add separate ACL for employee reports, RT#22516

diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm
index e1001d7..091e7af 100644 (file)
--- a/FS/FS/AccessRight.pm
+++ b/FS/FS/AccessRight.pm
@@ -304,6 +304,8 @@ tie my %rights, 'Tie::IxHash',
     'Usage: Call Detail Records (CDRs)',
     'Usage: Unrateable CDRs',
     'Usage: Time worked',
+    { rightname=>'Employees: Commission Report', global=>1 },
+    { rightname=>'Employees: Audit Report', global=>1 },
 
     #{ rightname => 'List customers of all agents', global=>1 },
   ],

diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm
index e6c847d..a9d5de2 100644 (file)
--- a/FS/FS/access_right.pm
+++ b/FS/FS/access_right.pm
@@ -230,6 +230,9 @@ sub _upgrade_data { # class method
 
     'Provision customer service' => [ 'Edit password' ],
 
+    'Financial reports' => [ 'Employees: Commission Report',
+                             'Employees: Audit Report',
+                           ],
   ;
 
   foreach my $old_acl ( keys %onetime ) {

diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html
index 0560b37..1c55c14 100644 (file)
--- a/httemplate/elements/menu.html
+++ b/httemplate/elements/menu.html
@@ -310,8 +310,7 @@ $report_payments{'Deleted Payments / Payment history table'} = [ $fsurl.'search/
   if $conf->exists('payment-history-report');
 
 tie my %report_financial, 'Tie::IxHash';
-if($curuser->access_right('Financial reports')) {
-
+if ( $curuser->access_right('Financial reports') ) {
   %report_financial = (
     'Sales, Credits and Receipts' => [ $fsurl.'graph/report_money_time.html', 'Sales, credits and receipts summary graph' ],
     'Daily Sales, Credits and Receipts' => [ $fsurl.'graph/report_money_time_daily.html', 'Sales, credits and receipts (broken down by day) summary graph' ],
@@ -319,14 +318,25 @@ if($curuser->access_right('Financial reports')) {
     'Rated Call Sales Report' => [ $fsurl.'graph/report_cust_bill_pkg_detail.html', 'Sales report and graph (by agent, package class, usage class and/or date range)' ],
     'Sales With Advertising Source' => [ $fsurl.'search/report_cust_bill_pkg_referral.html' ],
     'Sales with Agent Commissions' => [ $fsurl.'search/report_agent_commission.html' ],
-    'Employee Commission Report' => [ $fsurl.'search/report_employee_commission.html', '' ],
-    'Credit Report' => [ $fsurl.'search/report_cust_credit.html', 'Credit report (by employee and/or date range)' ],
-    'Credit application detail' => [ $fsurl.'search/report_cust_credit_bill_pkg.html', 'Line item application detail' ],    'Unapplied Credits' => [ $fsurl.'search/report_cust_credit.html?unapplied=1', 'Unapplied credit report (by type and/or date range)' ],
-    'Refund Report' => [ $fsurl.'search/report_cust_refund.html', 'Refund report (by type and/or date range)' ],
-    'Unapplied Refunds' => [ $fsurl.'search/report_cust_refund.html?unapplied=1', 'Unapplied refund report (by type and/or date range)' ],
-    'Package Costs Report' => [ $fsurl.'graph/report_cust_pkg_cost.html', 'Package setup and recurring costs graph' ],
-    'Employee Audit Report' => [ $fsurl.'search/report_employee_audit.html', 'Employee audit report' ],
   );
+}
+
+$report_financial{'Employee Commission Report'} = [ $fsurl.'search/report_employee_commission.html', '' ]
+  if $curuser->access_right('Employees: Commission Report');
+
+if ( $curuser->access_right('Financial reports')) {
+  $report_financial{'Credit Report'} = [ $fsurl.'search/report_cust_credit.html', 'Credit report (by employee and/or date range)' ];
+  $report_financial{'Credit application detail'} = [ $fsurl.'search/report_cust_credit_bill_pkg.html', 'Line item application detail' ];
+  $report_financial{'Unapplied Credits'} = [ $fsurl.'search/report_cust_credit.html?unapplied=1', 'Unapplied credit report (by type and/or date range)' ];
+  $report_financial{'Refund Report'} = [ $fsurl.'search/report_cust_refund.html', 'Refund report (by type and/or date range)' ];
+  $report_financial{'Unapplied Refunds'} = [ $fsurl.'search/report_cust_refund.html?unapplied=1', 'Unapplied refund report (by type and/or date range)' ];
+  $report_financial{'Package Costs Report'} = [ $fsurl.'graph/report_cust_pkg_cost.html', 'Package setup and recurring costs graph' ];
+}
+
+$report_financial{'Employee Audit Report'} = [ $fsurl.'search/report_employee_audit.html', 'Employee audit report' ]
+  if $curuser->access_right('Employees: Audit Report');
+
+if ( $curuser->access_right('Financial reports')) {
   $report_financial{'A/R Aging'} = [ $fsurl.'search/report_receivables.html', 'Accounts Receivable Aging report' ];
   $report_financial{'Prepaid Income'} = [ $fsurl.'search/report_prepaid_income.html', 'Prepaid income (unearned revenue)  report' ];
 
