From cdab9f5d03b9c1d529155cf3b95d227d473bfb6d Mon Sep 17 00:00:00 2001
From: "G. Richardson" <information@kivitendo-premium.de>
Date: Thu, 9 Jun 2016 18:41:43 +0200
Subject: [PATCH] =?utf8?q?Neues=20Recht=20"Verkn=C3=BCpfte=20Belege"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Hintergrund ist, daß es derzeit z.B. möglich ist, daß Benutzer die nur
Rechte haben um Angebote zu sehen, über die verknüpften Belege eine
Übersicht über alle anderen Belege aus dem Workflow, bis hin zur
Rechnung zu sehen. Zumindest eine Zusammenfassung (Datum, Beträge), ohne
jedoch die Belege öffnen zu können. Dies ist aber nicht immer gewünscht,
daher kann man jetzt die Reiter für verknüpfte Belege komplett
ausblenden.

Eine bessere Lösung wäre nur die Belege anzuzeigen, für die der Benutzer
auch Bearbeitungsrechte hat.
---
 SL/Controller/RecordLinks.pm                |  5 ++++
 doc/changelog                               |  6 ++++-
 sql/Pg-upgrade2-auth/record_links_rights.pl | 28 +++++++++++++++++++++
 templates/webpages/ap/form_header.html      |  2 ++
 templates/webpages/ar/form_header.html      |  2 ++
 templates/webpages/do/form_header.html      |  2 +-
 templates/webpages/ir/form_header.html      |  2 ++
 templates/webpages/is/form_header.html      |  2 ++
 templates/webpages/oe/form_header.html      |  2 +-
 templates/webpages/project/form.html        |  4 +--
 10 files changed, 50 insertions(+), 5 deletions(-)
 create mode 100644 sql/Pg-upgrade2-auth/record_links_rights.pl

diff --git a/SL/Controller/RecordLinks.pm b/SL/Controller/RecordLinks.pm
index 9ff64e49e..03d7b81c7 100644
--- a/SL/Controller/RecordLinks.pm
+++ b/SL/Controller/RecordLinks.pm
@@ -23,6 +23,7 @@ use Rose::Object::MakeMethods::Generic
   scalar => [ qw(object object_model object_id link_type link_direction link_type_desc) ],
 );
 
+__PACKAGE__->run_before('check_auth');
 __PACKAGE__->run_before('check_object_params', only => [ qw(ajax_list ajax_delete ajax_add_select_type ajax_add_filter ajax_add_list ajax_add_do) ]);
 __PACKAGE__->run_before('check_link_params',   only => [ qw(                                                           ajax_add_list ajax_add_do) ]);
 
@@ -217,4 +218,8 @@ sub check_link_params {
   return 1;
 }
 
+sub check_auth {
+  $::auth->assert('record_links');
+}
+
 1;
diff --git a/doc/changelog b/doc/changelog
index 794c87de3..5f04e5414 100644
--- a/doc/changelog
+++ b/doc/changelog
@@ -2,6 +2,11 @@
 # Veränderungen von kivitendo #
 ###############################
 
+2016-xx-xx - Release 3.4.x Unstable
+
+  - Neues Recht "Verknüpfte Belege", standardmäßig erlaubt. Betrifft alle
+    Belege und die Projektstammdaten
+
 2016-07-05 - Release 3.4.1
 
 kleinere neue Features und Detailverbesserungen:
@@ -66,7 +71,6 @@ Bugfixes:
 - Bugfix #165	inventory.shippingdate wird nicht konsequent benutzt
 - Bugfix #166	Presenter Links gehen im ReportGenerator Export kaputt
 
-2016-03-12 - Release 3.4.0
 
 Größere neue Features:
 
