From 720bb2923a550b175a5e2564977110734dfa27cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Esteban=20S=C3=A1nchez=20Mart=C3=ADnez?= Date: Fri, 13 Mar 2026 18:38:57 +0100 Subject: [PATCH 1/7] Use per-document permissions for project sales tabs (mirror EditCliente: createInvoiceView/createDocumentView guarded by user->can) --- Controller/EditProyecto.php | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/Controller/EditProyecto.php b/Controller/EditProyecto.php index ca2b59b..5ed9e91 100644 --- a/Controller/EditProyecto.php +++ b/Controller/EditProyecto.php @@ -165,10 +165,23 @@ protected function createViews() $this->createViewPurchases('PedidoProveedor', 'supplier-orders'); $this->createViewPurchases('AlbaranProveedor', 'supplier-delivery-notes'); $this->createViewPurchases('FacturaProveedor', 'supplier-invoices'); - $this->createViewSales('PresupuestoCliente', 'customer-estimations'); - $this->createViewSales('PedidoCliente', 'customer-orders'); - $this->createViewSales('AlbaranCliente', 'customer-delivery-notes'); - $this->createViewSales('FacturaCliente', 'customer-invoices'); + // Sales (customer) views - add only if user has permissions (mirror EditCliente) + if ($this->user->can('EditFacturaCliente')) { + $this->createInvoiceView('ListFacturaCliente'); + $this->createLineView('ListLineaFacturaCliente', 'LineaFacturaCliente'); + } + if ($this->user->can('EditAlbaranCliente')) { + $this->createDocumentView('ListAlbaranCliente', 'AlbaranCliente', 'delivery-notes'); + } + if ($this->user->can('EditPedidoCliente')) { + $this->createDocumentView('ListPedidoCliente', 'PedidoCliente', 'orders'); + } + if ($this->user->can('EditPresupuestoCliente')) { + $this->createDocumentView('ListPresupuestoCliente', 'PresupuestoCliente', 'estimations'); + } + if ($this->user->can('EditReciboCliente')) { + $this->createReceiptView('ListReciboCliente', 'ReciboCliente'); + } $this->createViewsUsers(); } From 3d0e662509e15fb2081fa57319e42fd5a7345f4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Esteban=20S=C3=A1nchez=20Mart=C3=ADnez?= Date: Fri, 13 Mar 2026 18:41:52 +0100 Subject: [PATCH 2/7] Guard supplier document tabs by permissions in EditProyecto (mirror EditProveedor) --- Controller/EditProyecto.php | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/Controller/EditProyecto.php b/Controller/EditProyecto.php index 5ed9e91..4894a1d 100644 --- a/Controller/EditProyecto.php +++ b/Controller/EditProyecto.php @@ -161,10 +161,23 @@ protected function createViews() $this->createViewsNotes(); $this->createViewsStock(); $this->createViewsServices(); - $this->createViewPurchases('PresupuestoProveedor', 'supplier-estimations'); - $this->createViewPurchases('PedidoProveedor', 'supplier-orders'); - $this->createViewPurchases('AlbaranProveedor', 'supplier-delivery-notes'); - $this->createViewPurchases('FacturaProveedor', 'supplier-invoices'); + // Purchases (supplier) views - add only if user has permissions (mirror EditProveedor) + if ($this->user->can('EditFacturaProveedor')) { + $this->createInvoiceView('ListFacturaProveedor'); + $this->createLineView('ListLineaFacturaProveedor', 'LineaFacturaProveedor'); + } + if ($this->user->can('EditAlbaranProveedor')) { + $this->createDocumentView('ListAlbaranProveedor', 'AlbaranProveedor', 'delivery-notes'); + } + if ($this->user->can('EditPedidoProveedor')) { + $this->createDocumentView('ListPedidoProveedor', 'PedidoProveedor', 'orders'); + } + if ($this->user->can('EditPresupuestoProveedor')) { + $this->createDocumentView('ListPresupuestoProveedor', 'PresupuestoProveedor', 'estimations'); + } + if ($this->user->can('EditReciboProveedor')) { + $this->createReceiptView('ListReciboProveedor', 'ReciboProveedor'); + } // Sales (customer) views - add only if user has permissions (mirror EditCliente) if ($this->user->can('EditFacturaCliente')) { $this->createInvoiceView('ListFacturaCliente'); From 39d6ef4d4973c90d3cd0c1ed0d8a1f70a002c8d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Esteban=20S=C3=A1nchez=20Mart=C3=ADnez?