From: Bernd Bleßmann Date: Fri, 11 Oct 2019 13:08:52 +0000 (+0200) Subject: Rechte zum Bearbeiten von Preisen in Belgen getrennt nach VK/EK anwenden X-Git-Tag: release-3.5.6.1~451 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=0d060ae4ee73fb31edc7d8b85d13234a3988ca16;p=kivitendo-erp.git Rechte zum Bearbeiten von Preisen in Belgen getrennt nach VK/EK anwenden --- diff --git a/SL/Controller/PriceSource.pm b/SL/Controller/PriceSource.pm index 41ad793ae..85e3765be 100644 --- a/SL/Controller/PriceSource.pm +++ b/SL/Controller/PriceSource.pm @@ -61,7 +61,13 @@ sub render_price_dialog { # sub check_auth { - $::auth->assert('edit_prices'); + if ($::form->{vc} eq 'customer') { + $::auth->assert('sales_edit_prices'); + } elsif ($::form->{vc} eq 'vendor') { + $::auth->assert('purchase_edit_prices'); + } else { + $::auth->assert('no_such_right'); + } } sub init_record { @@ -194,4 +200,3 @@ sub _make_record { } 1; - diff --git a/bin/mozilla/io.pl b/bin/mozilla/io.pl index 4562af087..eff922e18 100644 --- a/bin/mozilla/io.pl +++ b/bin/mozilla/io.pl @@ -371,8 +371,9 @@ sub display_row { } } - my $edit_prices = $main::auth->assert('edit_prices', 1) && (!$::form->{"active_price_source_$i"} || !$price || $price->editable); - my $edit_discounts = $main::auth->assert('edit_prices', 1) && !$::form->{"active_discount_source_$i"}; + my $right_to_edit_prices = (!$is_purchase && $main::auth->assert('sales_edit_prices', 1)) || ($is_purchase && $main::auth->assert('purchase_edit_prices', 1)); + my $edit_prices = $right_to_edit_prices && (!$::form->{"active_price_source_$i"} || !$price || $price->editable); + my $edit_discounts = $right_to_edit_prices && !$::form->{"active_discount_source_$i"}; $column_data{sellprice} = (!$edit_prices) ? $cgi->hidden( -name => "sellprice_$i", -id => "sellprice_$i", -value => $sellprice_value) . $sellprice_value : $cgi->textfield(-name => "sellprice_$i", -id => "sellprice_$i", -size => 10, -class => "numeric", -value => $sellprice_value); diff --git a/templates/webpages/order/tabs/_price_sources_dialog.html b/templates/webpages/order/tabs/_price_sources_dialog.html index be05c6209..772d9d543 100644 --- a/templates/webpages/order/tabs/_price_sources_dialog.html +++ b/templates/webpages/order/tabs/_price_sources_dialog.html @@ -4,7 +4,13 @@ [%- USE LxERP %] [% SET best_price = price_source.best_price %] [% SET best_discount = price_source.best_discount %] -[% SET price_editable = AUTH.assert('edit_prices', 1) %] +[% SET price_editable = 0 %] +[% IF (FORM.type == "sales_order" || FORM.type == "sales_quotation") %] + [% SET price_editable = AUTH.assert('sales_edit_prices', 1) %] +[% END %] +[% IF (FORM.type == "purchase_order" || FORM.type == "request_quotation") %] + [% SET price_editable = AUTH.assert('purchase_edit_prices', 1) %] +[% END %]

[% 'Prices' | $T8 %]

diff --git a/templates/webpages/order/tabs/_row.html b/templates/webpages/order/tabs/_row.html index de1ad0210..ef51eef07 100644 --- a/templates/webpages/order/tabs/_row.html +++ b/templates/webpages/order/tabs/_row.html @@ -100,9 +100,16 @@ ITEM.active_price_source.source_description _ ' | ' _ ITEM.active_discount_source.source_description, name = "price_chooser_button") %] + [% SET RIGHT_TO_EDIT_PRICES = 0 %] + [% IF (SELF.type == "sales_order" || SELF.type == "sales_quotation") %] + [% SET RIGHT_TO_EDIT_PRICES = AUTH.assert('sales_edit_prices', 1) %] + [% END %] + [% IF (SELF.type == "purchase_order" || SELF.type == "request_quotation") %] + [% SET RIGHT_TO_EDIT_PRICES = AUTH.assert('purchase_edit_prices', 1) %] + [% END %]
[%- L.hidden_tag("order.orderitems[].active_price_source", ITEM.active_price_source.source) %] - [%- SET EDIT_PRICE = (AUTH.assert('edit_prices', 1) && ITEM.active_price_source.source == '') %] + [%- SET EDIT_PRICE = (RIGHT_TO_EDIT_PRICES && ITEM.active_price_source.source == '') %]
[%- L.input_tag("order.orderitems[].sellprice_as_number", ITEM.sellprice_as_number, @@ -119,7 +126,7 @@
[%- L.hidden_tag("order.orderitems[].active_discount_source", ITEM.active_discount_source.source) %] - [%- SET EDIT_DISCOUNT = (AUTH.assert('edit_prices', 1) && ITEM.active_discount_source.source == '') %] + [%- SET EDIT_DISCOUNT = (RIGHT_TO_EDIT_PRICES && ITEM.active_discount_source.source == '') %]
[%- L.input_tag("order.orderitems[].discount_as_percent", ITEM.discount_as_percent,