}
}
+ if (!$main::auth->assert('sales_all_edit', 1)) {
+ $where .= " AND a.employee_id = (select id from employee where login= ?)";
+ push (@values, $form->{login});
+ }
my @a = qw(transdate invnumber name);
push @a, "employee" if $form->{l_employee};
my $sortdir = !defined $form->{sortdir} ? 'ASC' : $form->{sortdir} ? 'ASC' : 'DESC';
["sales_delivery_order_edit", $locale->text("Create and edit sales delivery orders")],
["invoice_edit", $locale->text("Create and edit invoices and credit notes")],
["dunning_edit", $locale->text("Create and edit dunnings")],
+ ["sales_all_edit", $locale->text("View/edit all employees sales documents")],
["--ap", $locale->text("AP")],
["request_quotation_edit", $locale->text("Create and edit RFQs")],
["purchase_order_edit", $locale->text("Create and edit purchase orders")],
push @where, "dord.$item = ?";
push @values, conv_i($form->{$item});
}
+ if (!$main::auth->assert('sales_all_edit', 1)) {
+ push @where, qq|dord.employee_id = (select id from employee where login= ?)|;
+ push @values, $form->{login};
+ }
foreach my $item (qw(donumber ordnumber cusordnumber transaction_description)) {
next unless ($form->{$item});
push(@values, '%' . $form->{$vc} . '%');
}
+ if (!$main::auth->assert('sales_all_edit', 1)) {
+ $query .= " AND o.employee_id = (select id from employee where login= ?)";
+ push @values, $form->{login};
+ }
if ($form->{employee_id}) {
$query .= " AND o.employee_id = ?";
push @values, conv_i($form->{employee_id});
$main::lxdebug->enter_sub();
$main::auth->assert('customer_vendor_edit');
+ $main::auth->assert('sales_all_edit');
my $form = $main::form;
my %myconfig = %main::myconfig;
'View License' => 'Lizenz ansehen',
'View SEPA export' => 'SEPA-Export-Details ansehen',
'View warehouse content' => 'Lagerbestand ansehen',
+ 'View/edit all employees sales documents' => 'Bearbeiten/ansehen der Verkaufsdokumente aller Mitarbeiter',
'Von Konto: ' => 'von Konto: ',
'WEBDAV access' => 'WEBDAV-Zugriff',
'WHJournal' => 'Lagerbuchungen',
--- /dev/null
+# @tag: auth_enable_sales_all_edit
+# @description: Neues gruppenbezogenes Recht für den Bereich Verkauf hinzugefügt (sales_all_edit := Nur wenn angehakt, können Verkaufsdokumente von anderen Bearbeitern eingesehen werden) Das Skript hakt standardmässig dieses Recht an, sodass es keinen Unterschied zu vorhergehenden Version gibt.
+# @depends: release_2_6_0
+# @charset: utf-8
+
+use strict;
+use Data::Dumper;
+die("This script cannot be run from the command line.") unless ($main::form);
+
+sub mydberror {
+ my ($msg) = @_;
+ die($dbup_locale->text("Database update error:") .
+ "<br>$msg<br>" . $DBI::errstr);
+}
+
+sub do_query {
+ my ($query, $may_fail) = @_;
+
+ if (!$dbh->do($query)) {
+ mydberror($query) unless ($may_fail);
+ $dbh->rollback();
+ $dbh->begin_work();
+ }
+}
+
+sub do_update {
+ my @queries;
+
+# do_query("ALTER TABLE project ADD PRIMARY KEY (id);", 1);
+# map({ do_query($_, 0); } @queries);
+# print "hieryy";
+# print (Dumper($main::form));
+ my $dbh = $main::auth->dbconnect();
+ my $query = qq|SELECT distinct group_id from auth.user_group|;
+ my $sth_all_groups = prepare_execute_query($form, $dbh, $query);
+ while (my $hash_ref = $sth_all_groups->fetchrow_hashref()) { # Schleife
+ push @queries, "INSERT INTO auth.group_rights (group_id, \"right\", granted) VALUES (" . $hash_ref->{group_id} . ", 'sales_all_edit', 't')";
+}
+# if in doubt use brute force ;-) jb
+ foreach my $query (@queries){
+# print "hier:" . $query;
+ my $dbh = $main::auth->dbconnect();
+ my $sth = prepare_query($form, $dbh, $query);
+ do_statement($form,$sth,$query);
+ $sth->finish();
+ $dbh ->commit();
+}
+ return 1;
+}
+
+return do_update();
+