X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/9aaca43317d3ea33d80a308cab7ce4c20d732a16..8c7e44938a661e035f62840e1e177353240ace5d:/bin/mozilla/ap.pl

diff --git a/bin/mozilla/ap.pl b/bin/mozilla/ap.pl
index 627cbee87..7b06ed74a 100644
--- a/bin/mozilla/ap.pl
+++ b/bin/mozilla/ap.pl
@@ -79,13 +79,13 @@ require "bin/mozilla/reportgenerator.pl";
 sub add {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   return $lxdebug->leave_sub() if (load_draft_maybe());
 
   $form->{title} = "Add";
 
-  $form->{callback} =
-    "$form->{script}?action=add&login=$form->{login}&password=$form->{password}"
-    unless $form->{callback};
+  $form->{callback} = "ap.pl?action=add" unless $form->{callback};
 
   AP->get_transdate(\%myconfig, $form);
   $form->{initial_transdate} = $form->{transdate};
@@ -99,6 +99,8 @@ sub add {
 sub edit {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   $form->{title} = "Edit";
 
   &create_links;
@@ -110,6 +112,8 @@ sub edit {
 sub display_form {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   &form_header;
   &form_footer;
 
@@ -119,6 +123,8 @@ sub display_form {
 sub create_links {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   $form->create_links("AP", \%myconfig, "vendor");
   $taxincluded = $form->{taxincluded};
   $duedate     = $form->{duedate};
@@ -174,6 +180,8 @@ sub create_links {
 sub form_header {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   $title = $form->{title};
   $form->{title} = $locale->text("$title Accounts Payables Transaction");
 
@@ -743,13 +751,12 @@ $jsscript
 sub form_footer {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   print qq|
 
 <input name=callback type=hidden value="$form->{callback}">
 <input name="gldate" type="hidden" value="| . Q($form->{gldate}) . qq|">
-
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
 |
 . $cgi->hidden('-name' => 'draft_id', '-default' => [$form->{draft_id}])
 . $cgi->hidden('-name' => 'draft_description', '-default' => [$form->{draft_description}])
@@ -813,13 +820,19 @@ sub form_footer {
 
 sub mark_as_paid {
   $lxdebug->enter_sub();
+
+  $auth->assert('general_ledger');
+
   &mark_as_paid_common(\%myconfig,"ap");  
+
   $lxdebug->leave_sub();
 }
 
 sub update {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   my $display = shift;
 
   $form->{invtotal} = 0;
@@ -911,6 +924,8 @@ sub update {
 sub post_payment {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   $form->{defaultcurrency} = $form->get_default_currency(\%myconfig);
 
   for $i (1 .. $form->{paidaccounts}) {
@@ -945,6 +960,8 @@ sub post_payment {
 sub post {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   # check if there is a vendor, invoice and due date
   $form->isblank("transdate", $locale->text("Invoice Date missing!"));
   $form->isblank("duedate",   $locale->text("Due Date missing!"));
@@ -1022,6 +1039,8 @@ sub post {
 sub post_as_new {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   $form->{postasnew} = 1;
   # saving the history
   if(!exists $form->{addition} && $form->{id} ne "") {
@@ -1038,6 +1057,8 @@ sub post_as_new {
 sub use_as_template {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   map { delete $form->{$_} } qw(printed emailed queued invnumber invdate deliverydate id datepaid_1 source_1 memo_1 paid_1 exchangerate_1 AP_paid_1 storno);
   $form->{paidaccounts} = 1;
   $form->{rowcount}--;
@@ -1050,6 +1071,8 @@ sub use_as_template {
 sub delete {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   $form->{title} = $locale->text('Confirm!');
 
   $form->header;
@@ -1063,6 +1086,7 @@ sub delete {
 |;
 
   foreach $key (keys %$form) {
+    next if (($key eq 'login') || ($key eq 'password') || ('' ne ref $form->{$key}));
     $form->{$key} =~ s/\"/&quot;/g;
     print qq|<input type=hidden name=$key value="$form->{$key}">\n|;
   }
@@ -1087,6 +1111,9 @@ sub delete {
 
 sub yes {
   $lxdebug->enter_sub();
+
+  $auth->assert('general_ledger');
+
   if (AP->delete_transaction(\%myconfig, \%$form, $spool)) {
     # saving the history
     if(!exists $form->{addition}) {
@@ -1105,6 +1132,8 @@ sub yes {
 sub search {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger | vendor_invoice_edit');
+
   # setup vendor selection
   $form->all_vc(\%myconfig, "vendor", "AP");
 
@@ -1297,8 +1326,6 @@ $jsscript
 
 <br>
 <input type=hidden name=nextsub value=$form->{nextsub}>
-<input type=hidden name=login value=$form->{login}>
-<input type=hidden name=password value=$form->{password}>
 
 <input class=submit type=submit name=action value="|
     . $locale->text('Continue') . qq|">
@@ -1332,6 +1359,8 @@ sub create_subtotal_row {
 sub ap_transactions {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger | vendor_invoice_edit');
+
   ($form->{vendor}, $form->{vendor_id}) = split(/--/, $form->{vendor});
 
   $form->{sort} ||= 'transdate';
@@ -1491,6 +1520,8 @@ sub ap_transactions {
 sub storno {
   $lxdebug->enter_sub();
 
+  $auth->assert('general_ledger');
+
   if (IS->has_storno(\%myconfig, $form, 'ap')) {
     $form->{title} = $locale->text("Cancel Accounts Payables Transaction");
     $form->error($locale->text("Transaction has already been cancelled!"));