Add role_invoices

This new role allows users to create invoices without role_finance. Users
can then only modify their own created invoices until somebody with the
role_finance sets the paid_on value.

app/controllers/finance/invoices_controller.rb

@@ -1,11 +1,13 @@
 class Finance::InvoicesController < ApplicationController
 
+ before_filter :find_invoice, only: [:show, :edit, :update, :destroy]
+ before_filter :ensure_can_edit, only: [:edit, :update, :destroy]
+
  def index
  @invoices = Invoice.includes(:supplier, :deliveries, :orders).order('date DESC').page(params[:page]).per(@per_page)
  end
 
  def show
- @invoice = Invoice.find(params[:id])
  end
 
  def new
@@ -15,7 +17,6 @@ def new
  end
 
  def edit
- @invoice = Invoice.find(params[:id])
  end
 
  def create
@@ -36,8 +37,6 @@ def create
  end
 
  def update
- @invoice = Invoice.find(params[:id])
-
  if @invoice.update_attributes(params[:invoice])
  redirect_to [:finance, @invoice], notice: I18n.t('finance.update.notice')
  else
@@ -46,9 +45,21 @@ def update
  end
 
  def destroy
- @invoice = Invoice.find(params[:id])
  @invoice.destroy
 
  redirect_to finance_invoices_url
  end
+
+ private
+
+ def find_invoice
+ @invoice = Invoice.find(params[:id])
+ end
+
+ # Returns true if @current_user can edit the invoice..
+ def ensure_can_edit
+ unless @invoice.user_can_edit?(current_user)
+ deny_access
+ end
+ end
 end

app/helpers/application_helper.rb

@@ -150,7 +150,7 @@ def remote_link_to(text, options={})
  end
 
  def format_roles(record, icon=false)
- roles = %w(suppliers article_meta orders finance admin)
+ roles = %w(suppliers article_meta orders finance invoices admin)
  roles.select! {|role| record.send "role_#{role}?"}
  names = Hash[roles.map{|r| [r, I18n.t("helpers.application.role_#{r}")]}]
  if icon

app/models/invoice.rb

@@ -13,6 +13,10 @@ class Invoice < ActiveRecord::Base
  # Replace numeric seperator with database format
  localize_input_of :amount, :deposit, :deposit_credit
 
+ def user_can_edit?(user)
+ user.role_finance? || (user.role_invoices? && !self.paid_on && self.created_by.id == user.id)
+ end
+
  # Amount without deposit
  def net_amount
  amount - deposit + deposit_credit

app/models/user.rb

@@ -143,7 +143,12 @@ def role_admin?
  def role_finance?
  groups.detect {|group| group.role_finance?}
  end
-
+
+ # Checks the invoices role
+ def role_invoices?
+ groups.detect {|group| group.role_invoices?}
+ end
+
  # Checks the article_meta role
  def role_article_meta?
  groups.detect {|group| group.role_article_meta?}

app/views/admin/workgroups/_form.html.haml

@@ -6,6 +6,7 @@
  = f.input :role_article_meta
  = f.input :role_orders
  = f.input :role_finance
+ = f.input :role_invoices
  = f.input :role_admin
  = render 'shared/group_form_fields', :f => f, captured: captured
  .form-actions

app/views/finance/invoices/_form.html.haml

@@ -15,7 +15,8 @@
  = f.association :supplier, hint: false
  = f.input :number
  = f.input :date, as: :date_picker
- = f.input :paid_on, as: :date_picker
+ - if current_user.role_finance?
+ = f.input :paid_on, as: :date_picker
  = f.input :amount, as: :string
  = f.input :deposit, as: :string
  = f.input :deposit_credit, as: :string

