X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/3e0483ee5d246256a124f3719bfcca1ef8f9df57..c6dd542b51ae9549ad42a54f9023b905412bbab9:/SL/Controller/CustomerVendor.pm diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm index 403413ffc..625ec62e0 100644 --- a/SL/Controller/CustomerVendor.pm +++ b/SL/Controller/CustomerVendor.pm @@ -61,6 +61,29 @@ __PACKAGE__->run_before( 'ajaj_get_contact', ] ); + +# make sure this comes after _load_customer_vendor +__PACKAGE__->run_before( + '_check_customer_vendor_all_edit', + only => [ + 'edit', + 'show', + 'update', + 'delete', + 'save', + 'save_and_ap_transaction', + 'save_and_ar_transaction', + 'save_and_close', + 'save_and_invoice', + 'save_and_order', + 'save_and_quotation', + 'save_and_rfq', + 'delete', + 'delete_contact', + 'delete_shipto', + ] +); + __PACKAGE__->run_before( '_create_customer_vendor', only => [ @@ -113,6 +136,18 @@ sub action_show { sub _save { my ($self) = @_; + my @errors = $self->{cv}->validate; + if (@errors) { + flash('error', @errors); + $self->_pre_render(); + $self->render( + 'customer_vendor/form', + title => ($self->is_vendor() ? t8('Edit Vendor') : t8('Edit Customer')), + %{$self->{template_args}} + ); + ::end_of_request(); + } + my $db = $self->{cv}->db; $db->do_transaction(sub { @@ -193,34 +228,23 @@ sub _save { sub action_save { my ($self) = @_; - if (!$self->{cv}->name) { - flash('error', t8('Customer missing!')); - $self->_pre_render(); - $self->render( - 'customer_vendor/form', - title => ($self->is_vendor() ? t8('Edit Vendor') : t8('Edit Customer')), - %{$self->{template_args}} - ); - } else { - - $self->_save(); - - my @redirect_params = ( - action => 'edit', - id => $self->{cv}->id, - db => ($self->is_vendor() ? 'vendor' : 'customer'), - ); + $self->_save(); - if ( $self->{contact}->cp_id ) { - push(@redirect_params, contact_id => $self->{contact}->cp_id); - } + my @redirect_params = ( + action => 'edit', + id => $self->{cv}->id, + db => ($self->is_vendor() ? 'vendor' : 'customer'), + ); - if ( $self->{shipto}->shipto_id ) { - push(@redirect_params, shipto_id => $self->{shipto}->shipto_id); - } + if ( $self->{contact}->cp_id ) { + push(@redirect_params, contact_id => $self->{contact}->cp_id); + } - $self->redirect_to(@redirect_params); + if ( $self->{shipto}->shipto_id ) { + push(@redirect_params, shipto_id => $self->{shipto}->shipto_id); } + + $self->redirect_to(@redirect_params); } sub action_save_and_close { @@ -596,6 +620,7 @@ sub action_ajaj_autocomplete { if (1 == scalar @{ $exact_matches = $manager->get_all( query => [ obsolete => 0, + (salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1), or => [ name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} }, $number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} }, @@ -801,6 +826,16 @@ sub _load_customer_vendor { } } +sub _check_customer_vendor_all_edit { + my ($self) = @_; + + unless ($::auth->assert('customer_vendor_all_edit', 1)) { + die($::locale->text("You don't have the rights to edit this customer.") . "\n") + if $self->{cv}->is_customer and + SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id; + }; +}; + sub _create_customer_vendor { my ($self) = @_; @@ -958,6 +993,9 @@ sub init_customer_models { }, customernumber => t8('Customer Number'), }, + query => [ + ( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1), + ], ); }