Zeiterfassung: Auswählbare Artikel: DB-Upgrade und Rose

[mfinanz.git] / SL / Controller / TimeRecording.pm
diff --git a/SL/Controller/TimeRecording.pm b/SL/Controller/TimeRecording.pm

index 95de51388f5edb80be8a4eef3fb1b23d833e87c0..e3e2aabbc8316e7e5156ba39146c29a5d99a0e4d 100644 (file)
--- a/SL/Controller/TimeRecording.pm
+++ b/SL/Controller/TimeRecording.pm
@@ -18,12 +18,13 @@ use SL::ReportGenerator;
  use Rose::Object::MakeMethods::Generic
  (
  # scalar                  => [ qw() ],
  use Rose::Object::MakeMethods::Generic
  (
  # scalar                  => [ qw() ],
- 'scalar --get_set_init' => [ qw(time_recording models all_time_recording_types all_employees) ],
+ 'scalar --get_set_init' => [ qw(time_recording models all_employees can_view_all can_edit_all) ],
  );
  
  
  # safety
  );
  
  
  # safety
-#__PACKAGE__->run_before('check_auth');
+__PACKAGE__->run_before('check_auth');
+__PACKAGE__->run_before('check_auth_edit', only => [ qw(edit save delete) ]);
  
  #
  # actions
  
  #
  # actions
@@ -33,7 +34,6 @@ my %sort_columns = (
    start_time   => t8('Start'),
    end_time     => t8('End'),
    customer     => t8('Customer'),
    start_time   => t8('Start'),
    end_time     => t8('End'),
    customer     => t8('Customer'),
-  type         => t8('Type'),
    project      => t8('Project'),
    description  => t8('Description'),
    staff_member => t8('Mitarbeiter'),
    project      => t8('Project'),
    description  => t8('Description'),
    staff_member => t8('Mitarbeiter'),
@@ -43,6 +43,11 @@ my %sort_columns = (
  sub action_list {
    my ($self, %params) = @_;
  
  sub action_list {
    my ($self, %params) = @_;
  
+  $::form->{filter} //=  {
+    staff_member_id       => SL::DB::Manager::Employee->current->id,
+    "start_time:date::ge" => DateTime->now_local->add(weeks => -2)->to_kivitendo,
+  };
+
    $self->setup_list_action_bar;
    $self->make_filter_summary;
    $self->prepare_report;
    $self->setup_list_action_bar;
    $self->make_filter_summary;
    $self->prepare_report;
@@ -97,8 +102,9 @@ sub action_delete {
  }
  
  sub init_time_recording {
  }
  
  sub init_time_recording {
-  my $time_recording = ($::form->{id}) ? SL::DB::TimeRecording->new(id => $::form->{id})->load
-                                       : SL::DB::TimeRecording->new(start_time => DateTime->now_local);
+  my $is_new         = !$::form->{id};
+  my $time_recording = $is_new ? SL::DB::TimeRecording->new(start_time => DateTime->now_local)
+                               : SL::DB::TimeRecording->new(id => $::form->{id})->load;
  
    my %attributes = %{ $::form->{time_recording} || {} };
  
  
    my %attributes = %{ $::form->{time_recording} || {} };
  
@@ -114,28 +120,54 @@ sub init_time_recording {
      }
    }
  
      }
    }
  
-  $attributes{staff_member_id} = $attributes{employee_id} = SL::DB::Manager::Employee->current->id;
+  # do not overwright staff member if you do not have the right
+  delete $attributes{staff_member_id} if !$_[0]->can_edit_all;
+  $attributes{staff_member_id} = SL::DB::Manager::Employee->current->id if $is_new;
+
+  $attributes{employee_id}     = SL::DB::Manager::Employee->current->id;
  
    $time_recording->assign_attributes(%attributes);
  
    return $time_recording;
  }
  
  
    $time_recording->assign_attributes(%attributes);
  
    return $time_recording;
  }
  
+sub init_can_view_all {
+  $::auth->assert('time_recording_show_all', 1) || $::auth->assert('time_recording_edit_all', 1)
+}
+
+sub init_can_edit_all {
+  $::auth->assert('time_recording_edit_all', 1)
+}
+
  sub init_models {
  sub init_models {
+  my ($self) = @_;
+
+  my @where;
+  push @where, (staff_member_id => SL::DB::Manager::Employee->current->id) if !$self->can_view_all;
+
    SL::Controller::Helper::GetModels->new(
      controller     => $_[0],
      sorted         => \%sort_columns,
      disable_plugin => 'paginated',
    SL::Controller::Helper::GetModels->new(
      controller     => $_[0],
      sorted         => \%sort_columns,
      disable_plugin => 'paginated',
-    with_objects   => [ 'customer', 'type', 'project', 'staff_member', 'employee' ],
+    query          => \@where,
+    with_objects   => [ 'customer', 'project', 'staff_member', 'employee' ],
    );
  }
  