app/views/finance/invoices/_invoices.html.haml

@@ -32,6 +32,10 @@
  = ', ' if index > 0
  = link_to format_date(order.ends), new_finance_order_path(order_id: order)
  %td= truncate(invoice.note)
- %td= link_to t('ui.edit'), edit_finance_invoice_path(invoice), class: 'btn btn-mini'
- %td= link_to t('ui.delete'), finance_invoice_path(invoice), :data => {:confirm => t('.confirm_delete')}, :method => :delete,
- class: 'btn btn-danger btn-mini'
+ %td
+ - if invoice.user_can_edit?(current_user)
+ = link_to t('ui.edit'), edit_finance_invoice_path(invoice), class: 'btn btn-mini'
+ %td
+ - if invoice.user_can_edit?(current_user)
+ = link_to t('ui.delete'), finance_invoice_path(invoice), :data => {:confirm => t('.confirm_delete')}, :method => :delete,
+ class: 'btn btn-danger btn-mini'

app/views/finance/invoices/show.html.haml

@@ -47,5 +47,6 @@
  %b= heading_helper(Invoice, :note) + ':'
  =h @invoice.note
 
-= link_to t('ui.edit'), edit_finance_invoice_path(@invoice)
+- if @invoice.user_can_edit?(current_user)
+ = link_to t('ui.edit'), edit_finance_invoice_path(@invoice)
 = link_to t('ui.or_cancel'), finance_invoices_path

app/views/ordergroups/edit.html.haml

@@ -41,6 +41,10 @@
  = f.label :role_finance
  %br/
  = f.check_box :role_finance
+ %p
+ = f.label :role_invoices
+ %br/
+ = f.check_box :role_invoices
  %p
  = f.label :role_orders
  %br/

app/views/ordergroups/index.html.haml

@@ -11,6 +11,7 @@
  %th Role Suppliers
  %th Role Article Meta
  %th Role Finance
+ %th Role Invoices
  %th Role Orders
  %th Deleted At
  %th Contact Person
@@ -28,6 +29,7 @@
  %td= h ordergroup.role_suppliers
  %td= h ordergroup.role_article_meta
  %td= h ordergroup.role_finance
+ %td= h ordergroup.role_invoices
  %td= h ordergroup.role_orders
  %td= h ordergroup.deleted_at
  %td= h ordergroup.contact_person

app/views/workgroups/edit.html.haml

@@ -41,6 +41,10 @@
  = f.label :role_finance
  %br/
  = f.check_box :role_finance
+ %p
+ = f.label :role_invoices
+ %br/
+ = f.check_box :role_invoices
  %p
  = f.label :role_orders
  %br/

app/views/workgroups/index.html.haml

@@ -11,6 +11,7 @@
  %th Role Suppliers
  %th Role Article Meta
  %th Role Finance
+ %th Role Invoices
  %th Role Orders
  %th Deleted At
  %th Contact Person
@@ -28,6 +29,7 @@
  %td= h workgroup.role_suppliers
  %td= h workgroup.role_article_meta
  %td= h workgroup.role_finance
+ %td= h workgroup.role_invoices
  %td= h workgroup.role_orders
  %td= h workgroup.deleted_at
  %td= h workgroup.contact_person

config/locales/de.yml

@@ -169,6 +169,7 @@ de:
  role_admin: Administration
  role_article_meta: Artikeldatenbank
  role_finance: Finanzen
+ role_invoices: Rechnungen
  role_orders: Bestellverwaltung
  role_suppliers: Lieferanten
  user_tokens: Mitglieder
@@ -900,6 +901,7 @@ de:
  role_admin: Admin
  role_article_meta: Artikel
  role_finance: Finanzen
+ role_invoices: Rechnungen
  role_orders: Bestellung
  role_suppliers: Lieferanten
  show_google_maps: Show it on Google maps

config/locales/en.yml

@@ -170,6 +170,7 @@ en:
  role_admin: Administration
  role_article_meta: Article database
  role_finance: Finances
+ role_invoices: Invoices
  role_orders: Order management
  role_suppliers: Suppliers
  user_tokens: Members
@@ -913,6 +914,7 @@ en:
  role_admin: Admin
  role_article_meta: Articles
  role_finance: Finance
+ role_invoices: Invoices
  role_orders: Orders
  role_suppliers: Suppliers
  show_google_maps: Show it on Google maps

