X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/bdc9bdd01791fa83f307b937caeae0eab7fc70d2..6ecf138db5fceea08d68dbcd539344797cd43939:/bin/mozilla/ap.pl diff --git a/bin/mozilla/ap.pl b/bin/mozilla/ap.pl index 425816f6e..49f6f7a63 100644 --- a/bin/mozilla/ap.pl +++ b/bin/mozilla/ap.pl @@ -43,6 +43,8 @@ use SL::Helper::Flash qw(flash); use SL::IR; use SL::IS; use SL::ReportGenerator; +use SL::DB::BankTransactionAccTrans; +use SL::DB::Chart; use SL::DB::Currency; use SL::DB::Default; use SL::DB::PurchaseInvoice; @@ -88,6 +90,20 @@ use strict; # $locale->text('Nov') # $locale->text('Dec') +sub _may_view_or_edit_this_invoice { + return 1 if $::auth->assert('ap_transactions', 1); # may edit all invoices + return 0 if !$::form->{id}; # creating new invoices isn't allowed without invoice_edit + return 0 if !$::form->{globalproject_id}; # existing records without a project ID are not allowed + return SL::DB::Project->new(id => $::form->{globalproject_id})->load->may_employee_view_project_invoices(SL::DB::Manager::Employee->current); +} + +sub _assert_access { + my $cache = $::request->cache('ap.pl::_assert_access'); + + $cache->{_may_view_or_edit_this_invoice} = _may_view_or_edit_this_invoice() if !exists $cache->{_may_view_or_edit_this_invoice}; + $::form->show_generic_error($::locale->text("You do not have the permissions to access this function.")) if ! $cache->{_may_view_or_edit_this_invoice}; +} + sub load_record_template { $::auth->assert('ap_transactions'); @@ -247,9 +263,11 @@ sub add { sub edit { $main::lxdebug->enter_sub(); - my $form = $main::form; + # Delay access check to after the invoice's been loaded in + # "create_links" so that project-specific invoice rights can be + # evaluated. - $main::auth->assert('ap_transactions'); + my $form = $main::form; $form->{title} = "Edit"; @@ -262,9 +280,9 @@ sub edit { sub display_form { $main::lxdebug->enter_sub(); - my $form = $main::form; + _assert_access(); - $main::auth->assert('ap_transactions'); + my $form = $main::form; # get all files stored in the webdav folder if ($form->{invnumber} && $::instance_conf->get_webdav) { @@ -287,14 +305,18 @@ sub display_form { sub create_links { $main::lxdebug->enter_sub(); + # Delay access check to after the invoice's been loaded so that + # project-specific invoice rights can be evaluated. + my %params = @_; my $form = $main::form; my %myconfig = %main::myconfig; - $main::auth->assert('ap_transactions'); - $form->create_links("AP", \%myconfig, "vendor"); + + _assert_access(); + my %saved; if (!$params{dont_save}) { %saved = map { ($_ => $form->{$_}) } qw(direct_debit taxincluded); @@ -307,7 +329,7 @@ sub create_links { $form->{$_} = $saved{$_} for keys %saved; $form->{rowcount} = 1; - $form->{AP_chart_id} = $form->{acc_trans} && $form->{acc_trans}->{AP} ? $form->{acc_trans}->{AP}->[0]->{chart_id} : $form->{AP_links}->{AP}->[0]->{chart_id}; + $form->{AP_chart_id} = $form->{acc_trans} && $form->{acc_trans}->{AP} ? $form->{acc_trans}->{AP}->[0]->{chart_id} : $::instance_conf->get_ap_chart_id || $form->{AP_links}->{AP}->[0]->{chart_id}; # build the popup menus $form->{taxincluded} = ($form->{id}) ? $form->{taxincluded} : "checked"; @@ -346,13 +368,13 @@ sub _sort_payments { sub form_header { $main::lxdebug->enter_sub(); + _assert_access(); + my $form = $main::form; my %myconfig = %main::myconfig; my $locale = $main::locale; my $cgi = $::request->{cgi}; - $main::auth->assert('ap_transactions'); - $::form->{invoice_obj} = SL::DB::PurchaseInvoice->new(id => $::form->{id})->load if $::form->{id}; $form->{initial_focus} = !($form->{amount_1} * 1) ? 