summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorivan <ivan>2008-01-13 21:35:54 +0000
committerivan <ivan>2008-01-13 21:35:54 +0000
commit0930d22ffc440f80c1b222b2e750cadbabd9e8f6 (patch)
tree59d6738ed4c685cd9bec804e9d3f661f4f37d72c
parentf49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (diff)
ACLs
-rwxr-xr-xhttemplate/edit/REAL_cust_pkg.cgi12
-rw-r--r--httemplate/edit/access_user.html6
-rwxr-xr-xhttemplate/edit/agent.cgi6
-rw-r--r--httemplate/edit/agent_payment_gateway.html37
-rwxr-xr-xhttemplate/edit/agent_type.cgi39
-rw-r--r--httemplate/edit/bulk-cust_svc.html14
-rwxr-xr-xhttemplate/edit/cust_bill_pay.cgi13
-rwxr-xr-xhttemplate/edit/cust_credit.cgi9
-rwxr-xr-xhttemplate/edit/cust_credit_bill.cgi9
-rwxr-xr-xhttemplate/edit/cust_main.cgi196
-rwxr-xr-xhttemplate/edit/cust_main_county-expand.cgi3
-rwxr-xr-xhttemplate/edit/cust_main_note.cgi19
-rwxr-xr-xhttemplate/edit/cust_pay.cgi7
-rwxr-xr-xhttemplate/edit/cust_pkg.cgi69
-rwxr-xr-xhttemplate/edit/cust_refund.cgi61
-rw-r--r--httemplate/edit/inventory_class.html6
-rwxr-xr-xhttemplate/edit/part_bill_event.cgi69
-rw-r--r--httemplate/edit/part_export.cgi215
-rwxr-xr-xhttemplate/edit/part_pkg.cgi15
-rwxr-xr-xhttemplate/edit/part_referral.html7
-rwxr-xr-xhttemplate/edit/part_svc.cgi71
-rw-r--r--httemplate/edit/part_virtual_field.cgi53
-rw-r--r--httemplate/edit/payment_gateway.html46
-rw-r--r--httemplate/edit/pkg_class.html6
-rw-r--r--httemplate/edit/prepay_credit.cgi75
-rwxr-xr-xhttemplate/edit/process/REAL_cust_pkg.cgi57
-rw-r--r--httemplate/edit/process/access_user.html6
-rwxr-xr-xhttemplate/edit/process/agent.cgi49
-rw-r--r--httemplate/edit/process/agent_payment_gateway.html53
-rwxr-xr-xhttemplate/edit/process/agent_type.cgi62
-rw-r--r--httemplate/edit/process/bulk-cust_svc.cgi11
-rwxr-xr-xhttemplate/edit/process/cust_bill_pay.cgi84
-rwxr-xr-xhttemplate/edit/process/cust_credit.cgi73
-rwxr-xr-xhttemplate/edit/process/cust_credit_bill.cgi86
-rwxr-xr-xhttemplate/edit/process/cust_main.cgi3
-rwxr-xr-xhttemplate/edit/process/cust_main_county-collapse.cgi8
-rwxr-xr-xhttemplate/edit/process/cust_main_county-expand.cgi3
-rw-r--r--httemplate/edit/process/cust_main_county.html7
-rwxr-xr-xhttemplate/edit/process/cust_main_note.cgi84
-rwxr-xr-xhttemplate/edit/process/cust_pay.cgi61
-rwxr-xr-xhttemplate/edit/process/cust_pkg.cgi15
-rwxr-xr-xhttemplate/edit/process/cust_refund.cgi73
-rw-r--r--httemplate/edit/process/cust_svc.cgi50
-rwxr-xr-xhttemplate/edit/process/domain_record.cgi54
-rw-r--r--httemplate/edit/process/generic.cgi140
-rw-r--r--httemplate/edit/process/inventory_class.html6
-rw-r--r--httemplate/edit/process/msgcat.cgi33
-rwxr-xr-xhttemplate/edit/process/part_bill_event.cgi173
-rw-r--r--httemplate/edit/process/part_export.cgi71
-rwxr-xr-xhttemplate/edit/process/part_pkg.cgi196
-rwxr-xr-xhttemplate/edit/process/part_referral.html7
-rwxr-xr-xhttemplate/edit/process/part_svc.cgi11
-rw-r--r--httemplate/edit/process/payment_gateway.html59
-rw-r--r--httemplate/edit/process/pkg_class.html6
-rw-r--r--httemplate/edit/process/prepay_credit.cgi8
-rw-r--r--httemplate/edit/process/quick-charge.cgi83
-rw-r--r--httemplate/edit/process/quick-cust_pkg.cgi30
-rwxr-xr-xhttemplate/edit/process/rate.cgi11
-rw-r--r--httemplate/edit/process/reason.html6
-rw-r--r--httemplate/edit/process/reason_type.html6
-rw-r--r--httemplate/edit/process/reg_code.cgi64
-rw-r--r--httemplate/edit/process/router.cgi8
-rw-r--r--httemplate/edit/process/svc_Common.html15
-rwxr-xr-xhttemplate/edit/process/svc_acct.cgi117
-rwxr-xr-xhttemplate/edit/process/svc_acct_pop.cgi49
-rw-r--r--httemplate/edit/process/svc_broadband.cgi63
-rwxr-xr-xhttemplate/edit/process/svc_domain.cgi55
-rwxr-xr-xhttemplate/edit/process/svc_external.cgi51
-rwxr-xr-xhttemplate/edit/process/svc_forward.cgi51
-rw-r--r--httemplate/edit/process/svc_phone.html6
-rw-r--r--httemplate/edit/process/svc_www.cgi65
-rw-r--r--httemplate/edit/quick-charge.html3
-rw-r--r--httemplate/edit/rate.cgi1
-rw-r--r--httemplate/edit/rate_region.cgi2
-rw-r--r--httemplate/edit/reason.html6
-rw-r--r--httemplate/edit/reason_type.html17
-rw-r--r--httemplate/edit/reg_code.cgi29
-rwxr-xr-xhttemplate/edit/router.cgi54
-rw-r--r--httemplate/edit/svc_Common.html15
-rwxr-xr-xhttemplate/edit/svc_acct.cgi264
-rwxr-xr-xhttemplate/edit/svc_acct_pop.cgi105
-rw-r--r--httemplate/edit/svc_broadband.cgi183
-rwxr-xr-xhttemplate/edit/svc_domain.cgi132
-rw-r--r--httemplate/edit/svc_external.cgi195
-rwxr-xr-xhttemplate/edit/svc_forward.cgi219
-rw-r--r--httemplate/edit/svc_phone.cgi6
-rw-r--r--httemplate/edit/svc_www.cgi455
87 files changed, 2614 insertions, 2364 deletions
diff --git a/httemplate/edit/REAL_cust_pkg.cgi b/httemplate/edit/REAL_cust_pkg.cgi
index fe6984673..fea85456f 100755
--- a/httemplate/edit/REAL_cust_pkg.cgi
+++ b/httemplate/edit/REAL_cust_pkg.cgi
@@ -2,7 +2,6 @@
%#, menubar(
%# "View this customer (#$custnum)" => popurl(2). "view/cust_main.cgi?$custnum",
-%# 'Main Menu' => popurl(2)
%#));
<LINK REL="stylesheet" TYPE="text/css" HREF="../elements/calendar-win2k-2.css" TITLE="win2k-2">
@@ -13,9 +12,12 @@
<FORM NAME="formname" ACTION="process/REAL_cust_pkg.cgi" METHOD="POST">
<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
+% # raw error from below
% if ( $error ) {
<FONT SIZE="+1" COLOR="#ff0000">Error: <% $error %></FONT>
% }
+% #or, regular error handler
+<% include('/elements/error.html') %>
<% ntable("#cccccc",2) %>
@@ -122,16 +124,19 @@ my $format = "%m/%d/%Y %T %z (%Z)";
</%once>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates');
+
my $error = '';
my( $pkgnum, $cust_pkg );
if ( $cgi->param('error') ) {
- $error = $cgi->param('error');
$pkgnum = $cgi->param('pkgnum');
- if ( $error eq '_bill_areyousure' ) {
+ if ( $cgi->param('error') eq '_bill_areyousure' ) {
if ( $cgi->param('bill') =~ /^([\s\d\/\:\-\(\w\)]*)$/ ) {
my $bill = $1;
+ $cgi->param('error', '');
$error = "You are attempting to set the next bill date to $bill, which is
in the past. This will charge the customer for the interval
from $bill until now. Are you sure you want to do this? ".
@@ -174,4 +179,3 @@ unless ( $part_pkg->is_prepaid ) {
}
</%init>
-
diff --git a/httemplate/edit/access_user.html b/httemplate/edit/access_user.html
index 065e60c4b..224d8d722 100644
--- a/httemplate/edit/access_user.html
+++ b/httemplate/edit/access_user.html
@@ -42,3 +42,9 @@
},
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/agent.cgi b/httemplate/edit/agent.cgi
index 46ab5c705..11bfc5932 100755
--- a/httemplate/edit/agent.cgi
+++ b/httemplate/edit/agent.cgi
@@ -1,5 +1,4 @@
<% include("/elements/header.html","$action Agent", menubar(
- 'Main Menu' => $p,
'View all agents' => $p. 'browse/agent.cgi',
)) %>
@@ -77,6 +76,9 @@ Agent #<% $agent->agentnum ? $agent->agentnum : "(NEW)" %>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
my $agent;
if ( $cgi->param('error') ) {
$agent = new FS::agent ( {
@@ -94,5 +96,3 @@ my $action = $agent->agentnum ? 'Edit' : 'Add';
my $conf = new FS::Conf;
</%init>
-
-
diff --git a/httemplate/edit/agent_payment_gateway.html b/httemplate/edit/agent_payment_gateway.html
index 9692199ef..4a7cedf79 100644
--- a/httemplate/edit/agent_payment_gateway.html
+++ b/httemplate/edit/agent_payment_gateway.html
@@ -1,20 +1,4 @@
-%
-%
-%$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum";
-%my $agent = qsearchs('agent', { 'agentnum' => $1 } );
-%die "agentnum $1 not found" unless $agent;
-%
-%#my @agent_payment_gateway;
-%if ( $cgi->param('error') ) {
-%}
-%
-%my $action = 'Add';
-%
-%
-
-
<% include("/elements/header.html","$action payment gateway override for ". $agent->agent, menubar(
- 'Main Menu' => $p,
#'View all payment gateways' => $p. 'browse/payment_gateway.html',
'View all agents' => $p. 'browse/agent.html',
)) %>
@@ -63,5 +47,22 @@ for <SELECT NAME="cardtype" MULTIPLE>
<INPUT TYPE="submit" VALUE="Add gateway override">
</FORM>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum";
+my $agent = qsearchs('agent', { 'agentnum' => $1 } );
+die "agentnum $1 not found" unless $agent;
+
+#my @agent_payment_gateway;
+if ( $cgi->param('error') ) {
+}
+
+my $action = 'Add';
+
+</%init>
diff --git a/httemplate/edit/agent_type.cgi b/httemplate/edit/agent_type.cgi
index bfef42fea..abf4bf89f 100755
--- a/httemplate/edit/agent_type.cgi
+++ b/httemplate/edit/agent_type.cgi
@@ -1,22 +1,4 @@
-%
-%
-%my($agent_type);
-%if ( $cgi->param('error') ) {
-% $agent_type = new FS::agent_type ( {
-% map { $_, scalar($cgi->param($_)) } fields('agent')
-% } );
-%} elsif ( $cgi->keywords ) { #editing
-% my( $query ) = $cgi->keywords;
-% $query =~ /^(\d+)$/;
-% $agent_type=qsearchs('agent_type',{'typenum'=>$1});
-%} else { #adding
-% $agent_type = new FS::agent_type {};
-%}
-%my $action = $agent_type->typenum ? 'Edit' : 'Add';
-%
-%
<% include("/elements/header.html","$action Agent Type", menubar(
- 'Main Menu' => "$p",
'View all agent types' => "${p}browse/agent_type.cgi",
))
%>
@@ -52,3 +34,24 @@ Select which packages agents of this type may sell to customers<BR>
</FORM>
<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my($agent_type);
+if ( $cgi->param('error') ) {
+ $agent_type = new FS::agent_type ( {
+ map { $_, scalar($cgi->param($_)) } fields('agent')
+ } );
+} elsif ( $cgi->keywords ) { #editing
+ my( $query ) = $cgi->keywords;
+ $query =~ /^(\d+)$/;
+ $agent_type=qsearchs('agent_type',{'typenum'=>$1});
+} else { #adding
+ $agent_type = new FS::agent_type {};
+}
+my $action = $agent_type->typenum ? 'Edit' : 'Add';
+
+</%init>
diff --git a/httemplate/edit/bulk-cust_svc.html b/httemplate/edit/bulk-cust_svc.html
index f2efc3ff9..6f6e3f850 100644
--- a/httemplate/edit/bulk-cust_svc.html
+++ b/httemplate/edit/bulk-cust_svc.html
@@ -1,9 +1,4 @@
-<% include("/elements/header.html", 'Bulk customer service change',
- menubar(
- 'Main Menu' => $p,
- ),
- )
-%>
+<% include('/elements/header.html', 'Bulk customer service change') %>
<SCRIPT TYPE="text/javascript" SRC="../elements/overlibmws.js"></SCRIPT>
<SCRIPT TYPE="text/javascript" SRC="../elements/overlibmws_iframe.js"></SCRIPT>
@@ -92,8 +87,11 @@ var confirm_change = '<P ALIGN="center"><B>Bulk customer service change - Are yo
</FORM>
-</BODY>
-</HTML>
+<% include('/elements/footer.html') %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>
diff --git a/httemplate/edit/cust_bill_pay.cgi b/httemplate/edit/cust_bill_pay.cgi
index 44e783eb7..28c14618f 100755
--- a/httemplate/edit/cust_bill_pay.cgi
+++ b/httemplate/edit/cust_bill_pay.cgi
@@ -1,4 +1,4 @@
-<% header("Apply Payment", '') %>
+<% include('/elements/header-popup.html', 'Apply Payment') %>
<% include('/elements/error.html') %>
@@ -47,10 +47,15 @@ function changed(what) {
<CENTER><INPUT TYPE="submit" VALUE="Apply"></CENTER>
</FORM>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #;
+ || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3
+
my($paynum, $amount, $invnum);
if ( $cgi->param('error') ) {
$paynum = $cgi->param('paynum');
@@ -78,5 +83,5 @@ my @cust_bill = sort { $a->_date <=> $b->_date
}
grep { $_->owed != 0 }
qsearch('cust_bill', { 'custnum' => $cust_pay->custnum } );
-</%init>
+</%init>
diff --git a/httemplate/edit/cust_credit.cgi b/httemplate/edit/cust_credit.cgi
index 2ff09d00b..36109cf5d 100755
--- a/httemplate/edit/cust_credit.cgi
+++ b/httemplate/edit/cust_credit.cgi
@@ -48,12 +48,16 @@ Credit
</FORM>
</BODY>
</HTML>
-
<%once>
+
my $conf = new FS::Conf;
-</%once>
+</%once>
<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post credit');
+
my($custnum, $amount, $reason);
if ( $cgi->param('error') ) {
#$cust_credit = new FS::cust_credit ( {
@@ -76,4 +80,5 @@ my $_date = time;
my $otaker = getotaker;
my $p1 = popurl(1);
+
</%init>
diff --git a/httemplate/edit/cust_credit_bill.cgi b/httemplate/edit/cust_credit_bill.cgi
index ee29f8e0c..43ba4fb7e 100755
--- a/httemplate/edit/cust_credit_bill.cgi
+++ b/httemplate/edit/cust_credit_bill.cgi
@@ -1,4 +1,4 @@
-<% header("Apply Credit", '') %>
+<% include('/elements/header-popup.html', 'Apply Credit') %>
<% include('/elements/error.html') %>
@@ -53,6 +53,11 @@ function changed(what) {
</HTML>
<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Apply credit') #;
+ || $FS::CurrentUser::CurrentUser->access_right('Post credit'): #remove after 1.7.3
+
my($crednum, $amount, $invnum);
if ( $cgi->param('error') ) {
#$cust_credit_bill = new FS::cust_credit_bill ( {
@@ -85,5 +90,5 @@ my @cust_bill = sort { $a->_date <=> $b->_date
}
grep { $_->owed != 0 }
qsearch('cust_bill', { 'custnum' => $cust_credit->custnum } );
-</%init>
+</%init>
diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi
index be9dd1bfb..3ba097028 100755
--- a/httemplate/edit/cust_main.cgi
+++ b/httemplate/edit/cust_main.cgi
@@ -1,110 +1,10 @@
-%
-%
-% #for misplaced logic below
-% #use FS::part_pkg;
-%
-% #for false laziness below (now more properly lazy)
-% #use FS::svc_acct_pop;
-%
-% #for (other) false laziness below
-% #use FS::agent;
-% #use FS::type_pkgs;
-%
-%my $conf = new FS::Conf;
-%
-%#get record
-%
-%my $error = '';
-%my($custnum, $username, $password, $popnum, $cust_main, $saved_pkgpart, $saved_domsvc);
-%my(@invoicing_list);
-%my ($ss,$stateid,$payinfo);
-%my $same = '';
-%if ( $cgi->param('error') ) {
-% $error = $cgi->param('error');
-% $cust_main = new FS::cust_main ( {
-% map { $_, scalar($cgi->param($_)) } fields('cust_main')
-% } );
-% $custnum = $cust_main->custnum;
-% $saved_domsvc = $cgi->param('domsvc') || '';
-% if ( $saved_domsvc =~ /^(\d+)$/ ) {
-% $saved_domsvc = $1;
-% } else {
-% $saved_domsvc = '';
-% }
-% $saved_pkgpart = $cgi->param('pkgpart_svcpart') || '';
-% if ( $saved_pkgpart =~ /^(\d+)_/ ) {
-% $saved_pkgpart = $1;
-% } else {
-% $saved_pkgpart = '';
-% }
-% $username = $cgi->param('username');
-% $password = $cgi->param('_password');
-% $popnum = $cgi->param('popnum');
-% @invoicing_list = split( /\s*,\s*/, $cgi->param('invoicing_list') );
-% $same = $cgi->param('same');
-% $cust_main->setfield('paid' => $cgi->param('paid')) if $cgi->param('paid');
-% $ss = $cust_main->ss; # don't mask an entered value on errors
-% $stateid = $cust_main->stateid; # don't mask an entered value on errors
-% $payinfo = $cust_main->payinfo; # don't mask an entered value on errors
-%} elsif ( $cgi->keywords ) { #editing
-% my( $query ) = $cgi->keywords;
-% $query =~ /^(\d+)$/;
-% $custnum=$1;
-% $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } );
-% if ( $cust_main->dbdef_table->column('paycvv')
-% && length($cust_main->paycvv) ) {
-% my $paycvv = $cust_main->paycvv;
-% $paycvv =~ s/./*/g;
-% $cust_main->paycvv($paycvv);
-% }
-% $saved_pkgpart = 0;
-% $saved_domsvc = 0;
-% $username = '';
-% $password = '';
-% $popnum = 0;
-% @invoicing_list = $cust_main->invoicing_list;
-% $ss = $cust_main->masked('ss');
-% $stateid = $cust_main->masked('stateid');
-% $payinfo = $cust_main->paymask;
-%} else {
-% $custnum='';
-% $cust_main = new FS::cust_main ( {} );
-% $cust_main->otaker( &getotaker );
-% $cust_main->referral_custnum( $cgi->param('referral_custnum') );
-% $saved_pkgpart = 0;
-% $saved_domsvc = 0;
-% $username = '';
-% $password = '';
-% $popnum = 0;
-% @invoicing_list = ();
-% push @invoicing_list, 'POST'
-% unless $conf->exists('disablepostalinvoicedefault');
-% $ss = '';
-% $stateid = '';
-% $payinfo = '';
-%}
-%$cgi->delete_all();
-%
-%my $action = $custnum ? 'Edit' : 'Add';
-%$action .= ": ". $cust_main->name if $custnum;
-%
-%my $r = qq!<font color="#ff0000">*</font>&nbsp;!;
-%
-%
-
-
-<!-- top -->
-
<% include('/elements/header.html',
"Customer $action",
'',
' onUnload="myclose()"'
) %>
-% if ( $error ) {
-
-<FONT SIZE="+1" COLOR="#ff0000">Error: <% $error %></FONT><BR><BR>
-% }
+<% include('/elements.error.html') %>
<FORM NAME="topform" STYLE="margin-bottom: 0">
<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>">
@@ -544,3 +444,97 @@ function copyelement(from, to) {
<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer');
+
+#for misplaced logic below
+#use FS::part_pkg;
+
+#for false laziness below (now more properly lazy)
+#use FS::svc_acct_pop;
+
+#for (other) false laziness below
+#use FS::agent;
+#use FS::type_pkgs;
+
+my $conf = new FS::Conf;
+
+#get record
+
+my($custnum, $username, $password, $popnum, $cust_main, $saved_pkgpart, $saved_domsvc);
+my(@invoicing_list);
+my ($ss,$stateid,$payinfo);
+my $same = '';
+if ( $cgi->param('error') ) {
+ $cust_main = new FS::cust_main ( {
+ map { $_, scalar($cgi->param($_)) } fields('cust_main')
+ } );
+ $custnum = $cust_main->custnum;
+ $saved_domsvc = $cgi->param('domsvc') || '';
+ if ( $saved_domsvc =~ /^(\d+)$/ ) {
+ $saved_domsvc = $1;
+ } else {
+ $saved_domsvc = '';
+ }
+ $saved_pkgpart = $cgi->param('pkgpart_svcpart') || '';
+ if ( $saved_pkgpart =~ /^(\d+)_/ ) {
+ $saved_pkgpart = $1;
+ } else {
+ $saved_pkgpart = '';
