TWYN#52412 gebruik door toegekende gebruiker

svn path=/Website/branches/v2017.3/; revision=37330

APPL/API2/model_bgt_budget.inc

@@ -238,10 +238,37 @@ function model_bgt_budget()
     {   // Zoek bij wijzigen van kostenplaats de kostenplaatsgrp_key op
     }
 
-
-    this.REST_GET    = generic_REST_GET(this);
-    this.REST_POST   = generic_REST_POST(this);
-    this.REST_PUT    = generic_REST_PUT(this);
-    this.REST_DELETE = generic_REST_DELETE(this);
+    var v_budgetdiscipline = getQParamInt("budgetdiscipline", -1);
+    if (v_budgetdiscipline == -1)
+    {
+        gparams = {
+            GET: {wheres: [
+                    "bgt_budget.ins_discipline_key IN"
+                    + " (SELECT w.ins_discipline_key"
+                    + "    FROM fac_v_webgebruiker w"
+                    + "       , ins_tab_discipline d"
+                    + "   WHERE w.ins_discipline_key = d.ins_discipline_key"
+                    + "     AND w.prs_perslid_key = " + user_key
+                    + "     AND (w.fac_gebruiker_prs_level_read<9 OR w.fac_gebruiker_alg_level_read<9)"
+                    + "     AND d.ins_discipline_module = 'BGT'"
+                    + "     AND d.ins_discipline_verwijder IS NULL"
+                    + " )"
+                ]
+            }
+        }
+        this.REST_GET = generic_REST_GET(this, gparams);
+    }
+    else
+    {
+        this.REST_GET = generic_REST_GET(this);
+    }
+    this.REST_PUT = generic_REST_PUT(this);
+    var autparams = user.checkAutorisation(this.autfunction);
+    var canWrite = (autparams.PRSwritelevel < 9 && autparams.ALGwritelevel < 9);
+    if (canWrite)
+    {
+        this.REST_POST   = generic_REST_POST(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
+    }
 }
 %>

APPL/API2/model_bgt_budgetmutatie.inc

@@ -321,10 +321,15 @@ function model_bgt_budgetmutatie()
         gparams.GET.wheres.push(v_where);
     }
 
-    this.REST_GET    = generic_REST_GET(this, gparams);
-    if (p_budget_key > -1)
+    var autparams = user.checkAutorisation(this.autfunction);
+    var canWrite = (autparams.PRSwritelevel < 9 && autparams.ALGwritelevel < 9);
+    this.REST_GET = generic_REST_GET(this, gparams);
+    if (p_budget_key > -1 || canWrite)
         this.REST_POST = generic_REST_POST(this);
-    this.REST_PUT    = generic_REST_PUT(this);
-    this.REST_DELETE = generic_REST_DELETE(this);
+    if (canWrite)
+    {
+        this.REST_PUT = generic_REST_PUT(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
+    }
 }
 %>

APPL/API2/model_fin_factuur.inc

@@ -515,11 +515,35 @@ function model_fin_factuur()
         if (mld_opdr_key > -1 && fin_key == -1)
             gparams.GET.wheres.push("mld_opdr.mld_opdr_key = {0}".format(mld_opdr_key));
 
+        var v_budgetdiscipline = getQParamInt("budgetdiscipline", -1);
+        if (v_budgetdiscipline == -1)
+        {
+            gparams.GET.tables.push("ins_tab_discipline");
+            gparams.GET.wheres.push("bgt_project.ins_discipline_key = ins_tab_discipline.ins_discipline_key");
+            gparams.GET.wheres.push(
+                    "bgt_project.ins_discipline_key IN"
+                    + " (SELECT w.ins_discipline_key"
+                    + "    FROM fac_v_webgebruiker w"
+                    + "       , ins_tab_discipline d"
+                    + "   WHERE w.ins_discipline_key = d.ins_discipline_key"
+                    + "     AND w.prs_perslid_key = " + user_key
+                    + "     AND (w.fac_gebruiker_prs_level_read<9 OR w.fac_gebruiker_alg_level_read<9)"
+                    + "     AND d.ins_discipline_module = 'BGT'"
+                    + "     AND d.ins_discipline_verwijder IS NULL"
+                    + " )"
+            );
+        }
+
         this.REST_GET =  generic_REST_GET(this, gparams);
     }
 
-    this.REST_POST   = generic_REST_POST(this);
-    this.REST_PUT    = generic_REST_PUT(this);
-    this.REST_DELETE = generic_REST_DELETE(this);
+    this.REST_PUT = generic_REST_PUT(this);
+    var autparams = user.checkAutorisation(this.autfunction);
+    var canWrite = (autparams.PRSwritelevel < 9 && autparams.ALGwritelevel < 9);
+    if (canWrite)
+    {
+        this.REST_POST   = generic_REST_POST(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
+    }
 }
 %>