    );
  }
  
-sub init_all_time_recording_types {
-  SL::DB::Manager::TimeRecordingType->get_all_sorted(query => [obsolete => 0]);
+sub init_all_employees {
+  SL::DB::Manager::Employee->get_all_sorted(query => [ deleted => 0 ]);
  }
  
  }
  
-sub init_all_employees {
-  SL::DB::Manager::Employee->get_all_sorted;
+sub check_auth {
+  $::auth->assert('time_recording');
+}
+
+sub check_auth_edit {
+  my ($self) = @_;
+
+  if (!$self->can_edit_all && ($self->time_recording->staff_member_id != SL::DB::Manager::Employee->current->id)) {
+    $::form->error(t8('You do not have permission to access this entry.'));
+  }
  }
  
  sub prepare_report {
  }
  
  sub prepare_report {
@@ -144,7 +176,7 @@ sub prepare_report {
    my $report      = SL::ReportGenerator->new(\%::myconfig, $::form);
    $self->{report} = $report;
  
    my $report      = SL::ReportGenerator->new(\%::myconfig, $::form);
    $self->{report} = $report;
  
-  my @columns  = qw(start_time end_time customer type project description staff_member duration);
+  my @columns  = qw(start_time end_time customer project description staff_member duration);
  
    my %column_defs = (
      start_time   => { text => t8('Start'),        sub => sub { $_[0]->start_time_as_timestamp },
  
    my %column_defs = (
      start_time   => { text => t8('Start'),        sub => sub { $_[0]->start_time_as_timestamp },
@@ -152,7 +184,6 @@ sub prepare_report {
      end_time     => { text => t8('End'),          sub => sub { $_[0]->end_time_as_timestamp },
                        obj_link => sub { $self->url_for(action => 'edit', 'id' => $_[0]->id, callback => $self->models->get_callback) }  },
      customer     => { text => t8('Customer'),     sub => sub { $_[0]->customer->displayable_name } },
      end_time     => { text => t8('End'),          sub => sub { $_[0]->end_time_as_timestamp },
                        obj_link => sub { $self->url_for(action => 'edit', 'id' => $_[0]->id, callback => $self->models->get_callback) }  },
      customer     => { text => t8('Customer'),     sub => sub { $_[0]->customer->displayable_name } },
-    type         => { text => t8('Type'),         sub => sub { $_[0]->type && $_[0]->type->abbreviation } },
      project      => { text => t8('Project'),      sub => sub { $_[0]->project && $_[0]->project->displayable_name } },
      description  => { text => t8('Description'),  sub => sub { $_[0]->description_as_stripped_html },
                        raw_data => sub { $_[0]->description_as_restricted_html }, # raw_data only used for html(?)
      project      => { text => t8('Project'),      sub => sub { $_[0]->project && $_[0]->project->displayable_name } },
      description  => { text => t8('Description'),  sub => sub { $_[0]->description_as_stripped_html },
                        raw_data => sub { $_[0]->description_as_restricted_html }, # raw_data only used for html(?)
@@ -177,7 +208,7 @@ sub prepare_report {
    $report->set_options_from_form;
  
    $self->models->disable_plugin('paginated') if $report->{options}{output_format} =~ /^(pdf|csv)$/i;
    $report->set_options_from_form;
  
    $self->models->disable_plugin('paginated') if $report->{options}{output_format} =~ /^(pdf|csv)$/i;
-  #$self->models->add_additional_url_params();
+  $self->models->add_additional_url_params(filter => $::form->{filter});
    $self->models->finalize;
    $self->models->set_report_generator_sort_options(report => $report, sortable_columns => [keys %sort_columns]);
  
    $self->models->finalize;
    $self->models->set_report_generator_sort_options(report => $report, sortable_columns => [keys %sort_columns]);