X-Git-Url: http://koha-dev.rot13.org:8081/gitweb/?a=blobdiff_plain;f=acqui%2Finvoice.pl;h=eaf804d51ec3f1b19644fe622331ce565db2afc3;hb=1c115fcff70271246c500d5b5f9290c47b715693;hp=a65b6d8939b8b3c7e66f11555b4a417ab5219905;hpb=7fb8f3638859b1e27c2954363b175030fadbee17;p=koha-ffzg.git

diff --git a/acqui/invoice.pl b/acqui/invoice.pl
index a65b6d8939..eaf804d51e 100755
--- a/acqui/invoice.pl
+++ b/acqui/invoice.pl
@@ -29,26 +29,24 @@ Invoice details
 use Modern::Perl;
 
 use CGI qw ( -utf8 );
-use C4::Auth;
-use C4::Output;
-use C4::Acquisition;
-use C4::Budgets;
+use C4::Auth qw( get_template_and_user );
+use C4::Output qw( output_and_exit output_html_with_http_headers );
+use C4::Acquisition qw( CloseInvoice ReopenInvoice ModInvoice MergeInvoices DelInvoice GetInvoice GetInvoiceDetails get_rounded_price );
+use C4::Budgets qw( GetBudgetHierarchy GetBudget CanUserUseBudget );
 
 use Koha::Acquisition::Booksellers;
-use Koha::Acquisition::Currencies;
-use Koha::DateUtils;
+use Koha::Acquisition::Currencies qw( get_active );
+use Koha::DateUtils qw( output_pref );
 use Koha::Misc::Files;
 use Koha::Acquisition::Invoice::Adjustments;
 
-my $input = new CGI;
+my $input = CGI->new;
 my ( $template, $loggedinuser, $cookie, $flags ) = get_template_and_user(
     {
         template_name   => 'acqui/invoice.tt',
         query           => $input,
         type            => 'intranet',
-        authnotrequired => 0,
         flagsrequired   => { 'acquisition' => '*' },
-        debug           => 1,
     }
 );
 
@@ -58,7 +56,10 @@ my $op        = $input->param('op');
 
 output_and_exit( $input, $cookie, $template, 'insufficient_permission' )
   if $op
-  && not $logged_in_patron->has_permission( { acquisition => 'edit_invoices' } );
+  && ! $logged_in_patron->has_permission( { acquisition => 'edit_invoices' } )
+  && ! $logged_in_patron->has_permission( { acquisition => 'reopen_closed_invoices' } )
+  && ! $logged_in_patron->has_permission( { acquisition => 'merge_invoices' } )
+  && ! $logged_in_patron->has_permission( { acquisition => 'delete_invoices' } );
 
 my $invoice_files;
 if ( C4::Context->preference('AcqEnableFiles') ) {
@@ -67,7 +68,12 @@ if ( C4::Context->preference('AcqEnableFiles') ) {
 }
 
 if ( $op && $op eq 'close' ) {
-    CloseInvoice($invoiceid);
+    output_and_exit( $input, $cookie, $template, 'insufficient_permission' )
+        unless $logged_in_patron->has_permission( { acquisition => 'edit_invoices' } );
+    my @invoiceid = $input->multi_param('invoiceid');
+    foreach my $invoiceid ( @invoiceid ) {
+        CloseInvoice($invoiceid);
+    }
     my $referer = $input->param('referer');
     if ($referer) {
         print $input->redirect($referer);
@@ -77,8 +83,10 @@ if ( $op && $op eq 'close' ) {
 elsif ( $op && $op eq 'reopen' ) {
     output_and_exit( $input, $cookie, $template, 'insufficient_permission' )
         unless $logged_in_patron->has_permission( { acquisition => 'reopen_closed_invoices' } );
-
-    ReopenInvoice($invoiceid);
+    my @invoiceid = $input->multi_param('invoiceid');
+    foreach my $invoiceid ( @invoiceid ) {
+        ReopenInvoice($invoiceid);
+    }
     my $referer = $input->param('referer');
     if ($referer) {
         print $input->redirect($referer);
@@ -101,8 +109,16 @@ elsif ( $op && $op eq 'mod' ) {
         ReopenInvoice($invoiceid)
             if $logged_in_patron->has_permission( { acquisition => 'reopen_closed_invoices' } );
     } elsif ($input->param('close')) {
+
+        output_and_exit( $input, $cookie, $template, 'insufficient_permission' )
+            unless $logged_in_patron->has_permission( { acquisition => 'edit_invoices' } );
+
         CloseInvoice($invoiceid);
     } elsif ($input->param('merge')) {
+
+        output_and_exit( $input, $cookie, $template, 'insufficient_permission' )
+            unless $logged_in_patron->has_permission( { acquisition => 'merge_invoices' } );
+
         my @sources = $input->multi_param('merge');
         MergeInvoices($invoiceid, \@sources);
         defined($invoice_files) && $invoice_files->MergeFileRecIds(@sources);
@@ -123,11 +139,19 @@ elsif ( $op && $op eq 'delete' ) {
     }
 }
 elsif ( $op && $op eq 'del_adj' ) {
+
+    output_and_exit( $input, $cookie, $template, 'insufficient_permission' )
+        unless $logged_in_patron->has_permission( { acquisition => 'edit_invoices' } );
+
     my $adjustment_id  = $input->param('adjustment_id');
     my $del_adj = Koha::Acquisition::Invoice::Adjustments->find( $adjustment_id );
     $del_adj->delete() if ($del_adj);
 }
 elsif ( $op && $op eq 'mod_adj' ) {
+
+    output_and_exit( $input, $cookie, $template, 'insufficient_permission' )
+        unless $logged_in_patron->has_permission( { acquisition => 'edit_invoices' } );
+
     my @adjustment_id  = $input->multi_param('adjustment_id');
     my @adjustment     = $input->multi_param('adjustment');
     my @reason         = $input->multi_param('reason');
@@ -208,10 +232,6 @@ my $budgets     = GetBudgetHierarchy();
 foreach my $r ( @{$budgets} ) {
     next unless ( CanUserUseBudget( $loggedinuser, $r, $flags ) );
 
-    if ( !defined $r->{budget_amount} || $r->{budget_amount} == 0 ) {
-        next;
-    }
-
     my $selected = $shipmentcost_budgetid ? $r->{budget_id} eq $shipmentcost_budgetid : 0;
 
     push @{$budget_loop},