config/locales/fr.yml

@@ -169,6 +169,7 @@ fr:
  role_admin: Administration
  role_article_meta: Base de données des produits
  role_finance: Trésorerie
+ role_invoices: Facture
  role_orders: Gestion des commandes
  role_suppliers: Contact avec les fournisseur-e-s
  user_tokens: Membres
@@ -178,12 +179,12 @@ fr:
  article:
  attributes:
  name:
- taken: 
- taken_with_unit: 
+ taken:
+ taken_with_unit:
  supplier:
  attributes:
  shared_sync_method:
- included: 
+ included:
  task:
  attributes:
  done:
@@ -906,6 +907,7 @@ fr:
  role_admin: Administrateur
  role_article_meta: Article
  role_finance: Finances
+ role_invoices: Facture
  role_orders: Commande
  role_suppliers: Fournisseur-e
  show_google_maps: Afficher la position sur Google maps

config/locales/nl.yml

@@ -169,6 +169,7 @@ nl:
  role_admin: Beheer
  role_article_meta: Artikelen
  role_finance: Financiën
+ role_invoices: Facturen
  role_orders: Bestellingen
  role_suppliers: Leveranciers
  user_tokens: Leden
@@ -900,6 +901,7 @@ nl:
  role_admin: Admin
  role_article_meta: Artikelen
  role_finance: Financiën
+ role_invoices: Facturen
  role_orders: Bestelling
  role_suppliers: Leveranciers
  show_google_maps: Op Google maps bekijken

config/navigation.rb

@@ -33,10 +33,10 @@
  subnav.item :categories, I18n.t('navigation.articles.categories'), article_categories_path
  end
 
- primary.item :finance, I18n.t('navigation.finances.title'), '#', if: Proc.new { current_user.role_finance? } do |subnav|
- subnav.item :finance_home, I18n.t('navigation.finances.home'), finance_root_path
- subnav.item :accounts, I18n.t('navigation.finances.accounts'), finance_ordergroups_path
- subnav.item :balancing, I18n.t('navigation.finances.balancing'), finance_order_index_path
+ primary.item :finance, I18n.t('navigation.finances.title'), '#', if: Proc.new { current_user.role_finance? || current_user.role_invoices? } do |subnav|
+ subnav.item :finance_home, I18n.t('navigation.finances.home'), finance_root_path, if: Proc.new { current_user.role_finance? }
+ subnav.item :accounts, I18n.t('navigation.finances.accounts'), finance_ordergroups_path, if: Proc.new { current_user.role_finance? }
+ subnav.item :balancing, I18n.t('navigation.finances.balancing'), finance_order_index_path, if: Proc.new { current_user.role_finance? }
  subnav.item :invoices, I18n.t('navigation.finances.invoices'), finance_invoices_path
  end
 

db/migrate/20160217194036_add_role_invoices_to_group.rb

@@ -0,0 +1,5 @@
+class AddRoleInvoicesToGroup < ActiveRecord::Migration
+ def change
+ add_column :groups, :role_invoices, :boolean, :default => false, :null => false
+ end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20160217134742) do
+ActiveRecord::Schema.define(version: 20160217194036) do
 
  create_table "article_categories", force: :cascade do |t|
  t.string "name", limit: 255, default: "", null: false
@@ -140,6 +140,7 @@
  t.text "stats", limit: 65535
  t.integer "next_weekly_tasks_number", limit: 4, default: 8
  t.boolean "ignore_apple_restriction", default: false
+ t.boolean "role_invoices", default: false, null: false
  end
 
  add_index "groups", ["name"], name: "index_groups_on_name", unique: true, using: :btree