From 3ad96f211f51589c061900f0dfad4cd1daedd2f6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bernd=20Ble=C3=9Fmann?= Date: Wed, 2 Mar 2022 16:17:54 +0100 Subject: [PATCH] =?utf8?q?Recht:=20Ansehen=20von=20Belegen=20bei=20Angebot?= =?utf8?q?=20und=20Auftrag=20ber=C3=BCcksichtigen?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Ansehen nur im neuen Auftrags-Controller --- SL/Controller/Order.pm | 26 +++++++++++++++++++ SL/Controller/TopQuickSearch/PurchaseOrder.pm | 2 +- .../TopQuickSearch/RequestForQuotation.pm | 2 +- SL/Controller/TopQuickSearch/SalesOrder.pm | 2 +- .../TopQuickSearch/SalesQuotation.pm | 2 +- bin/mozilla/oe.pl | 14 +++++++--- menus/user/00-erp.yaml | 8 +++--- 7 files changed, 45 insertions(+), 11 deletions(-) diff --git a/SL/Controller/Order.pm b/SL/Controller/Order.pm index 6571eecf8..87a9e9cf4 100644 --- a/SL/Controller/Order.pm +++ b/SL/Controller/Order.pm @@ -56,6 +56,9 @@ use Rose::Object::MakeMethods::Generic # safety __PACKAGE__->run_before('check_auth'); +__PACKAGE__->run_before('check_auth_save', + except => [ qw(edit show_customer_vendor_details_dialog price_popup load_second_rows) ]); + __PACKAGE__->run_before('recalc', only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_invoice_for_advance_payment save_and_final_invoice save_and_ap_transaction print send_email) ]); @@ -1370,6 +1373,17 @@ sub init_part_picker_classification_ids { sub check_auth { my ($self) = @_; + my $right_for = { map { $_ => $_.'_edit' . ' | ' . $_.'_view' } @{$self->valid_types} }; + + my $right = $right_for->{ $self->type }; + $right ||= 'DOES_NOT_EXIST'; + + $::auth->assert($right); +} + +sub check_auth_save { + my ($self) = @_; + my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; my $right = $right_for->{ $self->type }; @@ -2018,6 +2032,11 @@ sub setup_edit_action_bar { $has_final_invoice = any {'SL::DB::Invoice' eq ref $_ && "final_invoice" eq $_->type} @$lr; } + my $right_for = { map { $_ => $_.'_edit' } @{$self->valid_types} }; + my $right = $right_for->{ $self->type }; + $right ||= 'DOES_NOT_EXIST'; + + if ($::auth->assert($right, 1)) { for my $bar ($::request->layout->get('actionbar')) { $bar->add( combobox => [ @@ -2164,6 +2183,12 @@ sub setup_edit_action_bar { only_if => $deletion_allowed, ], + ); + } + } + + for my $bar ($::request->layout->get('actionbar')) { + $bar->add( combobox => [ action => [ t8('more') @@ -2182,6 +2207,7 @@ sub setup_edit_action_bar { ], # end of combobox "more" ); } + } sub generate_doc { diff --git a/SL/Controller/TopQuickSearch/PurchaseOrder.pm b/SL/Controller/TopQuickSearch/PurchaseOrder.pm index 4013c8a9e..f64fb8366 100644 --- a/SL/Controller/TopQuickSearch/PurchaseOrder.pm +++ b/SL/Controller/TopQuickSearch/PurchaseOrder.pm @@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord); use SL::Locale::String qw(t8); -sub auth { 'purchase_order_edit' } +sub auth { 'purchase_order_edit | purchase_order_view' } sub name { 'purchase_order' } diff --git a/SL/Controller/TopQuickSearch/RequestForQuotation.pm b/SL/Controller/TopQuickSearch/RequestForQuotation.pm index 3b2adefd3..d9571008c 100644 --- a/SL/Controller/TopQuickSearch/RequestForQuotation.pm +++ b/SL/Controller/TopQuickSearch/RequestForQuotation.pm @@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord); use