diff --git a/sql/Pg-upgrade2-auth/record_links_rights.pl b/sql/Pg-upgrade2-auth/record_links_rights.pl
new file mode 100644
index 000000000..8e8073dac
--- /dev/null
+++ b/sql/Pg-upgrade2-auth/record_links_rights.pl
@@ -0,0 +1,28 @@
+# @tag: record_links_rights
+# @description: Setzt das Recht um den Tab verknüpfte Belege zu sehen, per Default erlaubt (wie vorher auch)
+# @depends: release_3_4_0 master_rights_position_gaps
+package SL::DBUpgrade2::record_links_rights;
+
+use strict;
+use utf8;
+
+use parent qw(SL::DBUpgrade2::Base);
+
+use SL::DBUtils;
+
+sub run {
+  my ($self) = @_;
+
+  $self->db_query("INSERT INTO auth.master_rights (position, name, description) VALUES ( 4750, 'record_links', 'Linked Records')");
+
+  my $groups = $main::auth->read_groups();
+
+  foreach my $group (values %{$groups}) {
+    $group->{rights}->{record_links} = 1;
+    $main::auth->save_group($group);
+  }
+
+  return 1;
+} # end run
+
+1;
diff --git a/templates/webpages/ap/form_header.html b/templates/webpages/ap/form_header.html
index fdcbefab6..af3b7e818 100644
--- a/templates/webpages/ap/form_header.html
+++ b/templates/webpages/ap/form_header.html
@@ -83,7 +83,9 @@
  <ul>
   <li><a href="#ui-tabs-basic-data">[% 'Basic Data' | $T8 %]</a></li>
 [%- IF id %]
+  [%- IF AUTH.assert('record_links', 1) %]
   <li><a href="controller.pl?action=RecordLinks/ajax_list&object_model=PurchaseInvoice&object_id=[% HTML.url(id) %]">[% 'Linked Records' | $T8 %]</a></li>
+  [%- END %]
   <li><a href="[% 'controller.pl?action=AccTrans/list_transactions&trans_id=' _ HTML.url(id) | html %]">[% LxERP.t8('Transactions') %]</a></li>
 [%- END %]
  </ul>
diff --git a/templates/webpages/ar/form_header.html b/templates/webpages/ar/form_header.html
index 2645d825a..c779a0d71 100644
--- a/templates/webpages/ar/form_header.html
+++ b/templates/webpages/ar/form_header.html
@@ -24,7 +24,9 @@
  <ul>
   <li><a href="#ui-tabs-basic-data">[% 'Basic Data' | $T8 %]</a></li>
 [%- IF id %]
+  [% IF AUTH.assert('record_links', 1) %]
   <li><a href="controller.pl?action=RecordLinks/ajax_list&object_model=Invoice&object_id=[% HTML.url(id) %]">[% 'Linked Records' | $T8 %]</a></li>
+  [%- END %]
   <li><a href="[% 'controller.pl?action=AccTrans/list_transactions&trans_id=' _ HTML.url(id) | html %]">[% LxERP.t8('Transactions') %]</a></li>
 [%- END %]
  </ul>
diff --git a/templates/webpages/do/form_header.html b/templates/webpages/do/form_header.html
index 334c94b95..6ae87d368 100644
--- a/templates/webpages/do/form_header.html
+++ b/templates/webpages/do/form_header.html
@@ -53,7 +53,7 @@
 [%- IF INSTANCE_CONF.get_webdav %]
    <li><a href="#ui-tabs-webdav">[% 'WebDAV' | $T8 %]</a></li>
 [%- END %]
-[%- IF id %]
+[%- IF id AND AUTH.assert('record_links', 1) %]
    <li><a href="controller.pl?action=RecordLinks/ajax_list&object_model=DeliveryOrder&object_id=[% HTML.url(id) %]">[% 'Linked Records' | $T8 %]</a></li>
 [%- END %]
   </ul>
diff --git a/templates/webpages/ir/form_header.html b/templates/webpages/ir/form_header.html
index 866bb8fa5..6975d0da2 100644
--- a/templates/webpages/ir/form_header.html
+++ b/templates/webpages/ir/form_header.html
@@ -34,7 +34,9 @@
   <li><a href="#ui-tabs-webdav">[% 'WebDAV' | $T8 %]</a></li>
 [%- END %]
 [%- IF id %]
+  [%- IF AUTH.assert('record_links', 1) %]
   <li><a href="controller.pl?action=RecordLinks/ajax_list&object_model=PurchaseInvoice&object_id=[% HTML.url(id) %]">[% 'Linked Records' | $T8 %]</a></li>
+  [%- END %]
   <li><a href="[% 'controller.pl?action=AccTrans/list_transactions&trans_id=' _ HTML.url(id) | html %]">[% LxERP.t8('Transactions') %]</a></li>
 [%- END %]
  </ul>
diff --git a/templates/webpages/is/form_header.html b/templates/webpages/is/form_header.html
index ef60cc9ae..f412fac1f 100644
--- a/templates/webpages/is/form_header.html
+++ b/templates/webpages/is/form_header.html
@@ -35,7 +35,9 @@
   <li><a href="#ui-tabs-webdav">[% 'WebDAV' | $T8 %]</a></li>
 [%- END %]
 [%- IF id %]
+  [%- IF AUTH.assert('record_links', 1) %]
   <li><a href="controller.pl?action=RecordLinks/ajax_list&object_model=Invoice&object_id=[% HTML.url(id) %]">[% 'Linked Records' | $T8 %]</a></li>
+  [%- END %]
   [%- IF AUTH.assert('general_ledger', 1) %]
   <li><a href="[% 'controller.pl?action=AccTrans/list_transactions&trans_id=' _ HTML.url(id) | html %]">[% LxERP.t8('Transactions') %]</a></li>
   [%- END %]
diff --git a/templates/webpages/oe/form_header.html b/templates/webpages/oe/form_header.html
index a64a87da4..70e702e63 100644
--- a/templates/webpages/oe/form_header.html
+++ b/templates/webpages/oe/form_header.html
@@ -37,7 +37,7 @@
 [%- IF INSTANCE_CONF.get_webdav %]
       <li><a href="#ui-tabs-webdav">[% 'WebDAV' | $T8 %]</a></li>
 [%- END %]
-[%- IF id %]
+[%- IF id AND AUTH.assert('record_links', 1) %]
       <li><a href="controller.pl?action=RecordLinks/ajax_list&object_model=Order&object_id=[% HTML.url(id) %]">[% 'Linked Records' | $T8 %]</a></li>
 [%- END %]
      </ul>
diff --git a/templates/webpages/project/form.html b/templates/webpages/project/form.html
index c93a768c7..5e25f8e77 100644
--- a/templates/webpages/project/form.html
+++ b/templates/webpages/project/form.html
@@ -17,7 +17,7 @@
     [%- IF CUSTOM_VARIABLES.size %]
     <li><a href="#custom_variables">[% 'Custom Variables' | $T8 %]</a></li>
     [%- END %]
-    [%- IF SELF.project.id %]
+    [%- IF SELF.project.id and AUTH.assert('record_links', 1) %]
     <li><a href="#linked_records">[% 'Linked Records' | $T8 %]</a></li>
     [%- END %]
    </ul>
@@ -32,7 +32,7 @@
    </div>
    [%- END %]
 
-   [%- IF SELF.project.id %]
+   [%- IF SELF.project.id and AUTH.assert('record_links', 1) %]
    <div id="linked_records">
    [%- PROCESS 'project/_linked_records.html' records=SELF.linked_records %]
    </div>
-- 
2.20.1