+ }
+ $username = $cgi->param('username');
+ $password = $cgi->param('_password');
+ $popnum = $cgi->param('popnum');
+ @invoicing_list = split( /\s*,\s*/, $cgi->param('invoicing_list') );
+ $same = $cgi->param('same');
+ $cust_main->setfield('paid' => $cgi->param('paid')) if $cgi->param('paid');
+ $ss = $cust_main->ss; # don't mask an entered value on errors
+ $stateid = $cust_main->stateid; # don't mask an entered value on errors
+ $payinfo = $cust_main->payinfo; # don't mask an entered value on errors
+} elsif ( $cgi->keywords ) { #editing
+ my( $query ) = $cgi->keywords;
+ $query =~ /^(\d+)$/;
+ $custnum=$1;
+ $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } );
+ if ( $cust_main->dbdef_table->column('paycvv')
+ && length($cust_main->paycvv) ) {
+ my $paycvv = $cust_main->paycvv;
+ $paycvv =~ s/./*/g;
+ $cust_main->paycvv($paycvv);
+ }
+ $saved_pkgpart = 0;
+ $saved_domsvc = 0;
+ $username = '';
+ $password = '';
+ $popnum = 0;
+ @invoicing_list = $cust_main->invoicing_list;
+ $ss = $cust_main->masked('ss');
+ $stateid = $cust_main->masked('stateid');
+ $payinfo = $cust_main->paymask;
+} else {
+ $custnum='';
+ $cust_main = new FS::cust_main ( {} );
+ $cust_main->otaker( &getotaker );
+ $cust_main->referral_custnum( $cgi->param('referral_custnum') );
+ $saved_pkgpart = 0;
+ $saved_domsvc = 0;
+ $username = '';
+ $password = '';
+ $popnum = 0;
+ @invoicing_list = ();
+ push @invoicing_list, 'POST'
+ unless $conf->exists('disablepostalinvoicedefault');
+ $ss = '';
+ $stateid = '';
+ $payinfo = '';
+}
+$cgi->delete_all();
+
+my $action = $custnum ? 'Edit' : 'Add';
+$action .= ": ". $cust_main->name if $custnum;
+
+my $r = qq!<font color="#ff0000">*</font>&nbsp;!;
+
+</%init>
diff --git a/httemplate/edit/cust_main_county-expand.cgi b/httemplate/edit/cust_main_county-expand.cgi
index abf8e27f2..22e823021 100755
--- a/httemplate/edit/cust_main_county-expand.cgi
+++ b/httemplate/edit/cust_main_county-expand.cgi
@@ -18,6 +18,9 @@
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
my($taxnum, $expansion, $taxclass);
my($query) = $cgi->keywords;
if ( $cgi->param('error') ) {
diff --git a/httemplate/edit/cust_main_note.cgi b/httemplate/edit/cust_main_note.cgi
index 58ea779a2..6c6a1a9a0 100755
--- a/httemplate/edit/cust_main_note.cgi
+++ b/httemplate/edit/cust_main_note.cgi
@@ -20,13 +20,12 @@
</HTML>
<%init>
-my($custnum, $comment, $notenum, $action);
-$comment = '';
+my $comment;
+my $notenum = '';
if ( $cgi->param('error') ) {
$comment = $cgi->param('comment');
-}elsif ($cgi->param('notenum')) {
- $cgi->param('notenum') =~ /^(\d+)$/;
+} elsif ( $cgi->param('notenum') =~ /^(\d+)$/ ) {
$notenum = $1;
die "illegal query ". $cgi->keywords unless $notenum;
my $note = qsearchs('cust_main_note', { 'notenum' => $notenum });
@@ -34,15 +33,13 @@ if ( $cgi->param('error') ) {
$comment = $note->comments;
}
-$cgi->param('notenum') =~ /^(\d+)$/;
-$notenum = $1;
+$cgi->param('custnum') =~ /^(\d+)$/ or die "illeagl custnum";
+my $custnum = $1;
-$cgi->param('custnum') =~ /^(\d+)$/;
-$custnum = $1;
+my $action = $notenum ? 'Edit' : 'Add';
-die "illegal query ". $cgi->keywords unless $custnum;
-
-$action = $notenum ? 'Edit' : 'Add';
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right("$action customer note");
</%init>
diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi
index aaa200fc4..92abb7be8 100755
--- a/httemplate/edit/cust_pay.cgi
+++ b/httemplate/edit/cust_pay.cgi
@@ -86,6 +86,7 @@ Payment
</HTML>
<%once>
+
my $conf = new FS::Conf;
my %payby = (
@@ -96,9 +97,13 @@ my %payby = (
);
my $money_char = $conf->config('money_char') || '$';
-</%once>
+</%once>
<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
+
my($link, $linknum, $paid, $payby, $payinfo, $_date);
if ( $cgi->param('error') ) {
$link = $cgi->param('link');
diff --git a/httemplate/edit/cust_pkg.cgi b/httemplate/edit/cust_pkg.cgi
index 065136c55..ecc21195d 100755
--- a/httemplate/edit/cust_pkg.cgi
+++ b/httemplate/edit/cust_pkg.cgi
@@ -1,35 +1,3 @@
-%
-%
-%my %pkg = ();
-%my %comment = ();
-%my %all_pkg = ();
-%my %all_comment = ();
-%#foreach (qsearch('part_pkg', { 'disabled' => '' })) {
-%# $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg');
-%# $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment');
-%#}
-%foreach (qsearch('part_pkg', {} )) {
-% $all_pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg');
-% $all_comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment');
-% next if $_->disabled;
-% $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg');
-% $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment');
-%}
-%
-%my($custnum, %remove_pkg);
-%if ( $cgi->param('error') ) {
-% $custnum = $cgi->param('custnum');
-% %remove_pkg = map { $_ => 1 } $cgi->param('remove_pkg');
-%} else {
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/;
-% $custnum = $1;
-% %remove_pkg = ();
-%}
-%
-%my $p1 = popurl(1);
-%
-%
<% include('/elements/header.html', "Add/Edit Packages", '') %>
<% include('/elements/error.html') %>
@@ -147,3 +115,40 @@ Order new packages
</FORM>
<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Bulk change customer packages');
+
+my %pkg = ();
+my %comment = ();
+my %all_pkg = ();
+my %all_comment = ();
+#foreach (qsearch('part_pkg', { 'disabled' => '' })) {
+# $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg');
+# $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment');
+#}
+foreach (qsearch('part_pkg', {} )) {
+ $all_pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg');
+ $all_comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment');
+ next if $_->disabled;
+ $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg');
+ $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment');
+}
+
+my($custnum, %remove_pkg);
+if ( $cgi->param('error') ) {
+ $custnum = $cgi->param('custnum');
+ %remove_pkg = map { $_ => 1 } $cgi->param('remove_pkg');
+} else {
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/;
+ $custnum = $1;
+ %remove_pkg = ();
+}
+
+my $p1 = popurl(1);
+
+</%init>
+
diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi
index b260949f0..3333f5d8c 100755
--- a/httemplate/edit/cust_refund.cgi
+++ b/httemplate/edit/cust_refund.cgi
@@ -1,33 +1,3 @@
-%
-%
-%my $conf = new FS::Conf;
-%my $custnum = $cgi->param('custnum');
-%my $refund = $cgi->param('refund');
-%my $payby = $cgi->param('payby');
-%my $reason = $cgi->param('reason');
-%
-%my( $paynum, $cust_pay ) = ( '', '' );
-%if ( $cgi->param('paynum') =~ /^(\d+)$/ ) {
-% $paynum = $1;
-% $cust_pay = qsearchs('cust_pay', { paynum=>$paynum } )
-% or die "unknown payment # $paynum";
-% $refund ||= $cust_pay->unrefunded;
-% if ( $custnum ) {
-% die "payment # $paynum is not for specified customer # $custnum"
-% unless $custnum == $cust_pay->custnum;
-% } else {
-% $custnum = $cust_pay->custnum;
-% }
-%}
-%die "no custnum or paynum specified!" unless $custnum;
-%
-%my $_date = time;
-%
-%my $p1 = popurl(1);
-%
-%
-
-
<% include('/elements/header.html', 'Refund '. ucfirst(lc($payby)). ' payment', '') %>
<% include('/elements/error.html') %>
@@ -138,3 +108,34 @@
<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Refund payment');
+
+my $conf = new FS::Conf;
+my $custnum = $cgi->param('custnum');
+my $refund = $cgi->param('refund');
+my $payby = $cgi->param('payby');
+my $reason = $cgi->param('reason');
+
+my( $paynum, $cust_pay ) = ( '', '' );
+if ( $cgi->param('paynum') =~ /^(\d+)$/ ) {
+ $paynum = $1;
+ $cust_pay = qsearchs('cust_pay', { paynum=>$paynum } )
+ or die "unknown payment # $paynum";
+ $refund ||= $cust_pay->unrefunded;
+ if ( $custnum ) {
+ die "payment # $paynum is not for specified customer # $custnum"
+ unless $custnum == $cust_pay->custnum;
+ } else {
+ $custnum = $cust_pay->custnum;
+ }
+}
+die "no custnum or paynum specified!" unless $custnum;
+
+my $_date = time;
+
+my $p1 = popurl(1);
+
+</%init>
diff --git a/httemplate/edit/inventory_class.html b/httemplate/edit/inventory_class.html
index beefcd580..3ab47fe28 100644
--- a/httemplate/edit/inventory_class.html
+++ b/httemplate/edit/inventory_class.html
@@ -8,3 +8,9 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/part_bill_event.cgi b/httemplate/edit/part_bill_event.cgi
index bb7aea49b..c7f452dc3 100755
--- a/httemplate/edit/part_bill_event.cgi
+++ b/httemplate/edit/part_bill_event.cgi
@@ -1,40 +1,6 @@
-<!--mason kludge-->
-%
-%
-%if ( $cgi->param('eventpart') && $cgi->param('eventpart') =~ /^(\d+)$/ ) {
-% $cgi->param('eventpart', $1);
-%} else {
-% $cgi->param('eventpart', '');
-%}
-%
-%my ($creason, $newcreasonT, $newcreason);
-%my ($sreason, $newsreasonT, $newsreason);
-%
-%
-%my ($query) = $cgi->keywords;
-%my $action = '';
-%my $part_bill_event = '';
-%my $currentreasonclass = '';
-%if ( $cgi->param('error') ) {
-% $part_bill_event = new FS::part_bill_event ( {
-% map { $_, scalar($cgi->param($_)) } fields('part_bill_event')
-% } );
-%}
-%if ( $query && $query =~ /^(\d+)$/ ) {
-% $part_bill_event ||= qsearchs('part_bill_event',{'eventpart'=>$1});
-%} else {
-% $part_bill_event ||= new FS::part_bill_event {};
-%}
-%$action ||= $part_bill_event->eventpart ? 'Edit' : 'Add';
-%my $hashref = $part_bill_event->hashref;
-%
-%
-
-
<% include('/elements/header.html',
"$action Invoice Event Definition",
menubar(
- 'Main Menu' => popurl(2),
'View all invoice events' => popurl(2). 'browse/part_bill_event.cgi',
)
)
@@ -536,7 +502,38 @@ Invoice Event #<% $hashref->{eventpart} ? $hashref->{eventpart} : "(NEW)" %>
</FORM>
- </BODY>
-</HTML>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+if ( $cgi->param('eventpart') && $cgi->param('eventpart') =~ /^(\d+)$/ ) {
+ $cgi->param('eventpart', $1);
+} else {
+ $cgi->param('eventpart', '');
+}
+
+my ($creason, $newcreasonT, $newcreason);
+my ($sreason, $newsreasonT, $newsreason);
+
+my ($query) = $cgi->keywords;
+my $action = '';
+my $part_bill_event = '';
+my $currentreasonclass = '';
+if ( $cgi->param('error') ) {
+ $part_bill_event = new FS::part_bill_event ( {
+ map { $_, scalar($cgi->param($_)) } fields('part_bill_event')
+ } );
+}
+if ( $query && $query =~ /^(\d+)$/ ) {
+ $part_bill_event ||= qsearchs('part_bill_event',{'eventpart'=>$1});
+} else {
+ $part_bill_event ||= new FS::part_bill_event {};
+}
+$action ||= $part_bill_event->eventpart ? 'Edit' : 'Add';
+my $hashref = $part_bill_event->hashref;
+</%init>
diff --git a/httemplate/edit/part_export.cgi b/httemplate/edit/part_export.cgi
index 72a07134b..d57979751 100644
--- a/httemplate/edit/part_export.cgi
+++ b/httemplate/edit/part_export.cgi
@@ -1,110 +1,4 @@
-<!-- mason kludge -->
-%
-%
-%#if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {
-%# $cgi->param('clone', $1);
-%#} else {
-%# $cgi->param('clone', '');
-%#}
-%
-%my($query) = $cgi->keywords;
-%my $action = '';
-%my $part_export = '';
-%if ( $cgi->param('error') ) {
-% $part_export = new FS::part_export ( {
-% map { $_, scalar($cgi->param($_)) } fields('part_export')
-% } );
-%} elsif ( $query =~ /^(\d+)$/ ) {
-% $part_export = qsearchs('part_export', { 'exportnum' => $1 } );
-%} else {
-% $part_export = new FS::part_export;
-%}
-%$action ||= $part_export->exportnum ? 'Edit' : 'Add';
-%
-%#my $exports = FS::part_export::export_info($svcdb);
-%my $exports = FS::part_export::export_info();
-%
-%my %layers = map { $_ => "$_ - ". $exports->{$_}{desc} } keys %$exports;
-%$layers{''}='';
-%
-%my $widget = new HTML::Widgets::SelectLayers(
-% 'selected_layer' => $part_export->exporttype,
-% 'options' => \%layers,
-% 'form_name' => 'dummy',
-% 'form_action' => 'process/part_export.cgi',
-% 'form_text' => [qw( exportnum machine )],
-%# 'form_checkbox' => [qw()],
-% 'html_between' => "</TD></TR></TABLE>\n",
-% 'layer_callback' => sub {
-% my $layer = shift;
-% my $html = qq!<INPUT TYPE="hidden" NAME="exporttype" VALUE="$layer">!.
-% ntable("#cccccc",2);
-%
-% $html .= '<TR><TD ALIGN="right">Description</TD><TD BGCOLOR=#ffffff>'.
-% $exports->{$layer}{notes}. '</TD></TR>'
-% if $layer;
-%
-% foreach my $option ( keys %{$exports->{$layer}{options}} ) {
-% my $optinfo = $exports->{$layer}{options}{$option};
-% die "Retreived non-ref export info option from $layer export: $optinfo"
-% unless ref($optinfo);
-% my $label = $optinfo->{label};
-% my $type = defined($optinfo->{type}) ? $optinfo->{type} : 'text';
-% my $value = $cgi->param($option)
-% || ( $part_export->exportnum && $part_export->option($option) )
-% || ( (exists $optinfo->{default} && !$part_export->exportnum)
-% ? $optinfo->{default}
-% : ''
-% );
-% $html .= qq!<TR><TD ALIGN="right">$label</TD><TD>!;
-% if ( $type eq 'select' ) {
-% $html .= qq!<SELECT NAME="$option">!;
-% foreach my $select_option ( @{$optinfo->{options}} ) {
-% #if ( ref($select_option) ) {
-% #} else {
-% my $selected = $select_option eq $value ? ' SELECTED' : '';
-% $html .= qq!<OPTION VALUE="$select_option"$selected>!.
-% qq!$select_option</OPTION>!;
-% #}
-% }
-% $html .= '</SELECT>';
-% } elsif ( $type eq 'textarea' ) {
-% $html .= qq!<TEXTAREA NAME="$option" COLS=80 ROWS=8 WRAP="virtual">!.
-% encode_entities($value). '</TEXTAREA>';
-% } elsif ( $type eq 'text' ) {
-% $html .= qq!<INPUT TYPE="text" NAME="$option" VALUE="!.
-% encode_entities($value). '" SIZE=64>';
-% } elsif ( $type eq 'checkbox' ) {
-% $html .= qq!<INPUT TYPE="checkbox" NAME="$option" VALUE="1"!;
-% $html .= ' CHECKED' if $value;
-% $html .= '>';
-% } else {
-% $html .= "unknown type $type";
-% }
-% $html .= '</TD></TR>';
-% }
-% $html .= '</TABLE>';
-%
-% $html .= '<INPUT TYPE="hidden" NAME="options" VALUE="'.
-% join(',', keys %{$exports->{$layer}{options}} ). '">';
-%
-% $html .= '<INPUT TYPE="hidden" NAME="nodomain" VALUE="'.
-% $exports->{$layer}{nodomain}. '">';
-%
-% $html .= '<INPUT TYPE="submit" VALUE="'.
-% ( $part_export->exportnum ? "Apply changes" : "Add export" ).
-% '">';
-%
-% $html;
-% },
-%);
-%
-%
-
-<% include("/elements/header.html","$action Export", menubar(
- 'Main Menu' => popurl(2),
-), ' onLoad="visualize()"')
-%>
+<% include('/elements/header.html', "$action Export", '', ' onLoad="visualize()"') %>
<% include('/elements/error.html') %>
@@ -121,6 +15,109 @@
<TR>
<TD ALIGN="right">Export</TD>
<TD><% $widget->html %>
-</BODY>
-</HTML>
+<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+#if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {
+# $cgi->param('clone', $1);
+#} else {
+# $cgi->param('clone', '');
+#}
+
+my($query) = $cgi->keywords;
+my $action = '';
+my $part_export = '';
+if ( $cgi->param('error') ) {
+ $part_export = new FS::part_export ( {
+ map { $_, scalar($cgi->param($_)) } fields('part_export')
+ } );
+} elsif ( $query =~ /^(\d+)$/ ) {
+ $part_export = qsearchs('part_export', { 'exportnum' => $1 } );
+} else {
+ $part_export = new FS::part_export;
+}
+$action ||= $part_export->exportnum ? 'Edit' : 'Add';
+
+#my $exports = FS::part_export::export_info($svcdb);
+my $exports = FS::part_export::export_info();
+
+my %layers = map { $_ => "$_ - ". $exports->{$_}{desc} } keys %$exports;
+$layers{''}='';
+
+my $widget = new HTML::Widgets::SelectLayers(
+ 'selected_layer' => $part_export->exporttype,
+ 'options' => \%layers,
+ 'form_name' => 'dummy',
+ 'form_action' => 'process/part_export.cgi',
+ 'form_text' => [qw( exportnum machine )],
+# 'form_checkbox' => [qw()],
+ 'html_between' => "</TD></TR></TABLE>\n",
+ 'layer_callback' => sub {
+ my $layer = shift;
+ my $html = qq!<INPUT TYPE="hidden" NAME="exporttype" VALUE="$layer">!.
+ ntable("#cccccc",2);
+
+ $html .= '<TR><TD ALIGN="right">Description</TD><TD BGCOLOR=#ffffff>'.
+ $exports->{$layer}{notes}. '</TD></TR>'
+ if $layer;
+
+ foreach my $option ( keys %{$exports->{$layer}{options}} ) {
+ my $optinfo = $exports->{$layer}{options}{$option};
+ die "Retreived non-ref export info option from $layer export: $optinfo"
+ unless ref($optinfo);
+ my $label = $optinfo->{label};
+ my $type = defined($optinfo->{type}) ? $optinfo->{type} : 'text';
+ my $value = $cgi->param($option)
+ || ( $part_export->exportnum && $part_export->option($option) )
+ || ( (exists $optinfo->{default} && !$part_export->exportnum)
+ ? $optinfo->{default}
+ : ''
+ );
+ $html .= qq!<TR><TD ALIGN="right">$label</TD><TD>!;
+ if ( $type eq 'select' ) {
+ $html .= qq!<SELECT NAME="$option">!;
+ foreach my $select_option ( @{$optinfo->{options}} ) {
+ #if ( ref($select_option) ) {
+ #} else {
+ my $selected = $select_option eq $value ? ' SELECTED' : '';
+ $html .= qq!<OPTION VALUE="$select_option"$selected>!.
+ qq!$select_option</OPTION>!;
+ #}
+ }
+ $html .= '</SELECT>';
+ } elsif ( $type eq 'textarea' ) {
+ $html .= qq!<TEXTAREA NAME="$option" COLS=80 ROWS=8 WRAP="virtual">!.
+ encode_entities($value). '</TEXTAREA>';
+ } elsif ( $type eq 'text' ) {
+ $html .= qq!<INPUT TYPE="text" NAME="$option" VALUE="!.
