Fixed page_security for various page usages.

diff --git a/sales/inquiry/sales_orders_view.php b/sales/inquiry/sales_orders_view.php
index abd11a00a9dd34bafca000e4bf541f4a63ada10d..d9e993a56d527e03f75b0f793883949bf86da275 100644 (file)
--- a/sales/inquiry/sales_orders_view.php
+++ b/sales/inquiry/sales_orders_view.php
@@ -9,7 +9,6 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
-$page_security = 'SA_STEMPLATE';
 $path_to_root = "../..";
 
 include($path_to_root . "/includes/db_pager.inc");
@@ -17,6 +16,15 @@ include($path_to_root . "/includes/session.inc");
 include($path_to_root . "/sales/includes/sales_ui.inc");
 include_once($path_to_root . "/reporting/includes/reporting.inc");
 
+$page_security = 'SA_TRANSVIEW';
+
+set_page_security( @$_POST['order_view_mode'],
+       array(  'OutstandingOnly' => 'SA_SALESDELIVERY',
+                       'InvoiceTemplates' => 'SA_SALESINVOICE'),
+       array(  'OutstandingOnly' => 'SA_SALESDELIVERY',
+                       'InvoiceTemplates' => 'SA_SALESINVOICE')
+);
+
 $js = "";
 if ($use_popup_windows)
        $js .= get_js_open_window(900, 600);
@@ -27,8 +35,11 @@ if (get_post('type'))
        $trans_type = $_POST['type'];
 elseif (isset($_GET['type']) && $_GET['type'] == ST_SALESQUOTE)
        $trans_type = ST_SALESQUOTE;
-else
+elseif (isset($_GET['type']) && $_GET['type'] == ST_SALESORDER)
        $trans_type = ST_SALESORDER;
+else
+       $page_security = 'SA_DENIED';
+
 if ($trans_type == ST_SALESORDER)
 {
        if (isset($_GET['OutstandingOnly']) && ($_GET['OutstandingOnly'] == true))

diff --git a/sales/sales_order_entry.php b/sales/sales_order_entry.php
index c145344191cbd8198778c725bafa6d590f4057c0..cd9e48b24ff36911a758b9bfb29b0342b51e59a1 100644 (file)
--- a/sales/sales_order_entry.php
+++ b/sales/sales_order_entry.php
@@ -17,8 +17,8 @@
 //     Entry Direct Invoice
 //
 
-$page_security = 'SA_SALESORDER';
 $path_to_root = "..";
+$page_security = 'SA_SALESORDER';
 
 include_once($path_to_root . "/sales/includes/cart_class.inc");
 include_once($path_to_root . "/includes/session.inc");
@@ -27,6 +27,20 @@ include_once($path_to_root . "/sales/includes/ui/sales_order_ui.inc");
 include_once($path_to_root . "/sales/includes/sales_db.inc");
 include_once($path_to_root . "/sales/includes/db/sales_types_db.inc");
 include_once($path_to_root . "/reporting/includes/reporting.inc");
+
+set_page_security( @$_SESSION['Items']->trans_type,
+       array(  ST_SALESORDER=>'SA_SALESORDER',
+                       ST_SALESQUOTE => 'SA_SALESQUOTE',
+                       ST_CUSTDELIVERY => 'SA_SALESDELIVERY',
+                       ST_SALESINVOICE => 'SA_SALESINVOICE'),
+       array(  'NewOrder' => 'SA_SALESORDER',
+                       'ModifySalesOrder' => 'SA_SALESORDER',
+                       'NewQuotation' => 'SA_SALESQUOTE',
+                       'ModifyQuotationNumber' => 'SA_SALESQUOTE',
+                       'NewDelivery' => 'SA_SALESDELIVERY',
+                       'NewInvoice' => 'SA_SALESINVOICE')
+);
+
 $js = '';
 
 if ($use_popup_windows) {