__PACKAGE__->run_before('check_auth',
except => [ qw(update_stock_information) ]);
+__PACKAGE__->run_before('check_auth_for_edit',
+ except => [ qw(update_stock_information edit show_customer_vendor_details_dialog price_popup stock_in_out_dialog load_second_rows) ]);
+
__PACKAGE__->run_before('get_unalterable_data',
only => [ qw(save save_as_new save_and_delivery_order save_and_invoice save_and_ap_transaction
print send_email) ]);
sub check_auth {
my ($self) = @_;
- $::auth->assert($self->type_data->access || 'DOES_NOT_EXIST');
+ $::auth->assert($self->type_data->access('view') || 'DOES_NOT_EXIST');
+}
+
+sub check_auth_for_edit {
+ my ($self) = @_;
+
+ $::auth->assert($self->type_data->access('edit') || 'DOES_NOT_EXIST');
}
# build the selection box for contacts
my ($self, %params) = @_;
my $deletion_allowed = $self->type_data->show_menu("delete");
+ my $may_edit_create = $::auth->assert($self->type_data->access('edit') || 'DOES_NOT_EXIST', 1);
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
call => [ 'kivi.DeliveryOrder.save', 'save', $::instance_conf->get_order_warn_duplicate_parts,
$::instance_conf->get_order_warn_no_deliverydate,
],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save as new'),
call => [ 'kivi.DeliveryOrder.save', 'save_as_new', $::instance_conf->get_order_warn_duplicate_parts ],
- disabled => $self->type eq 'supplier_delivery_order' ? t8('Need a workflow for Supplier Delivery Order')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $self->type eq 'supplier_delivery_order' ? t8('Need a workflow for Supplier Delivery Order')
: !$self->order->id ? t8('This object has not been saved yet.')
: undef,
],
t8('Save and Quotation'),
submit => [ '#order_form', { action => "DeliveryOrder/sales_quotation" } ],
only_if => $self->type_data->show_menu("save_and_quotation"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and RFQ'),
submit => [ '#order_form', { action => "DeliveryOrder/request_for_quotation" } ],
only_if => $self->type_data->show_menu("save_and_rfq"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Sales Order'),
submit => [ '#order_form', { action => "DeliveryOrder/sales_order" } ],
only_if => $self->type_data->show_menu("save_and_sales_order"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Purchase Order'),
call => [ 'kivi.DeliveryOrder.purchase_order_check_for_direct_delivery' ],
only_if => $self->type_data->show_menu("save_and_purchase_order"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Delivery Order'),
$::instance_conf->get_order_warn_no_deliverydate,
],
only_if => $self->type_data->show_menu("save_and_delivery_order"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and Invoice'),
call => [ 'kivi.DeliveryOrder.save', 'save_and_invoice', $::instance_conf->get_order_warn_duplicate_parts ],
only_if => $self->type_data->show_menu("save_and_invoice"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and AP Transaction'),
call => [ 'kivi.DeliveryOrder.save', 'save_and_ap_transaction', $::instance_conf->get_order_warn_duplicate_parts ],
only_if => $self->type_data->show_menu("save_and_ap_transaction"),
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
], # end of combobox "Workflow"
call => [ 'kivi.DeliveryOrder.save', 'preview_pdf', $::instance_conf->get_order_warn_duplicate_parts,
$::instance_conf->get_order_warn_no_deliverydate,
],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and print'),
call => [ 'kivi.DeliveryOrder.show_print_options', $::instance_conf->get_order_warn_duplicate_parts,
$::instance_conf->get_order_warn_no_deliverydate,
],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('Save and E-mail'),
call => [ 'kivi.DeliveryOrder.save', 'save_and_show_email_dialog', $::instance_conf->get_order_warn_duplicate_parts,
$::instance_conf->get_order_warn_no_deliverydate,
],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
],
action => [
t8('Download attachments of all parts'),
call => [ 'kivi.File.downloadOrderitemsFiles', $::form->{type}, $::form->{id} ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
+ : undef,
only_if => $::instance_conf->get_doc_storage,
],
], # end of combobox "Export"
id => 'delete_action',
call => [ 'kivi.DeliveryOrder.delete_order' ],
confirm => $::locale->text('Do you really want to delete this object?'),
- disabled => !$self->order->id ? t8('This object has not been saved yet.')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
: $self->order->delivered ? t8('The parts for this order have already been transferred')
: undef,
only_if => $self->type_data->show_menu("delete"),
t8('Transfer out'),
id => 'transfer_out_action',
call => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
: $self->order->delivered ? t8('The parts for this order have already been transferred')
: undef,
only_if => $self->type_data->properties('transfer') eq 'out',
t8('Transfer in'),
id => 'transfer_in_action',
call => [ 'kivi.DeliveryOrder.save', 'transfer_stock' ],
- disabled => !$self->order->id ? t8('This object has not been saved yet.')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$self->order->id ? t8('This object has not been saved yet.')
