From 5094fc329619895583227de6b9f8bb0242503d07 Mon Sep 17 00:00:00 2001
From: Holger Cremer <HolgerCremer@gmail.com>
Date: Sat, 4 Jan 2020 21:56:53 +0100
Subject: improves the cashbox detail view

---
 src/web/web.vala | 39 +++++++++++++++++----------------------
 1 file changed, 17 insertions(+), 22 deletions(-)

(limited to 'src/web/web.vala')

diff --git a/src/web/web.vala b/src/web/web.vala
index 5dcceef..a4c24ca 100644
--- a/src/web/web.vala
+++ b/src/web/web.vala
@@ -1541,30 +1541,25 @@ public class WebServer {
 	}
 
 	void handler_cashbox_detail_selection(Soup.Server server, Soup.Message msg, string path, GLib.HashTable? query, Soup.ClientContext client) {
-		string[] pathparts = path.split("/");
+		try {
+			string[] pathparts = path.split("/");
 
-		if(pathparts.length > 4) {
-			DateYear year = (DateYear) int.parse(pathparts[3]);
-			DateMonth month = (DateMonth) int.parse(pathparts[4]);
-			handler_cashbox_detail(server, msg, path, query, client, year, month);
-		} else {
-			try {
-				var session = new WebSession(server, msg, path, query, client);
-				var template = new WebTemplate("cashbox/selection.html", session);
-				template.replace("TITLE", shortname + " Shop System: Cashbox Detail");
-				template.menu_set_active("cashbox");
-				msg.set_response("text/html", Soup.MemoryUse.COPY, template.data);
-				msg.set_status(200);
-			} catch(TemplateError e) {
-				stderr.printf(e.message+"\n");
-				handler_404(server, msg, path, query, client);
-			} catch(DatabaseError e) {
-				handler_400(server, msg, path, query, client, e.message);
-			} catch(IOError e) {
-				handler_400(server, msg, path, query, client, e.message);
-			} catch(DBusError e) {
-				handler_400(server, msg, path, query, client, e.message);
+			if(pathparts.length > 4) {
+				DateYear year = (DateYear) int.parse(pathparts[3]);
+				DateMonth month = (DateMonth) int.parse(pathparts[4]);
+				handler_cashbox_detail(server, msg, path, query, client, year, month);
+			} else {
+				msg.set_redirect(302, "/cashbox");
 			}
+		} catch(TemplateError e) {
+			stderr.printf(e.message+"\n");
+			handler_404(server, msg, path, query, client);
+		} catch(DatabaseError e) {
+			handler_400(server, msg, path, query, client, e.message);
+		} catch(IOError e) {
+			handler_400(server, msg, path, query, client, e.message);
+		} catch(DBusError e) {
+			handler_400(server, msg, path, query, client, e.message);
 		}
 	}
 
-- 
cgit v1.2.3


From 1b9216903a2512dd7cbbb678f9e3f3d82f667d74 Mon Sep 17 00:00:00 2001
From: Holger Cremer <HolgerCremer@gmail.com>
Date: Sat, 4 Jan 2020 22:00:40 +0100
Subject: needs only cashbox permissino to access cashbox details

---
 src/web/web.vala | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/web/web.vala')

diff --git a/src/web/web.vala b/src/web/web.vala
index a4c24ca..0ed852d 100644
--- a/src/web/web.vala
+++ b/src/web/web.vala
@@ -1567,7 +1567,7 @@ public class WebServer {
 		try {
 			var session = new WebSession(server, msg, path, query, client);
 
-			if(!session.superuser) {
+			if(!session.superuser && !session.auth_cashbox) {
 				handler_403(server, msg, path, query, client);
 				return;
 			}
-- 
cgit v1.2.3