APPL/API2/model_mld_opdr.inc

@@ -558,6 +558,25 @@ function model_mld_opdr()
                 ]
             }
         };
+
+        var v_budgetdiscipline = getQParamInt("budgetdiscipline", -1);
+        if (v_budgetdiscipline == -1)
+        {
+            gparams.GET.tables.push("ins_tab_discipline");
+            gparams.GET.wheres.push("bgt_project.ins_discipline_key = ins_tab_discipline.ins_discipline_key");
+            gparams.GET.wheres.push(
+                    "bgt_project.ins_discipline_key IN"
+                    + " (SELECT w.ins_discipline_key"
+                    + "    FROM fac_v_webgebruiker w"
+                    + "       , ins_tab_discipline d"
+                    + "   WHERE w.ins_discipline_key = d.ins_discipline_key"
+                    + "     AND w.prs_perslid_key = " + user_key
+                    + "     AND (w.fac_gebruiker_prs_level_read<9 OR w.fac_gebruiker_alg_level_read<9)"
+                    + "     AND d.ins_discipline_module = 'BGT'"
+                    + "     AND d.ins_discipline_verwijder IS NULL"
+                    + " )"
+            );
+        }
     }
 
     function getBudget(data_costtype)
@@ -753,9 +772,14 @@ function model_mld_opdr()
     }
 
 
-    this.REST_GET    = generic_REST_GET(this, gparams);
-    this.REST_POST   = generic_REST_POST(this);
-    this.REST_PUT    = generic_REST_PUT(this);
-    this.REST_DELETE = generic_REST_DELETE(this);
+    this.REST_GET = generic_REST_GET(this, gparams);
+    this.REST_PUT = generic_REST_PUT(this);
+    var autparams = user.checkAutorisation(this.autfunction);
+    var canWrite = (autparams.PRSwritelevel < 9 && autparams.ALGwritelevel < 9);
+    if (canWrite)
+    {
+        this.REST_POST   = generic_REST_POST(this);
+        this.REST_DELETE = generic_REST_DELETE(this);
+    }
 }
 %>

APPL/BGT/bgt_budget.asp

@@ -20,6 +20,12 @@ var this_model = new model_bgt_budget();
 
 if (mode == "show")
 {
+    var autparams = user.checkAutorisation(this_model.autfunction);
+    var canWrite = (autparams.PRSwritelevel < 9 && autparams.ALGwritelevel < 9)
+    if (!canWrite)
+    {
+        delete this_model.REST_PUT;
+    }
     var budget_key = getQParamInt("id", -1);
     var sql = "SELECT count(*) aantal"
             + "  FROM mld_opdr o"

APPL/BGT/fin_factuur.asp

@@ -24,6 +24,15 @@ if (mode == "list")
 {
     this_model.fields.company.foreign = bgt_company_foreign(1);
 }
+if (mode == "show")
+{
+    var autparams = user.checkAutorisation(this_model.autfunction);
+    var canWrite = (autparams.PRSwritelevel < 9 && autparams.ALGwritelevel < 9)
+    if (!canWrite)
+    {
+        delete this_model.REST_PUT;
+    }
+}
 
 scaffolding(this_model,
     {

APPL/BGT/mld_opdr.asp

@@ -20,6 +20,12 @@ var this_model = new model_mld_opdr();
 
 if (mode == "show")
 {
+    var autparams = user.checkAutorisation(this_model.autfunction);
+    var canWrite = (autparams.PRSwritelevel < 9 && autparams.ALGwritelevel < 9)
+    if (!canWrite)
+    {
+        delete this_model.REST_PUT;
+    }
     this_model.fields.ordernr_sort.hidden_fld = false;
     this_model.fields.ordernr_sort.readonly = true;
 }

APPL/PRS/prs_bedrijf_search.asp

@@ -41,7 +41,7 @@ var autfunction = "";
 if (intern)
   autfunction = "WEB_PRSMAN";   // TODO of PRSUSE?
 else
-  autfunction = (S("bgt_enabled")==1 ? ["WEB_RELMAN", "WEB_BGTUSE"] : ["WEB_RELMAN"]);
+  autfunction = (S("bgt_enabled")==1 ? ["WEB_RELMAN", "WEB_BGTMGT"] : ["WEB_RELMAN"]);
 var authparams = user.checkAutorisation(autfunction);
 
 // VALIDATE AND PREPARE