X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/826f6eb2b3eb511e9889d397b2b36de79e42d3a5..7fc95c364c273bf11fff7cd5c263e74e0f234a73:/SL/Controller/CustomerVendor.pm

diff --git a/SL/Controller/CustomerVendor.pm b/SL/Controller/CustomerVendor.pm
index f77c65e20..1eea8a289 100644
--- a/SL/Controller/CustomerVendor.pm
+++ b/SL/Controller/CustomerVendor.pm
@@ -264,7 +264,6 @@ sub _transaction {
 
   $self->_save();
 
-  my $callback = $::form->escape($::form->{callback}, 1);
   my $name = $::form->escape($self->{cv}->name, 1);
   my $db = $self->is_vendor() ? 'vendor' : 'customer';
 
@@ -275,7 +274,7 @@ sub _transaction {
     $db .'_id' => $self->{cv}->id,
     $db        => $name,
     type       => $::form->{type},
-    callback   => $callback,
+    callback   => $::form->{callback},
   );
 
   print $::form->redirect_header($url);
@@ -536,7 +535,7 @@ sub action_ajaj_get_shipto {
         my $name = 'shipto'. $_;
         $name => $self->{shipto}->$name;
       }
-      qw(_id name department_1 department_2 street zipcode city country contact phone fax email)
+      qw(_id name department_1 department_2 street zipcode city gln country contact phone fax email)
     )
   };
 
@@ -826,6 +825,16 @@ sub _load_customer_vendor {
   }
 }
 
+sub _check_customer_vendor_all_edit {
+  my ($self) = @_;
+
+  unless ($::auth->assert('customer_vendor_all_edit', 1)) {
+    die($::locale->text("You don't have the rights to edit this customer.") . "\n")
+      if $self->{cv}->is_customer and
+         SL::DB::Manager::Employee->current->id != $self->{cv}->salesman_id;
+  };
+};
+
 sub _create_customer_vendor {
   my ($self) = @_;