Ollama 24b2825b31 Fix: Restrict employee selection in expenses and receivings forms ...

Users without the 'employees' permission can no longer impersonate other
employees when creating or editing expenses and receivings. The employee
field is now restricted to the current user for new records and shows the
stored employee for existing records.

Changes:
- Expenses controller: Add permission check in getView() and postSave()
- Receivings controller: Add permission check in getEdit() and postSave()
- Form views: Conditionally display dropdown or read-only field

Fixes #3616

2026-03-17 15:32:16 +00:00

23 KiB

Raw Blame History

View Raw