'vendor_id' : 'row_' . $form->{rowcount}; @@ -413,7 +435,7 @@ sub form_header { @{ $form->{ALL_CHARTS} } ); - $form->{ALL_DEPARTMENTS} = SL::DB::Manager::Department->get_all; + $form->{ALL_DEPARTMENTS} = SL::DB::Manager::Department->get_all_sorted; my %project_labels = (); foreach my $item (@{ $form->{"ALL_PROJECTS"} }) { @@ -437,7 +459,7 @@ sub form_header { my $follow_up_vc = $form->{vendor_id} ? SL::DB::Vendor->load_cached($form->{vendor_id})->name : ''; my $follow_up_trans_info = "$form->{invnumber} ($follow_up_vc)"; - $::request->layout->add_javascripts("autocomplete_chart.js", "autocomplete_customer.js", "show_vc_details.js", "show_history.js", "follow_up.js", "kivi.Draft.js", "kivi.GL.js", "kivi.RecordTemplate.js", "kivi.File.js", "kivi.AP.js"); + $::request->layout->add_javascripts("autocomplete_chart.js", "show_vc_details.js", "show_history.js", "follow_up.js", "kivi.Draft.js", "kivi.GL.js", "kivi.RecordTemplate.js", "kivi.File.js", "kivi.AP.js", "kivi.CustomerVendor.js", "kivi.Validator.js"); my $transdate = $::form->{transdate} ? DateTime->from_kivitendo($::form->{transdate}) : DateTime->today_local; my $first_taxchart; @@ -532,6 +554,10 @@ sub form_header { $form->{'paidaccount_changeable_'. $i} = $changeable; $form->{'labelpaid_project_id_'. $i} = $project_labels{$form->{'paid_project_id_'. $i}}; + # accno and description as info text + $form->{'AP_paid_readonly_desc_' . $i} = $form->{'AP_paid_' . $i} ? + $form->{'AP_paid_' . $i} . " " . SL::DB::Manager::Chart->find_by(accno => $form->{'AP_paid_' . $i})->description + : ''; } $form->{paid_missing} = $form->{invtotal_unformatted} - $form->{totalpaid}; @@ -546,7 +572,8 @@ sub form_header { sub form_footer { $::lxdebug->enter_sub; - $::auth->assert('ap_transactions'); + + _assert_access(); my $num_due; my $num_follow_ups; @@ -744,10 +771,11 @@ sub post { my ($inline) = @_; # check if there is a vendor, invoice, due date and invnumber - $form->isblank("transdate", $locale->text("Invoice Date missing!")); - $form->isblank("duedate", $locale->text("Due Date missing!")); - $form->isblank("vendor_id", $locale->text('Vendor missing!')); - $form->isblank("invnumber", $locale->text('Invoice Number missing!')); + $form->isblank("transdate", $locale->text("Invoice Date missing!")); + $form->isblank("duedate", $locale->text("Due Date missing!")); + $form->isblank("vendor_id", $locale->text('Vendor missing!')); + $form->isblank("invnumber", $locale->text('Invoice Number missing!')); + $form->isblank("AP_chart_id", $locale->text('No contra account selected!')); if ($myconfig{mandatory_departments} && !$form->{department_id}) { $form->{saved_message} = $::locale->text('You have to specify a department.'); @@ -826,7 +854,11 @@ sub post { # no restore_from_session_id needed. we like to have a newly generated # list of invoices for bank transactions print $form->redirect_header($form->{callback}) if ($form->{callback} =~ /BankTransaction/); - $form->redirect($locale->text('AP transaction posted.')) unless $inline; + $form->redirect($locale->text('AP transaction posted.') . ' ' . $locale->text('ID') . ': ' . $form->{id}) unless $inline; + # TODO Add callback/return flag in myconfig + # With version 3.5 we can add documents, but only after posting. there should be a flag in myconfig for the user + # $form->{callback} ||= 'ap.pl?action=edit&id=' . $form->{id} if $myconfig{no_reset_arap}; + } else { $form->error($locale->text('Cannot post transaction!')); } @@ -909,8 +941,6 @@ sub delete { sub search { $main::lxdebug->enter_sub(); - $main::auth->assert('vendor_invoice_edit'); - my $form = $main::form; my %myconfig = %main::myconfig; my $locale = $main::locale; @@ -961,8 +991,6 @@ sub ap_transactions { my %myconfig = %main::myconfig; my $locale = $main::locale; - $main::auth->assert('vendor_invoice_edit'); - report_generator_set_default_sort('transdate', 1); AP->ap_transactions(\%myconfig, \%$form); @@ -1163,14 +1191,17 @@ sub setup_ap_search_action_bar { action => [ $::locale->text('Search'), submit => [ '#form', { action => "ap_transactions" } ], + checks => [ 'kivi.validate_form' ], accesskey => 