SL::Locale::String qw(t8); -sub auth { 'request_quotation_edit' } +sub auth { 'request_quotation_edit | request_quotation_view' } sub name { 'request_quotation' } diff --git a/SL/Controller/TopQuickSearch/SalesOrder.pm b/SL/Controller/TopQuickSearch/SalesOrder.pm index 1f5296ea2..8f91e6e08 100644 --- a/SL/Controller/TopQuickSearch/SalesOrder.pm +++ b/SL/Controller/TopQuickSearch/SalesOrder.pm @@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord); use SL::Locale::String qw(t8); -sub auth { 'sales_order_edit' } +sub auth { 'sales_order_edit | sales_order_view' } sub name { 'sales_order' } diff --git a/SL/Controller/TopQuickSearch/SalesQuotation.pm b/SL/Controller/TopQuickSearch/SalesQuotation.pm index 28ec9fd17..f7a6b777a 100644 --- a/SL/Controller/TopQuickSearch/SalesQuotation.pm +++ b/SL/Controller/TopQuickSearch/SalesQuotation.pm @@ -5,7 +5,7 @@ use parent qw(SL::Controller::TopQuickSearch::OERecord); use SL::Locale::String qw(t8); -sub auth { 'sales_quotation_edit' } +sub auth { 'sales_quotation_edit | sales_quotation_view' } sub name { 'sales_quotation' } diff --git a/bin/mozilla/oe.pl b/bin/mozilla/oe.pl index 96764ebdf..610215b42 100644 --- a/bin/mozilla/oe.pl +++ b/bin/mozilla/oe.pl @@ -84,10 +84,18 @@ my $oe_access_map = { 'sales_quotation' => 'sales_quotation_edit', }; +my $oe_view_access_map = { + 'sales_order' => 'sales_order_edit | sales_order_view', + 'purchase_order' => 'purchase_order_edit | purchase_order_view', + 'request_quotation' => 'request_quotation_edit | request_quotation_view', + 'sales_quotation' => 'sales_quotation_edit | sales_quotation_view', +}; + sub check_oe_access { + my (%params) = @_; my $form = $main::form; - my $right = $oe_access_map->{$form->{type}}; + my $right = ($params{with_view}) ? $oe_view_access_map->{$form->{type}} : $oe_access_map->{$form->{type}}; $right ||= 'DOES_NOT_EXIST'; $main::auth->assert($right); @@ -926,7 +934,7 @@ sub search { my %myconfig = %main::myconfig; my $locale = $main::locale; - check_oe_access(); + check_oe_access(with_view => 1); if ($form->{type} eq 'purchase_order') { $form->{vc} = 'vendor'; @@ -1017,7 +1025,7 @@ sub orders { my $cgi = $::request->{cgi}; my %params = @_; - check_oe_access(); + check_oe_access(with_view => 1); my $ordnumber = ($form->{type} =~ /_order$/) ? "ordnumber" : "quonumber"; diff --git a/menus/user/00-erp.yaml b/menus/user/00-erp.yaml index 985b2cc2a..ecaaa3185 100644 --- a/menus/user/00-erp.yaml +++ b/menus/user/00-erp.yaml @@ -275,7 +275,7 @@ name: Quotations icon: report_quotations order: 200 - access: sales_quotation_edit + access: sales_quotation_edit | sales_quotation_view module: oe.pl params: action: search @@ -285,7 +285,7 @@ name: Sales Orders icon: report_sales_orders order: 300 - access: sales_order_edit + access: sales_order_edit | sales_order_view module: oe.pl params: action: search @@ -446,7 +446,7 @@ name: RFQs icon: rfq_report order: 100 - access: request_quotation_edit + access: request_quotation_edit | request_quotation_view module: oe.pl params: action: search @@ -456,7 +456,7 @@ name: Purchase Orders icon: purchase_order_report order: 200 - access: purchase_order_edit + access: purchase_order_edit | purchase_order_view module: oe.pl params: action: search -- 2.20.1