From: Jan Büren Date: Mon, 1 Mar 2010 14:17:20 +0000 (+0100) Subject: Benutzerverwaltung im Bereich Verkauf -> Ansicht nur auf eigene Verkaufsdokumente... X-Git-Tag: release-2.6.1beta1~53 X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=c9e93ded8a5ca6f8a9212c5e64a99616889b5aac;p=kivitendo-erp.git Benutzerverwaltung im Bereich Verkauf -> Ansicht nur auf eigene Verkaufsdokumente erweitert. Standardmässig bleibt alles wie vorher (Db-Upgrade-Skript was dieses Recht für alle vorhandenen Gruppen setzt) Sobald das Recht für die Gruppe nicht gesetzt wird, wird entsprechend bei den Verkaufsberichten auth->assert('sales_all_edit') auf employee_id geprüft. Bei Stammdaten->Kunden->Lieferung wird zusätzlich auf dieses Recht geprüft --- diff --git a/SL/AR.pm b/SL/AR.pm index 7d037838c..8cc5ea6d8 100644 --- a/SL/AR.pm +++ b/SL/AR.pm @@ -480,6 +480,10 @@ sub ar_transactions { } } + if (!$main::auth->assert('sales_all_edit', 1)) { + $where .= " AND a.employee_id = (select id from employee where login= ?)"; + push (@values, $form->{login}); + } my @a = qw(transdate invnumber name); push @a, "employee" if $form->{l_employee}; my $sortdir = !defined $form->{sortdir} ? 'ASC' : $form->{sortdir} ? 'ASC' : 'DESC'; diff --git a/SL/Auth.pm b/SL/Auth.pm index af19e71d5..4b6f2fa20 100644 --- a/SL/Auth.pm +++ b/SL/Auth.pm @@ -654,6 +654,7 @@ sub all_rights_full { ["sales_delivery_order_edit", $locale->text("Create and edit sales delivery orders")], ["invoice_edit", $locale->text("Create and edit invoices and credit notes")], ["dunning_edit", $locale->text("Create and edit dunnings")], + ["sales_all_edit", $locale->text("View/edit all employees sales documents")], ["--ap", $locale->text("AP")], ["request_quotation_edit", $locale->text("Create and edit RFQs")], ["purchase_order_edit", $locale->text("Create and edit purchase orders")], diff --git a/SL/DO.pm b/SL/DO.pm index 092fd0bc3..73314bc2e 100644 --- a/SL/DO.pm +++ b/SL/DO.pm @@ -104,6 +104,10 @@ sub transactions { push @where, "dord.$item = ?"; push @values, conv_i($form->{$item}); } + if (!$main::auth->assert('sales_all_edit', 1)) { + push @where, qq|dord.employee_id = (select id from employee where login= ?)|; + push @values, $form->{login}; + } foreach my $item (qw(donumber ordnumber cusordnumber transaction_description)) { next unless ($form->{$item}); diff --git a/SL/OE.pm b/SL/OE.pm index b1e1f9f30..6cc4a5004 100644 --- a/SL/OE.pm +++ b/SL/OE.pm @@ -122,6 +122,10 @@ SQL push(@values, '%' . $form->{$vc} . '%'); } + if (!$main::auth->assert('sales_all_edit', 1)) { + $query .= " AND o.employee_id = (select id from employee where login= ?)"; + push @values, $form->{login}; + } if ($form->{employee_id}) { $query .= " AND o.employee_id = ?"; push @values, conv_i($form->{employee_id}); diff --git a/bin/mozilla/ct.pl b/bin/mozilla/ct.pl index c3d095533..8abe73a12 100644 --- a/bin/mozilla/ct.pl +++ b/bin/mozilla/ct.pl @@ -662,6 +662,7 @@ sub get_delivery { $main::lxdebug->enter_sub(); $main::auth->assert('customer_vendor_edit'); + $main::auth->assert('sales_all_edit'); my $form = $main::form; my %myconfig = %main::myconfig; diff --git a/locale/de/all b/locale/de/all index 305a847b7..0bdf41d6c 100644 --- a/locale/de/all +++ b/locale/de/all @@ -1784,6 +1784,7 @@ $self->{texts} = { 'View License' => 'Lizenz ansehen', 'View SEPA export' => 'SEPA-Export-Details ansehen', 'View warehouse content' => 'Lagerbestand ansehen', + 'View/edit all employees sales documents' => 'Bearbeiten/ansehen der Verkaufsdokumente aller Mitarbeiter', 'Von Konto: ' => 'von Konto: ', 'WEBDAV access' => 'WEBDAV-Zugriff', 'WHJournal' => 'Lagerbuchungen', diff --git a/sql/Pg-upgrade2/auth_enable_sales_all_edit.pl b/sql/Pg-upgrade2/auth_enable_sales_all_edit.pl new file mode 100644 index 000000000..e223cd859 --- /dev/null +++ b/sql/Pg-upgrade2/auth_enable_sales_all_edit.pl @@ -0,0 +1,52 @@ +# @tag: auth_enable_sales_all_edit +# @description: Neues gruppenbezogenes Recht für den Bereich Verkauf hinzugefügt (sales_all_edit := Nur wenn angehakt, können Verkaufsdokumente von anderen Bearbeitern eingesehen werden) Das Skript hakt standardmässig dieses Recht an, sodass es keinen Unterschied zu vorhergehenden Version gibt. +# @depends: release_2_6_0 +# @charset: utf-8 + +use strict; +use Data::Dumper; +die("This script cannot be run from the command line.") unless ($main::form); + +sub mydberror { + my ($msg) = @_; + die($dbup_locale->text("Database update error:") . + "
$msg
" . $DBI::errstr); +} + +sub do_query { + my ($query, $may_fail) = @_; + + if (!$dbh->do($query)) { + mydberror($query) unless ($may_fail); + $dbh->rollback(); + $dbh->begin_work(); + } +} + +sub do_update { + my @queries; + +# do_query("ALTER TABLE project ADD PRIMARY KEY (id);", 1); +# map({ do_query($_, 0); } @queries); +# print "hieryy"; +# print (Dumper($main::form)); + my $dbh = $main::auth->dbconnect(); + my $query = qq|SELECT distinct group_id from auth.user_group|; + my $sth_all_groups = prepare_execute_query($form, $dbh, $query); + while (my $hash_ref = $sth_all_groups->fetchrow_hashref()) { # Schleife + push @queries, "INSERT INTO auth.group_rights (group_id, \"right\", granted) VALUES (" . $hash_ref->{group_id} . ", 'sales_all_edit', 't')"; +} +# if in doubt use brute force ;-) jb + foreach my $query (@queries){ +# print "hier:" . $query; + my $dbh = $main::auth->dbconnect(); + my $sth = prepare_query($form, $dbh, $query); + do_statement($form,$sth,$query); + $sth->finish(); + $dbh ->commit(); +} + return 1; +} + +return do_update(); +