'enter', ], ); } + $::request->layout->add_javascripts('kivi.Validator.js'); } sub setup_ap_transactions_action_bar { - my %params = @_; + my %params = @_; + my $may_edit_create = $::auth->assert('ap_transactions', 1); for my $bar ($::request->layout->get('actionbar')) { $bar->add( @@ -1178,11 +1209,14 @@ sub setup_ap_transactions_action_bar { action => [ t8('Add') ], link => [ t8('Purchase Invoice'), - link => [ 'ir.pl?action=add' ], + link => [ 'ir.pl?action=add' ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, + ], link => [ t8('AP Transaction'), - link => [ 'ap.pl?action=add' ], + link => [ 'ap.pl?action=add' ], + disabled => !$may_edit_create ? t8('You do not have the permissions to access this function.') : undef, ], ], # end of combobox "Add" ); @@ -1194,41 +1228,67 @@ sub setup_ap_display_form_action_bar { my $closedto = $::form->datetonum($::form->{closedto}, \%::myconfig); my $is_closed = $transdate <= $closedto; - my $change_never = $::instance_conf->get_ar_changeable == 0; - my $change_on_same_day_only = $::instance_conf->get_ar_changeable == 2 && ($::form->current_date(\%::myconfig) ne $::form->{gldate}); + my $change_never = $::instance_conf->get_ap_changeable == 0; + my $change_on_same_day_only = $::instance_conf->get_ap_changeable == 2 && ($::form->current_date(\%::myconfig) ne $::form->{gldate}); my $is_storno = IS->is_storno(\%::myconfig, $::form, 'ap', $::form->{id}); my $has_storno = IS->has_storno(\%::myconfig, $::form, 'ap'); + my $may_edit_create = $::auth->assert('ap_transactions', 1); + + my $has_sepa_exports; + if ($::form->{id}) { + my $invoice = SL::DB::Manager::PurchaseInvoice->find_by(id => $::form->{id}); + $has_sepa_exports = 1 if ($invoice->find_sepa_export_items()->[0]); + } + + my $is_linked_bank_transaction; + if ($::form->{id} + && SL::DB::Default->get->payments_changeable != 0 + && SL::DB::Manager::BankTransactionAccTrans->find_by(ap_id => $::form->{id})) { + + $is_linked_bank_transaction = 1; + } + for my $bar ($::request->layout->get('actionbar')) { $bar->add( action => [ t8('Update'), submit => [ '#form', { action => "update" } ], id => 'update_button', + checks => [ 'kivi.validate_form' ], accesskey => 'enter', + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') : undef, ], combobox => [ action => [ t8('Post'), submit => [ '#form', { action => "post" } ], - checks => [ 'kivi.AP.check_fields_before_posting' ], - disabled => $is_closed ? t8('The billing period has already been locked.') + checks => [ 'kivi.validate_form', 'kivi.AP.check_fields_before_posting', 'kivi.AP.check_duplicate_invnumber' ], + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') + : $is_closed ? t8('The billing period has already been locked.') : $is_storno ? t8('A canceled invoice cannot be posted.') : ($::form->{id} && $change_never) ? t8('Changing invoices has been disabled in the configuration.') : ($::form->{id} && $change_on_same_day_only) ? t8('Invoices can only be changed on the day they are posted.') + : $is_linked_bank_transaction ? t8('This transaction is linked with a bank transaction. Please undo and redo the bank transaction booking if needed.') : undef, ], action => [ t8('Post Payment'), submit => [ '#form', { action => "post_payment" } ], - disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef, + checks => [ 'kivi.validate_form' ], + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') + : !$::form->{id} ? t8('This invoice has not been posted yet.') + : $is_linked_bank_transaction ? t8('This transaction is linked with a bank transaction. Please undo and redo the bank transaction booking if needed.') + : undef, ], action => [ t8('Mark as paid'), submit => [ '#form', { action => "mark_as_paid" } ], confirm => t8('This will remove the invoice from showing as unpaid even if the unpaid amount does not match the amount. Proceed?'), - disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef, + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') + : !