Task-Server: Mandantenfähigkeit

[mfinanz.git] / SL / Controller / CustomerVendor.pm

diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm
index 5d60deb57e81765d99bec87cea53e6e073da7af2..625ec62e07253f96d19e28c437c4249b39c79972 100644 (file)
--- a/SL/Controller/CustomerVendor.pm
+++ b/SL/Controller/CustomerVendor.pm
@@ -61,6 +61,29 @@ __PACKAGE__->run_before(
     'ajaj_get_contact',
   ]
 );
+
+# make sure this comes after _load_customer_vendor
+__PACKAGE__->run_before(
+  '_check_customer_vendor_all_edit',
+  only => [
+    'edit',
+    'show',
+    'update',
+    'delete',
+    'save',
+    'save_and_ap_transaction',
+    'save_and_ar_transaction',
+    'save_and_close',
+    'save_and_invoice',
+    'save_and_order',
+    'save_and_quotation',
+    'save_and_rfq',
+    'delete',
+    'delete_contact',
+    'delete_shipto',
+  ]
+);
+
 __PACKAGE__->run_before(
   '_create_customer_vendor',
   only => [
@@ -803,6 +826,16 @@ sub _load_customer_vendor {
   }
 }
 
+sub _check_customer_vendor_all_edit {
+  my ($self) = @_;
+
+  unless ($::auth->assert('customer_vendor_all_edit', 1)) {
+    die($::locale->text("You don't have the rights to edit this customer.") . "\n")
+      if $self->{cv}->is_customer and
+         SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
+  };
+};
+
 sub _create_customer_vendor {
   my ($self) = @_;