@@ -337,11 +347,11 @@ if($curuser->access_right('Financial reports')) {
 
   $report_financial{'Customer Accounting Summary'} = [ $fsurl.'search/report_customer_accounting_summary.html', 'Customer accounting summary report' ];
 
-} elsif($curuser->access_right('Receivables report')) {
+} elsif ($curuser->access_right('Receivables report')) {
 
   $report_financial{'A/R Aging'} = [ $fsurl.'search/report_receivables.html', 'Accounts Receivable Aging report' ];
 
-} # else $report_financial contains nothing.
+}
 
 tie my %report_logs, 'Tie::IxHash';
   $report_logs{'System log'} = [ $fsurl.'search/log.html', 'View system events and debugging information.' ],
@@ -376,8 +386,7 @@ $report_menu{'Tickets'}   = [ \%report_ticketing, 'Ticket reports' ]
 $report_menu{'Billing events'} =  [ \%report_bill_event, 'Billing events' ]
   if $curuser->access_right('Billing event reports');
 $report_menu{'Financial'}  = [ \%report_financial, 'Financial reports' ]
-  if $curuser->access_right('Financial reports') 
-  or $curuser->access_right('Receivables report');
+  if keys %report_financial;
 $report_menu{'Logs'} = [ \%report_logs, 'System and email logs' ]
   if (keys %report_logs); # empty if the user has no rights to it
 $report_menu{'SQL Query'}  = [ $fsurl.'search/report_sql.html', 'SQL Query' ]

diff --git a/httemplate/search/employee_audit.html b/httemplate/search/employee_audit.html
index 753c7bf..2bc6ff4 100644 (file)
--- a/httemplate/search/employee_audit.html
+++ b/httemplate/search/employee_audit.html
@@ -7,7 +7,7 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Financial reports');
+  unless $FS::CurrentUser::CurrentUser->access_right('Employees: Audit Report');
 
 my %tables = (
     cust_pay        => 'Payments',

diff --git a/httemplate/search/part_pkg.html b/httemplate/search/part_pkg.html
index 2178346..a90f13c 100644 (file)
--- a/httemplate/search/part_pkg.html
+++ b/httemplate/search/part_pkg.html
@@ -23,7 +23,7 @@
 
 my $curuser = $FS::CurrentUser::CurrentUser;
 die "access denied"
-  unless $curuser->access_right('Financial reports');
+  unless $curuser->access_right('Employees: Commission Report'); #that's all this does so far
 
 my $conf = new FS::Conf;
 my $money_char = $conf->config('money_char') || '$';

diff --git a/httemplate/search/report_employee_audit.html b/httemplate/search/report_employee_audit.html
index 757b823..461849b 100644 (file)
--- a/httemplate/search/report_employee_audit.html
+++ b/httemplate/search/report_employee_audit.html
@@ -23,7 +23,7 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Financial reports');
+  unless $FS::CurrentUser::CurrentUser->access_right('Employees: Audit Report');
 
 my %tables = (
     cust_pay        => 'Payments',

diff --git a/httemplate/search/report_employee_commission.html b/httemplate/search/report_employee_commission.html
index 51afad3..ebfcae8 100644 (file)
--- a/httemplate/search/report_employee_commission.html
+++ b/httemplate/search/report_employee_commission.html
@@ -25,6 +25,6 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Financial reports');
+  unless $FS::CurrentUser::CurrentUser->access_right('Employees: Commission Report');
 
 </%init>