From 6836ffaafca78ee5c7e3bb9b9db06c174662e6f1 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Sun, 11 Oct 2009 09:27:14 +0000
Subject: [PATCH] Fixed page_security for various page usages.

---
 sales/inquiry/sales_orders_view.php | 15 +++++++++++++--
 sales/sales_order_entry.php         | 16 +++++++++++++++-
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/sales/inquiry/sales_orders_view.php b/sales/inquiry/sales_orders_view.php
index abd11a00..d9e993a5 100644
--- a/sales/inquiry/sales_orders_view.php
+++ b/sales/inquiry/sales_orders_view.php
@@ -9,7 +9,6 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 'SA_STEMPLATE';
 $path_to_root = "../..";
 
 include($path_to_root . "/includes/db_pager.inc");
@@ -17,6 +16,15 @@ include($path_to_root . "/includes/session.inc");
 include($path_to_root . "/sales/includes/sales_ui.inc");
 include_once($path_to_root . "/reporting/includes/reporting.inc");
 
+$page_security = 'SA_TRANSVIEW';
+
+set_page_security( @$_POST['order_view_mode'],
+	array(	'OutstandingOnly' => 'SA_SALESDELIVERY',
+			'InvoiceTemplates' => 'SA_SALESINVOICE'),
+	array(	'OutstandingOnly' => 'SA_SALESDELIVERY',
+			'InvoiceTemplates' => 'SA_SALESINVOICE')
+);
+
 $js = "";
 if ($use_popup_windows)
 	$js .= get_js_open_window(900, 600);
@@ -27,8 +35,11 @@ if (get_post('type'))
 	$trans_type = $_POST['type'];
 elseif (isset($_GET['type']) && $_GET['type'] == ST_SALESQUOTE)
 	$trans_type = ST_SALESQUOTE;
-else
+elseif (isset($_GET['type']) && $_GET['type'] == ST_SALESORDER)
 	$trans_type = ST_SALESORDER;
+else
+	$page_security = 'SA_DENIED';
+
 if ($trans_type == ST_SALESORDER)
 {
 	if (isset($_GET['OutstandingOnly']) && ($_GET['OutstandingOnly'] == true))
diff --git a/sales/sales_order_entry.php b/sales/sales_order_entry.php
index c1453441..cd9e48b2 100644
--- a/sales/sales_order_entry.php
+++ b/sales/sales_order_entry.php
@@ -17,8 +17,8 @@
 //	Entry Direct Invoice
 //
 
-$page_security = 'SA_SALESORDER';
 $path_to_root = "..";
+$page_security = 'SA_SALESORDER';
 
 include_once($path_to_root . "/sales/includes/cart_class.inc");
 include_once($path_to_root . "/includes/session.inc");
@@ -27,6 +27,20 @@ include_once($path_to_root . "/sales/includes/ui/sales_order_ui.inc");
 include_once($path_to_root . "/sales/includes/sales_db.inc");
 include_once($path_to_root . "/sales/includes/db/sales_types_db.inc");
 include_once($path_to_root . "/reporting/includes/reporting.inc");
+
+set_page_security( @$_SESSION['Items']->trans_type,
+	array(	ST_SALESORDER=>'SA_SALESORDER',
+			ST_SALESQUOTE => 'SA_SALESQUOTE',
+			ST_CUSTDELIVERY => 'SA_SALESDELIVERY',
+			ST_SALESINVOICE => 'SA_SALESINVOICE'),
+	array(	'NewOrder' => 'SA_SALESORDER',
+			'ModifySalesOrder' => 'SA_SALESORDER',
+			'NewQuotation' => 'SA_SALESQUOTE',
+			'ModifyQuotationNumber' => 'SA_SALESQUOTE',
+			'NewDelivery' => 'SA_SALESDELIVERY',
+			'NewInvoice' => 'SA_SALESINVOICE')
+);
+
 $js = '';
 
 if ($use_popup_windows) {
-- 
2.30.2