Add role_invoices

This new role allows users to create invoices without role_finance. Users can then only modify their own created invoices until somebody with the role_finance sets the paid_on value.
2016-02-17 21:07:35 +01:00 · 2016-02-17 21:07:35 +01:00 · 1315103a7d
commit 1315103a7d
parent 273969ac90
20 changed files with 73 additions and 20 deletions
--- a/app/assets/images/role-invoices.png
+++ b/app/assets/images/role-invoices.png
--- a/app/controllers/finance/invoices_controller.rb
+++ b/app/controllers/finance/invoices_controller.rb
@ -1,11 +1,13 @@
 class Finance::InvoicesController < ApplicationController

+  before_filter :find_invoice, only: [:show, :edit, :update, :destroy]
+  before_filter :ensure_can_edit, only: [:edit, :update, :destroy]
+
  def index
    @invoices = Invoice.includes(:supplier, :deliveries, :orders).order('date DESC').page(params[:page]).per(@per_page)
  end

  def show
-    @invoice = Invoice.find(params[:id])
  end

  def new
@ -15,7 +17,6 @@ class Finance::InvoicesController < ApplicationController
  end

  def edit
-    @invoice = Invoice.find(params[:id])
  end

  def create
@ -36,8 +37,6 @@ class Finance::InvoicesController < ApplicationController
  end

  def update
-    @invoice = Invoice.find(params[:id])
-
    if @invoice.update_attributes(params[:invoice])
      redirect_to [:finance, @invoice], notice: I18n.t('finance.update.notice')
    else
@ -46,9 +45,21 @@ class Finance::InvoicesController < ApplicationController
  end

  def destroy
-    @invoice = Invoice.find(params[:id])
    @invoice.destroy

    redirect_to finance_invoices_url
  end
+
+  private
+
+  def find_invoice
+    @invoice = Invoice.find(params[:id])
+  end
+
+  # Returns true if @current_user can edit the invoice..
+  def ensure_can_edit
+    unless @invoice.user_can_edit?(current_user)
+      deny_access
+    end
+  end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -150,7 +150,7 @@ module ApplicationHelper
  end

  def format_roles(record, icon=false)
-    roles = %w(suppliers article_meta orders finance admin)
+    roles = %w(suppliers article_meta orders finance invoices admin)
    roles.select! {|role| record.send "role_#{role}?"}
    names = Hash[roles.map{|r| [r, I18n.t("helpers.application.role_#{r}")]}]
    if icon
--- a/app/models/invoice.rb
+++ b/app/models/invoice.rb
@ -13,6 +13,10 @@ class Invoice < ActiveRecord::Base
  # Replace numeric seperator with database format
  localize_input_of :amount, :deposit, :deposit_credit

