From 74e45f0fe20741e073b8d7e662e69b921ae8ef89 Mon Sep 17 00:00:00 2001
From: "Martin Helmling martin.helmling@octosoft.eu"
 <martin.helmling@octosoft.eu>
Date: Sat, 17 Sep 2016 08:42:31 +0200
Subject: [PATCH] =?utf8?q?Spezifisches=20Recht=20f=C3=BCr=20CSV-Import(2)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Neue Implementierung: Die access-Prüfung findet nun im "Worker" statt,
so kann für die Banktransaktionen in "CsvImport/BankTransaction"
neben "config" auch das Recht "bank_transaction" zugelassen werden.

Davon getrennt ist nun das Verhalten, das bei einem vorgegebenen Profil
dieses nich tzum Editieren angeboten wird, sondern gleich in den Import->Test gegangen wird.
Dazu ist im entsprechenden Profil der Parameter "dont_edit_profile" auf "1" zu setzen.
---
 SL/Controller/CsvImport.pm                           | 12 +++---------
 SL/Controller/CsvImport/BankTransaction.pm           |  4 ++++
 SL/Controller/CsvImport/Base.pm                      |  4 ++++
 templates/webpages/csv_import/_deferred_report.html  |  2 +-
 templates/webpages/csv_import/_deferred_results.html |  1 -
 templates/webpages/csv_import/form.html              |  3 +--
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/SL/Controller/CsvImport.pm b/SL/Controller/CsvImport.pm
index 3c925abdd..fa988cb4f 100644
--- a/SL/Controller/CsvImport.pm
+++ b/SL/Controller/CsvImport.pm
@@ -32,7 +32,6 @@ use parent qw(SL::Controller::Base);
 use Rose::Object::MakeMethods::Generic
 (
  scalar                  => [ qw(type profile file all_profiles all_charsets sep_char all_sep_chars quote_char all_quote_chars escape_char all_escape_chars all_buchungsgruppen all_units
-                                 csv_import_access
                                  import_status errors headers raw_data_headers info_headers data num_importable displayable_columns file all_taxzones) ],
  'scalar --get_set_init' => [ qw(worker task_server num_imported mappings) ],
  'array'                 => [
@@ -41,7 +40,7 @@ use Rose::Object::MakeMethods::Generic
  ],
 );
 
-__PACKAGE__->run_before('check_auth');
+__PACKAGE__->run_before('check_auth', except => [ qw(report) ]);
 __PACKAGE__->run_before('ensure_form_structure');
 __PACKAGE__->run_before('check_type', except => [ qw(report) ]);
 __PACKAGE__->run_before('load_all_profiles');
@@ -267,13 +266,8 @@ sub action_add_mapping_from_upload {
 #
 
 sub check_auth {
-  my ($self) = @_;
-  if ( $::form->{csv_import_access} ) {
-    $self->csv_import_access($::form->{csv_import_access});
-    return $::auth->assert($self->csv_import_access);
-  } else {
-    return $::auth->assert('config');
-  }
+  $_[0]->check_type;
+  $_[0]->worker->check_auth;
 }
 
 sub check_type {
diff --git a/SL/Controller/CsvImport/BankTransaction.pm b/SL/Controller/CsvImport/BankTransaction.pm
index 5be896860..2c2704106 100644
--- a/SL/Controller/CsvImport/BankTransaction.pm
+++ b/SL/Controller/CsvImport/BankTransaction.pm
@@ -183,4 +183,8 @@ sub join_remote_names {
   $object->remote_name($remote_name);
 }
 
+sub check_auth {
+  $::auth->assert('config') if ! $::auth->assert('bank_transaction',1);
+}
+
 1;
diff --git a/SL/Controller/CsvImport/Base.pm b/SL/Controller/CsvImport/Base.pm
index 17a3bfdd6..e9049899b 100644
--- a/SL/Controller/CsvImport/Base.pm
+++ b/SL/Controller/CsvImport/Base.pm
@@ -339,6 +339,10 @@ sub check_objects {
 sub check_duplicates {
 }
 
+sub check_auth {
+  $::auth->assert('config');
+}
+
 sub check_std_duplicates {
   my $self = shift;
 
diff --git a/templates/webpages/csv_import/_deferred_report.html b/templates/webpages/csv_import/_deferred_report.html
index 4d084321a..d4fde0885 100644
--- a/templates/webpages/csv_import/_deferred_report.html
+++ b/templates/webpages/csv_import/_deferred_report.html
@@ -20,7 +20,7 @@
 
   $(document).ready(function(){
     [%- IF SELF.background_job.data_as_hash.report_id %]
-      get_report('#csv_import_report', 'controller.pl', { action: 'CsvImport/report', 'no_layout': 1, 'id': [% SELF.background_job.data_as_hash.report_id %], 'csv_import_access' : '[% SELF.csv_import_access %]' });
+      get_report('#csv_import_report', 'controller.pl', { action: 'CsvImport/report', 'no_layout': 1, 'id': [% SELF.background_job.data_as_hash.report_id %] });
     [%- END %]
   });
 
diff --git a/templates/webpages/csv_import/_deferred_results.html b/templates/webpages/csv_import/_deferred_results.html
index 87e913f7d..7f68a32d5 100644
--- a/templates/webpages/csv_import/_deferred_results.html
+++ b/templates/webpages/csv_import/_deferred_results.html
@@ -16,7 +16,6 @@
       data: {
         action: 'CsvImport/result',
         'profile.type': '[% SELF.profile.type %]',
-        'csv_import_access' : '[% SELF.csv_import_access %]',
         job: '[% SELF.background_job.id %]'
       },
       success: function(data) { $('#results').html(data) },
diff --git a/templates/webpages/csv_import/form.html b/templates/webpages/csv_import/form.html
index f42cdd873..7ebd6c29b 100644
--- a/templates/webpages/csv_import/form.html
+++ b/templates/webpages/csv_import/form.html
@@ -10,9 +10,8 @@
   [% L.hidden_tag('form_sent', '1') %]
   [% L.hidden_tag('action', 'CsvImport/dispatch') %]
   [% L.hidden_tag('profile.type', SELF.profile.type) %]
-  [% L.hidden_tag('csv_import_access', SELF.csv_import_access) %]
 
- [%- IF SELF.csv_import_access %]
+ [%- IF SELF.profile.get('dont_edit_profile') %]
   [% L.hidden_tag('force_profile', 1) %]
   [% L.hidden_tag('profile.id', SELF.profile.id) %]
  [%- ELSE %]
-- 
2.20.1