+ encode_entities($value). '" SIZE=64>';
+ } elsif ( $type eq 'checkbox' ) {
+ $html .= qq!<INPUT TYPE="checkbox" NAME="$option" VALUE="1"!;
+ $html .= ' CHECKED' if $value;
+ $html .= '>';
+ } else {
+ $html .= "unknown type $type";
+ }
+ $html .= '</TD></TR>';
+ }
+ $html .= '</TABLE>';
+
+ $html .= '<INPUT TYPE="hidden" NAME="options" VALUE="'.
+ join(',', keys %{$exports->{$layer}{options}} ). '">';
+
+ $html .= '<INPUT TYPE="hidden" NAME="nodomain" VALUE="'.
+ $exports->{$layer}{nodomain}. '">';
+
+ $html .= '<INPUT TYPE="submit" VALUE="'.
+ ( $part_export->exportnum ? "Apply changes" : "Add export" ).
+ '">';
+
+ $html;
+ },
+);
+
+</%init>
diff --git a/httemplate/edit/part_pkg.cgi b/httemplate/edit/part_pkg.cgi
index a337d2272..82d622610 100755
--- a/httemplate/edit/part_pkg.cgi
+++ b/httemplate/edit/part_pkg.cgi
@@ -1,5 +1,4 @@
-<% include("/elements/header.html","$action Package Definition", menubar(
- 'Main Menu' => popurl(2),
+<% include('/elements/header.html', "$action Package Definition", menubar(
'View all packages' => popurl(2). 'browse/part_pkg.cgi',
)) %>
% #), ' onLoad="visualize()"');
@@ -360,10 +359,18 @@ Line-item revenue recognition
<BR><BR>Price plan <% $widget->html %>
- </BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
<%init>
+#1.7
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+#1.9
+#die "access denied"
+# unless $FS::CurrentUser::CurrentUser->access_right('Edit package definitions')
+# || $FS::CurrentUser::CurrentUser->access_right('Edit global package definitions');
+
if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {
$cgi->param('clone', $1);
} else {
diff --git a/httemplate/edit/part_referral.html b/httemplate/edit/part_referral.html
index f4572c067..daf8773f0 100755
--- a/httemplate/edit/part_referral.html
+++ b/httemplate/edit/part_referral.html
@@ -10,3 +10,10 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit advertising sources')
+ || $FS::CurrentUser::CurrentUser->access_right('Edit global advertising sources');
+
+</%init>
diff --git a/httemplate/edit/part_svc.cgi b/httemplate/edit/part_svc.cgi
index 9432839e7..4b8a24080 100755
--- a/httemplate/edit/part_svc.cgi
+++ b/httemplate/edit/part_svc.cgi
@@ -1,34 +1,7 @@
-%
-%my $part_svc;
-%my $clone = '';
-%if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {#clone
-% #$cgi->param('clone') =~ /^(\d+)$/ or die "malformed query: $query";
-% $part_svc = qsearchs('part_svc', { 'svcpart'=>$1 } )
-% or die "unknown svcpart: $1";
-% $clone = $part_svc->svcpart;
-% $part_svc->svcpart('');
-%} elsif ( $cgi->keywords ) { #edit
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "malformed query: $query";
-% $part_svc=qsearchs('part_svc', { 'svcpart'=>$1 } )
-% or die "unknown svcpart: $1";
-%} else { #adding
-% $part_svc = new FS::part_svc {};
-%}
-%
-%my $action = $part_svc->svcpart ? 'Edit' : 'Add';
-%my $hashref = $part_svc->hashref;
-%# my $p_svcdb = $part_svc->svcdb || 'svc_acct';
-%
-%
-% #" onLoad=\"visualize()\""
-%
-
-<% include("/elements/header.html","$action Service Definition",
- menubar( 'Main Menu' => $p,
- 'View all service definitions' => "${p}browse/part_svc.cgi"
- ),
- )
+<% include('/elements/header.html', "$action Service Definition",
+ menubar('View all service definitions' => "${p}browse/part_svc.cgi"),
+ #" onLoad=\"visualize()\""
+ )
%>
<FORM NAME="dummy">
@@ -350,6 +323,38 @@ that field.
%
Table <% $widget->html %>
- </BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $part_svc;
+my $clone = '';
+if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {#clone
+ #$cgi->param('clone') =~ /^(\d+)$/ or die "malformed query: $query";
+ $part_svc = qsearchs('part_svc', { 'svcpart'=>$1 } )
+ or die "unknown svcpart: $1";
+ $clone = $part_svc->svcpart;
+ $part_svc->svcpart('');
+} elsif ( $cgi->keywords ) { #edit
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "malformed query: $query";
+ $part_svc=qsearchs('part_svc', { 'svcpart'=>$1 } )
+ or die "unknown svcpart: $1";
+} else { #adding
+ $part_svc = new FS::part_svc {};
+}
+
+my $action = $part_svc->svcpart ? 'Edit' : 'Add';
+my $hashref = $part_svc->hashref;
+# my $p_svcdb = $part_svc->svcdb || 'svc_acct';
+
+
+
+</%init>
+
+
diff --git a/httemplate/edit/part_virtual_field.cgi b/httemplate/edit/part_virtual_field.cgi
index f7f20cfd7..04ba9b0c0 100644
--- a/httemplate/edit/part_virtual_field.cgi
+++ b/httemplate/edit/part_virtual_field.cgi
@@ -1,27 +1,3 @@
-%
-%my ($vfieldpart, $part_virtual_field);
-%
-%if ( $cgi->param('error') ) {
-% $part_virtual_field = new FS::part_virtual_field ( {
-% map { $_, scalar($cgi->param($_)) } fields('part_virtual_field')});
-% $vfieldpart = $part_virtual_field->vfieldpart;
-%} else {
-% my($query) = $cgi->keywords;
-% if ( $query =~ /^(\d+)$/ ) { #editing
-% $vfieldpart=$1;
-% $part_virtual_field=qsearchs('part_virtual_field',
-% {'vfieldpart' => $vfieldpart})
-% or die "Unknown vfieldpart!";
-%
-% } else { #adding
-% $part_virtual_field = new FS::part_virtual_field({});
-% }
-%}
-%my $action = $part_virtual_field->vfieldpart ? 'Edit' : 'Add';
-%
-%my $p1 = popurl(1);
-%
-%
<% include('/elements/header.html', "$action Virtual Field Definition") %>
<% include('/elements/error.html') %>
@@ -97,3 +73,32 @@ Field #<B><%$vfieldpart or "(NEW)"%></B><BR><BR>
<I>list_source</I> mean, <B>LEAVE THEM BLANK</B>. We mean it.</FONT>
<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my ($vfieldpart, $part_virtual_field);
+
+if ( $cgi->param('error') ) {
+ $part_virtual_field = new FS::part_virtual_field ( {
+ map { $_, scalar($cgi->param($_)) } fields('part_virtual_field')});
+ $vfieldpart = $part_virtual_field->vfieldpart;
+} else {
+ my($query) = $cgi->keywords;
+ if ( $query =~ /^(\d+)$/ ) { #editing
+ $vfieldpart=$1;
+ $part_virtual_field=qsearchs('part_virtual_field',
+ {'vfieldpart' => $vfieldpart})
+ or die "Unknown vfieldpart!";
+
+ } else { #adding
+ $part_virtual_field = new FS::part_virtual_field({});
+ }
+}
+my $action = $part_virtual_field->vfieldpart ? 'Edit' : 'Add';
+
+my $p1 = popurl(1);
+
+</%init>
diff --git a/httemplate/edit/payment_gateway.html b/httemplate/edit/payment_gateway.html
index 84d453cdd..e3893cf49 100644
--- a/httemplate/edit/payment_gateway.html
+++ b/httemplate/edit/payment_gateway.html
@@ -1,25 +1,4 @@
-%
-%
-%my $payment_gateway;
-%if ( $cgi->param('error') ) {
-% $payment_gateway = new FS::payment_gateway ( {
-% map { $_, scalar($cgi->param($_)) } fields('payment_gateway')
-% } );
-%} elsif ( $cgi->keywords ) {
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/;
-% $payment_gateway = qsearchs( 'payment_gateway', { 'gatewaynum' => $1 } );
-%} else { #adding
-% $payment_gateway = new FS::payment_gateway {};
-%}
-%my $action = $payment_gateway->gatewaynum ? 'Edit' : 'Add';
-%#my $hashref = $payment_gateway->hashref;
-%
-%
-
-
<% include("/elements/header.html","$action Payment gateway", menubar(
- 'Main Menu' => $p,
'View all payment gateways' => $p. 'browse/payment_gateway.html',
)) %>
@@ -127,6 +106,27 @@ Gateway #<% $payment_gateway->gatewaynum || "(NEW)" %>
<BR><INPUT TYPE="submit" VALUE="<% $payment_gateway->gatewaynum ? "Apply changes" : "Add gateway" %>">
</FORM>
- </BODY>
-</HTML>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $payment_gateway;
+if ( $cgi->param('error') ) {
+ $payment_gateway = new FS::payment_gateway ( {
+ map { $_, scalar($cgi->param($_)) } fields('payment_gateway')
+ } );
+} elsif ( $cgi->keywords ) {
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/;
+ $payment_gateway = qsearchs( 'payment_gateway', { 'gatewaynum' => $1 } );
+} else { #adding
+ $payment_gateway = new FS::payment_gateway {};
+}
+my $action = $payment_gateway->gatewaynum ? 'Edit' : 'Add';
+#my $hashref = $payment_gateway->hashref;
+
+</%init>
diff --git a/httemplate/edit/pkg_class.html b/httemplate/edit/pkg_class.html
index 6f2b072f1..eddbfc16e 100644
--- a/httemplate/edit/pkg_class.html
+++ b/httemplate/edit/pkg_class.html
@@ -14,3 +14,9 @@
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/prepay_credit.cgi b/httemplate/edit/prepay_credit.cgi
index c32c04d16..9e1c30ba6 100644
--- a/httemplate/edit/prepay_credit.cgi
+++ b/httemplate/edit/prepay_credit.cgi
@@ -1,38 +1,11 @@
-%
-%my $agent = '';
-%my $agentnum = '';
-%if ( $cgi->param('agentnum') =~ /^(\d+)$/ ) {
-% $agent = qsearchs('agent', { 'agentnum' => $agentnum=$1 } );
-%}
-%
-%tie my %multiplier, 'Tie::IxHash',
-% 1 => 'seconds',
-% 60 => 'minutes',
-% 3600 => 'hours',
-%;
-%
-%tie my %bytemultiplier, 'Tie::IxHash',
-% 1 => 'bytes',
-% 1000 => 'Kbytes',
-% 1000000 => 'Mbytes',
-% 1000000000 => 'Gbytes',
-%;
-%
-%$cgi->param('multiplier', '60') unless $cgi->param('multiplier');
-%$cgi->param('upmultiplier', '1000000') unless $cgi->param('upmultiplier');
-%$cgi->param('downmultiplier', '1000000') unless $cgi->param('downmultiplier');
-%$cgi->param('totalmultiplier','1000000') unless $cgi->param('totalmultiplier');
-
-<% include("/elements/header.html",'Generate prepaid cards'. ($agent ? ' for '. $agent->agent : ''),
- menubar( 'Main Menu' => $p, ))
-%>
+<% include("/elements/header.html",'Generate prepaid cards'. ($agent ? ' for '. $agent->agent : '') ) %>
<% include('/elements/error.html') %>
<FORM ACTION="<%popurl(1)%>process/prepay_credit.cgi" METHOD="POST" NAME="OneTrueForm" onSubmit="document.OneTrueForm.submit.disabled=true">
Generate
-<INPUT TYPE="text" NAME="num" VALUE="<% $cgi->param('num') || '(quantity)' %>" SIZE=10 MAXLENGTH=10 onFocus="if ( this.value == '(quantity)' ) { this.value = ''; }">
+<INPUT TYPE="text" NAME="num" VALUE="<% $cgi->param('num') || '(quantity)' |h %>" SIZE=10 MAXLENGTH=10 onFocus="if ( this.value == '(quantity)' ) { this.value = ''; }">
<SELECT NAME="type">
% foreach (qw(alpha alphanumeric numeric)) {
@@ -52,10 +25,10 @@ prepaid cards
<TABLE>
<TR><TD>Value:
-$<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amount') %>">
+$<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amount') |h %>">
</TD>
<TD>and/or
-<INPUT TYPE="text" NAME="seconds" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('seconds') %>">
+<INPUT TYPE="text" NAME="seconds" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('seconds') |h %>">
<SELECT NAME="multiplier">
% foreach my $multiplier ( keys %multiplier ) {
@@ -66,7 +39,7 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou
</TD></TR>
<TR><TD></TD>
<TD>and/or
-<INPUT TYPE="text" NAME="upbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('upbytes') %>">
+<INPUT TYPE="text" NAME="upbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('upbytes') |h %>">
<SELECT NAME="upmultiplier">
% foreach my $multiplier ( keys %bytemultiplier ) {
@@ -77,7 +50,7 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou
</TD></TR>
<TR><TD></TD>
<TD>and/or
-<INPUT TYPE="text" NAME="downbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('downbytes') %>">
+<INPUT TYPE="text" NAME="downbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('downbytes') |h %>">
<SELECT NAME="downmultiplier">
% foreach my $multiplier ( keys %bytemultiplier ) {
@@ -88,7 +61,7 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou
</TD></TR>
<TR><TD></TD>
<TD>and/or
-<INPUT TYPE="text" NAME="totalbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('totalbytes') %>">
+<INPUT TYPE="text" NAME="totalbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('totalbytes') |h %>">
<SELECT NAME="totalmultiplier">
% foreach my $multiplier ( keys %bytemultiplier ) {
@@ -101,5 +74,37 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou
<BR><BR>
<INPUT TYPE="submit" NAME="submit" VALUE="Generate" onSubmit="this.disabled = true">
-</FORM></BODY></HTML>
+</FORM>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $agent = '';
+my $agentnum = '';
+if ( $cgi->param('agentnum') =~ /^(\d+)$/ ) {
+ $agent = qsearchs('agent', { 'agentnum' => $agentnum=$1 } );
+}
+
+tie my %multiplier, 'Tie::IxHash',
+ 1 => 'seconds',
+ 60 => 'minutes',
+ 3600 => 'hours',
+;
+
+tie my %bytemultiplier, 'Tie::IxHash',
+ 1 => 'bytes',
+ 1000 => 'Kbytes',
+ 1000000 => 'Mbytes',
+ 1000000000 => 'Gbytes',
+;
+
+$cgi->param('multiplier', '60') unless $cgi->param('multiplier');
+$cgi->param('upmultiplier', '1000000') unless $cgi->param('upmultiplier');
+$cgi->param('downmultiplier', '1000000') unless $cgi->param('downmultiplier');
+$cgi->param('totalmultiplier','1000000') unless $cgi->param('totalmultiplier');
+
+</%init>
diff --git a/httemplate/edit/process/REAL_cust_pkg.cgi b/httemplate/edit/process/REAL_cust_pkg.cgi
index ec951c86c..ebcb7e4ba 100755
--- a/httemplate/edit/process/REAL_cust_pkg.cgi
+++ b/httemplate/edit/process/REAL_cust_pkg.cgi
@@ -1,31 +1,36 @@
-%my $pkgnum = $cgi->param('pkgnum') or die;
-%my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-%my %hash = $old->hash;
-%$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : '';
-%$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : '';
-%$hash{'last_bill'} =
-% $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : '';
-%$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : '';
-%$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : '';
-%
-%my $new;
-%my $error;
-%if ( $hash{'bill'} != $old->bill # if the next bill date was changed
-% && $hash{'bill'} < time # to a date in the past
-% && ! $cgi->param('bill_areyousure') # and it wasn't confirmed
-% )
-%{
-% $error = '_bill_areyousure';
-%} else {
-% $new = new FS::cust_pkg \%hash;
-% $error = $new->replace($old);
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string ) %>
%} else {
% my $custnum = $new->custnum;
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum".