= Date: Fri, 13 Mar 2026 18:43:52 +0100 Subject: [PATCH 3/7] Call createViewPurchases/createViewSales under per-document permissions (avoid calling methods not present in EditProyecto) --- Controller/EditProyecto.php | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/Controller/EditProyecto.php b/Controller/EditProyecto.php index 4894a1d..8230daa 100644 --- a/Controller/EditProyecto.php +++ b/Controller/EditProyecto.php @@ -162,34 +162,31 @@ protected function createViews() $this->createViewsStock(); $this->createViewsServices(); // Purchases (supplier) views - add only if user has permissions (mirror EditProveedor) - if ($this->user->can('EditFacturaProveedor')) { - $this->createInvoiceView('ListFacturaProveedor'); - $this->createLineView('ListLineaFacturaProveedor', 'LineaFacturaProveedor'); - } - if ($this->user->can('EditAlbaranProveedor')) { - $this->createDocumentView('ListAlbaranProveedor', 'AlbaranProveedor', 'delivery-notes'); + if ($this->user->can('EditPresupuestoProveedor')) { + $this->createViewPurchases('PresupuestoProveedor', 'supplier-estimations'); } if ($this->user->can('EditPedidoProveedor')) { - $this->createDocumentView('ListPedidoProveedor', 'PedidoProveedor', 'orders'); + $this->createViewPurchases('PedidoProveedor', 'supplier-orders'); } - if ($this->user->can('EditPresupuestoProveedor')) { - $this->createDocumentView('ListPresupuestoProveedor', 'PresupuestoProveedor', 'estimations'); + if ($this->user->can('EditAlbaranProveedor')) { + $this->createViewPurchases('AlbaranProveedor', 'supplier-delivery-notes'); } - if ($this->user->can('EditReciboProveedor')) { - $this->createReceiptView('ListReciboProveedor', 'ReciboProveedor'); + if ($this->user->can('EditFacturaProveedor')) { + $this->createViewPurchases('FacturaProveedor', 'supplier-invoices'); } // Sales (customer) views - add only if user has permissions (mirror EditCliente) - if ($this->user->can('EditFacturaCliente')) { - $this->createInvoiceView('ListFacturaCliente'); - $this->createLineView('ListLineaFacturaCliente', 'LineaFacturaCliente'); + if ($this->user->can('EditPresupuestoCliente')) { + $this->createViewSales('PresupuestoCliente', 'customer-estimations'); + } + if ($this->user->can('EditPedidoCliente')) { + $this->createViewSales('PedidoCliente', 'customer-orders'); } if ($this->user->can('EditAlbaranCliente')) { - $this->createDocumentView('ListAlbaranCliente', 'AlbaranCliente', 'delivery-notes'); + $this->createViewSales('AlbaranCliente', 'customer-delivery-notes'); } - if ($this->user->can('EditPedidoCliente')) { - $this->createDocumentView('ListPedidoCliente', 'PedidoCliente', 'orders'); + if ($this->user->can('EditFacturaCliente')) { + $this->createViewSales('FacturaCliente', 'customer-invoices'); } - if ($this->user->can('EditPresupuestoCliente')) { $this->createDocumentView('ListPresupuestoCliente', 'PresupuestoCliente', 'estimations'); } if ($this->user->can('EditReciboCliente')) { From 42b41c774c6b23e87f0002ec630f0e96e8eba002 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Esteban=20S=C3=A1nchez=20Mart=C3=ADnez?= Date: Fri, 13 Mar 2026 18:46:31 +0100 Subject: [PATCH 4/7] Fix syntax errors: remove stray lines in createViews and correct addlISTView typo to addListView in createViewPurchases. