From: G. Richardson <information@kivitendo-premium.de>
Date: Tue, 6 Aug 2013 12:48:30 +0000 (+0200)
Subject: Recht für Debitoren- und Kreditorenbuchungen verbessert
X-Git-Tag: release-3.1.0beta1~97
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=727d806576b6eed75107dbf52736c3dd08093004;p=kivitendo-erp.git

Recht für Debitoren- und Kreditorenbuchungen verbessert

auf Hinweis von Sven hin:

statt $::auth->check_right($form->{login}, $right) assert benutzen: $::auth->assert($right, 1)
$form lässt sich leicht manipulieren.
---

diff --git a/SL/AP.pm b/SL/AP.pm
index bcd6d83cb..9215ab710 100644
--- a/SL/AP.pm
+++ b/SL/AP.pm
@@ -492,7 +492,7 @@ sub ap_transactions {
 
   my $where = '';
 
-  unless ( $main::auth->check_right($form->{login}, 'show_ap_transactions') ) {
+  unless ( $::auth->assert('show_ap_transactions', 1) ) {
     $where .= " AND NOT invoice = 'f' ";  # remove ap transactions from Sales -> Reports -> Invoices
   };
 
diff --git a/SL/AR.pm b/SL/AR.pm
index d97c443d1..ca3f61a26 100644
--- a/SL/AR.pm
+++ b/SL/AR.pm
@@ -516,7 +516,7 @@ sub ar_transactions {
 
   my $where = "1 = 1";
 
-  unless ( $main::auth->check_right($form->{login}, 'show_ar_transactions') ) { 
+  unless ( $::auth->assert('show_ar_transactions', 1) ) { 
     $where .= " AND NOT invoice = 'f' ";  # remove ar transactions from Sales -> Reports -> Invoices
   };