From 74e45f0fe20741e073b8d7e662e69b921ae8ef89 Mon Sep 17 00:00:00 2001 From: "Martin Helmling martin.helmling@octosoft.eu" Date: Sat, 17 Sep 2016 08:42:31 +0200 Subject: [PATCH] =?utf8?q?Spezifisches=20Recht=20f=C3=BCr=20CSV-Import(2)?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Neue Implementierung: Die access-Prüfung findet nun im "Worker" statt, so kann für die Banktransaktionen in "CsvImport/BankTransaction" neben "config" auch das Recht "bank_transaction" zugelassen werden. Davon getrennt ist nun das Verhalten, das bei einem vorgegebenen Profil dieses nich tzum Editieren angeboten wird, sondern gleich in den Import->Test gegangen wird. Dazu ist im entsprechenden Profil der Parameter "dont_edit_profile" auf "1" zu setzen. --- SL/Controller/CsvImport.pm | 12 +++--------- SL/Controller/CsvImport/BankTransaction.pm | 4 ++++ SL/Controller/CsvImport/Base.pm | 4 ++++ templates/webpages/csv_import/_deferred_report.html | 2 +- templates/webpages/csv_import/_deferred_results.html | 1 - templates/webpages/csv_import/form.html | 3 +-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/SL/Controller/CsvImport.pm b/SL/Controller/CsvImport.pm index 3c925abdd..fa988cb4f 100644 --- a/SL/Controller/CsvImport.pm +++ b/SL/Controller/CsvImport.pm @@ -32,7 +32,6 @@ use parent qw(SL::Controller::Base); use Rose::Object::MakeMethods::Generic ( scalar => [ qw(type profile file all_profiles all_charsets sep_char all_sep_chars quote_char all_quote_chars escape_char all_escape_chars all_buchungsgruppen all_units - csv_import_access import_status errors headers raw_data_headers info_headers data num_importable displayable_columns file all_taxzones) ], 'scalar --get_set_init' => [ qw(worker task_server num_imported mappings) ], 'array' => [ @@ -41,7 +40,7 @@ use Rose::Object::MakeMethods::Generic ], ); -__PACKAGE__->run_before('check_auth'); +__PACKAGE__->run_before('check_auth', except => [ qw(report) ]); __PACKAGE__->run_before('ensure_form_structure'); __PACKAGE__->run_before('check_type', except => [ qw(report) ]); __PACKAGE__->run_before('load_all_profiles'); @@ -267,13 +266,8 @@ sub action_add_mapping_from_upload { # sub check_auth { - my ($self) = @_; - if ( $::form->{csv_import_access} ) { - $self->csv_import_access($::form->{csv_import_access}); - return $::auth->assert($self->csv_import_access); - } else { - return $::auth->assert('config'); - } + $_[0]->check_type; + $_[0]->worker->check_auth; } sub check_type { diff --git a/SL/Controller/CsvImport/BankTransaction.pm b/SL/Controller/CsvImport/BankTransaction.pm index 5be896860..2c2704106 100644 --- a/SL/Controller/CsvImport/BankTransaction.pm +++ b/SL/Controller/CsvImport/BankTransaction.pm @@ -183,4 +183,8 @@ sub join_remote_names { $object->remote_name($remote_name); } +sub check_auth { + $::auth->assert('config') if ! $::auth->assert('bank_transaction',1); +} + 1; diff --git a/SL/Controller/CsvImport/Base.pm b/SL/Controller/CsvImport/Base.pm index 17a3bfdd6..e9049899b 100644 --- a/SL/Controller/CsvImport/Base.pm +++ b/SL/Controller/CsvImport/Base.pm @@ -339,6 +339,10 @@ sub check_objects { sub check_duplicates { } +sub check_auth { + $::auth->assert('config'); +} + sub check_std_duplicates { my $self = shift; diff --git a/templates/webpages/csv_import/_deferred_report.html b/templates/webpages/csv_import/_deferred_report.html index 4d084321a..d4fde0885 100644 --- a/templates/webpages/csv_import/_deferred_report.html +++ b/templates/webpages/csv_import/_deferred_report.html @@ -20,7 +20,7 @@ $(document).ready(function(){ [%- IF SELF.background_job.data_as_hash.report_id %] - get_report('#csv_import_report', 'controller.pl', { action: 'CsvImport/report', 'no_layout': 1, 'id': [% SELF.background_job.data_as_hash.report_id %], 'csv_import_access' : '[% SELF.csv_import_access %]' }); + get_report('#csv_import_report', 'controller.pl', { action: 'CsvImport/report', 'no_layout': 1, 'id': [% SELF.background_job.data_as_hash.report_id %] }); [%- END %] }); diff --git a/templates/webpages/csv_import/_deferred_results.html b/templates/webpages/csv_import/_deferred_results.html index 87e913f7d..7f68a32d5 100644 --- a/templates/webpages/csv_import/_deferred_results.html +++ b/templates/webpages/csv_import/_deferred_results.html @@ -16,7 +16,6 @@ data: { action: 'CsvImport/result', 'profile.type': '[% SELF.profile.type %]', - 'csv_import_access' : '[% SELF.csv_import_access %]', job: '[% SELF.background_job.id %]' }, success: function(data) { $('#results').html(data) }, diff --git a/templates/webpages/csv_import/form.html b/templates/webpages/csv_import/form.html index f42cdd873..7ebd6c29b 100644 --- a/templates/webpages/csv_import/form.html +++ b/templates/webpages/csv_import/form.html @@ -10,9 +10,8 @@ [% L.hidden_tag('form_sent', '1') %] [% L.hidden_tag('action', 'CsvImport/dispatch') %] [% L.hidden_tag('profile.type', SELF.profile.type) %] - [% L.hidden_tag('csv_import_access', SELF.csv_import_access) %] - [%- IF SELF.csv_import_access %] + [%- IF SELF.profile.get('dont_edit_profile') %] [% L.hidden_tag('force_profile', 1) %] [% L.hidden_tag('profile.id', SELF.profile.id) %] [%- ELSE %] -- 2.20.1