From 2ba42577fce2f8a7da0e9aead95292ba6ccff0b0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bernd=20Ble=C3=9Fmann?= <bernd@kivitendo-premium.de>
Date: Mon, 28 Dec 2020 15:33:33 +0100
Subject: [PATCH] =?utf8?q?Zeiterfassung:=20Recht=20ber=C3=BCcksichtigen,?=
 =?utf8?q?=20Eintr=C3=A4ge=20von=20anderen=20(nicht)=20zu=20sehen?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 SL/Controller/TimeRecording.pm                 | 12 +++++++++++-
 templates/webpages/time_recording/_filter.html |  4 ++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/SL/Controller/TimeRecording.pm b/SL/Controller/TimeRecording.pm
index 0a171a61a..9ed3c7237 100644
--- a/SL/Controller/TimeRecording.pm
+++ b/SL/Controller/TimeRecording.pm
@@ -18,7 +18,7 @@ use SL::ReportGenerator;
 use Rose::Object::MakeMethods::Generic
 (
 # scalar                  => [ qw() ],
- 'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees) ],
+ 'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees can_view_all) ],
 );
 
 
@@ -126,11 +126,21 @@ sub init_time_recording {
   return $time_recording;
 }
 
+sub init_can_view_all {
+  $::auth->assert('time_recording_show_all', 1) || $::auth->assert('time_recording_edit_all', 1)
+}
+
 sub init_models {
+  my ($self) = @_;
+
+  my @where;
+  push @where, (staff_member_id => SL::DB::Manager::Employee->current->id) if !$self->can_view_all;
+
   SL::Controller::Helper::GetModels->new(
     controller     => $_[0],
     sorted         => \%sort_columns,
     disable_plugin => 'paginated',
+    query          => \@where,
     with_objects   => [ 'customer', 'type', 'project', 'staff_member', 'employee' ],
   );
 }
diff --git a/templates/webpages/time_recording/_filter.html b/templates/webpages/time_recording/_filter.html
index c94f00d88..b47b55d66 100644
--- a/templates/webpages/time_recording/_filter.html
+++ b/templates/webpages/time_recording/_filter.html
@@ -26,6 +26,8 @@
     <th align="right">[% 'Customer Number' | $T8 %]</th>
     <td>[% L.input_tag('filter.customer.customernumber:substr::ilike', filter.customer.customernumber_substr__ilike, size = 20) %]</td>
   </tr>
+
+  [%- IF SELF.can_view_all -%]
   <tr>
    <th align="right">[% 'Mitarbeiter' | $T8 %]</th>
    <td>
@@ -37,6 +39,8 @@
                      style      => 'width: 200px') %]
    </td>
   </tr>
+  [%- END -%]
+
  </table>
 
 [% L.hidden_tag('sort_by', FORM.sort_by) %]
-- 
2.20.1