From a27846ef2756ed0f59c29d256a5d43d6caaf0b58 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bernd=20Ble=C3=9Fmann?= Date: Mon, 4 Apr 2022 12:49:06 +0200 Subject: [PATCH] =?utf8?q?Revert=20"Briefe:=20Rechtepr=C3=BCfung=20gefixed?= =?utf8?q?"?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This reverts commit 65604fea85234a5ae3e787f7cafd81ece6b8621d. Der Fix ist zwar richtig, aber nicht weitgehend. Es fehlen an einigen Stellen weiter Übergaben von "is_sales" (z.B. bei allen redirects). Zudem gibt es noch ein anderes Problem. Die Rechteprüfung hängt von der form-Variablen "is_sales", ab, die zwar auch beim Export durch den Reportgenerator übergeben wird. Diese wird aber erst nach dem run_before-hook von dfen Report-Generator-spezifischen Hiddens in der form gesetzt. Ich mache dazu ein Ticket auf: Refs #495 (redmine) --- SL/Controller/Letter.pm | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SL/Controller/Letter.pm b/SL/Controller/Letter.pm index ed31c9349..4da3e1918 100644 --- a/SL/Controller/Letter.pm +++ b/SL/Controller/Letter.pm @@ -379,9 +379,9 @@ sub prepare_report { my %column_defs = ( date => { text => t8('Date'), sub => sub { $_[0]->date_as_date } }, subject => { text => t8('Subject'), sub => sub { $_[0]->subject }, - obj_link => sub { $self->url_for(action => 'edit', 'letter.id' => $_[0]->id, is_sales => $self->is_sales, callback => $self->models->get_callback) } }, + obj_link => sub { $self->url_for(action => 'edit', 'letter.id' => $_[0]->id, callback => $self->models->get_callback) } }, letternumber => { text => t8('Letternumber'), sub => sub { $_[0]->letternumber }, - obj_link => sub { $self->url_for(action => 'edit', 'letter.id' => $_[0]->id, is_sales => $self->is_sales, callback => $self->models->get_callback) } }, + obj_link => sub { $self->url_for(action => 'edit', 'letter.id' => $_[0]->id, callback => $self->models->get_callback) } }, customer_id => { text => t8('Customer'), sub => sub { SL::DB::Manager::Customer->find_by_or_create(id => $_[0]->customer_id)->displayable_name }, visible => $self->is_sales }, vendor_id => { text => t8('Vendor'), sub => sub { SL::DB::Manager::Vendor->find_by_or_create(id => $_[0]->vendor_id)->displayable_name }, visible => !$self->is_sales}, contact => { text => t8('Contact'), sub => sub { $_[0]->contact ? $_[0]->contact->full_name : '' } }, @@ -588,13 +588,13 @@ sub init_is_sales { } sub check_auth_edit { - $_[0]->is_sales ? $::auth->assert('sales_letter_edit') - : $::auth->assert('purchase_letter_edit'); + $::form->{is_sales} ? $::auth->assert('sales_letter_edit') + : $::auth->assert('purchase_letter_edit'); } sub check_auth_report { - $_[0]->is_sales ? $::auth->assert('sales_letter_report') - : $::auth->assert('purchase_letter_report'); + $::form->{is_sales} ? $::auth->assert('sales_letter_report') + : $::auth->assert('purchase_letter_report'); } sub setup_load_letter_draft_action_bar { -- 2.20.1