X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/454d4b8fde0a834abf462fbf691d2f563d5aed66..c6dd542b51ae9549ad42a54f9023b905412bbab9:/SL/Controller/CustomerVendor.pm diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm index dbe18274e..625ec62e0 100644 --- a/SL/Controller/CustomerVendor.pm +++ b/SL/Controller/CustomerVendor.pm @@ -61,6 +61,29 @@ __PACKAGE__->run_before( 'ajaj_get_contact', ] ); + +# make sure this comes after _load_customer_vendor +__PACKAGE__->run_before( + '_check_customer_vendor_all_edit', + only => [ + 'edit', + 'show', + 'update', + 'delete', + 'save', + 'save_and_ap_transaction', + 'save_and_ar_transaction', + 'save_and_close', + 'save_and_invoice', + 'save_and_order', + 'save_and_quotation', + 'save_and_rfq', + 'delete', + 'delete_contact', + 'delete_shipto', + ] +); + __PACKAGE__->run_before( '_create_customer_vendor', only => [ @@ -597,6 +620,7 @@ sub action_ajaj_autocomplete { if (1 == scalar @{ $exact_matches = $manager->get_all( query => [ obsolete => 0, + (salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1), or => [ name => { ilike => $::form->{filter}{'all:substr:multi::ilike'} }, $number => { ilike => $::form->{filter}{'all:substr:multi::ilike'} }, @@ -802,6 +826,16 @@ sub _load_customer_vendor { } } +sub _check_customer_vendor_all_edit { + my ($self) = @_; + + unless ($::auth->assert('customer_vendor_all_edit', 1)) { + die($::locale->text("You don't have the rights to edit this customer.") . "\n") + if $self->{cv}->is_customer and + SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id; + }; +}; + sub _create_customer_vendor { my ($self) = @_; @@ -959,6 +993,9 @@ sub init_customer_models { }, customernumber => t8('Customer Number'), }, + query => [ + ( salesman_id => SL::DB::Manager::Employee->current->id) x !$::auth->assert('customer_vendor_all_edit', 1), + ], ); }