-% "#cust_pkg$pkgnum" );
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum#cust_pkg$pkgnum" ) %>
%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates');
+
+my $pkgnum = $cgi->param('pkgnum') or die;
+my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+my %hash = $old->hash;
+$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : '';
+$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : '';
+$hash{'last_bill'} =
+ $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : '';
+$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : '';
+$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : '';
+
+my $new;
+my $error;
+if ( $hash{'bill'} != $old->bill # if the next bill date was changed
+ && $hash{'bill'} < time # to a date in the past
+ && ! $cgi->param('bill_areyousure') # and it wasn't confirmed
+ )
+{
+ $error = '_bill_areyousure';
+} else {
+ $new = new FS::cust_pkg \%hash;
+ $error = $new->replace($old);
+}
+
+</%init>
diff --git a/httemplate/edit/process/access_user.html b/httemplate/edit/process/access_user.html
index 9f7c4ddbf..ca6bb603f 100644
--- a/httemplate/edit/process/access_user.html
+++ b/httemplate/edit/process/access_user.html
@@ -13,3 +13,9 @@
)
%>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/process/agent.cgi b/httemplate/edit/process/agent.cgi
index 5128d7ae8..ad550cc37 100755
--- a/httemplate/edit/process/agent.cgi
+++ b/httemplate/edit/process/agent.cgi
@@ -1,29 +1,30 @@
-%
-%
-%my $agentnum = $cgi->param('agentnum');
-%
-%my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum;
-%
-%my $new = new FS::agent ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('agent')
-%} );
-%
-%my $error;
-%if ( $agentnum ) {
-% $error=$new->replace($old);
-%} else {
-% $error=$new->insert;
-% $agentnum=$new->getfield('agentnum');
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/agent.cgi");
+<% $cgi->redirect(popurl(3). "browse/agent.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $agentnum = $cgi->param('agentnum');
+
+my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum;
+
+my $new = new FS::agent ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('agent')
+} );
+
+my $error;
+if ( $agentnum ) {
+ $error=$new->replace($old);
+} else {
+ $error=$new->insert;
+ $agentnum=$new->getfield('agentnum');
+}
+</%init>
diff --git a/httemplate/edit/process/agent_payment_gateway.html b/httemplate/edit/process/agent_payment_gateway.html
index 436317ec4..5b5fd948a 100644
--- a/httemplate/edit/process/agent_payment_gateway.html
+++ b/httemplate/edit/process/agent_payment_gateway.html
@@ -1,26 +1,29 @@
-%
-%
-%$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum";
-%my $agent = qsearchs('agent', { 'agentnum' => $1 } );
-%die "agentnum $1 not found" unless $agent;
-%
-%#my $old
-%
-%my @new = map {
-% my $cardtype = $_;
-% new FS::agent_payment_gateway {
-% ( map { $_ => scalar($cgi->param($_)) }
-% fields('agent_payment_gateway')
-% ),
-% 'cardtype' => $cardtype,
-% };
-% }
-% $cgi->param('cardtype');
-%
-%foreach my $new (@new) {
-% my $error = $new->insert;
-% die $error if $error;
-%}
-%
-%
<% $cgi->redirect(popurl(3). "browse/agent.cgi") %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum";
+my $agent = qsearchs('agent', { 'agentnum' => $1 } );
+die "agentnum $1 not found" unless $agent;
+
+#my $old
+
+my @new = map {
+ my $cardtype = $_;
+ new FS::agent_payment_gateway {
+ ( map { $_ => scalar($cgi->param($_)) }
+ fields('agent_payment_gateway')
+ ),
+ 'cardtype' => $cardtype,
+ };
+ }
+ $cgi->param('cardtype');
+
+foreach my $new (@new) {
+ my $error = $new->insert;
+ die $error if $error;
+}
+
+</%init>
diff --git a/httemplate/edit/process/agent_type.cgi b/httemplate/edit/process/agent_type.cgi
index b8d03705c..898e0667d 100755
--- a/httemplate/edit/process/agent_type.cgi
+++ b/httemplate/edit/process/agent_type.cgi
@@ -1,37 +1,35 @@
-%
-%
-%my $typenum = $cgi->param('typenum');
-%my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum;
-%
-%my $new = new FS::agent_type ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('agent_type')
-%} );
-%
-%my $error;
-%if ( $typenum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $typenum = $new->getfield('typenum');
-%}
-%#$error ||= $new->process_m2m( );
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string ) %>
%} else {
-%
-% my $error = $new->process_m2m(
-% 'link_table' => 'type_pkgs',
-% 'target_table' => 'part_pkg',
-% 'params' => scalar($cgi->Vars)
-% );
-% die $error if $error;
-%
-% print $cgi->redirect(popurl(3). "browse/agent_type.cgi");
+<% $cgi->redirect(popurl(3). "browse/agent_type.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $typenum = $cgi->param('typenum');
+my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum;
+
+my $new = new FS::agent_type ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('agent_type')
+} );
+
+my $error;
+if ( $typenum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $typenum = $new->getfield('typenum');
+}
+
+ $error ||= $new->process_m2m(
+ 'link_table' => 'type_pkgs',
+ 'target_table' => 'part_pkg',
+ 'params' => scalar($cgi->Vars)
+ );
+<%/init>
diff --git a/httemplate/edit/process/bulk-cust_svc.cgi b/httemplate/edit/process/bulk-cust_svc.cgi
index ad4d67307..313b061ff 100644
--- a/httemplate/edit/process/bulk-cust_svc.cgi
+++ b/httemplate/edit/process/bulk-cust_svc.cgi
@@ -1,4 +1,9 @@
-%
-% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi;
+
+</%init>
diff --git a/httemplate/edit/process/cust_bill_pay.cgi b/httemplate/edit/process/cust_bill_pay.cgi
index 962fc4eb9..43e672647 100755
--- a/httemplate/edit/process/cust_bill_pay.cgi
+++ b/httemplate/edit/process/cust_bill_pay.cgi
@@ -1,54 +1,50 @@
-%
-%
-%$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } )
-% or die "No such paynum";
-%
-%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } )
-% or die "Bogus credit: not attached to customer";
-%
-%my $custnum = $cust_main->custnum;
-%
-%my $new;
-%if ($cgi->param('invnum') =~ /^Refund$/) {
-% $new = new FS::cust_refund ( {
-% 'reason' => 'Refunding payment', #enter reason in UI
-% 'refund' => $cgi->param('amount'),
-% 'payby' => 'BILL',
-% #'_date' => $cgi->param('_date'),
-% 'payinfo' => 'Cash', #enter payinfo in UI
-% 'paynum' => $paynum,
-% } );
-%} else {
-% $new = new FS::cust_bill_pay ( {
-% map {
-% $_, scalar($cgi->param($_));
-% #} qw(custnum _date amount invnum)
-% } fields('cust_bill_pay')
-% } );
-%}
-%
-%my $error = $new->insert;
-%
%if ( $error ) {
-%
% $cgi->param('error', $error);
-%
<% $cgi->redirect(popurl(2). "cust_bill_pay.cgi?". $cgi->query_string ) %>
-%
-%
%} else {
-%
-% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-%
-%
<% header('Payment application sucessful') %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
-
- </BODY></HTML>
+ </BODY>
+ </HTML>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #;
+ || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3
+
+$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
+my $paynum = $1;
+
+my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } )
+ or die "No such paynum";
+
+my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } )
+ or die "Bogus credit: not attached to customer";
+
+my $custnum = $cust_main->custnum;
+
+my $new;
+if ($cgi->param('invnum') =~ /^Refund$/) {
+ $new = new FS::cust_refund ( {
+ 'reason' => 'Refunding payment', #enter reason in UI
+ 'refund' => $cgi->param('amount'),
+ 'payby' => 'BILL',
+ #'_date' => $cgi->param('_date'),
+ 'payinfo' => 'Cash', #enter payinfo in UI
+ 'paynum' => $paynum,
+ } );
+} else {
+ $new = new FS::cust_bill_pay ( {
+ map {
+ $_, scalar($cgi->param($_));
+ #} qw(custnum _date amount invnum)
+ } fields('cust_bill_pay')
+ } );
+}
+
+my $error = $new->insert;
+</%init>
diff --git a/httemplate/edit/process/cust_credit.cgi b/httemplate/edit/process/cust_credit.cgi
index 9dcad7f68..8715ad61e 100755
--- a/httemplate/edit/process/cust_credit.cgi
+++ b/httemplate/edit/process/cust_credit.cgi
@@ -1,46 +1,10 @@
-%
-%
-%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
-%my $custnum = $1;
-%
-%$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum";
-%my $reasonnum = $1;
-%
-%my $oldAutoCommit = $FS::UID::AutoCommit;
-%local $FS::UID::AutoCommit = 0;
-%my $dbh = dbh;
-%
-%my $error = '';
-%if ($reasonnum == -1) {
-%
-% $error = 'Enter a new reason (or select an existing one)'
-% unless $cgi->param('newreasonnum') !~ /^\s*$/;
-% my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'),
-% 'reason' => $cgi->param('newreasonnum'),
-% });
-% $error ||= $reason->insert;
-% $cgi->param('reasonnum', $reason->reasonnum)
-% unless $error;
-%}
-%
-%unless ($error) {
-% my $new = new FS::cust_credit ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('cust_credit')
-% } );
-% $error = $new->insert;
-%}
-%
%if ( $error ) {
% $cgi->param('reasonnum', $reasonnum);
% $cgi->param('error', $error);
% $dbh->rollback if $oldAutoCommit;
-%
%
<% $cgi->redirect(popurl(2). "cust_credit.cgi?". $cgi->query_string ) %>
%
-%
%} else {
%
% if ( $cgi->param('apply') eq 'yes' ) {
@@ -59,4 +23,41 @@
</BODY></HTML>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post credit');
+
+$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
+my $custnum = $1;
+
+$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum";
+my $reasonnum = $1;
+
+my $oldAutoCommit = $FS::UID::AutoCommit;
+local $FS::UID::AutoCommit = 0;
+my $dbh = dbh;
+
+my $error = '';
+if ($reasonnum == -1) {
+
+ $error = 'Enter a new reason (or select an existing one)'
+ unless $cgi->param('newreasonnum') !~ /^\s*$/;
+ my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'),
+ 'reason' => $cgi->param('newreasonnum'),
+ });
+ $error ||= $reason->insert;
+ $cgi->param('reasonnum', $reason->reasonnum)
+ unless $error;
+}
+
+unless ($error) {
+ my $new = new FS::cust_credit ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('cust_credit')
+ } );
+ $error = $new->insert;
+}
+</%init>
diff --git a/httemplate/edit/process/cust_credit_bill.cgi b/httemplate/edit/process/cust_credit_bill.cgi
index 7509a3f02..74ae00888 100755
--- a/httemplate/edit/process/cust_credit_bill.cgi
+++ b/httemplate/edit/process/cust_credit_bill.cgi
@@ -1,55 +1,51 @@
-%
-%
-%$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!";
-%my $crednum = $1;
-%
-%my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } )
-% or die "No such crednum";
-%
-%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } )
-% or die "Bogus credit: not attached to customer";
-%
-%my $custnum = $cust_main->custnum;
-%
-%my $new;
-%if ($cgi->param('invnum') =~ /^Refund$/) {
-% $new = new FS::cust_refund ( {
-% 'reason' => ( $cust_credit->reason || 'refund from credit' ),
-% 'refund' => $cgi->param('amount'),
-% 'payby' => 'BILL',
-% #'_date' => $cgi->param('_date'),
-% #'payinfo' => 'Cash',
-% 'payinfo' => 'Refund',
-% 'crednum' => $crednum,
-% } );
-%} else {
-% $new = new FS::cust_credit_bill ( {
-% map {
-% $_, scalar($cgi->param($_));
-% #} qw(custnum _date amount invnum)
-% } fields('cust_credit_bill')
-% } );
-%}
-%
-%my $error = $new->insert;
-%
%if ( $error ) {
-%
% $cgi->param('error', $error);
-%
<% $cgi->redirect(popurl(2). "cust_credit_bill.cgi?". $cgi->query_string ) %>
-%
-%
%} else {
-%
-% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-%
-%
<% header('Credit application sucessful') %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
-
- </BODY></HTML>
+ </BODY>
+ </HTML>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Apply credit') #;
+ || $FS::CurrentUser::CurrentUser->access_right('Post credit'): #remove after 1.7.3
+
+$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!";
+my $crednum = $1;
+
+my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } )
+ or die "No such crednum";
+
+my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } )
+ or die "Bogus credit: not attached to customer";
+
+my $custnum = $cust_main->custnum;
+
+my $new;
+if ($cgi->param('invnum') =~ /^Refund$/) {
+ $new = new FS::cust_refund ( {
+ 'reason' => ( $cust_credit->reason || 'refund from credit' ),
+ 'refund' => $cgi->param('amount'),
+ 'payby' => 'BILL',
+ #'_date' => $cgi->param('_date'),
+ #'payinfo' => 'Cash',
+ 'payinfo' => 'Refund',
+ 'crednum' => $crednum,
+ } );
+} else {
+ $new = new FS::cust_credit_bill ( {
+ map {
+ $_, scalar($cgi->param($_));
+ #} qw(custnum _date amount invnum)
+ } fields('cust_credit_bill')
+ } );
+}
+
+my $error = $new->insert;
+</%init>
diff --git a/httemplate/edit/process/cust_main.cgi b/httemplate/edit/process/cust_main.cgi
index 8de2092f9..b0c9e3e57 100755
--- a/httemplate/edit/process/cust_main.cgi
+++ b/httemplate/edit/process/cust_main.cgi
@@ -16,6 +16,9 @@ my $DEBUG = 0;
</%once>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer');
+
my $error = '';
#unmunge stuff
diff --git a/httemplate/edit/process/cust_main_county-collapse.cgi b/httemplate/edit/process/cust_main_county-collapse.cgi
index 4bcaf1de3..a917825ce 100755
--- a/httemplate/edit/process/cust_main_county-collapse.cgi
+++ b/httemplate/edit/process/cust_main_county-collapse.cgi
@@ -33,4 +33,12 @@
%print $cgi->redirect(popurl(3). "browse/cust_main_county.cgi");
%
%
+<%init>
+#this isn't actually linked from anywhere just now, but it will be again soon
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+
+</%init>
diff --git a/httemplate/edit/process/cust_main_county-expand.cgi b/httemplate/edit/process/cust_main_county-expand.cgi
index 4e04f37fc..a8b4c2511 100755
--- a/httemplate/edit/process/cust_main_county-expand.cgi
+++ b/httemplate/edit/process/cust_main_county-expand.cgi
@@ -8,6 +8,9 @@
</HTML>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
$cgi->param('taxnum') =~ /^(\d+)$/ or die "Illegal taxnum!";
my $taxnum = $1;
my $cust_main_county = qsearchs('cust_main_county',{'taxnum'=>$taxnum})
diff --git a/httemplate/edit/process/cust_main_county.html b/httemplate/edit/process/cust_main_county.html
index 3d9d20b85..cb56166c8 100644
--- a/httemplate/edit/process/cust_main_county.html
+++ b/httemplate/edit/process/cust_main_county.html
@@ -4,3 +4,10 @@
#someday change the individual element and go away instead
)
%>
+<%init>
+
+my $conf = new FS::Conf;
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/process/cust_main_note.cgi b/httemplate/edit/process/cust_main_note.cgi
index 8b9105bd8..9689ca6d6 100755
--- a/httemplate/edit/process/cust_main_note.cgi
+++ b/httemplate/edit/process/cust_main_note.cgi
@@ -1,42 +1,7 @@
-%
-%
-%$cgi->param('custnum') =~ /^(\d+)$/
-% or die "Illegal custnum: ". $cgi->param('custnum');
-%my $custnum = $1;
-%
-%$cgi->param('notenum') =~ /^(\d*)$/
-% or die "Illegal notenum: ". $cgi->param('notenum');
-%my $notenum = $1;
-%
-%my $otaker = $FS::CurrentUser::CurrentUser->name;
-%$otaker = $FS::CurrentUser::CurrentUser->username
-% if ($otaker eq "User, Legacy");
-%
-%my $new = new FS::cust_main_note ( {
-% notenum => $notenum,
-% custnum => $custnum,
-% _date => time,
-% otaker => $otaker,
-% comments => $cgi->param('comment'),
-%} );
-%
-%my $error;
-%if ($notenum){
-% my $old = qsearchs('cust_main_note', { 'notenum' => $notenum });
-% $error = "No such note: $notenum" unless $old;
-% unless($error){
-% map { $new->$_($old->$_) } ('_date', 'otaker');
-% $error = $new->replace($old);
-% }
-%}else{
-% $error = $new->insert;
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string );
-%}
-%
+<% $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string ) %>
+%} else {
%
<% header('Note ' . ($notenum ? 'updated' : 'added') ) %>
<SCRIPT TYPE="text/javascript">
@@ -48,5 +13,48 @@
</SCRIPT>
</BODY></HTML>
%
-%
+% }
+<%init>
+
+$cgi->param('custnum') =~ /^(\d+)$/
+ or die "Illegal custnum: ". $cgi->param('custnum');
+my $custnum = $1;
+
+$cgi->param('notenum') =~ /^(\d*)$/
+ or die "Illegal notenum: ". $cgi->param('notenum');
+my $notenum = $1;
+
+my $otaker = $FS::CurrentUser::CurrentUser->name;
+$otaker = $FS::CurrentUser::CurrentUser->username
+ if ($otaker eq "User, Legacy");
+
+my $new = new FS::cust_main_note ( {
+ notenum => $notenum,
+ custnum => $custnum,
+ _date => time,
+ otaker => $otaker,
+ comments => $cgi->param('comment'),
+} );
+
+my $error;
+if ($notenum) {
+
+ die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer note');
+
+ my $old = qsearchs('cust_main_note', { 'notenum' => $notenum });
+ $error = "No such note: $notenum" unless $old;
+ unless ($error) {
+ map { $new->$_($old->$_) } ('_date', 'otaker');
+ $error = $new->replace($old);
+ }
+
+} else {
+
+ die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Add customer note');
+
+ $error = $new->insert;
+}
+</%init>
diff --git a/httemplate/edit/process/cust_pay.cgi b/httemplate/edit/process/cust_pay.cgi
index a34c88aba..647f6fc6c 100755
--- a/httemplate/edit/process/cust_pay.cgi
+++ b/httemplate/edit/process/cust_pay.cgi
@@ -1,32 +1,8 @@
-%
-%
-%$cgi->param('linknum') =~ /^(\d+)$/
-% or die "Illegal linknum: ". $cgi->param('linknum');
-%my $linknum = $1;
-%
-%$cgi->param('link') =~ /^(custnum|invnum|popup)$/
-% or die "Illegal link: ". $cgi->param('link');
-%my $field = my $link = $1;
-%$field = 'custnum' if $field eq 'popup';
-%
-%my $_date = str2time($cgi->param('_date'));
-%
-%my $new = new FS::cust_pay ( {
-% $field => $linknum,
-% _date => $_date,
-% map {
-% $_, scalar($cgi->param($_));
-% } qw(paid payby payinfo paybatch)
-% #} fields('cust_pay')
-%} );
-%
-%my $error = $new->insert( 'manual' => 1 );
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string );
+<% $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string ) %>
%} elsif ( $field eq 'invnum' ) {
-% print $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum");
+<% $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum") %>
%} elsif ( $field eq 'custnum' ) {
% if ( $cgi->param('apply') eq 'yes' ) {
% my $cust_main = qsearchs('cust_main', { 'custnum' => $linknum })
@@ -34,7 +10,6 @@
% $cust_main->apply_payments;
% }
% if ( $link eq 'popup' ) {
-%
%
<% header('Payment entered') %>
<SCRIPT TYPE="text/javascript">
@@ -43,14 +18,38 @@
</BODY></HTML>
%
-%
% } elsif ( $link eq 'custnum' ) {
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum") %>
% } else {
% die "unknown link $link";
% }
%
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
+
+$cgi->param('linknum') =~ /^(\d+)$/
+ or die "Illegal linknum: ". $cgi->param('linknum');
+my $linknum = $1;
+
+$cgi->param('link') =~ /^(custnum|invnum|popup)$/
+ or die "Illegal link: ". $cgi->param('link');
+my $field = my $link = $1;
+$field = 'custnum' if $field eq 'popup';
+
+my $_date = str2time($cgi->param('_date'));
+
+my $new = new FS::cust_pay ( {
+ $field => $linknum,
+ _date => $_date,
+ map {
+ $_, scalar($cgi->param($_));
+ } qw(paid payby payinfo paybatch)
+ #} fields('cust_pay')
+} );
+
+my $error = $new->insert( 'manual' => 1 );
+</%init>
diff --git a/httemplate/edit/process/cust_pkg.cgi b/httemplate/edit/process/cust_pkg.cgi
index 25b826758..bdade321f 100755
--- a/httemplate/edit/process/cust_pkg.cgi
+++ b/httemplate/edit/process/cust_pkg.cgi
@@ -11,7 +11,7 @@
</HTML>
% } elsif ( $action eq 'bulk' ) {
-% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
% } else {
% die "guru exception #5: action is neither change nor bulk!";
% }
@@ -28,15 +28,27 @@ my @remove_pkgnums = map {
$1;
} $cgi->param('remove_pkg');
+my $curuser = $FS::CurrentUser::CurrentUser;
+
my( $action, $error_redirect );
my @pkgparts = ();
if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi
+
$action = 'change';
$error_redirect = "misc/change_pkg.cgi";
@pkgparts = ($1);
+
+ die "access denied"
+ unless $curuser->access_right('Change customer package');
+
} else { #came from edit/cust_pkg.cgi
+
$action = 'bulk';
$error_redirect = "edit/cust_pkg.cgi";
+
+ die "access denied"
+ unless $curuser->access_right('Bulk change customer packages');
+
foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
my $num_pkgs = $1;
@@ -48,6 +60,7 @@ if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi
last;
}
}
+
}
$error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums);
diff --git a/httemplate/edit/process/cust_refund.cgi b/httemplate/edit/process/cust_refund.cgi
index d95ab46dc..1a7a394b3 100755
--- a/httemplate/edit/process/cust_refund.cgi
+++ b/httemplate/edit/process/cust_refund.cgi
@@ -1,38 +1,43 @@
-%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
-%my $custnum = $1;
-%my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-% or die "unknown custnum $custnum";
-%
-%my $error = '';
-%if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) {
-% my %options = ();
-% my $bop = $FS::payby::payby2bop{$1};
-% $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
-% or die "illegal refund amount ". $cgi->param('refund');
-% my $refund = "$1$2";
-% $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
-% my $paynum = $1;
-% my $reason = $cgi->param('reason');
-% my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01';
-% $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/;
-% $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund,
-% 'paynum' => $paynum,
-% 'reason' => $reason,
-% %options );
-%} else {
-% die 'unimplemented';
-% #my $new = new FS::cust_refund ( {
-% # map {
-% # $_, scalar($cgi->param($_));
-% # } ( fields('cust_refund'), 'paynum' )
-% #} );
-% #$error = $new->insert;
-%}
-%
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Refund payment');
+
+$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
+my $custnum = $1;
+my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+ or die "unknown custnum $custnum";
+
+my $error = '';
+if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) {
+ my %options = ();
+ my $bop = $FS::payby::payby2bop{$1};
+ $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
+ or die "illegal refund amount ". $cgi->param('refund');
+ my $refund = "$1$2";
+ $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
+ my $paynum = $1;
+ my $reason = $cgi->param('reason');
+ my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01';
+ $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/;
+ $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund,
+ 'paynum' => $paynum,
+ 'reason' => $reason,
+ %options );
+} else {
+ die 'unimplemented';
+ #my $new = new FS::cust_refund ( {
+ # map {
+ # $_, scalar($cgi->param($_));
+ # } ( fields('cust_refund'), 'paynum' )
+ #} );
+ #$error = $new->insert;
+}
+
+</%init>
diff --git a/httemplate/edit/process/cust_svc.cgi b/httemplate/edit/process/cust_svc.cgi
index e9d5f6238..e22cbb201 100644
--- a/httemplate/edit/process/cust_svc.cgi
+++ b/httemplate/edit/process/cust_svc.cgi
@@ -1,30 +1,30 @@
-%
-%
-%my $svcnum = $cgi->param('svcnum');
-%
-%my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum;
-%
-%my $new = new FS::cust_svc ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('cust_svc')
-%} );
-%
-%my $error;
-%if ( $svcnum ) {
-% $error=$new->replace($old);
-%} else {
-% $error=$new->insert;
-% $svcnum=$new->getfield('svcnum');
-%}
-%
%if ( $error ) {
-% #$cgi->param('error', $error);
-% #print $cgi->redirect(popurl(2). "cust_svc.cgi?". $cgi->query_string );
% errorpage($error);
%} else {
% my $svcdb = $new->part_svc->svcdb;
-% print $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die 'access deined'
+ unless $FS::CurrentUser::CurrentUser->access_right('Change customer service');
+
+my $svcnum = $cgi->param('svcnum');
+
+my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum;
+
+my $new = new FS::cust_svc ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('cust_svc')
+} );
+
+my $error;
+if ( $svcnum ) {
+ $error=$new->replace($old);
+} else {
+ $error=$new->insert;
+ $svcnum=$new->getfield('svcnum');
+}
+
+</%init>
diff --git a/httemplate/edit/process/domain_record.cgi b/httemplate/edit/process/domain_record.cgi
index daf35ad6d..2e427e4fb 100755
--- a/httemplate/edit/process/domain_record.cgi
+++ b/httemplate/edit/process/domain_record.cgi
@@ -1,36 +1,30 @@
-%
-%
-%my $recnum = $cgi->param('recnum');
-%
-%my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum;
-%
-%my $new = new FS::domain_record ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('domain_record')
-%} );
-%
-%my $error;
-%if ( $recnum ) {
-% $error=$new->replace($old);
-%} else {
-% $error=$new->insert;
-% $recnum=$new->getfield('recnum');
-%}
-%
%if ( $error ) {
-%# $cgi->param('error', $error);
-%# print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string );
-% #no edit screen to send them back to
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
% my $svcnum = $new->svcnum;
-% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice');
+
+my $recnum = $cgi->param('recnum');
+
+my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum;
+
+my $new = new FS::domain_record ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('domain_record')
+} );
+
+my $error;
+if ( $recnum ) {
+ $error=$new->replace($old);
+} else {
+ $error=$new->insert;
+ $recnum=$new->getfield('recnum');
+}
+</%init>
diff --git a/httemplate/edit/process/generic.cgi b/httemplate/edit/process/generic.cgi
index e3ac113ae..642876386 100644
--- a/httemplate/edit/process/generic.cgi
+++ b/httemplate/edit/process/generic.cgi
@@ -1,73 +1,77 @@
-%# Welcome to generic.cgi.