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- Controller/EditProyecto.php | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Controller/EditProyecto.php b/Controller/EditProyecto.php index 8230daa..81a7f32 100644 --- a/Controller/EditProyecto.php +++ b/Controller/EditProyecto.php @@ -186,8 +186,6 @@ protected function createViews() } if ($this->user->can('EditFacturaCliente')) { $this->createViewSales('FacturaCliente', 'customer-invoices'); - } - $this->createDocumentView('ListPresupuestoCliente', 'PresupuestoCliente', 'estimations'); } if ($this->user->can('EditReciboCliente')) { $this->createReceiptView('ListReciboCliente', 'ReciboCliente'); @@ -198,7 +196,7 @@ protected function createViews() protected function createViewPurchases(string $modelName, string $label) { $viewName = 'List' . $modelName; - $this->addlISTView($viewName, $modelName, $label, 'fa-solid fa-copy') + $this->addListView($viewName, $modelName, $label, 'fa-solid fa-copy') ->addOrderBy(['codigo'], 'code') ->addOrderBy(['fecha', $this->tableColToNumber('numero')], 'date', 2) ->addOrderBy([$this->tableColToNumber('numero')], 'number') From ded7399a9d610398eeb0c827dfcdd8acbbe44be0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Esteban=20S=C3=A1nchez=20Mart=C3=ADnez?= Date: Fri, 13 Mar 2026 18:48:31 +0100 Subject: [PATCH 5/7] Provide createReceiptView in EditProyecto (copied from ComercialContactController) so receipts can be added safely without extending ComercialContactController) --- Controller/EditProyecto.php | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/Controller/EditProyecto.php b/Controller/EditProyecto.php index 81a7f32..9137115 100644 --- a/Controller/EditProyecto.php +++ b/Controller/EditProyecto.php @@ -236,7 +236,38 @@ protected function createViewSales(string $modelName, string $label) } $this->addCommonViewFilters($viewName, $modelName); + } + /** + * Add a receipt list view (copied from ComercialContactController to be available in this controller). + * + * @param string $viewName + * @param string $model + */ + protected function createReceiptView(string $viewName, string $model) + { + return $this->addListView($viewName, $model, 'receipts', 'fa-solid fa-dollar-sign') + ->addOrderBy(['fecha'], 'date') + ->addOrderBy(['fechapago'], 'payment-date') + ->addOrderBy(['vencimiento'], 'expiration', 2) + ->addOrderBy(['importe'], 'amount') + ->addSearchFields(['codigofactura', 'observaciones']) + ->addFilterPeriod('period-f', 'fecha', 'fecha') + ->addFilterPeriod('period-v', 'expiration', 'vencimiento') + ->addButton([ + 'action' => 'pay-receipt', + 'color' => 'outline-success', + 'confirm' => 'true', + 'icon' => 'fa-solid fa-check', + 'label' => 'paid', + 'type' => 'action' + ]) + ->setSettings('btnPrint', true) + ->setSettings('btnNew', false) + ->setSettings('btnDelete', false) + ->disableColumn('customer') + ->disableColumn('supplier'); + } // filtramos por grupos de clientes $optionsGroup = [ ['label' => Tools::lang()->trans('any-group'), 'where' => []], From 559551c044a642e7d9f252af054f623826a023da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Esteban=20S=C3=A1nchez=20Mart=C3=ADnez?