From 727d806576b6eed75107dbf52736c3dd08093004 Mon Sep 17 00:00:00 2001 From: "G. Richardson" Date: Tue, 6 Aug 2013 14:48:30 +0200 Subject: [PATCH] =?utf8?q?Recht=20f=C3=BCr=20Debitoren-=20und=20Kreditoren?= =?utf8?q?buchungen=20verbessert?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit auf Hinweis von Sven hin: statt $::auth->check_right($form->{login}, $right) assert benutzen: $::auth->assert($right, 1) $form lässt sich leicht manipulieren. --- SL/AP.pm | 2 +- SL/AR.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SL/AP.pm b/SL/AP.pm index bcd6d83cb..9215ab710 100644 --- a/SL/AP.pm +++ b/SL/AP.pm @@ -492,7 +492,7 @@ sub ap_transactions { my $where = ''; - unless ( $main::auth->check_right($form->{login}, 'show_ap_transactions') ) { + unless ( $::auth->assert('show_ap_transactions', 1) ) { $where .= " AND NOT invoice = 'f' "; # remove ap transactions from Sales -> Reports -> Invoices }; diff --git a/SL/AR.pm b/SL/AR.pm index d97c443d1..ca3f61a26 100644 --- a/SL/AR.pm +++ b/SL/AR.pm @@ -516,7 +516,7 @@ sub ar_transactions { my $where = "1 = 1"; - unless ( $main::auth->check_right($form->{login}, 'show_ar_transactions') ) { + unless ( $::auth->assert('show_ar_transactions', 1) ) { $where .= " AND NOT invoice = 'f' "; # remove ar transactions from Sales -> Reports -> Invoices }; -- 2.20.1