-%#
-%# This script provides a generic edit/process/ backend for simple table
-%# editing. All it knows how to do is take the values entered into
-%# the script and insert them into the table specified by $cgi->param('table').
-%# If there's an existing record with the same primary key, it will be
-%# replaced. (Deletion will be added in the future.)
-%#
-%# also see elements/process.html, newer and somewhat along the same lines,
-%# though it still makes you setup a process file for the table.
-%# perhaps safer, perhaps more of a pain in the ass.
-%#
-%# Special cgi params for this script:
-%# table: the name of the table to be edited. The script will die horribly
-%# if it can't find the table.
-%# redirect_ok: URL to be displayed after a successful edit. The value of
-%# the record's primary key will be passed as a keyword.
-%# Defaults to (freeside root)/view/$table.cgi.
-%# redirect_error: URL to be displayed if there's an error. The original
-%# query string, plus the error message, will be passed.
-%# Defaults to $cgi->referer() (i.e. go back where you
-%# came from).
-%
-%
-%use FS::Record qw(qsearchs dbdef);
-%use DBIx::DBSchema;
-%use DBIx::DBSchema::Table;
-%
-%
-%my $error;
-%my $p2 = popurl(2);
-%my $p3 = popurl(3);
-%my $table = $cgi->param('table');
-%my $dbdef = dbdef or die "Cannot fetch dbdef!";
-%
-%my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table";
-%
-%my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table";
-%my $pkey_val = $cgi->param($pkey);
-%
-%
-%#warn "new FS::Record ( $table, (hashref) )";
-%my $new = FS::Record::new ( "FS::$table", {
-% map { $_, scalar($cgi->param($_)) } fields($table)
-%} );
-%
-%#warn 'created $new of class '.ref($new);
-%
-%if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) {
-% # edit
-% $error = $new->replace($old);
-%} else {
-% #add
-% $error = $new->insert;
-% $pkey_val = $new->getfield($pkey);
-% # New records usually don't have their primary keys set until after
-% # they've been checked/inserted, so grab the new $pkey_val so we can
-% # redirect to it.
-%}
-%
-%my $redirect_ok = (($cgi->param('redirect_ok')) ?
-% $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table");
-%my $redirect_error = (($cgi->param('redirect_error')) ?
-% $cgi->param('redirect_error') : $cgi->referer());
-%
%if($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect($redirect_error . '?' . $cgi->query_string);
+<% $cgi->redirect($redirect_error . '?' . $cgi->query_string) %>
%} else {
-% print $cgi->redirect($redirect_ok);
+<% $cgi->redirect($redirect_ok) %>
%}
-%
+<%doc>
+
+See elements/process.html, newer and somewhat along the same lines,
+though it still makes you setup a process file for the table.
+Perhaps safer, perhaps more of a pain in the ass.
+
+In any case, this is probably pretty deprecated; it is only used by
+part_virtual_field.cgi, and so its ACL is hardcoded to 'Configuration'.
+
+Welcome to generic.cgi.
+
+This script provides a generic edit/process/ backend for simple table
+editing. All it knows how to do is take the values entered into
+the script and insert them into the table specified by $cgi->param('table').
+If there's an existing record with the same primary key, it will be
+replaced. (Deletion will be added in the future.)
+
+Special cgi params for this script:
+table: the name of the table to be edited. The script will die horribly
+ if it can't find the table.
+redirect_ok: URL to be displayed after a successful edit. The value of
+ the record's primary key will be passed as a keyword.
+ Defaults to (freeside root)/view/$table.cgi.
+redirect_error: URL to be displayed if there's an error. The original
+ query string, plus the error message, will be passed.
+ Defaults to $cgi->referer() (i.e. go back where you
+ came from).
+
+</%doc>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $error;
+my $p2 = popurl(2);
+my $p3 = popurl(3);
+my $table = $cgi->param('table');
+my $dbdef = dbdef or die "Cannot fetch dbdef!";
+
+my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table";
+
+my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table";
+my $pkey_val = $cgi->param($pkey);
+
+
+#warn "new FS::Record ( $table, (hashref) )";
+my $new = FS::Record::new ( "FS::$table", {
+ map { $_, scalar($cgi->param($_)) } fields($table)
+} );
+
+#warn 'created $new of class '.ref($new);
+
+if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) {
+ # edit
+ $error = $new->replace($old);
+} else {
+ #add
+ $error = $new->insert;
+ $pkey_val = $new->getfield($pkey);
+ # New records usually don't have their primary keys set until after
+ # they've been checked/inserted, so grab the new $pkey_val so we can
+ # redirect to it.
+}
+
+my $redirect_ok = (($cgi->param('redirect_ok')) ?
+ $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table");
+my $redirect_error = (($cgi->param('redirect_error')) ?
+ $cgi->param('redirect_error') : $cgi->referer());
+</%init>
diff --git a/httemplate/edit/process/inventory_class.html b/httemplate/edit/process/inventory_class.html
index c7be9e8dd..dbf978e72 100644
--- a/httemplate/edit/process/inventory_class.html
+++ b/httemplate/edit/process/inventory_class.html
@@ -3,3 +3,9 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/process/msgcat.cgi b/httemplate/edit/process/msgcat.cgi
index 9711143d6..7175fa2b3 100644
--- a/httemplate/edit/process/msgcat.cgi
+++ b/httemplate/edit/process/msgcat.cgi
@@ -1,21 +1,22 @@
-%
-%
-%my $error;
-%foreach my $param ( grep { /^\d+$/ } $cgi->param ) {
-% my $old = qsearchs('msgcat', { msgnum=>$param } );
-% next if $old->msg eq $cgi->param($param); #no need to update identical records
-% my $new = new FS::msgcat { $old->hash };
-% $new->msg($cgi->param($param));
-% $error = $new->replace($old);
-% last if $error;
-%}
-%
%if ( $error ) {
% $cgi->param('error',$error);
-% print $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string );
+<% $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/msgcat.cgi");
+<% $cgi->redirect(popurl(3). "browse/msgcat.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $error;
+foreach my $param ( grep { /^\d+$/ } $cgi->param ) {
+ my $old = qsearchs('msgcat', { msgnum=>$param } );
+ next if $old->msg eq $cgi->param($param); #no need to update identical records
+ my $new = new FS::msgcat { $old->hash };
+ $new->msg($cgi->param($param));
+ $error = $new->replace($old);
+ last if $error;
+}
+</%init>
diff --git a/httemplate/edit/process/part_bill_event.cgi b/httemplate/edit/process/part_bill_event.cgi
index af594f264..3534519fd 100755
--- a/httemplate/edit/process/part_bill_event.cgi
+++ b/httemplate/edit/process/part_bill_event.cgi
@@ -1,89 +1,92 @@
-%
-%my $eventpart = $cgi->param('eventpart');
-%
-%my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart;
-%
-%#s/days/seconds/
-%$cgi->param('seconds', int( $cgi->param('days') * 86400 ) );
-%
-%my $error;
-%if ( ! $cgi->param('plan_weight_eventcode') ) {
-% $error = "Must select an action";
-%} else {
-%
-% $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s
-% or die "illegal plan_weight_eventcode:".
-% $cgi->param('plan_weight_eventcode');
-% $cgi->param('plan', $1);
-% $cgi->param('weight', $2);
-% my $eventcode = $3;
-% my $plandata = '';
-%
-% my $rnum;
-% my $rtype;
-% my $reasonm;
-% my $class = '';
-% $class='c' if ($eventcode =~ /cancel/);
-% $class='s' if ($eventcode =~ /suspend/);
-% if ($class) {
-% $cgi->param("${class}reason") =~ /^(-?\d+)$/
-% or $error = "Invalid ${class}reason";
-% $rnum = $1;
-% if ($rnum == -1) {
-% $cgi->param("new${class}reasonT") =~ /^(\d+)$/
-% or $error = "Invalid new${class}reasonT";
-% $rtype = $1;
-% $cgi->param("new${class}reason") =~ /^([\s\w]+)$/
-% or $error = "Invalid new${class}reason";
-% $reasonm = $1;
-% }
-% }
-%
-% if ($rnum == -1 && !$error) {
-% my $reason = new FS::reason ({ 'reason' => $reasonm,
-% 'reason_type' => $rtype,
-% });
-% $error = $reason->insert;
-% unless ($error) {
-% $rnum = $reason->reasonnum;
-% $cgi->param("${class}reason", $rnum);
-% $cgi->param("new${class}reason", '');
-% $cgi->param("new${class}reasonT", '');
-% }
-% }
-%
-% while ( $eventcode =~ /%%%(\w+)%%%/ ) {
-% my $field = $1;
-% my $value = join(', ', $cgi->param($field) );
-% $cgi->param($field, $value); #in case it errors out
-% $eventcode =~ s/%%%$field%%%/$value/;
-% $plandata .= "$field $value\n";
-% }
-% $cgi->param('eventcode', $eventcode);
-% $cgi->param('plandata', $plandata);
-%
-% unless($error){
-% my $new = new FS::part_bill_event ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('part_bill_event'),
-% } );
-% $new->setfield('reason', $rnum);
-%
-% if ( $eventpart ) {
-% $error = $new->replace($old);
-% } else {
-% $error = $new->insert;
-% $eventpart = $new->getfield('eventpart');
-% }
-% }
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3)."browse/part_bill_event.cgi");
+<% $cgi->redirect(popurl(3)."browse/part_bill_event.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $eventpart = $cgi->param('eventpart');
+
+my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart;
+
+#s/days/seconds/
+$cgi->param('seconds', int( $cgi->param('days') * 86400 ) );
+
+my $error;
+if ( ! $cgi->param('plan_weight_eventcode') ) {
+ $error = "Must select an action";
+} else {
+
+ $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s
+ or die "illegal plan_weight_eventcode:".
+ $cgi->param('plan_weight_eventcode');
+ $cgi->param('plan', $1);
+ $cgi->param('weight', $2);
+ my $eventcode = $3;
+ my $plandata = '';
+
+ my $rnum;
+ my $rtype;
+ my $reasonm;
+ my $class = '';
+ $class='c' if ($eventcode =~ /cancel/);
+ $class='s' if ($eventcode =~ /suspend/);
+ if ($class) {
+ $cgi->param("${class}reason") =~ /^(-?\d+)$/
+ or $error = "Invalid ${class}reason";
+ $rnum = $1;
+ if ($rnum == -1) {
+ $cgi->param("new${class}reasonT") =~ /^(\d+)$/
+ or $error = "Invalid new${class}reasonT";
+ $rtype = $1;
+ $cgi->param("new${class}reason") =~ /^([\s\w]+)$/
+ or $error = "Invalid new${class}reason";
+ $reasonm = $1;
+ }
+ }
+
+ if ($rnum == -1 && !$error) {
+ my $reason = new FS::reason ({ 'reason' => $reasonm,
+ 'reason_type' => $rtype,
+ });
+ $error = $reason->insert;
+ unless ($error) {
+ $rnum = $reason->reasonnum;
+ $cgi->param("${class}reason", $rnum);
+ $cgi->param("new${class}reason", '');
+ $cgi->param("new${class}reasonT", '');
+ }
+ }
+
+ while ( $eventcode =~ /%%%(\w+)%%%/ ) {
+ my $field = $1;
+ my $value = join(', ', $cgi->param($field) );
+ $cgi->param($field, $value); #in case it errors out
+ $eventcode =~ s/%%%$field%%%/$value/;
+ $plandata .= "$field $value\n";
+ }
+ $cgi->param('eventcode', $eventcode);
+ $cgi->param('plandata', $plandata);
+
+ unless($error){
+ my $new = new FS::part_bill_event ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('part_bill_event'),
+ } );
+ $new->setfield('reason', $rnum);
+
+ if ( $eventpart ) {
+ $error = $new->replace($old);
+ } else {
+ $error = $new->insert;
+ $eventpart = $new->getfield('eventpart');
+ }
+ }
+}
+
+</%init>
diff --git a/httemplate/edit/process/part_export.cgi b/httemplate/edit/process/part_export.cgi
index 0dd9eabae..b5f82e892 100644
--- a/httemplate/edit/process/part_export.cgi
+++ b/httemplate/edit/process/part_export.cgi
@@ -1,40 +1,41 @@
-%
-%
-%my $exportnum = $cgi->param('exportnum');
-%
-%my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum;
-%
-%#fixup options
-%#warn join('-', split(',',$cgi->param('options')));
-%my %options = map {
-% my $value = $cgi->param($_);
-% $value =~ s/\r\n/\n/g; #browsers? (textarea)
-% $_ => $value;
-%} split(',', $cgi->param('options'));
-%
-%my $new = new FS::part_export ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('part_export')
-%} );
-%
-%my $error;
-%if ( $exportnum ) {
-% #warn $old;
-% #warn $exportnum;
-% #warn $new->machine;
-% $error = $new->replace($old,\%options);
-%} else {
-% $error = $new->insert(\%options);
-%# $exportnum = $new->exportnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error );
-% print $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/part_export.cgi");
+<% $cgi->redirect(popurl(3). "browse/part_export.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $exportnum = $cgi->param('exportnum');
+
+my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum;
+
+#fixup options
+#warn join('-', split(',',$cgi->param('options')));
+my %options = map {
+ my $value = $cgi->param($_);
+ $value =~ s/\r\n/\n/g; #browsers? (textarea)
+ $_ => $value;
+} split(',', $cgi->param('options'));
+
+my $new = new FS::part_export ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('part_export')
+} );
+
+my $error;
+if ( $exportnum ) {
+ #warn $old;
+ #warn $exportnum;
+ #warn $new->machine;
+ $error = $new->replace($old,\%options);
+} else {
+ $error = $new->insert(\%options);
+# $exportnum = $new->exportnum;
+}
+</%init>
diff --git a/httemplate/edit/process/part_pkg.cgi b/httemplate/edit/process/part_pkg.cgi
index b29e96305..f4d0c209e 100755
--- a/httemplate/edit/process/part_pkg.cgi
+++ b/httemplate/edit/process/part_pkg.cgi
@@ -1,103 +1,111 @@
-%
-%
-%my $dbh = dbh;
-%my $conf = new FS::Conf;
-%
-%my $pkgpart = $cgi->param('pkgpart');
-%
-%my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart;
-%
-%tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() };
-%my $href = $plans{$cgi->param('plan')}->{'fields'};
-%
-%#fixup plandata
-%my $error;
-%my $plandata = $cgi->param('plandata');
-%my @plandata = split(',', $plandata);
-%$cgi->param('plandata',
-% join('', map { my $parser = sub { shift };
-% $parser = $href->{$_}{parse} if exists($href->{$_}{parse});
-% my $value = join(', ', &$parser($cgi->param($_)));
-% my $check = $href->{$_}{check};
-% if ( $check && ! &$check($value) ) {
-% $value = join(', ', $cgi->param($_));
-% $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value";
-% }
-% "$_=$value\n";
-% } @plandata )
-%);
-%
-%foreach (qw( setuptax recurtax disabled )) {
-% $cgi->param($_, '') unless defined $cgi->param($_);
-%}
-%
-%my @agents;
-%foreach ($cgi->param('agent_type')) {
-% /^(\d+)$/;
-% push @agents, $1 if $1;
-%}
-%$error = "At least one agent type must be specified."
-% unless( scalar(@agents) ||
-% $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ ||
-% !$pkgpart && $conf->exists('agent-defaultpkg')
-% );
-%
-%my $new = new FS::part_pkg ( {
-% map {
-% $_ => scalar($cgi->param($_));
-% } fields('part_pkg')
-%} );
-%
-%my $oldAutoCommit = $FS::UID::AutoCommit;
-%local $FS::UID::AutoCommit = 0;
-%
-%my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) }
-% map { $_->svcpart }
-% qsearch('part_svc', {} );
-%
-%my $custnum = '';
-%if ( $error ) {
-%
-% # fall through
-%
-%} elsif ( $cgi->param('taxclass') eq '(select)' ) {
-%
-% $error = 'Must select a tax class';
-%
-%} elsif ( $pkgpart ) {
-%
-% $error = $new->replace( $old,
-% pkg_svc => \%pkg_svc,
-% primary_svc => scalar($cgi->param('pkg_svc_primary')),
-% );
-%} else {
-%
-% $error = $new->insert( pkg_svc => \%pkg_svc,
-% primary_svc => scalar($cgi->param('pkg_svc_primary')),
-% cust_pkg => $cgi->param('pkgnum'),
-% custnum_ref => \$custnum,
-% );
-% $pkgpart = $new->pkgpart;
-%}
-%
-%unless ( $error || $conf->exists('agent_defaultpkg') ) {
-% my $error = $new->process_m2m(
-% 'link_table' => 'type_pkgs',
-% 'target_table' => 'agent_type',
-% 'params' => \@agents,
-% );
-%}
%if ( $error ) {
% $dbh->rollback if $oldAutoCommit;
% $cgi->param('error', $error );
-% print $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string ) %>
%} elsif ( $custnum ) {
% $dbh->commit or die $dbh->errstr if $oldAutoCommit;
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
%} else {
% $dbh->commit or die $dbh->errstr if $oldAutoCommit;
-% print $cgi->redirect(popurl(3). "browse/part_pkg.cgi");
+<% $cgi->redirect(popurl(3). "browse/part_pkg.cgi") %>
%}
-%
-%
+<%init>
+
+#1.7
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+#1.9
+#die "access denied"
+# unless $FS::CurrentUser::CurrentUser->access_right('Edit package definitions')
+# || $FS::CurrentUser::CurrentUser->access_right('Edit global package definitions');
+
+my $dbh = dbh;
+my $conf = new FS::Conf;
+
+my $pkgpart = $cgi->param('pkgpart');
+
+my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart;
+
+tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() };
+my $href = $plans{$cgi->param('plan')}->{'fields'};
+
+#fixup plandata
+my $error;
+my $plandata = $cgi->param('plandata');
+my @plandata = split(',', $plandata);
+$cgi->param('plandata',
+ join('', map { my $parser = sub { shift };
+ $parser = $href->{$_}{parse} if exists($href->{$_}{parse});
+ my $value = join(', ', &$parser($cgi->param($_)));
+ my $check = $href->{$_}{check};
+ if ( $check && ! &$check($value) ) {
+ $value = join(', ', $cgi->param($_));
+ $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value";
+ }
+ "$_=$value\n";
+ } @plandata )
+);
+
+foreach (qw( setuptax recurtax disabled )) {
+ $cgi->param($_, '') unless defined $cgi->param($_);
+}
+
+my @agents;
+foreach ($cgi->param('agent_type')) {
+ /^(\d+)$/;
+ push @agents, $1 if $1;
+}
+$error = "At least one agent type must be specified."
