'View RFQs' => 'Lieferantenanfragen ansehen',
'View SEPA export' => 'SEPA-Export-Details ansehen',
'View background job execution result' => 'Verlauf der Hintergrund-Job-Ausführungen anzeigen',
+ 'View purchase delivery orders' => 'Einkaufslieferscheine ansehen',
+ 'View purchase invoices' => 'Einkaufsrechungen ansehen',
+ 'View purchase orders' => 'Lieferantenaufträge ansehen',
'View record links from Sales Order' => 'Verknüpfte Belege immer vom Verkaufsauftrag ansehen',
+ 'View sales delivery orders' => 'Verkaufslieferscheine ansehen',
+ 'View sales invoices and credit notes' => 'Rechnungen und Gutschriften ansehen',
+ 'View sales orders' => 'Auftragsbestätigungen ansehen',
+ 'View sales quotations' => 'Angebote ansehen',
'View sent email' => 'Verschickte E-Mail anzeigen',
'View warehouse content' => 'Lagerbestand ansehen',
'View/edit all employees purchase documents' => 'Bearbeiten/ansehen der Einkaufsdokumente aller Mitarbeiter',
'Version actions' => '',
'Version number' => '',
'Versions' => '',
+ 'View RFQs' => '',
'View SEPA export' => '',
'View background job execution result' => '',
+ 'View purchase delivery orders' => '',
+ 'View purchase invoices' => '',
+ 'View purchase orders' => '',
'View record links from Sales Order' => '',
+ 'View sales delivery orders' => '',
+ 'View sales invoices and credit notes' => '',
+ 'View sales orders' => '',
+ 'View sales quotations' => '',
'View sent email' => '',
'View warehouse content' => '',
'View/edit all employees purchase documents' => '',
name: Quotations
icon: report_quotations
order: 200
- access: sales_quotation_edit
+ access: sales_quotation_edit | sales_quotation_view
module: oe.pl
params:
action: search
name: Sales Orders
icon: report_sales_orders
order: 300
- access: sales_order_edit
+ access: sales_order_edit | sales_order_view
module: oe.pl
params:
action: search
name: Delivery Orders
icon: delivery_order_report
order: 400
- access: sales_delivery_order_edit
+ access: sales_delivery_order_edit | sales_delivery_order_view
module: do.pl
params:
action: search
name: RFQs
icon: rfq_report
order: 100
- access: request_quotation_edit
+ access: request_quotation_edit | request_quotation_view
module: oe.pl
params:
action: search
name: Purchase Orders
icon: purchase_order_report
order: 200
- access: purchase_order_edit
+ access: purchase_order_edit | purchase_order_view
module: oe.pl
params:
action: search
id: ap_reports_delivery_orders
name: Delivery Orders
order: 300
- access: purchase_delivery_order_edit
+ access: purchase_delivery_order_edit | purchase_delivery_order_view
module: do.pl
params:
action: search
id: ap_reports_supplier_delivery_orders
name: Supplier Delivery Orders
order: 350
- access: purchase_delivery_order_edit
+ access: purchase_delivery_order_edit | purchase_delivery_order_view
module: do.pl
params:
action: search
--- /dev/null
+-- @tag: rights_view_docs
+-- @description: Rechte zum Lesen von Belegen
+-- @depends: release_3_6_0
+-- @locales: View sales quotations
+-- @locales: View sales orders
+-- @locales: View sales delivery orders
+-- @locales: View sales invoices and credit notes
+-- @locales: View RFQs
+-- @locales: View purchase orders
+-- @locales: View purchase delivery orders
+-- @locales: View purchase invoices
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'sales_quotation_edit'),
+ 'sales_quotation_view',
+ 'View sales quotations',
+ FALSE);
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'sales_order_edit'),
+ 'sales_order_view',
+ 'View sales orders',
+ FALSE);
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'sales_delivery_order_edit'),
+ 'sales_delivery_order_view',
+ 'View sales delivery orders',
+ FALSE);
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'invoice_edit'),
+ 'sales_invoice_view',
+ 'View sales invoices and credit notes',
+ FALSE);
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'request_quotation_edit'),
+ 'request_quotation_view',
+ 'View RFQs',
+ FALSE);
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'purchase_order_edit'),
+ 'purchase_order_view',
+ 'View purchase orders',
+ FALSE);
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'purchase_delivery_order_edit'),
+ 'purchase_delivery_order_view',
+ 'View purchase delivery orders',
+ FALSE);
+
+INSERT INTO auth.master_rights (position, name, description, category)
+ VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'vendor_invoice_edit'),
+ 'purchase_invoice_view',
+ 'View purchase invoices',
+ FALSE);
+
+
+-- INSERT INTO auth.group_rights (group_id, "right", granted)
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'sales_quotation_view', true UNION
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'sales_order_view', true UNION
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'sales_delivery_order_view', true UNION
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'sales_invoice_view', true UNION
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'request_quotation_view', true UNION
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'purchase_order_view', true UNION
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'purchase_delivery_order_view', true UNION
+-- SELECT (SELECT id FROM auth.group WHERE name = 'Vollzugriff'), 'purchase_invoice_view', true;
+
+INSERT INTO auth.group_rights (group_id, "right", granted)
+ SELECT id, 'sales_quotation_view', true FROM auth.group WHERE name = 'Vollzugriff' UNION
+ SELECT id, 'sales_order_view', true FROM auth.group WHERE name = 'Vollzugriff' UNION
+ SELECT id, 'sales_delivery_order_view', true FROM auth.group WHERE name = 'Vollzugriff' UNION
+ SELECT id, 'sales_invoice_view', true FROM auth.group WHERE name = 'Vollzugriff' UNION
+ SELECT id, 'request_quotation_view', true FROM auth.group WHERE name = 'Vollzugriff' UNION
+ SELECT id, 'purchase_order_view', true FROM auth.group WHERE name = 'Vollzugriff' UNION
+ SELECT id, 'purchase_delivery_order_view', true FROM auth.group WHERE name = 'Vollzugriff' UNION
+ SELECT id, 'purchase_invoice_view', true FROM auth.group WHERE name = 'Vollzugriff';
projects / kivitendo-erp.git / commitdiff