X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/85ab58eb1bbdb3fc723bb3ab30e15e150e62556d..ee4b527080ea2db5f07f0b8c6d406de47b74e81b:/SL/Controller/RequirementSpecOrder.pm?ds=sidebyside diff --git a/SL/Controller/RequirementSpecOrder.pm b/SL/Controller/RequirementSpecOrder.pm index 07d3e0603..8c33d6ffd 100644 --- a/SL/Controller/RequirementSpecOrder.pm +++ b/SL/Controller/RequirementSpecOrder.pm @@ -54,9 +54,13 @@ sub action_new { sub action_create { my ($self) = @_; + if (!$::auth->assert($::form->{quotation} ? 'sales_quotation_edit' : 'sales_order_edit', 1)) { + return $self->js->flash('error', t8("You do not have the permissions to access this function."))->render($self); + } + # 1. Update sections with selected part IDs. my $section_attrs = $::form->{sections} || []; - my $sections = SL::DB::Manager::RequirementSpecItem->get_all(where => [ id => [ map { $_->{id} } @{ $section_attrs } ] ]); + my $sections = SL::DB::Manager::RequirementSpecItem->get_all_sorted(where => [ id => [ map { $_->{id} } @{ $section_attrs } ] ]); my %sections_by_id = map { ($_->{id} => $_) } @{ $sections }; $sections_by_id{ $_->{id} }->update_attributes(order_part_id => $_->{order_part_id}) for @{ $section_attrs }; @@ -93,6 +97,10 @@ sub action_update { my $order = $self->rs_order->order; my $sections = $self->requirement_spec->sections_sorted; + if (!$::auth->assert($order->quotation ? 'sales_quotation_edit' : 'sales_order_edit', 1)) { + return $self->js->flash('error', t8("You do not have the permissions to access this function."))->render($self); + } + my (@orderitems, %sections_seen); foreach my $item (@{ $order->items_sorted }) { my $section = first { my $num = $_->fb_number; $item->description =~ m{\b\Q${num}\E\b} && !$sections_seen{ $_->id } } @{ $sections }; @@ -204,7 +212,7 @@ sub action_delete { sub setup { my ($self) = @_; - $::auth->assert('sales_quotation_edit'); + $::auth->assert('requirement_spec_edit'); $::request->{layout}->use_stylesheet("${_}.css") for qw(jquery.contextMenu requirement_spec autocomplete_part); $::request->{layout}->use_javascript("${_}.js") for qw(jquery.jstree jquery/jquery.contextMenu client_js requirement_spec); @@ -256,11 +264,13 @@ sub create_order_item { if (!$section->{keep_description}) { $description = '<%fb_number%> <%title%>' unless $description =~ m{<%}; - $longdescription = '<%description%>' unless $longdescription =~ m{<%}; + $longdescription = '<%description%>' unless $longdescription =~ m{<%}; - foreach my $field (\$description, \$longdescription) { - $$field =~ s{<% (.+?) %>}{ $section->can($1) ? $section->$1 : '<' . t8('Invalid variable #1', $1) . '>' }egx; - } + $description =~ s{<% (.+?) %>}{ $section->can($1) ? $section->$1 : '<' . t8('Invalid variable #1', $1) . '>' }egx; + $longdescription =~ s{\<\% description \%\>}{!!!!DESCRIPTION!!!!}gx; + $longdescription =~ s{<[pP]> !!!!DESCRIPTION!!!! }{!!!!DESCRIPTION!!!!}gx; + $longdescription =~ s{\<\% (.+?) \%\>}{ $section->can($1) ? $::locale->quote_special_chars('HTML', $section->$1 // '') : '<' . t8('Invalid variable #1', $1) . '>' }egx; + $longdescription =~ s{!!!!DESCRIPTION!!!!}{ $section->description // '' }egx; } $item->assign_attributes(