+ unless( scalar(@agents) ||
+ $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ ||
+ !$pkgpart && $conf->exists('agent-defaultpkg')
+ );
+
+my $new = new FS::part_pkg ( {
+ map {
+ $_ => scalar($cgi->param($_));
+ } fields('part_pkg')
+} );
+
+my $oldAutoCommit = $FS::UID::AutoCommit;
+local $FS::UID::AutoCommit = 0;
+
+my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) }
+ map { $_->svcpart }
+ qsearch('part_svc', {} );
+
+my $custnum = '';
+if ( $error ) {
+
+ # fall through
+
+} elsif ( $cgi->param('taxclass') eq '(select)' ) {
+
+ $error = 'Must select a tax class';
+
+} elsif ( $pkgpart ) {
+
+ $error = $new->replace( $old,
+ pkg_svc => \%pkg_svc,
+ primary_svc => scalar($cgi->param('pkg_svc_primary')),
+ );
+} else {
+
+ $error = $new->insert( pkg_svc => \%pkg_svc,
+ primary_svc => scalar($cgi->param('pkg_svc_primary')),
+ cust_pkg => $cgi->param('pkgnum'),
+ custnum_ref => \$custnum,
+ );
+ $pkgpart = $new->pkgpart;
+}
+
+unless ( $error || $conf->exists('agent_defaultpkg') ) {
+ my $error = $new->process_m2m(
+ 'link_table' => 'type_pkgs',
+ 'target_table' => 'agent_type',
+ 'params' => \@agents,
+ );
+}
+
+</%init>
diff --git a/httemplate/edit/process/part_referral.html b/httemplate/edit/process/part_referral.html
index 14c1b7001..40cbc97bf 100755
--- a/httemplate/edit/process/part_referral.html
+++ b/httemplate/edit/process/part_referral.html
@@ -3,3 +3,10 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit advertising sources')
+ || $FS::CurrentUser::CurrentUser->access_right('Edit global advertising sources');
+
+</%init>
diff --git a/httemplate/edit/process/part_svc.cgi b/httemplate/edit/process/part_svc.cgi
index 97abc5baf..65de3fc6c 100755
--- a/httemplate/edit/process/part_svc.cgi
+++ b/httemplate/edit/process/part_svc.cgi
@@ -1,4 +1,9 @@
-%
-% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi;
+
+</%init>
diff --git a/httemplate/edit/process/payment_gateway.html b/httemplate/edit/process/payment_gateway.html
index 0b7e31395..b16bc3d27 100644
--- a/httemplate/edit/process/payment_gateway.html
+++ b/httemplate/edit/process/payment_gateway.html
@@ -1,34 +1,35 @@
-%
-%
-%my $gatewaynum = $cgi->param('gatewaynum');
-%
-%my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum;
-%
-%my $new = new FS::payment_gateway ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('payment_gateway')
-%} );
-%
-%my @options = split(/\r?\n/, $cgi->param('gateway_options') );
-%pop @options
-% if scalar(@options) % 2 && $options[-1] =~ /^\s*$/;
-%my %options = @options;
-%
-%my $error;
-%if ( $gatewaynum ) {
-% $error=$new->replace($old, \%options);
-%} else {
-% $error=$new->insert(\%options);
-% $gatewaynum=$new->getfield('gatewaynum');
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/payment_gateway.html");
+<% $cgi->redirect(popurl(3). "browse/payment_gateway.html") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $gatewaynum = $cgi->param('gatewaynum');
+
+my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum;
+
+my $new = new FS::payment_gateway ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('payment_gateway')
+} );
+
+my @options = split(/\r?\n/, $cgi->param('gateway_options') );
+pop @options
+ if scalar(@options) % 2 && $options[-1] =~ /^\s*$/;
+my %options = @options;
+
+my $error;
+if ( $gatewaynum ) {
+ $error=$new->replace($old, \%options);
+} else {
+ $error=$new->insert(\%options);
+ $gatewaynum=$new->getfield('gatewaynum');
+}
+</%init>
diff --git a/httemplate/edit/process/pkg_class.html b/httemplate/edit/process/pkg_class.html
index 183da805c..b196df3f7 100644
--- a/httemplate/edit/process/pkg_class.html
+++ b/httemplate/edit/process/pkg_class.html
@@ -3,3 +3,9 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/process/prepay_credit.cgi b/httemplate/edit/process/prepay_credit.cgi
index 518f79d86..24ce25608 100644
--- a/httemplate/edit/process/prepay_credit.cgi
+++ b/httemplate/edit/process/prepay_credit.cgi
@@ -36,8 +36,7 @@
<% include("/elements/header.html", "$num prepaid cards generated".
- ( $agent ? ' for '.$agent->agent : '' ),
- menubar( 'Main menu' => popurl(3) )
+ ( $agent ? ' for '.$agent->agent : '' )
)
%>
@@ -60,4 +59,9 @@
</BODY></HTML>
% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/process/quick-charge.cgi b/httemplate/edit/process/quick-charge.cgi
index 4a090f9de..3c7cac51d 100644
--- a/httemplate/edit/process/quick-charge.cgi
+++ b/httemplate/edit/process/quick-charge.cgi
@@ -1,46 +1,49 @@
-%
-% my $error = '';
-% my $param = $cgi->Vars;
-%
-% my @description = ();
-% for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
-% push @description, $param->{"description$row"}
-% if ($param->{"description$row"} =~ /\S/);
-% }
-%
-% $param->{"custnum"} =~ /^(\d+)$/
-% or $error .= "Illegal customer number " . $param->{"custnum"} . " ";
-% my $custnum = $1;
-%
-% $param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
-% or $error .= "Illegal amount " . $param->{"amount"} . " ";
-% my $amount = $1;
-%
-% if ( $param->{'taxclass'} eq '(select)' ) {
-% $error .= "Must select a tax class. ";
-% }
-%
-% unless ( $error ) {
-% my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-% or $error .= "Unknown customer number $custnum. ";
-%
-% $error ||= $cust_main->charge( {
-% 'amount' => $amount,
-% 'pkg' => scalar($cgi->param('pkg')),
-% 'taxclass' => scalar($cgi->param('taxclass')),
-% 'additional' => \@description,
-% } );
-% }
-%
-% if ( $error ) {
-%
-% $cgi->param('error', $error );
-%
+% if ( $error ) {
+% $cgi->param('error', $error );
<% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %>
-%
-% }
+% } else {
<% header("One-time charge added") %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
</BODY></HTML>
+% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
+my $error = '';
+my $param = $cgi->Vars;
+
+my @description = ();
+for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
+ push @description, $param->{"description$row"}
+ if ($param->{"description$row"} =~ /\S/);
+}
+
+$param->{"custnum"} =~ /^(\d+)$/
+ or $error .= "Illegal customer number " . $param->{"custnum"} . " ";
+my $custnum = $1;
+
+$param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
+ or $error .= "Illegal amount " . $param->{"amount"} . " ";
+my $amount = $1;
+
+if ( $param->{'taxclass'} eq '(select)' ) {
+ $error .= "Must select a tax class. ";
+}
+
+unless ( $error ) {
+ my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+ or $error .= "Unknown customer number $custnum. ";
+
+ $error ||= $cust_main->charge( {
+ 'amount' => $amount,
+ 'pkg' => scalar($cgi->param('pkg')),
+ 'taxclass' => scalar($cgi->param('taxclass')),
+ 'additional' => \@description,
+ } );
+}
+
+</%init>
diff --git a/httemplate/edit/process/quick-cust_pkg.cgi b/httemplate/edit/process/quick-cust_pkg.cgi
index 66d02e307..6b65653c2 100644
--- a/httemplate/edit/process/quick-cust_pkg.cgi
+++ b/httemplate/edit/process/quick-cust_pkg.cgi
@@ -1,17 +1,6 @@
-%#untaint custnum
-%$cgi->param('custnum') =~ /^(\d+)$/
-% or die 'illegal custnum '. $cgi->param('custnum');
-%my $custnum = $1;
-%$cgi->param('pkgpart') =~ /^(\d+)$/
-% or die 'illegal pkgpart '. $cgi->param('pkgpart');
-%my $pkgpart = $1;
-%
-%my @cust_pkg = ();
-%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] );
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string );
+<% $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ) %>
%} else {
% my $frag = "cust_pkg". $cust_pkg[0]->pkgnum;
<% header('Package ordered') %>
@@ -25,3 +14,20 @@
</BODY></HTML>
%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Order customer package');
+
+#untaint custnum
+$cgi->param('custnum') =~ /^(\d+)$/
+ or die 'illegal custnum '. $cgi->param('custnum');
+my $custnum = $1;
+$cgi->param('pkgpart') =~ /^(\d+)$/
+ or die 'illegal pkgpart '. $cgi->param('pkgpart');
+my $pkgpart = $1;
+
+my @cust_pkg = ();
+my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] );
+
+</%init>
diff --git a/httemplate/edit/process/rate.cgi b/httemplate/edit/process/rate.cgi
index c81f883b7..48d9322ca 100755
--- a/httemplate/edit/process/rate.cgi
+++ b/httemplate/edit/process/rate.cgi
@@ -1,4 +1,9 @@
-%
-% my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi;
+
+</%init>
diff --git a/httemplate/edit/process/reason.html b/httemplate/edit/process/reason.html
index 55c1ea958..cb79ed254 100644
--- a/httemplate/edit/process/reason.html
+++ b/httemplate/edit/process/reason.html
@@ -4,3 +4,9 @@
$cgi->param('class') . '&',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/process/reason_type.html b/httemplate/edit/process/reason_type.html
index 4ccccaddd..3172b27c4 100644
--- a/httemplate/edit/process/reason_type.html
+++ b/httemplate/edit/process/reason_type.html
@@ -4,3 +4,9 @@
$cgi->param('class') . '&',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/process/reg_code.cgi b/httemplate/edit/process/reg_code.cgi
index d93bb55a2..c4327991d 100644
--- a/httemplate/edit/process/reg_code.cgi
+++ b/httemplate/edit/process/reg_code.cgi
@@ -1,50 +1,46 @@
-%
-%
-%$cgi->param('agentnum') =~ /^(\d+)$/
-% or errorpage('illegal agentnum '. $cgi->param('agentnum'));
-%my $agentnum = $1;
-%my $agent = qsearchs('agent', { 'agentnum' => $agentnum } );
-%
-%my $error = '';
-%
-%my $num = 0;
-%if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) {
-% $num = $1;
-%} else {
-% $error = 'Illegal number of codes: '. $cgi->param('num');
-%}
-%
-%my @pkgparts =
-% map { /^pkgpart(.*)$/; $1 }
-% grep { $cgi->param($_) }
-% grep { /^pkgpart/ }
-% $cgi->param;
-%
-%$error ||= $agent->generate_reg_codes($num, \@pkgparts);
-%
%unless ( ref($error) ) {
% $cgi->param('error'. $error );
-%
-<%
- $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string )
-%>
+<% $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string ) %>
% } else {
-
<% include("/elements/header.html","$num registration codes generated for ". $agent->agent, menubar(
- 'Main menu' => popurl(3),
'View all agents' => popurl(3). 'browse/agent.cgi',
) ) %>
<PRE><FONT SIZE="+1">
% foreach my $code ( @$error ) {
-
<% $code %>
% }
-
-
</FONT></PRE>
-</BODY></HTML>
+<% include('/elements/footer.html') %>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('agentnum') =~ /^(\d+)$/
+ or errorpage('illegal agentnum '. $cgi->param('agentnum'));
+my $agentnum = $1;
+my $agent = qsearchs('agent', { 'agentnum' => $agentnum } );
+
+my $error = '';
+
+my $num = 0;
+if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) {
+ $num = $1;
+} else {
+ $error = 'Illegal number of codes: '. $cgi->param('num');
+}
+
+my @pkgparts =
+ map { /^pkgpart(.*)$/; $1 }
+ grep { $cgi->param($_) }
+ grep { /^pkgpart/ }
+ $cgi->param;
+
+$error ||= $agent->generate_reg_codes($num, \@pkgparts);
+
+</%init>
diff --git a/httemplate/edit/process/router.cgi b/httemplate/edit/process/router.cgi
index c69114ea4..7e0baf782 100644
--- a/httemplate/edit/process/router.cgi
+++ b/httemplate/edit/process/router.cgi
@@ -1,5 +1,3 @@
-%
-%
%local $FS::UID::AutoCommit=0;
%
%sub check {
@@ -64,5 +62,9 @@
%dbh->commit or die dbh->errstr;
%print $cgi->redirect(popurl(3). "browse/router.cgi");
%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>
diff --git a/httemplate/edit/process/svc_Common.html b/httemplate/edit/process/svc_Common.html
index f5c869a12..cf5f01f71 100644
--- a/httemplate/edit/process/svc_Common.html
+++ b/httemplate/edit/process/svc_Common.html
@@ -1,13 +1,16 @@
+<% include( 'elements/svc_Common.html',
+ 'table' => $table,
+ 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=",
+ 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;",
+ )
+%>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
$cgi->param('svcdb') =~ /^(svc_\w+)$/ or die "unparsable svcdb";
my $table = $1;
require "FS/$table.pm";
</%init>
-<% include( 'elements/svc_Common.html',
- 'table' => $table,
- 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=",
- 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;",
- )
-%>
diff --git a/httemplate/edit/process/svc_acct.cgi b/httemplate/edit/process/svc_acct.cgi
index d9aac9fac..0a89e253c 100755
--- a/httemplate/edit/process/svc_acct.cgi
+++ b/httemplate/edit/process/svc_acct.cgi
@@ -1,63 +1,64 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $old;
-%if ( $svcnum ) {
-% $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } )
-% or die "fatal: can't find account (svcnum $svcnum)!";
-%} else {
-% $old = '';
-%}
-%
-%#unmunge popnum
-%$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] );
-%
-%#unmunge passwd
-%if ( $cgi->param('_password') eq '*HIDDEN*' ) {
-% die "fatal: no previous account to recall hidden password from!" unless $old;
-% $cgi->param('_password',$old->getfield('_password'));
-%}
-%
-%#unmunge usergroup
-%$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] );
-%
-%#unmunge bytecounts
-%foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) {
-% $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) );
-%}
-%
-%my %hash = $svcnum ? $old->hash : ();
-%map {
-% $hash{$_} = scalar($cgi->param($_));
-% #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir
-% # shell quota slipip)
-% } (fields('svc_acct'), qw ( pkgnum svcpart usergroup ));
-%my $new = new FS::svc_acct ( \%hash );
-%
-%my $error;
-%if ( $svcnum ) {
-% foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) {
-% my %hash = map { $_ => $new->$_ }
-% grep { $new->$_ }
-% qw( seconds upbytes downbytes totalbytes );
-%
-% $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes
-% last; #once is enough
-% }
-% $error ||= $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->svcnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum );
+<% $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum ) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+
+my $old;
+if ( $svcnum ) {
+ $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } )
+ or die "fatal: can't find account (svcnum $svcnum)!";
+} else {
+ $old = '';
+}
+
+#unmunge popnum
+$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] );
+
+#unmunge passwd
+if ( $cgi->param('_password') eq '*HIDDEN*' ) {
+ die "fatal: no previous account to recall hidden password from!" unless $old;
+ $cgi->param('_password',$old->getfield('_password'));
+}
+
+#unmunge usergroup
+$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] );
+
+#unmunge bytecounts
+foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) {
+ $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) );
+}
+
+my %hash = $svcnum ? $old->hash : ();
+map {
+ $hash{$_} = scalar($cgi->param($_));
+ #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir
+ # shell quota slipip)
+ } (fields('svc_acct'), qw ( pkgnum svcpart usergroup ));
+my $new = new FS::svc_acct ( \%hash );
+
+my $error;
+if ( $svcnum ) {
+ foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) {
+ my %hash = map { $_ => $new->$_ }
+ grep { $new->$_ }
+ qw( seconds upbytes downbytes totalbytes );
+
+ $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes
+ last; #once is enough
+ }
+ $error ||= $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->svcnum;
+}
+</%init>
diff --git a/httemplate/edit/process/svc_acct_pop.cgi b/httemplate/edit/process/svc_acct_pop.cgi
index 9e9df7bf0..75b89c88f 100755
--- a/httemplate/edit/process/svc_acct_pop.cgi
+++ b/httemplate/edit/process/svc_acct_pop.cgi
@@ -1,29 +1,30 @@
-%
-%
-%my $popnum = $cgi->param('popnum');
-%
-%my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum;
-%
-%my $new = new FS::svc_acct_pop ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('svc_acct_pop')
-%} );
-%
-%my $error = '';
-%if ( $popnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $popnum=$new->getfield('popnum');
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi");
+<% $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $popnum = $cgi->param('popnum');
+
+my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum;
+
+my $new = new FS::svc_acct_pop ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('svc_acct_pop')
+} );
+
+my $error = '';
+if ( $popnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $popnum=$new->getfield('popnum');
+}
+</%init>
diff --git a/httemplate/edit/process/svc_broadband.cgi b/httemplate/edit/process/svc_broadband.cgi
index cf4604639..8600da349 100644
--- a/httemplate/edit/process/svc_broadband.cgi
+++ b/httemplate/edit/process/svc_broadband.cgi
@@ -1,37 +1,38 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $old;
-%if ( $svcnum ) {
-% $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } )
-% or die "fatal: can't find broadband service (svcnum $svcnum)!";
-%} else {
-% $old = '';
-%}
-%
-%my $new = new FS::svc_broadband ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% } ( fields('svc_broadband'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error;
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->svcnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
% $cgi->param('ip_addr', $new->ip_addr);
-% print $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum );
+<% $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum ) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+
+my $old;
+if ( $svcnum ) {
+ $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } )
+ or die "fatal: can't find broadband service (svcnum $svcnum)!";
+} else {
+ $old = '';
+}
+
+my $new = new FS::svc_broadband ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ } ( fields('svc_broadband'), qw( pkgnum svcpart ) )
+} );
+
+my $error;
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->svcnum;
+}
+</%init>
diff --git a/httemplate/edit/process/svc_domain.cgi b/httemplate/edit/process/svc_domain.cgi
index 773143fe3..9993a879e 100755
--- a/httemplate/edit/process/svc_domain.cgi
+++ b/httemplate/edit/process/svc_domain.cgi
@@ -1,32 +1,33 @@
-%
-%
-%#remove this to actually test the domains!
-%$FS::svc_domain::whois_hack = 1;
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $new = new FS::svc_domain ( {
-% map {
-% $_, scalar($cgi->param($_));
-% #} qw(svcnum pkgnum svcpart domain action purpose)
-% } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) )
-%} );
-%
-%my $error = '';
-%if ($cgi->param('svcnum')) {
-% $error="Can't modify a domain!";
-%} else {
-% $error=$new->insert;
-% $svcnum=$new->svcnum;
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+#remove this to actually test the domains!