: $self->order->delivered ? t8('The parts for this order have already been transferred')
: undef,
only_if => $self->type_data->properties('transfer') eq 'in',
}
sub access {
- get($_[0]->c->type, "right");
+ my ($self, $string) = @_;
+ get3($_[0]->c->type, "rights", $string);
}
sub is_quotation {
use SL::Locale::String qw(t8);
-sub auth { 'purchase_delivery_order_edit' }
+sub auth { 'purchase_delivery_order_edit | purchase_delivery_order_edit' }
sub name { 'purchase_delivery_order' }
use SL::Locale::String qw(t8);
-sub auth { 'sales_delivery_order_edit' }
+sub auth { 'sales_delivery_order_edit | sales_delivery_order_view' }
sub name { 'sales_delivery_order' }
transnumber => 'sdonumber',
},
part_classification_query => [ "used_for_sale" => 1 ],
- right => "sales_delivery_order_edit",
+ rights => {
+ edit => "sales_delivery_order_edit",
+ view => "sales_delivery_order_edit | sales_delivery_order_view",
+ },
},
PURCHASE_DELIVERY_ORDER_TYPE() => {
text => {
transnumber => 'pdonumber',
},
part_classification_query => [ "used_for_purchase" => 1 ],
- right => "purchase_delivery_order_edit",
+ rights => {
+ edit => "purchase_delivery_order_edit",
+ view => "purchase_delivery_order_edit | purchase_delivery_order_view",
+ },
},
SUPPLIER_DELIVERY_ORDER_TYPE() => {
text => {
transnumber => 'sudonumber',
},
part_classification_query => [ "used_for_purchase" => 1 ],
- right => "purchase_delivery_order_edit",
+ rights => {
+ edit => "purchase_delivery_order_edit",
+ view => "purchase_delivery_order_edit | purchase_delivery_order_view",
+ },
},
RMA_DELIVERY_ORDER_TYPE() => {
text => {
transnumber => 'rdonumber',
},
part_classification_query => [ "used_for_sale" => 1 ],
- right => "sales_delivery_order_edit",
+ rights => {
+ edit => "sales_delivery_order_edit",
+ view => "sales_delivery_order_edit | sales_delivery_order_view",
+ },
},
);
push @where, "dord.$item = ?";
push @values, conv_i($form->{$item});
}
- if ( !(($vc eq 'customer' && $main::auth->assert('sales_all_edit', 1)) || ($vc eq 'vendor' && $main::auth->assert('purchase_all_edit', 1))) ) {
+ if ( !( ($vc eq 'customer' && ($main::auth->assert('sales_all_edit', 1) || $main::auth->assert('sales_delivery_order_view', 1)))
+ || ($vc eq 'vendor' && ($main::auth->assert('purchase_all_edit', 1) || $main::auth->assert('purchase_delivery_order_view', 1))) ) ) {
push @where, qq|dord.employee_id = (select id from employee where login= ?)|;
push @values, $::myconfig{login};
}
# end of main
+sub check_do_access_for_edit {
+ validate_type($::form->{type});
+
+ my $right = SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "edit");
+ $main::auth->assert($right);
+}
+
sub check_do_access {
validate_type($::form->{type});
- my $right = SL::DB::DeliveryOrder::TypeData::get($::form->{type}, "right");
+ my $right = SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "view");
$main::auth->assert($right);
}
sub add {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
if (($::form->{type} =~ /purchase/) && !$::instance_conf->get_allow_new_purchase_invoice) {
$::form->show_generic_error($::locale->text("You do not have the permissions to access this function."));
if (ref $undo_date eq 'DateTime' && ref $insertdate eq 'DateTime') {
$undo_transfer = $insertdate > $undo_date;
}
+
+ my $may_edit_create = $::auth->assert(SL::DB::DeliveryOrder::TypeData::get3($::form->{type}, "rights", "edit"), 1);
+
for my $bar ($::request->layout->get('actionbar')) {
$bar->add(
action =>
[ t8('Update'),
submit => [ '#form', { action => "update" } ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
id => 'update_button',
accesskey => 'enter',
],
t8('Save'),
submit => [ '#form', { action => "save" } ],
checks => [ 'kivi.validate_form' ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
],
action => [
t8('Save as new'),
submit => [ '#form', { action => "save_as_new" } ],
checks => [ 'kivi.validate_form' ],
- disabled => !$::form->{id},
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id},
],
action => [
t8('Mark as closed'),
submit => [ '#form', { action => "mark_closed" } ],
checks => [ 'kivi.validate_form' ],
confirm => t8('This will remove the delivery order from showing as open even if contents are not delivered. Proceed?'),
- disabled => !$::form->{id} ? t8('This record has not been saved yet.')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id} ? t8('This record has not been saved yet.')