= Date: Fri, 13 Mar 2026 18:51:16 +0100 Subject: [PATCH 6/7] Remove duplicated sales filter block (moved inside createViewSales). Fixes syntax error. --- Controller/EditProyecto.php | 62 ++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/Controller/EditProyecto.php b/Controller/EditProyecto.php index 9137115..267edd9 100644 --- a/Controller/EditProyecto.php +++ b/Controller/EditProyecto.php @@ -236,38 +236,7 @@ protected function createViewSales(string $modelName, string $label) } $this->addCommonViewFilters($viewName, $modelName); - } - /** - * Add a receipt list view (copied from ComercialContactController to be available in this controller). - * - * @param string $viewName - * @param string $model - */ - protected function createReceiptView(string $viewName, string $model) - { - return $this->addListView($viewName, $model, 'receipts', 'fa-solid fa-dollar-sign') - ->addOrderBy(['fecha'], 'date') - ->addOrderBy(['fechapago'], 'payment-date') - ->addOrderBy(['vencimiento'], 'expiration', 2) - ->addOrderBy(['importe'], 'amount') - ->addSearchFields(['codigofactura', 'observaciones']) - ->addFilterPeriod('period-f', 'fecha', 'fecha') - ->addFilterPeriod('period-v', 'expiration', 'vencimiento') - ->addButton([ - 'action' => 'pay-receipt', - 'color' => 'outline-success', - 'confirm' => 'true', - 'icon' => 'fa-solid fa-check', - 'label' => 'paid', - 'type' => 'action' - ]) - ->setSettings('btnPrint', true) - ->setSettings('btnNew', false) - ->setSettings('btnDelete', false) - ->disableColumn('customer') - ->disableColumn('supplier'); - } // filtramos por grupos de clientes $optionsGroup = [ ['label' => Tools::lang()->trans('any-group'), 'where' => []], @@ -312,6 +281,37 @@ protected function createReceiptView(string $viewName, string $model) $this->addCommonSalesPurchases($viewName, $modelName); } + /** + * Add a receipt list view (copied from ComercialContactController to be available in this controller). + * + * @param string $viewName + * @param string $model + */ + protected function createReceiptView(string $viewName, string $model) + { + return $this->addListView($viewName, $model, 'receipts', 'fa-solid fa-dollar-sign') + ->addOrderBy(['fecha'], 'date') + ->addOrderBy(['fechapago'], 'payment-date') + ->addOrderBy(['vencimiento'], 'expiration', 2) + ->addOrderBy(['importe'], 'amount') + ->addSearchFields(['codigofactura', 'observaciones']) + ->addFilterPeriod('period-f', 'fecha', 'fecha') + ->addFilterPeriod('period-v', 'expiration', 'vencimiento') + ->addButton([ + 'action' => 'pay-receipt', + 'color' => 'outline-success', + 'confirm' => 'true', + 'icon' => 'fa-solid fa-check', + 'label' => 'paid', + 'type' => 'action' + ]) + ->setSettings('btnPrint', true) + ->setSettings('btnNew', false) + ->setSettings('btnDelete', false) + ->disableColumn('customer') + ->disableColumn('supplier'); + + protected function createViewsNotes(string $viewName = 'ListNotaProyecto'): void { $this->addListView($viewName, 'NotaProyecto', 'notes', 'fa-solid fa-sticky-note') From 60d272d424db7c15dd2189407d2a30c44f73d7ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Esteban=20S=C3=A1nchez=20Mart=C3=ADnez?= Date: Fri, 13 Mar 2026 18:55:24 +0100 Subject: [PATCH 7/7] =?UTF-8?q?Si=20el=20usuario=20no=20tiene=20permiso=20?= =?UTF-8?q?no=20le=20aparecen=20las=20pesta=C3=B1as=20ni=20presupuestos,?= =?UTF-8?q?=20pedidos,=20albaranes=20y=20facturas=20dentro=20del=20proyect?= =?UTF-8?q?o?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Controller/EditProyecto.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Controller/EditProyecto.php b/Controller/EditProyecto.php index 267edd9..6b08522 100644 --- a/Controller/EditProyecto.php +++ b/Controller/EditProyecto.php @@ -310,7 +310,7 @@ protected function createReceiptView(string $viewName, string $model) ->setSettings('btnDelete', false) ->disableColumn('customer') ->disableColumn('supplier'); - + } protected function createViewsNotes(string $viewName = 'ListNotaProyecto'): void {