X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/mfinanz.git/blobdiff_plain/c6c877266db02ffaf6d9448d180286954b865b4e..0c3193511e1ea50fad793887ede6ac5732d85074:/SL/Controller/RequirementSpecOrder.pm

diff --git a/SL/Controller/RequirementSpecOrder.pm b/SL/Controller/RequirementSpecOrder.pm
index 2bfb1cffd..7671ffb00 100644
--- a/SL/Controller/RequirementSpecOrder.pm
+++ b/SL/Controller/RequirementSpecOrder.pm
@@ -54,9 +54,13 @@ sub action_new {
 sub action_create {
   my ($self)         = @_;
 
+  if (!$::auth->assert($::form->{quotation} ? 'sales_quotation_edit' : 'sales_order_edit', 1)) {
+    return $self->js->flash('error', t8("You do not have the permissions to access this function."))->render($self);
+  }
+
   # 1. Update sections with selected part IDs.
   my $section_attrs  = $::form->{sections} || [];
-  my $sections       = SL::DB::Manager::RequirementSpecItem->get_all(where => [ id => [ map { $_->{id} } @{ $section_attrs } ] ]);
+  my $sections       = SL::DB::Manager::RequirementSpecItem->get_all_sorted(where => [ id => [ map { $_->{id} } @{ $section_attrs } ] ]);
   my %sections_by_id = map { ($_->{id} => $_) } @{ $sections };
 
   $sections_by_id{ $_->{id} }->update_attributes(order_part_id => $_->{order_part_id}) for @{ $section_attrs };
@@ -66,10 +70,7 @@ sub action_create {
   $order->db->with_transaction(sub {
     $order->save;
 
-    $self->requirement_spec->orders(
-      @{ $self->requirement_spec->orders },
-      SL::DB::RequirementSpecOrder->new(order => $order, version => $self->requirement_spec->version)
-    );
+    $self->requirement_spec->add_orders(SL::DB::RequirementSpecOrder->new(order => $order, version => $self->requirement_spec->version));
     $self->requirement_spec->save;
 
     $self->requirement_spec->link_to_record($order);
@@ -93,6 +94,10 @@ sub action_update {
   my $order    = $self->rs_order->order;
   my $sections = $self->requirement_spec->sections_sorted;
 
+  if (!$::auth->assert($order->quotation ? 'sales_quotation_edit' : 'sales_order_edit', 1)) {
+    return $self->js->flash('error', t8("You do not have the permissions to access this function."))->render($self);
+  }
+
   my (@orderitems, %sections_seen);
   foreach my $item (@{ $order->items_sorted }) {
     my $section = first { my $num = $_->fb_number; $item->description =~ m{\b\Q${num}\E\b} && !$sections_seen{ $_->id } } @{ $sections };
@@ -204,7 +209,7 @@ sub action_delete {
 sub setup {
   my ($self) = @_;
 
-  $::auth->assert('sales_quotation_edit');
+  $::auth->assert('requirement_spec_edit');
   $::request->{layout}->use_stylesheet("${_}.css") for qw(jquery.contextMenu requirement_spec autocomplete_part);
   $::request->{layout}->use_javascript("${_}.js")  for qw(jquery.jstree jquery/jquery.contextMenu client_js requirement_spec);
 
@@ -239,11 +244,6 @@ sub init_all_parts_time_unit {
 # helpers
 #
 
-sub load_parts_for_sections {
-  my ($self, %params) = @_;
-
-}
-
 sub create_order_item {
   my ($self, %params) = @_;