diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-06-05 17:49:37 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-06-05 17:49:37 +0100 |
| commit | ccb6c9dfdcee8d10fe845b08cea9f76fd3530a70 (patch) | |
| tree | 6892d65416ca2393279933d322c8594127bf9114 | |
| parent | b05452250feb5bdf78fced07e5a67c4ac4ff2d47 (diff) | |
| download | stock-ccb6c9dfdcee8d10fe845b08cea9f76fd3530a70.tar.gz stock-ccb6c9dfdcee8d10fe845b08cea9f76fd3530a70.tar.bz2 stock-ccb6c9dfdcee8d10fe845b08cea9f76fd3530a70.zip | |
Add p_stock_expunge permission; gate movement delete button
p_stock_expunge at admin level. edit_movement.tpl delete button now
requires p_stock_expunge. Xref item delete gating (currently xrefAllowEdit
only) is a pending audit — same history-vs-hard-delete question as contact.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
| -rwxr-xr-x | admin/schema_inc.php | 9 | ||||
| -rw-r--r-- | templates/edit_movement.tpl | 2 |
2 files changed, 6 insertions, 5 deletions
diff --git a/admin/schema_inc.php b/admin/schema_inc.php index b236b5c..508a707 100755 --- a/admin/schema_inc.php +++ b/admin/schema_inc.php @@ -62,10 +62,11 @@ $gBitInstaller->registerPreferences( STOCK_PKG_NAME, [ // ### Default User Permissions $gBitInstaller->registerUserPermissions( STOCK_PKG_NAME, [ - [ 'p_stock_view', 'Can view stock assemblies and components', 'registered', STOCK_PKG_NAME ], - [ 'p_stock_create', 'Can create stock assemblies and components', 'editors', STOCK_PKG_NAME ], - [ 'p_stock_update', 'Can update stock assemblies and components', 'editors', STOCK_PKG_NAME ], - [ 'p_stock_admin', 'Can administer stock', 'admin', STOCK_PKG_NAME ], + [ 'p_stock_view', 'Can view stock assemblies and components', 'registered', STOCK_PKG_NAME ], + [ 'p_stock_create', 'Can create stock assemblies and components', 'editors', STOCK_PKG_NAME ], + [ 'p_stock_update', 'Can update stock assemblies and components', 'editors', STOCK_PKG_NAME ], + [ 'p_stock_expunge', 'Can delete stock records', 'admin', STOCK_PKG_NAME ], + [ 'p_stock_admin', 'Can administer stock', 'admin', STOCK_PKG_NAME ], ] ); // ### Register content types diff --git a/templates/edit_movement.tpl b/templates/edit_movement.tpl index 097aba2..c35b06d 100644 --- a/templates/edit_movement.tpl +++ b/templates/edit_movement.tpl @@ -95,7 +95,7 @@ <div class="form-group submit"> <input type="submit" class="btn btn-primary" name="fSave" value="{tr}Save{/tr}" /> - {if $gContent->isValid()} + {if $gContent->isValid() && $gBitUser->hasPermission('p_stock_expunge')} <input type="submit" class="btn btn-danger pull-right" name="delete" value="{tr}Delete{/tr}" /> {/if} </div> |