: $::form->{closed} ? t8('This record has already been closed.')
: undef,
],
t8('Delete'),
submit => [ '#form', { action => "delete" } ],
confirm => t8('Do you really want to delete this object?'),
- disabled => !$::form->{id} ? t8('This record has not been saved yet.')
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id} ? t8('This record has not been saved yet.')
: $::form->{delivered} ? t8('This record has already been delivered.')
: ($::form->{vc} eq 'customer' && !$::instance_conf->get_sales_delivery_order_show_delete) ? t8('Deleting this type of record has been disabled in the configuration.')
: ($::form->{vc} eq 'vendor' && !$::instance_conf->get_purchase_delivery_order_show_delete) ? t8('Deleting this type of record has been disabled in the configuration.')
t8('Transfer out'),
submit => [ '#form', { action => "transfer_out" } ],
checks => [ 'kivi.validate_form', @transfer_qty ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => $is_customer,
],
action => [
t8('Transfer out via default'),
submit => [ '#form', { action => "transfer_out_default" } ],
checks => [ 'kivi.validate_form' ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => $is_customer && $::instance_conf->get_transfer_default,
],
action => [
t8('Transfer in'),
submit => [ '#form', { action => "transfer_in" } ],
checks => [ 'kivi.validate_form', @transfer_qty ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => !$is_customer,
],
action => [
t8('Transfer in via default'),
submit => [ '#form', { action => "transfer_in_default" } ],
checks => [ 'kivi.validate_form' ],
- disabled => $::form->{delivered} ? t8('This record has already been delivered.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : $::form->{delivered} ? t8('This record has already been delivered.')
+ : undef,
only_if => !$is_customer && $::instance_conf->get_transfer_default,
],
action => [
submit => [ '#form', { action => "delete_transfers" } ],
checks => [ 'kivi.validate_form' ],
only_if => $::form->{delivered},
- disabled => !$undo_transfer ? t8('Transfer date exceeds the maximum allowed interval.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$undo_transfer ? t8('Transfer date exceeds the maximum allowed interval.')
+ : undef,
],
], # end of combobox "Transfer out"
action => [ t8('Export') ],
action => [
t8('Print'),
- call => [ 'kivi.SalesPurchase.show_print_dialog' ],
- checks => [ 'kivi.validate_form' ],
+ call => [ 'kivi.SalesPurchase.show_print_dialog' ],
+ checks => [ 'kivi.validate_form' ],
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef,
],
action => [
t8('E Mail'),
call => [ 'kivi.SalesPurchase.show_email_dialog' ],
checks => [ 'kivi.validate_form' ],
- disabled => !$::form->{id} ? t8('This record has not been saved yet.') : undef,
+ disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.')
+ : !$::form->{id} ? t8('This record has not been saved yet.')
+ : undef,
],
], # end of combobox "Export"
my (%params) = @_;
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
my %myconfig = %main::myconfig;
sub delete {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
my %myconfig = %main::myconfig;
sub delete_transfers {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
my %myconfig = %main::myconfig;
sub save_as_new {
$main::lxdebug->enter_sub();
- check_do_access();
+ check_do_access_for_edit();
my $form = $main::form;
name: Delivery Orders
icon: delivery_order_report
order: 400
- access: sales_delivery_order_edit
+ access: sales_delivery_order_edit | sales_delivery_order_view
module: do.pl
params:
action: search
id: ap_reports_delivery_orders
name: Delivery Orders
order: 300
- access: purchase_delivery_order_edit
+ access: purchase_delivery_order_edit | purchase_delivery_order_view
module: do.pl
params:
action: search
id: ap_reports_supplier_delivery_orders
name: Supplier Delivery Orders
order: 350
- access: purchase_delivery_order_edit
+ access: purchase_delivery_order_edit | purchase_delivery_order_view
module: do.pl
params:
action: search
projects / kivitendo-erp.git / commitdiff