Zeiterfassung: Ein Recht dafür

diff --git a/SL/Controller/TimeRecording.pm b/SL/Controller/TimeRecording.pm
index 95de513..c0a4cdc 100644 (file)
--- a/SL/Controller/TimeRecording.pm
+++ b/SL/Controller/TimeRecording.pm
@@ -23,7 +23,7 @@ use Rose::Object::MakeMethods::Generic
 
 
 # safety
-#__PACKAGE__->run_before('check_auth');
+__PACKAGE__->run_before('check_auth');
 
 #
 # actions
@@ -138,6 +138,10 @@ sub init_all_employees {
   SL::DB::Manager::Employee->get_all_sorted;
 }
 
+sub check_auth {
+  $::auth->assert('time_recording');
+}
+
 sub prepare_report {
   my ($self) = @_;
 

diff --git a/menus/user/10-time-recording.yaml b/menus/user/10-time-recording.yaml
index 0e42a4f..59817a0 100644 (file)
--- a/menus/user/10-time-recording.yaml
+++ b/menus/user/10-time-recording.yaml
@@ -3,6 +3,7 @@
   id: system_time_recording_types
   name: Time Recording Types
   order: 2370
+  access: config
   params:
     action: SimpleSystemSetting/list
     type: time_recording_type
@@ -10,11 +11,13 @@
   id: productivity_time_recording
   name: Time Recording
   order: 350
+  access: time_recording
   params:
     action: TimeRecording/edit
 - parent: productivity_reports
   id: productivity_reports_time_recording
   name: Time Recording
   order: 300
+  access: time_recording
   params:
     action: TimeRecording/list

diff --git a/sql/Pg-upgrade2-auth/right_time_recording.sql b/sql/Pg-upgrade2-auth/right_time_recording.sql
new file mode 100644 (file)
index 0000000..dbd0f32
--- /dev/null
+++ b/sql/Pg-upgrade2-auth/right_time_recording.sql
@@ -0,0 +1,10 @@
+-- @tag: right_time_recording
+-- @description: Recht zur Zeiterfassung
+-- @depends: release_3_5_6_1
+-- @locales: Create, edit and list time recordings
+
+INSERT INTO auth.master_rights (position, name, description, category)
+  VALUES ((SELECT position + 10 FROM auth.master_rights WHERE name = 'productivity'),
+          'time_recording',
+          'Create, edit and list time recordings',
+          FALSE);