+$FS::svc_domain::whois_hack = 1;
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+
+my $new = new FS::svc_domain ( {
+ map {
+ $_, scalar($cgi->param($_));
+ #} qw(svcnum pkgnum svcpart domain action purpose)
+ } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) )
+} );
+
+my $error = '';
+if ($cgi->param('svcnum')) {
+ $error="Can't modify a domain!";
+} else {
+ $error=$new->insert;
+ $svcnum=$new->svcnum;
+}
+</%init>
diff --git a/httemplate/edit/process/svc_external.cgi b/httemplate/edit/process/svc_external.cgi
index 97da6ba87..673e5a5a0 100755
--- a/httemplate/edit/process/svc_external.cgi
+++ b/httemplate/edit/process/svc_external.cgi
@@ -1,30 +1,31 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum =$1;
-%
-%my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum;
-%
-%my $new = new FS::svc_external ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% } ( fields('svc_external'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error = '';
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->getfield('svcnum');
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum =$1;
+
+my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum;
+
+my $new = new FS::svc_external ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ } ( fields('svc_external'), qw( pkgnum svcpart ) )
+} );
+
+my $error = '';
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->getfield('svcnum');
+}
+</%init>
diff --git a/httemplate/edit/process/svc_forward.cgi b/httemplate/edit/process/svc_forward.cgi
index 3205312f1..fffad84d6 100755
--- a/httemplate/edit/process/svc_forward.cgi
+++ b/httemplate/edit/process/svc_forward.cgi
@@ -1,30 +1,31 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum =$1;
-%
-%my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum;
-%
-%my $new = new FS::svc_forward ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% } ( fields('svc_forward'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error = '';
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->getfield('svcnum');
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum =$1;
+
+my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum;
+
+my $new = new FS::svc_forward ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ } ( fields('svc_forward'), qw( pkgnum svcpart ) )
+} );
+
+my $error = '';
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->getfield('svcnum');
+}
+</%init>
diff --git a/httemplate/edit/process/svc_phone.html b/httemplate/edit/process/svc_phone.html
index 44235de63..27a703cdf 100644
--- a/httemplate/edit/process/svc_phone.html
+++ b/httemplate/edit/process/svc_phone.html
@@ -2,3 +2,9 @@
'table' => 'svc_phone',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+</%init>
diff --git a/httemplate/edit/process/svc_www.cgi b/httemplate/edit/process/svc_www.cgi
index e9a52aff2..f02d25305 100644
--- a/httemplate/edit/process/svc_www.cgi
+++ b/httemplate/edit/process/svc_www.cgi
@@ -1,37 +1,38 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $old;
-%if ( $svcnum ) {
-% $old = qsearchs('svc_www', { 'svcnum' => $svcnum } )
-% or die "fatal: can't find website (svcnum $svcnum)!";
-%} else {
-% $old = '';
-%}
-%
-%my $new = new FS::svc_www ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% #} qw(svcnum pkgnum svcpart recnum usersvc)
-% } ( fields('svc_www'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error;
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->svcnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum );
+<% $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum ) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+
+my $old;
+if ( $svcnum ) {
+ $old = qsearchs('svc_www', { 'svcnum' => $svcnum } )
+ or die "fatal: can't find website (svcnum $svcnum)!";
+} else {
+ $old = '';
+}
+
+my $new = new FS::svc_www ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ #} qw(svcnum pkgnum svcpart recnum usersvc)
+ } ( fields('svc_www'), qw( pkgnum svcpart ) )
+} );
+
+my $error;
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->svcnum;
+}
+</%init>
diff --git a/httemplate/edit/quick-charge.html b/httemplate/edit/quick-charge.html
index 92e0ae753..e8df37103 100644
--- a/httemplate/edit/quick-charge.html
+++ b/httemplate/edit/quick-charge.html
@@ -163,6 +163,9 @@ function validate_quick_charge () {
</HTML>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
$cgi->param('custnum') =~ /^(\d+)$/ or die 'illegal custnum';
my $custnum = $1;
diff --git a/httemplate/edit/rate.cgi b/httemplate/edit/rate.cgi
index 269b3b09a..4c0abfe01 100644
--- a/httemplate/edit/rate.cgi
+++ b/httemplate/edit/rate.cgi
@@ -1,5 +1,4 @@
<% include("/elements/header.html","$action Rate plan", menubar(
- 'Main Menu' => $p,
'View all rate plans' => "${p}browse/rate.cgi",
))
%>
diff --git a/httemplate/edit/rate_region.cgi b/httemplate/edit/rate_region.cgi
index 47d1888e0..9dfcb3740 100644
--- a/httemplate/edit/rate_region.cgi
+++ b/httemplate/edit/rate_region.cgi
@@ -81,7 +81,7 @@
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
- <INPUT TYPE="text" SIZE=5 NAME="min_included<%$n%>" VALUE="<% $cgi->param("min_included$n") || $rate_detail->min_included %>">
+ <INPUT TYPE="text" SIZE=5 NAME="min_included<%$n%>" VALUE="<% $cgi->param("min_included$n") || $rate_detail->min_included |h %>">
</TD>
<TD CLASS="grid" BGCOLOR="<% $bgcolor %>">
diff --git a/httemplate/edit/reason.html b/httemplate/edit/reason.html
index 512013ace..620a2ea15 100644
--- a/httemplate/edit/reason.html
+++ b/httemplate/edit/reason.html
@@ -42,3 +42,9 @@
'viewall_url' => $p . "browse/reason.html?class=$class",
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
diff --git a/httemplate/edit/reason_type.html b/httemplate/edit/reason_type.html
index 056544e5d..ea5650ec3 100644
--- a/httemplate/edit/reason_type.html
+++ b/httemplate/edit/reason_type.html
@@ -1,9 +1,3 @@
-%
-%$cgi->param('class') =~ /^(\w)$/;
-%my $class = $1;
-%
-%my $classname = $FS::reason_type::class_name{$class};
-%
<% include( 'elements/edit.html',
'name' => $classname . ' Reason Type',
'table' => 'reason_type',
@@ -22,3 +16,14 @@
'new_hashref_callback' => sub {{ 'class' => $class }},
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('class') =~ /^(\w)$/;
+my $class = $1;
+
+my $classname = $FS::reason_type::class_name{$class};
+
+</%init>
diff --git a/httemplate/edit/reg_code.cgi b/httemplate/edit/reg_code.cgi
index 4ad39051a..e57ac09bf 100644
--- a/httemplate/edit/reg_code.cgi
+++ b/httemplate/edit/reg_code.cgi
@@ -1,16 +1,4 @@
-%
-%my $agentnum = $cgi->param('agentnum');
-%$agentnum =~ /^(\d+)$/ or errorpage("illegal agentnum $agentnum");
-%$agentnum = $1;
-%my $agent = qsearchs('agent', { 'agentnum' => $agentnum } );
-%
-%
-
-
-<% include("/elements/header.html",'Generate registration codes for '. $agent->agent, menubar(
- 'Main Menu' => $p,
- ))
-%>
+<% include('/elements/header.html', 'Generate registration codes for '. $agent->agent) %>
<% include('/elements/error.html') %>
@@ -39,5 +27,18 @@ registration codes for <B><% $agent->agent %></B> allowing the following package
<BR>
<INPUT TYPE="submit" NAME="submit" VALUE="Generate">
-</FORM></BODY></HTML>
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $agentnum = $cgi->param('agentnum');
+$agentnum =~ /^(\d+)$/ or errorpage("illegal agentnum $agentnum");
+$agentnum = $1;
+my $agent = qsearchs('agent', { 'agentnum' => $agentnum } );
+</%init>
diff --git a/httemplate/edit/router.cgi b/httemplate/edit/router.cgi
index 8b01035d5..c08e54449 100755
--- a/httemplate/edit/router.cgi
+++ b/httemplate/edit/router.cgi
@@ -1,27 +1,7 @@
-<HTML><BODY>
-%
-%
-%my $router;
-%if ( $cgi->keywords ) {
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/;
-% $router = qsearchs('router', { routernum => $1 })
-% or print $cgi->redirect(popurl(2)."browse/router.cgi") ;
-%} else {
-% $router = new FS::router ( {
-% map { $_, scalar($cgi->param($_)) } fields('router')
-% } );
-%}
-%
-%my $routernum = $router->routernum;
-%my $action = $routernum ? 'Edit' : 'Add';
-%
-%print header("$action Router", menubar(
-% 'Main Menu' => "$p",
-% 'View all routers' => "${p}browse/router.cgi",
-%));
-%
-%my $p3 = popurl(3);
+<% include('/elements/header.html', "$action Router", menubar(
+ 'View all routers' => "${p}browse/router.cgi",
+ ))
+%>
<% include('/elements/error.html') %>
@@ -70,5 +50,29 @@ Custom fields:
<BR><BR><INPUT TYPE="submit" VALUE="Apply changes">
</FORM>
-</BODY></HTML>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $router;
+if ( $cgi->keywords ) {
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/;
+ $router = qsearchs('router', { routernum => $1 })
+ or print $cgi->redirect(popurl(2)."browse/router.cgi") ;
+} else {
+ $router = new FS::router ( {
+ map { $_, scalar($cgi->param($_)) } fields('router')
+ } );
+}
+
+my $routernum = $router->routernum;
+my $action = $routernum ? 'Edit' : 'Add';
+
+my $p3 = popurl(3);
+
+</%init>
diff --git a/httemplate/edit/svc_Common.html b/httemplate/edit/svc_Common.html
index 6393f9ebc..6666d9720 100644
--- a/httemplate/edit/svc_Common.html
+++ b/httemplate/edit/svc_Common.html
@@ -1,5 +1,14 @@
+<% include('elements/svc_Common.html',
+ 'table' => $table,
+ 'post_url' => popurl(1). "process/svc_Common.html",
+ %opt,
+ )
+%>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
# false laziness w/view/svc_Common.html
$cgi->param('svcdb') =~ /^(svc_\w+)$/ or die "unparsable svcdb";
@@ -22,9 +31,3 @@ if ( UNIVERSAL::can("FS::$table", 'table_info') ) {
}
</%init>
-<% include('elements/svc_Common.html',
- 'table' => $table,
- 'post_url' => popurl(1). "process/svc_Common.html",
- %opt,
- )
-%>
diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi
index 5bf3f0dd1..58283ef54 100755
--- a/httemplate/edit/svc_acct.cgi
+++ b/httemplate/edit/svc_acct.cgi
@@ -1,132 +1,4 @@
-%
-%
-%my $conf = new FS::Conf;
-%my @shells = $conf->config('shells');
-%
-%my $curuser = $FS::CurrentUser::CurrentUser;
-%
-%my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_acct, @groups);
-%if ( $cgi->param('error') ) {
-%
-% $svc_acct = new FS::svc_acct ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_acct')
-% } );
-% $svcnum = $svc_acct->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $cgi->param('svcpart');
-% $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } );
-% die "No part_svc entry for svcpart $svcpart!" unless $part_svc;
-% @groups = $cgi->param('radius_usergroup');
-%
-%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
-%
-% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-% $pkgnum = $1;
-% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-% $svcpart = $1;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% $svc_acct = new FS::svc_acct({svcpart => $svcpart});
-%
-% $svcnum='';
-%
-%} else { #editing
-%
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "unparsable svcnum";
-% $svcnum=$1;
-% $svc_acct=qsearchs('svc_acct',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_acct) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-%
-% $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } );
-% die "No part_svc entry for svcpart $svcpart!" unless $part_svc;
-%
-% @groups = $svc_acct->radius_groups;
-%
-%}
-%
-%my( $cust_pkg, $cust_main ) = ( '', '' );
-%if ( $pkgnum ) {
-% $cust_pkg = qsearchs('cust_pkg', { 'pkgnum' => $pkgnum } );
-% $cust_main = $cust_pkg->cust_main;
-%}
-%
-%unless ( $svcnum || $cgi->param('error') ) { #adding
-%
-% #set gecos
-% if ($cust_main) {
-% unless ( $part_svc->part_svc_column('uid')->columnflag eq 'F' ) {
-% $svc_acct->setfield('finger',
-% $cust_main->getfield('first') . " " . $cust_main->getfield('last')
-% );
-% }
-% }
-%
-% $svc_acct->set_default_and_fixed( {
-% #false laziness w/svc-acct::_fieldhandlers
-% 'usergroup' => sub {
-% my( $self, $groups ) = @_;
-% if ( ref($groups) eq 'ARRAY' ) {
-% @groups = @$groups;
-% $groups;
-% } elsif ( length($groups) ) {
-% @groups = split(/\s*,\s*/, $groups);
-% [ @groups ];
-% } else {
-% @groups = ();
-% [];
-% }
-% }
-% } );
-%
-%}
-%
-%#fixed radius groups always override & display
-%if ( $part_svc->part_svc_column('usergroup')->columnflag eq 'F' ) {
-% @groups = split(',', $part_svc->part_svc_column('usergroup')->columnvalue);
-%}
-%
-%my $action = $svcnum ? 'Edit' : 'Add';
-%
-%my $svc = $part_svc->getfield('svc');
-%
-%my $otaker = getotaker;
-%
-%my $username = $svc_acct->username;
-%my $password;
-%if ( $svc_acct->_password ) {
-% if ( $conf->exists('showpasswords') || ! $svcnum ) {
-% $password = $svc_acct->_password;
-% } else {
-% $password = "*HIDDEN*";
-% }
-%} else {
-% $password = '';
-%}
-%
-%my $ulen =
-% $conf->exists('usernamemax')
-% ? $conf->config('usernamemax')
-% : dbdef->table('svc_acct')->column('username')->length;
-%my $ulen2 = $ulen+2;
-%
-%my $pmax = $conf->config('passwordmax') || 8;
-%my $pmax2 = $pmax+2;
-%
-%my $p1 = popurl(1);
-%
-%
-
-
-<% include("/elements/header.html","$action $svc account") %>
+<% include('/elements/header.html', "$action $svc account") %>
<% include('/elements/error.html') %>
@@ -445,4 +317,136 @@ Service # <% $svcnum ? "<B>$svcnum</B>" : " (NEW)" %><BR>
<INPUT TYPE="submit" VALUE="Submit">
-</FORM></BODY></HTML>
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+my $conf = new FS::Conf;
+my @shells = $conf->config('shells');
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_acct, @groups);
+if ( $cgi->param('error') ) {
+
+ $svc_acct = new FS::svc_acct ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_acct')
+ } );
+ $svcnum = $svc_acct->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $cgi->param('svcpart');
+ $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } );
+ die "No part_svc entry for svcpart $svcpart!" unless $part_svc;
+ @groups = $cgi->param('radius_usergroup');
+
+} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
+
+ $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+ $pkgnum = $1;
+ $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+ $svcpart = $1;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ $svc_acct = new FS::svc_acct({svcpart => $svcpart});
+
+ $svcnum='';
+
+} else { #editing
+
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "unparsable svcnum";
+ $svcnum=$1;
+ $svc_acct=qsearchs('svc_acct',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_acct) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+
+ $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } );
+ die "No part_svc entry for svcpart $svcpart!" unless $part_svc;
+
+ @groups = $svc_acct->radius_groups;
+
+}
+
+my( $cust_pkg, $cust_main ) = ( '', '' );
+if ( $pkgnum ) {
+ $cust_pkg = qsearchs('cust_pkg', { 'pkgnum' => $pkgnum } );
+ $cust_main = $cust_pkg->cust_main;
+}
+
+unless ( $svcnum || $cgi->param('error') ) { #adding
+
+ #set gecos
+ if ($cust_main) {
+ unless ( $part_svc->part_svc_column('uid')->columnflag eq 'F' ) {
+ $svc_acct->setfield('finger',
+ $cust_main->getfield('first') . " " . $cust_main->getfield('last')
+ );
+ }
+ }
+
+ $svc_acct->set_default_and_fixed( {
+ #false laziness w/svc-acct::_fieldhandlers
+ 'usergroup' => sub {
+ my( $self, $groups ) = @_;
+ if ( ref($groups) eq 'ARRAY' ) {
+ @groups = @$groups;
+ $groups;
+ } elsif ( length($groups) ) {
+ @groups = split(/\s*,\s*/, $groups);
+ [ @groups ];
+ } else {
+ @groups = ();
+ [];
+ }
+ }
+ } );
+
+}
+
+#fixed radius groups always override & display
+if ( $part_svc->part_svc_column('usergroup')->columnflag eq 'F' ) {
+ @groups = split(',', $part_svc->part_svc_column('usergroup')->columnvalue);
+}
+
+my $action = $svcnum ? 'Edit' : 'Add';
+
+my $svc = $part_svc->getfield('svc');
+
+my $otaker = getotaker;
+
+my $username = $svc_acct->username;
+my $password;
+if ( $svc_acct->_password ) {
+ if ( $conf->exists('showpasswords') || ! $svcnum ) {
+ $password = $svc_acct->_password;
+ } else {
+ $password = "*HIDDEN*";
+ }
+} else {
+ $password = '';
+}
+
+my $ulen =
+ $conf->exists('usernamemax')
+ ? $conf->config('usernamemax')
+ : dbdef->table('svc_acct')->column('username')->length;
+my $ulen2 = $ulen+2;
+
+my $pmax = $conf->config('passwordmax') || 8;
+my $pmax2 = $pmax+2;
+
+my $p1 = popurl(1);
+
+</%init>
diff --git a/httemplate/edit/svc_acct_pop.cgi b/httemplate/edit/svc_acct_pop.cgi
index 641aa0378..3c16a1f95 100755
--- a/httemplate/edit/svc_acct_pop.cgi
+++ b/httemplate/edit/svc_acct_pop.cgi
@@ -1,57 +1,50 @@
-<!-- mason kludge -->
-%
-%
-%my $svc_acct_pop;
-%if ( $cgi->param('error') ) {
-% $svc_acct_pop = new FS::svc_acct_pop ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_acct_pop')
-% } );
-%} elsif ( $cgi->keywords ) { #editing
-% my($query)=$cgi->keywords;
-% $query =~ /^(\d+)$/;
-% $svc_acct_pop=qsearchs('svc_acct_pop',{'popnum'=>$1});
-%} else { #adding
-% $svc_acct_pop = new FS::svc_acct_pop {};
-%}
-%my $action = $svc_acct_pop->popnum ? 'Edit' : 'Add';
-%my $hashref = $svc_acct_pop->hashref;
-%
-%my $p1 = popurl(1);
-%print header("$action Access Number", menubar(
-% 'Main Menu' => popurl(2),
-% 'View all Access Numbers' => popurl(2). "browse/svc_acct_pop.cgi",
-%));
-%
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-% "</FONT>"
-% if $cgi->param('error');
-%
-%print qq!<FORM ACTION="${p1}process/svc_acct_pop.cgi" METHOD=POST>!;
-%
-%#display
-%
-%print qq!<INPUT TYPE="hidden" NAME="popnum" VALUE="$hashref->{popnum}">!,
-% "POP #", $hashref->{popnum} ? $hashref->{popnum} : "(NEW)";
-%
-%print <<END;
-%<PRE>
-%City <INPUT TYPE="text" NAME="city" SIZE=32 VALUE="$hashref->{city}">
-%State <INPUT TYPE="text" NAME="state" SIZE=16 MAXLENGTH=16 VALUE="$hashref->{state}">
-%Area Code <INPUT TYPE="text" NAME="ac" SIZE=4 MAXLENGTH=3 VALUE="$hashref->{ac}">
-%Exchange <INPUT TYPE="text" NAME="exch" SIZE=4 MAXLENGTH=3 VALUE="$hashref->{exch}">
-%Local <INPUT TYPE="text" NAME="loc" SIZE=5 MAXLENGTH=4 VALUE="$hashref->{loc}">
-%</PRE>
-%END
-%
-%print qq!<BR><INPUT TYPE="submit" VALUE="!,
-% $hashref->{popnum} ? "Apply changes" : "Add Access Number",
-% qq!">!;
-%
-%print <<END;
-% </FORM>
-% </BODY>
-%</HTML>
-%END
-%
-%
+<% include('/elements/header.html', "$action Access Number", menubar(
+ 'View all Access Numbers' => popurl(2). "browse/svc_acct_pop.cgi",
+ ))
+%>
+<% include('/elements/error.html') %>
+
+<FORM ACTION="<%$p1%>process/svc_acct_pop.cgi" METHOD=POST>
+
+<INPUT TYPE="hidden" NAME="popnum" VALUE="<% $hashref->{popnum} %>">
+Access Number #<% $hashref->{popnum} ? $hashref->{popnum} : "(NEW)" %>
+
+<PRE>
+City <INPUT TYPE="text" NAME="city" SIZE=32 VALUE="<% $hashref->{city} %>">
+State <INPUT TYPE="text" NAME="state" SIZE=16 MAXLENGTH=16 VALUE="<% $hashref->{state} %>">
+Area Code <INPUT TYPE="text" NAME="ac" SIZE=4 MAXLENGTH=3 VALUE="<% $hashref->{ac} %>">
+Exchange <INPUT TYPE="text" NAME="exch" SIZE=4 MAXLENGTH=3 VALUE="<% $hashref->{exch} %>">
+Local <INPUT TYPE="text" NAME="loc" SIZE=5 MAXLENGTH=4 VALUE="<% $hashref->{loc} %>">
+</PRE>
+
+<BR>
+<INPUT TYPE="submit" VALUE="<% $hashref->{popnum} ? "Apply changes" : "Add Access Number" %>">
+
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $svc_acct_pop;
+if ( $cgi->param('error') ) {
+ $svc_acct_pop = new FS::svc_acct_pop ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_acct_pop')
+ } );
+} elsif ( $cgi->keywords ) { #editing
+ my($query)=$cgi->keywords;
+ $query =~ /^(\d+)$/;
+ $svc_acct_pop=qsearchs('svc_acct_pop',{'popnum'=>$1});
+} else { #adding
+ $svc_acct_pop = new FS::svc_acct_pop {};
+}
+my $action = $svc_acct_pop->popnum ? 'Edit' : 'Add';
+my $hashref = $svc_acct_pop->hashref;
+
+my $p1 = popurl(1);
+
+</%init>
diff --git a/httemplate/edit/svc_broadband.cgi b/httemplate/edit/svc_broadband.cgi
index a1580ce01..c2fb58dda 100644
--- a/httemplate/edit/svc_broadband.cgi
+++ b/httemplate/edit/svc_broadband.cgi
@@ -1,91 +1,4 @@
-%# If it's stupid but it works, it's still stupid.
-%# -Kristian
-%
-%use HTML::Widgets::SelectLayers;
-%use Tie::IxHash;
-%
-%my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_broadband );
-%if ( $cgi->param('error') ) {
-%
-% $svc_broadband = new FS::svc_broadband ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_broadband'), qw(svcpart)
-% } );
-% $svcnum = $svc_broadband->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $svc_broadband->svcpart;
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
-%
-% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-% $pkgnum = $1;
-% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-% $svcpart = $1;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% $svc_broadband = new FS::svc_broadband({ svcpart => $svcpart });
-%
-% $svcnum='';
-%
-% $svc_broadband->set_default_and_fixed;
-%
-%} else { #editing
-%
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "unparsable svcnum";
-% $svcnum=$1;
-% $svc_broadband=qsearchs('svc_broadband',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_broadband) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%}
-%my $action = $svc_broadband->svcnum ? 'Edit' : 'Add';
-%
-%if ($pkgnum) {
-%
-% #Nothing?
-%
-%} elsif ( $action eq 'Edit' ) {
-%
-% #Nothing?
-%
-%} else {
-% die "\$action eq Add, but \$pkgnum is null!\n";
-%}
-%
-%my $p1 = popurl(1);
-%
-%my ($ip_addr, $speed_up, $speed_down, $blocknum, $mac_addr,
-% $latitude, $longitude, $altitude, $vlan_profile, $auth_key,
-% $description) =
-% ($svc_broadband->ip_addr,
-% $svc_broadband->speed_up,
-% $svc_broadband->speed_down,
-% $svc_broadband->blocknum,
-% $svc_broadband->mac_addr,
-% $svc_broadband->latitude,
-% $svc_broadband->longitude,
-% $svc_broadband->altitude,
-% $svc_broadband->vlan_profile,
-% $svc_broadband->auth_key,
-% $svc_broadband->description,
-% );
-%
-%
-
-
-<% include("/elements/header.html","Broadband Service $action", '') %>
+<% include('/elements/header.html', "Broadband Service $action") %>
<% include('/elements/error.html') %>
@@ -246,6 +159,96 @@ Service #<B><%$svcnum ? $svcnum : "(NEW)"%></B><BR><BR>
<BR>
<INPUT TYPE="submit" NAME="submit" VALUE="Submit">
</FORM>
-</BODY>
-</HTML>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+# If it's stupid but it works, it's still stupid.
+# -Kristian
+
+use HTML::Widgets::SelectLayers;
+use Tie::IxHash;
+
+my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_broadband );
+if ( $cgi->param('error') ) {
+
+ $svc_broadband = new FS::svc_broadband ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_broadband'), qw(svcpart)
+ } );
+ $svcnum = $svc_broadband->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $svc_broadband->svcpart;
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
+
+ $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+ $pkgnum = $1;
+ $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+ $svcpart = $1;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ $svc_broadband = new FS::svc_broadband({ svcpart => $svcpart });
+
+ $svcnum='';
+
+ $svc_broadband->set_default_and_fixed;
+
+} else { #editing
+
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "unparsable svcnum";
+ $svcnum=$1;
+ $svc_broadband=qsearchs('svc_broadband',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_broadband) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+}
+my $action = $svc_broadband->svcnum ? 'Edit' : 'Add';
+
+if ($pkgnum) {
+
+ #Nothing?
