transdate = ?, ordnumber = ?, vendor_id = ?, taxincluded = ?,
amount = ?, duedate = ?, deliverydate = ?, tax_point = ?, paid = ?, netamount = ?,
currency_id = (SELECT id FROM currencies WHERE name = ?), notes = ?, department_id = ?, storno = ?, storno_id = ?,
- globalproject_id = ?, direct_debit = ?, payment_id = ?
+ globalproject_id = ?, direct_debit = ?, payment_id = ?, transaction_description = ?
WHERE id = ?|;
@values = ($form->{invnumber}, conv_date($form->{transdate}),
$form->{ordnumber}, conv_i($form->{vendor_id}),
conv_i($form->{department_id}), $form->{storno},
$form->{storno_id}, conv_i($form->{globalproject_id}),
$form->{direct_debit} ? 't' : 'f',
- conv_i($form->{payment_id}),
+ conv_i($form->{payment_id}), $form->{transaction_description},
$form->{id});
do_query($form, $dbh, $query, @values);
# Permissions:
# - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say.
# - Exclude AP transactions if no permissions for them exist.
- # - Limit to own invoices unless may edit all invoices.
- # - If may edit all, allow filtering by employee.
+ # - Limit to own invoices unless may edit all invoices or view invoices is allowed.
+ # - If may edit all or view invoices is allowed, allow filtering by employee.
my (@permission_where, @permission_values);
- if ($::auth->assert('vendor_invoice_edit', 1)) {
+ if ($::auth->assert('vendor_invoice_edit', 1) || $::auth->assert('purchase_invoice_view', 1)) {
if (!$::auth->assert('show_ap_transactions', 1)) {
push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices
}
- if (!$::auth->assert('purchase_all_edit', 1)) {
+ if (!$::auth->assert('purchase_all_edit', 1) && !$::auth->assert('purchase_invoice_view', 1)) {
# only show own invoices
push @permission_where, "a.employee_id = ?";
push @permission_values, SL::DB::Manager::Employee->current->id;
}
}
- if (@permission_where || !$::auth->assert('vendor_invoice_edit', 1)) {
+ if (@permission_where || (!$::auth->assert('vendor_invoice_edit', 1) && !$::auth->assert('purchase_invoice_view', 1))) {
my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : "";
$where .= qq|
AND ( (a.globalproject_id IN (
$where .= " AND a.ordnumber ILIKE ?";
push(@values, like($form->{ordnumber}));
}
+ if ($form->{taxzone_id}) {
+ $where .= " AND a.taxzone_id = ?";
+ push(@values, $form->{taxzone_id});
+ }
if ($form->{transaction_description}) {
$where .= " AND a.transaction_description ILIKE ?";
push(@values, like($form->{transaction_description}));
my $sortdir = !defined $form->{sortdir} ? 'ASC' : $form->{sortdir} ? 'ASC' : 'DESC';
my $sortorder = join(', ', map { "$_ $sortdir" } @a);
- if (grep({ $_ eq $form->{sort} } qw(transdate id invnumber ordnumber name netamount tax amount paid datepaid due duedate notes employee transaction_description direct_debit department))) {
+ if (grep({ $_ eq $form->{sort} } qw(transdate id invnumber ordnumber name netamount tax amount paid datepaid due duedate notes employee transaction_description direct_debit department taxzone))) {
$sortorder = $form->{sort} . " $sortdir";
}
projects / mfinanz.git / blobdiff