+  def user_can_edit?(user)
+    user.role_finance? || (user.role_invoices? && !self.paid_on && self.created_by.id == user.id)
+  end
+
  # Amount without deposit
  def net_amount
    amount - deposit + deposit_credit
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -143,7 +143,12 @@ class User < ActiveRecord::Base
  def role_finance?
    groups.detect {|group| group.role_finance?}
  end
-  
+
+  # Checks the invoices role
+  def role_invoices?
+    groups.detect {|group| group.role_invoices?}
+  end
+
  # Checks the article_meta role
  def role_article_meta?
    groups.detect {|group| group.role_article_meta?}
--- a/app/views/admin/workgroups/_form.html.haml
+++ b/app/views/admin/workgroups/_form.html.haml
@ -6,6 +6,7 @@
    = f.input :role_article_meta
    = f.input :role_orders
    = f.input :role_finance
+    = f.input :role_invoices
    = f.input :role_admin
  = render 'shared/group_form_fields', :f => f, captured: captured
  .form-actions
--- a/app/views/finance/invoices/_form.html.haml
+++ b/app/views/finance/invoices/_form.html.haml
@ -15,7 +15,8 @@
  = f.association :supplier, hint: false
  = f.input :number
  = f.input :date, as: :date_picker
-  = f.input :paid_on, as: :date_picker
+  - if current_user.role_finance?
+    = f.input :paid_on, as: :date_picker
  = f.input :amount, as: :string
  = f.input :deposit, as: :string
  = f.input :deposit_credit, as: :string
--- a/app/views/finance/invoices/_invoices.html.haml
+++ b/app/views/finance/invoices/_invoices.html.haml
@ -32,6 +32,10 @@
            = ', ' if index > 0
            = link_to format_date(order.ends), new_finance_order_path(order_id: order)
        %td= truncate(invoice.note)
-        %td= link_to t('ui.edit'), edit_finance_invoice_path(invoice), class: 'btn btn-mini'
-        %td= link_to t('ui.delete'), finance_invoice_path(invoice), :data => {:confirm => t('.confirm_delete')}, :method => :delete,
-          class: 'btn btn-danger btn-mini'
+        %td
+          - if invoice.user_can_edit?(current_user)
+            = link_to t('ui.edit'), edit_finance_invoice_path(invoice), class: 'btn btn-mini'
+        %td
+          - if invoice.user_can_edit?(current_user)
+            = link_to t('ui.delete'), finance_invoice_path(invoice), :data => {:confirm => t('.confirm_delete')}, :method => :delete,
+            class: 'btn btn-danger btn-mini'
--- a/app/views/finance/invoices/show.html.haml
+++ b/app/views/finance/invoices/show.html.haml
@ -47,5 +47,6 @@
  %b= heading_helper(Invoice, :note) + ':'
  =h @invoice.note

-= link_to t('ui.edit'), edit_finance_invoice_path(@invoice)
+- if @invoice.user_can_edit?(current_user)
+  = link_to t('ui.edit'), edit_finance_invoice_path(@invoice)
 = link_to t('ui.or_cancel'), finance_invoices_path
--- a/app/views/ordergroups/edit.html.haml
+++ b/app/views/ordergroups/edit.html.haml
@ -41,6 +41,10 @@
    = f.label :role_finance
    %br/
    = f.check_box :role_finance
+  %p
+    = f.label :role_invoices
+    %br/
+    = f.check_box :role_invoices
  %p
    = f.label :role_orders
    %br/
--- a/app/views/ordergroups/index.html.haml
+++ b/app/views/ordergroups/index.html.haml
@ -11,6 +11,7 @@
    %th Role Suppliers
    %th Role Article Meta
    %th Role Finance
+    %th Role Invoices
    %th Role Orders
    %th Deleted At
    %th Contact Person
@ -28,6 +29,7 @@
      %td= h ordergroup.role_suppliers
      %td= h ordergroup.role_article_meta
      %td= h ordergroup.role_finance
+      %td= h ordergroup.role_invoices
      %td= h ordergroup.role_orders
      %td= h ordergroup.deleted_at
      %td= h ordergroup.contact_person
--- a/app/views/workgroups/edit.html.haml
+++ b/app/views/workgroups/edit.html.haml
@ -41,6 +41,10 @@
    = f.label :role_finance
    %br/
    = f.check_box :role_finance
+  %p
+    = f.label :role_invoices
+    %br/
+    = f.check_box :role_invoices
  %p
    = f.label :role_orders
    %br/
--- a/app/views/workgroups/index.html.haml
+++ b/app/views/workgroups/index.html.haml
@ -11,6 +11,7 @@
    %th Role Suppliers
    %th Role Article Meta
    %th Role Finance
+    %th Role Invoices
    %th Role Orders
    %th Deleted At
    %th Contact Person
@ -28,6 +29,7 @@
      %td= h workgroup.role_suppliers
      %td= h workgroup.role_article_meta
      %td= h workgroup.role_finance
+      %td= h workgroup.role_invoices
      %td= h workgroup.role_orders
      %td= h workgroup.deleted_at
      %td= h workgroup.contact_person