X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/5734251762d9fc172a5110472d029bb6a36578a0..54680b6c5aa25c6807d63fc0c4c04c1b71ab8666:/SL/AP.pm diff --git a/SL/AP.pm b/SL/AP.pm index 8a3394baf..6912c551b 100644 --- a/SL/AP.pm +++ b/SL/AP.pm @@ -142,7 +142,7 @@ sub _post_transaction { transdate = ?, ordnumber = ?, vendor_id = ?, taxincluded = ?, amount = ?, duedate = ?, deliverydate = ?, tax_point = ?, paid = ?, netamount = ?, currency_id = (SELECT id FROM currencies WHERE name = ?), notes = ?, department_id = ?, storno = ?, storno_id = ?, - globalproject_id = ?, direct_debit = ?, payment_id = ? + globalproject_id = ?, direct_debit = ?, payment_id = ?, transaction_description = ? WHERE id = ?|; @values = ($form->{invnumber}, conv_date($form->{transdate}), $form->{ordnumber}, conv_i($form->{vendor_id}), @@ -153,7 +153,7 @@ sub _post_transaction { conv_i($form->{department_id}), $form->{storno}, $form->{storno_id}, conv_i($form->{globalproject_id}), $form->{direct_debit} ? 't' : 'f', - conv_i($form->{payment_id}), + conv_i($form->{payment_id}), $form->{transaction_description}, $form->{id}); do_query($form, $dbh, $query, @values); @@ -564,16 +564,16 @@ sub ap_transactions { # Permissions: # - Always return invoices & AP transactions for projects the employee has "view invoices" permissions for, no matter what the other rules say. # - Exclude AP transactions if no permissions for them exist. - # - Limit to own invoices unless may edit all invoices. - # - If may edit all, allow filtering by employee. + # - Limit to own invoices unless may edit all invoices or view invoices is allowed. + # - If may edit all or view invoices is allowed, allow filtering by employee. my (@permission_where, @permission_values); - if ($::auth->assert('vendor_invoice_edit', 1)) { + if ($::auth->assert('vendor_invoice_edit', 1) || $::auth->assert('purchase_invoice_view', 1)) { if (!$::auth->assert('show_ap_transactions', 1)) { push @permission_where, "NOT invoice = 'f'"; # remove ap transactions from Purchase -> Reports -> Invoices } - if (!$::auth->assert('purchase_all_edit', 1)) { + if (!$::auth->assert('purchase_all_edit', 1) && !$::auth->assert('purchase_invoice_view', 1)) { # only show own invoices push @permission_where, "a.employee_id = ?"; push @permission_values, SL::DB::Manager::Employee->current->id; @@ -586,7 +586,7 @@ sub ap_transactions { } } - if (@permission_where || !$::auth->assert('vendor_invoice_edit', 1)) { + if (@permission_where || (!$::auth->assert('vendor_invoice_edit', 1) && !$::auth->assert('purchase_invoice_view', 1))) { my $permission_where_str = @permission_where ? "OR (" . join(" AND ", map { "($_)" } @permission_where) . ")" : ""; $where .= qq| AND ( (a.globalproject_id IN ( @@ -618,6 +618,10 @@ sub ap_transactions { $where .= " AND a.ordnumber ILIKE ?"; push(@values, like($form->{ordnumber})); } + if ($form->{taxzone_id}) { + $where .= " AND a.taxzone_id = ?"; + push(@values, $form->{taxzone_id}); + } if ($form->{transaction_description}) { $where .= " AND a.transaction_description ILIKE ?"; push(@values, like($form->{transaction_description})); @@ -698,7 +702,7 @@ SQL my $sortdir = !defined $form->{sortdir} ? 'ASC' : $form->{sortdir} ? 'ASC' : 'DESC'; my $sortorder = join(', ', map { "$_ $sortdir" } @a); - if (grep({ $_ eq $form->{sort} } qw(transdate id invnumber ordnumber name netamount tax amount paid datepaid due duedate notes employee transaction_description direct_debit department))) { + if (grep({ $_ eq $form->{sort} } qw(transdate id invnumber ordnumber name netamount tax amount paid datepaid due duedate notes employee transaction_description direct_debit department taxzone))) { $sortorder = $form->{sort} . " $sortdir"; }