$::form->{id} ? t8('This invoice has not been posted yet.') + : undef, only_if => $::instance_conf->get_is_show_mark_as_paid, ], ], # end of combobox "Post" @@ -1236,23 +1296,28 @@ sub setup_ap_display_form_action_bar { combobox => [ action => [ t8('Storno'), submit => [ '#form', { action => "storno" } ], - checks => [ 'kivi.AP.check_fields_before_posting' ], + checks => [ 'kivi.validate_form', 'kivi.AP.check_fields_before_posting' ], confirm => t8('Do you really want to cancel this invoice?'), - disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') - : $has_storno ? t8('This invoice has been canceled already.') - : $is_storno ? t8('Reversal invoices cannot be canceled.') - : $::form->{totalpaid} ? t8('Invoices with payments cannot be canceled.') - : undef, + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') + : !$::form->{id} ? t8('This invoice has not been posted yet.') + : $has_storno ? t8('This invoice has been canceled already.') + : $is_storno ? t8('Reversal invoices cannot be canceled.') + : $::form->{totalpaid} ? t8('Invoices with payments cannot be canceled.') + : $has_sepa_exports ? t8('This invoice has been linked with a sepa export, undo this first.') + : undef, ], action => [ t8('Delete'), submit => [ '#form', { action => "delete" } ], confirm => t8('Do you really want to delete this object?'), - disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') - : $change_never ? t8('Changing invoices has been disabled in the configuration.') - : $change_on_same_day_only ? t8('Invoices can only be changed on the day they are posted.') - : $has_storno ? t8('This invoice has been canceled already.') - : $is_closed ? t8('The billing period has already been locked.') - : undef, + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') + : !$::form->{id} ? t8('This invoice has not been posted yet.') + : $change_never ? t8('Changing invoices has been disabled in the configuration.') + : $change_on_same_day_only ? t8('Invoices can only be changed on the day they are posted.') + : $has_storno ? t8('This invoice has been canceled already.') + : $is_closed ? t8('The billing period has already been locked.') + : $has_sepa_exports ? t8('This invoice has been linked with a sepa export, undo this first.') + : $is_linked_bank_transaction ? t8('This transaction is linked with a bank transaction. Please undo and redo the bank transaction booking if needed.') + : undef, ], ], # end of combobox "Storno" @@ -1263,7 +1328,10 @@ sub setup_ap_display_form_action_bar { action => [ t8('Use As New'), submit => [ '#form', { action => "use_as_new" } ], - disabled => !$::form->{id} ? t8('This invoice has not been posted yet.') : undef, + checks => [ 'kivi.validate_form' ], + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') + : !$::form->{id} ? t8('This invoice has not been posted yet.') + : undef, ], ], # end of combobox "Workflow" @@ -1281,16 +1349,19 @@ sub setup_ap_display_form_action_bar { ], action => [ t8('Record templates'), - call => [ 'kivi.RecordTemplate.popup', 'ap_transaction' ], + call => [ 'kivi.RecordTemplate.popup', 'ap_transaction' ], + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') : undef, ], action => [ t8('Drafts'), call => [ 'kivi.Draft.popup', 'ap', 'invoice', $::form->{draft_id}, $::form->{draft_description} ], - disabled => $::form->{id} ? t8('This invoice has already been posted.') - : $is_closed ? t8('The billing period has already been locked.') - : undef, + disabled => !$may_edit_create ? t8('You must not change this AP transaction.') + : $::form->{id} ? t8('This invoice has already been posted.') + : $is_closed ? t8('The billing period has already been locked.') + : undef, ], ], # end of combobox "more" ); } + $::request->layout->add_javascripts('kivi.Validator.js'); }