+
+} elsif ( $action eq 'Edit' ) {
+
+ #Nothing?
+
+} else {
+ die "\$action eq Add, but \$pkgnum is null!\n";
+}
+
+my $p1 = popurl(1);
+
+my ($ip_addr, $speed_up, $speed_down, $blocknum, $mac_addr,
+ $latitude, $longitude, $altitude, $vlan_profile, $auth_key,
+ $description) =
+ ($svc_broadband->ip_addr,
+ $svc_broadband->speed_up,
+ $svc_broadband->speed_down,
+ $svc_broadband->blocknum,
+ $svc_broadband->mac_addr,
+ $svc_broadband->latitude,
+ $svc_broadband->longitude,
+ $svc_broadband->altitude,
+ $svc_broadband->vlan_profile,
+ $svc_broadband->auth_key,
+ $svc_broadband->description,
+ );
+
+</%init>
diff --git a/httemplate/edit/svc_domain.cgi b/httemplate/edit/svc_domain.cgi
index 60c67a005..56ba604bf 100755
--- a/httemplate/edit/svc_domain.cgi
+++ b/httemplate/edit/svc_domain.cgi
@@ -1,67 +1,3 @@
-%my($svcnum, $pkgnum, $svcpart, $kludge_action, $purpose, $part_svc,
-% $svc_domain);
-%if ( $cgi->param('error') ) {
-%
-% $svc_domain = new FS::svc_domain ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_domain')
-% } );
-% $svcnum = $svc_domain->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $cgi->param('svcpart');
-% $kludge_action = $cgi->param('action');
-% $purpose = $cgi->param('purpose');
-% $part_svc = qsearchs('part_svc', { 'svcpart' => $svcpart } );
-% die "No part_svc entry!" unless $part_svc;
-%
-%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
-%
-% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-% $pkgnum = $1;
-% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-% $svcpart = $1;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% $svc_domain = new FS::svc_domain({});
-%
-% $svcnum='';
-%
-% $svc_domain->set_default_and_fixed;
-%
-%} else { #editing
-%
-% $kludge_action = '';
-% $purpose = '';
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "unparsable svcnum";
-% $svcnum=$1;
-% $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_domain) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%}
-%my $action = $svcnum ? 'Edit' : 'Add';
-%
-%my $svc = $part_svc->getfield('svc');
-%
-%my $otaker = getotaker;
-%
-%my $domain = $svc_domain->domain;
-%
-%my $p1 = popurl(1);
-%
-%
-
-
<% include('/elements/header.html', "$action $svc", '') %>
<% include('/elements/error.html') %>
@@ -85,3 +21,71 @@
</FORM>
<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+my($svcnum, $pkgnum, $svcpart, $kludge_action, $purpose, $part_svc,
+ $svc_domain);
+if ( $cgi->param('error') ) {
+
+ $svc_domain = new FS::svc_domain ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_domain')
+ } );
+ $svcnum = $svc_domain->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $cgi->param('svcpart');
+ $kludge_action = $cgi->param('action');
+ $purpose = $cgi->param('purpose');
+ $part_svc = qsearchs('part_svc', { 'svcpart' => $svcpart } );
+ die "No part_svc entry!" unless $part_svc;
+
+} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
+
+ $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+ $pkgnum = $1;
+ $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+ $svcpart = $1;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ $svc_domain = new FS::svc_domain({});
+
+ $svcnum='';
+
+ $svc_domain->set_default_and_fixed;
+
+} else { #editing
+
+ $kludge_action = '';
+ $purpose = '';
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "unparsable svcnum";
+ $svcnum=$1;
+ $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_domain) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+}
+my $action = $svcnum ? 'Edit' : 'Add';
+
+my $svc = $part_svc->getfield('svc');
+
+my $otaker = getotaker;
+
+my $domain = $svc_domain->domain;
+
+my $p1 = popurl(1);
+
+</%init>
diff --git a/httemplate/edit/svc_external.cgi b/httemplate/edit/svc_external.cgi
index 393e71c38..0df842b21 100644
--- a/httemplate/edit/svc_external.cgi
+++ b/httemplate/edit/svc_external.cgi
@@ -1,99 +1,102 @@
-%my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_external );
-%if ( $cgi->param('error') ) {
-%
-% $svc_external = new FS::svc_external ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_external')
-% } );
-% $svcnum = $svc_external->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $cgi->param('svcpart');
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
-%
-% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-% $pkgnum = $1;
-% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-% $svcpart = $1;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% $svc_external = new FS::svc_external { svcpart => $svcpart };
-%
-% $svcnum='';
-%
-% $svc_external->set_default_and_fixed;
-%
-%} else { #adding
-%
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "unparsable svcnum";
-% $svcnum=$1;
-% $svc_external=qsearchs('svc_external',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_external) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%}
-%my $action = $svc_external->svcnum ? 'Edit' : 'Add';
-%
-%my $p1 = popurl(1);
-%print header("External service $action", '');
-%
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-% "</FONT>"
-% if $cgi->param('error');
-%
-%print qq!<FORM ACTION="${p1}process/svc_external.cgi" METHOD=POST>!;
-%
-%#display
-%
-%
-%#svcnum
-%print qq!<INPUT TYPE="hidden" NAME="svcnum" VALUE="$svcnum">!;
-%print qq!Service #<B>!, $svcnum ? $svcnum : "(NEW)", "</B><BR><BR>";
-%
-%#pkgnum
-%print qq!<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">!;
-%
-%#svcpart
-%print qq!<INPUT TYPE="hidden" NAME="svcpart" VALUE="$svcpart">!;
-%
-%my($id,$title)=(
-% $svc_external->id,
-% $svc_external->title,
-%);
-%
-%print &ntable("#cccccc",2),
-% '<TR><TD ALIGN="right">External ID</TD><TD>'.
-% qq!<INPUT TYPE="text" NAME="id" VALUE="$id">!.
-% '</TD></TR>'.
-% '<TR><TD ALIGN="right">Title</TD><TD>'.
-% qq!<INPUT TYPE="text" NAME="title" VALUE="$title">!.
-% '</TD></TR>';
-%
-%foreach my $field ($svc_external->virtual_fields) {
-% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) {
-% # If the flag is X, it won't even show up in $svc_acct->virtual_fields.
-% print $svc_external->pvf($field)->widget('HTML', 'edit',
-% $svc_external->getfield($field));
-% }
-%}
-%
-%
+<% include('/elements/header.html', "External service $action") %>
+
+<% include('/elements/error.html') %>
+
+<FORM ACTION="<%$p1%>process/svc_external.cgi" METHOD=POST>
+
+<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
+Service #<B><% $svcnum ? $svcnum : "(NEW)" %></B>
+<BR><BR>
+
+<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
+
+<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>">
+
+% my $id = $svc_external->id;
+% my $title = $svc_external->title;
+%
+<% &ntable("#cccccc",2) %>
+ <TR>
+ <TD ALIGN="right">External ID</TD>
+ <TD><INPUT TYPE="text" NAME="id" VALUE="<% $id %>"></TD>
+ </TR>
+ <TR>
+ <TD ALIGN="right">Title</TD>
+ <TD><INPUT TYPE="text" NAME="title" VALUE="<% $title %>"></TD>
+ </TR>
+
+% foreach my $field ($svc_external->virtual_fields) {
+% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) {
+% # If the flag is X, it won't even show up in $svc_acct->virtual_fields.
+ <% $svc_external->pvf($field)->widget( 'HTML',
+ 'edit',
+ $svc_external->getfield($field)
+ )
+ %>
+% }
+% }
+
+</TABLE>
+<BR>
+
+<INPUT TYPE="submit" VALUE="Submit">
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_external );
+if ( $cgi->param('error') ) {
+
+ $svc_external = new FS::svc_external ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_external')
+ } );
+ $svcnum = $svc_external->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $cgi->param('svcpart');
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
+
+ $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+ $pkgnum = $1;
+ $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+ $svcpart = $1;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ $svc_external = new FS::svc_external { svcpart => $svcpart };
+
+ $svcnum='';
+
+ $svc_external->set_default_and_fixed;
+
+} else { #adding
+
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "unparsable svcnum";
+ $svcnum=$1;
+ $svc_external=qsearchs('svc_external',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_external) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+}
+my $action = $svc_external->svcnum ? 'Edit' : 'Add';
-</TABLE><BR><INPUT TYPE="submit" VALUE="Submit">
- </FORM>
- </BODY>
-</HTML>
+my $p1 = popurl(1);
+</%init>
diff --git a/httemplate/edit/svc_forward.cgi b/httemplate/edit/svc_forward.cgi
index c9159b3e1..96a00a5aa 100755
--- a/httemplate/edit/svc_forward.cgi
+++ b/httemplate/edit/svc_forward.cgi
@@ -1,111 +1,4 @@
-<!-- mason kludge -->
-%
-%
-%my $conf = new FS::Conf;
-%
-%my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_forward);
-%if ( $cgi->param('error') ) {
-% $svc_forward = new FS::svc_forward ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_forward')
-% } );
-% $svcnum = $svc_forward->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $cgi->param('svcpart');
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
-%
-% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-% $pkgnum = $1;
-% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-% $svcpart = $1;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% $svc_forward = new FS::svc_forward({});
-%
-% $svcnum='';
-%
-% $svc_forward->set_default_and_fixed;
-%
-%} else { #editing
-%
-% my($query) = $cgi->keywords;
-%
-% $query =~ /^(\d+)$/ or die "unparsable svcnum";
-% $svcnum=$1;
-% $svc_forward=qsearchs('svc_forward',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_forward) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%}
-%my $action = $svc_forward->svcnum ? 'Edit' : 'Add';
-%
-%my %email;
-%
-%#starting with those currently attached
-%foreach my $method (qw( srcsvc_acct dstsvc_acct )) {
-% my $svc_acct = $svc_forward->$method();
-% $email{$svc_acct->svcnum} = $svc_acct->email if $svc_acct;
-%}
-%
-%if ($pkgnum) {
-%
-% #find all possible user svcnums (and emails)
-%
-% #and including the rest for this customer
-% my($u_part_svc,@u_acct_svcparts);
-% foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) {
-% push @u_acct_svcparts,$u_part_svc->getfield('svcpart');
-% }
-%
-% my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-% my($custnum)=$cust_pkg->getfield('custnum');
-% my($i_cust_pkg);
-% foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
-% my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
-% my($acct_svcpart);
-% foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
-% #record(s) in cust_svc ( for this
-% #pkgnum ! )
-% foreach my $i_cust_svc (
-% qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum,
-% 'svcpart' => $acct_svcpart } )
-% ) {
-% my $svc_acct =
-% qsearchs( 'svc_acct', { 'svcnum' => $i_cust_svc->svcnum } );
-% $email{$svc_acct->svcnum} = $svc_acct->email;
-% }
-% }
-% }
-%
-%} elsif ( $action eq 'Add' ) {
-% die "\$action eq Add, but \$pkgnum is null!\n";
-%}
-%
-%my($srcsvc,$dstsvc,$dst)=(
-% $svc_forward->srcsvc,
-% $svc_forward->dstsvc,
-% $svc_forward->dst,
-%);
-%my $src = $svc_forward->dbdef_table->column('src') ? $svc_forward->src : '';
-%
-%#display
-%
-%
-
-
-<% include("/elements/header.html","Mail Forward $action") %>
+<% include('/elements/header.html', "Mail Forward $action") %>
<% include('/elements/error.html') %>
@@ -172,5 +65,111 @@ function dstchanged(what) {
</TABLE>
<BR><INPUT TYPE="submit" VALUE="Submit">
</FORM>
- </BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+my $conf = new FS::Conf;
+
+my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_forward);
+if ( $cgi->param('error') ) {
+ $svc_forward = new FS::svc_forward ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_forward')
+ } );
+ $svcnum = $svc_forward->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $cgi->param('svcpart');
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
+
+ $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+ $pkgnum = $1;
+ $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+ $svcpart = $1;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ $svc_forward = new FS::svc_forward({});
+
+ $svcnum='';
+
+ $svc_forward->set_default_and_fixed;
+
+} else { #editing
+
+ my($query) = $cgi->keywords;
+
+ $query =~ /^(\d+)$/ or die "unparsable svcnum";
+ $svcnum=$1;
+ $svc_forward=qsearchs('svc_forward',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_forward) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+}
+my $action = $svc_forward->svcnum ? 'Edit' : 'Add';
+
+my %email;
+
+#starting with those currently attached
+foreach my $method (qw( srcsvc_acct dstsvc_acct )) {
+ my $svc_acct = $svc_forward->$method();
+ $email{$svc_acct->svcnum} = $svc_acct->email if $svc_acct;
+}
+
+if ($pkgnum) {
+
+ #find all possible user svcnums (and emails)
+
+ #and including the rest for this customer
+ my($u_part_svc,@u_acct_svcparts);
+ foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) {
+ push @u_acct_svcparts,$u_part_svc->getfield('svcpart');
+ }
+
+ my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+ my($custnum)=$cust_pkg->getfield('custnum');
+ my($i_cust_pkg);
+ foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
+ my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
+ my($acct_svcpart);
+ foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
+ #record(s) in cust_svc ( for this
+ #pkgnum ! )
+ foreach my $i_cust_svc (
+ qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum,
+ 'svcpart' => $acct_svcpart } )
+ ) {
+ my $svc_acct =
+ qsearchs( 'svc_acct', { 'svcnum' => $i_cust_svc->svcnum } );
+ $email{$svc_acct->svcnum} = $svc_acct->email;
+ }
+ }
+ }
+
+} elsif ( $action eq 'Add' ) {
+ die "\$action eq Add, but \$pkgnum is null!\n";
+}
+
+my($srcsvc,$dstsvc,$dst)=(
+ $svc_forward->srcsvc,
+ $svc_forward->dstsvc,
+ $svc_forward->dst,
+);
+my $src = $svc_forward->dbdef_table->column('src') ? $svc_forward->src : '';
+
+</%init>
diff --git a/httemplate/edit/svc_phone.cgi b/httemplate/edit/svc_phone.cgi
index ca62b6416..78b849c8d 100644
--- a/httemplate/edit/svc_phone.cgi
+++ b/httemplate/edit/svc_phone.cgi
@@ -9,3 +9,9 @@
},
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+</%init>
diff --git a/httemplate/edit/svc_www.cgi b/httemplate/edit/svc_www.cgi
index e19a4fa08..e64928694 100644
--- a/httemplate/edit/svc_www.cgi
+++ b/httemplate/edit/svc_www.cgi
@@ -1,227 +1,240 @@
-%my $conf = new FS::Conf;
-%
-%my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_www, $config );
-%
-%if ( $cgi->param('error') ) {
-%
-% $svc_www = new FS::svc_www ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_www')
-% } );
-% $svcnum = $svc_www->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $cgi->param('svcpart');
-% $config = $cgi->param('config');
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
-%
-% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-% $pkgnum = $1;
-% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-% $svcpart = $1;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% $svc_www = new FS::svc_www { svcpart => $svcpart };
-%
-% $svcnum='';
-%
-% $svc_www->set_default_and_fixed;
-%
-%} else { #editing
-%
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "unparsable svcnum";
-% $svcnum=$1;
-% $svc_www=qsearchs('svc_www',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_www) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-% $config=$cgi->escapeHTML($svc_www->config);
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-%}
-%my $action = $svc_www->svcnum ? 'Edit' : 'Add';
-%
-%my( %svc_acct, %arec );
-%if ($pkgnum) {
-%
-% my @u_acct_svcparts;
-% foreach my $svcpart (
-% map { $_->svcpart } qsearch( 'part_svc', { 'svcdb' => 'svc_acct' } )
-% ) {
-% next if $conf->exists('svc_www-usersvc_svcpart')
-% && ! grep { $svcpart == $_ }
-% $conf->config('svc_www-usersvc_svcpart');
-% push @u_acct_svcparts, $svcpart;
-% }
-%
-% my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-% my($custnum)=$cust_pkg->getfield('custnum');
-% my($i_cust_pkg);
-% foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
-% my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
-% my($acct_svcpart);
-% foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
-% #record(s) in cust_svc ( for this
-% #pkgnum ! )
-% my($i_cust_svc);
-% foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) {
-% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')});
-% $svc_acct{$svc_acct->getfield('svcnum')}=
-% $svc_acct->cust_svc->part_svc->svc. ': '. $svc_acct->email;
-% }
-% }
-% }
-%
-%
-% my($d_part_svc,@d_acct_svcparts);
-% foreach $d_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_domain'}) ) {
-% push @d_acct_svcparts,$d_part_svc->getfield('svcpart');
-% }
-%
-% foreach $i_cust_pkg ( qsearch( 'cust_pkg', { 'custnum' => $custnum } ) ) {
-% my $cust_pkgnum = $i_cust_pkg->pkgnum;
-%
-% foreach my $acct_svcpart (@d_acct_svcparts) {
-%
-% foreach my $i_cust_svc (
-% qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum,
-% 'svcpart' => $acct_svcpart } )
-% ) {
-% my $svc_domain =
-% qsearchs( 'svc_domain', { 'svcnum' => $i_cust_svc->svcnum } );
-%
-% my $extra_sql = "AND ( rectype = 'A' OR rectype = 'CNAME' )";
-% unless ( $conf->exists('svc_www-enable_subdomains') ) {
-% $extra_sql .= " AND ( reczone = '\@' OR reczone = '".
-% $svc_domain->domain. ".' )";
-% }
-%
-% foreach my $domain_rec (
-% qsearch( 'domain_record',
-% {
-% 'svcnum' => $svc_domain->svcnum,
-% },
-% '',
-% $extra_sql,
-% )
-% ) {
-% $arec{$domain_rec->recnum} = $domain_rec->zone;
-% }
-%
-% if ( $conf->exists('svc_www-enable_subdomains') ) {
-% $arec{'www.'. $svc_domain->domain} = 'www.'. $svc_domain->domain
-% unless qsearchs( 'domain_record', {
-% svcnum => $svc_domain->svcnum,
-% reczone => 'www',
-% } )
-% || qsearchs( 'domain_record', {
-% svcnum => $svc_domain->svcnum,
-% reczone => 'www.'.$svc_domain->domain.'.',
-% } );
-% }
-%
-% $arec{'@.'. $svc_domain->domain} = $svc_domain->domain
-% unless qsearchs('domain_record', {
-% svcnum => $svc_domain->svcnum,
-% reczone => '@',
-% } )
-% || qsearchs('domain_record', {
-% svcnum => $svc_domain->svcnum,
-% reczone => $svc_domain->domain.'.',
-% } );
-%
-% }
-%
-% }
-% }
-%
-%} elsif ( $action eq 'Edit' ) {
-%
-% my($domain_rec) = qsearchs('domain_record', { 'recnum'=>$svc_www->recnum });
-% $arec{$svc_www->recnum} = join '.', $domain_rec->recdata, $domain_rec->reczone;
-%
-%} else {
-% die "\$action eq Add, but \$pkgnum is null!\n";
-%}
-%
-%
-%my $p1 = popurl(1);
-
-<% include("/elements/header.html", "Web Hosting $action", '') %>
-
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-% "</FONT>"
-% if $cgi->param('error');
-%
-%print qq!<FORM ACTION="${p1}process/svc_www.cgi" METHOD=POST>!;
-%
-%#display
-%
-%
-%
-%#svcnum
-%print qq!<INPUT TYPE="hidden" NAME="svcnum" VALUE="$svcnum">!;
-%print qq!Service #<B>!, $svcnum ? $svcnum : "(NEW)", "</B><BR><BR>";
-%
-%#pkgnum
-%print qq!<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">!;
-%
-%#svcpart
-%print qq!<INPUT TYPE="hidden" NAME="svcpart" VALUE="$svcpart">!;
-%
-%my($recnum,$usersvc)=(
-% $svc_www->recnum,
-% $svc_www->usersvc,
-%);
-%
-%print &ntable("#cccccc",2),
-% '<TR><TD ALIGN="right">Zone</TD><TD><SELECT NAME="recnum" SIZE=1>';
-%foreach $_ (keys %arec) {
-% print "<OPTION", $_ eq $recnum ? " SELECTED" : "",
-% qq! VALUE="$_">$arec{$_}!;
-%}
-%print "</SELECT></TD></TR>";
-%
-%if ( $part_svc->part_svc_column('usersvc')->columnflag ne 'F'
+<% include('/elements/header.html', "Web Hosting $action") %>
+
+<% include('/elements.error.html') %>
+
+<FORM ACTION="<%$p1%>process/svc_www.cgi" METHOD=POST>
+
+<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
+Service #<B><% $svcnum ? $svcnum : "(NEW)" %></B>
+<BR><BR>
+
+<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
+
+<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>">
+
+% my $recnum = $svc_www->recnum;
+% my $usersvc = $svc_www->usersvc;
+
+<% &ntable("#cccccc",2) %>
+
+ <TR>
+ <TD ALIGN="right">Zone</TD>
+ <TD>
+ <SELECT NAME="recnum" SIZE=1>
+% foreach $_ (keys %arec) {
+ <OPTION<% $_ eq $recnum ? " SELECTED" : "" %> VALUE="<%$_%>"><%$arec{$_}%>
+% }
+ </SELECT>
+ </TD>
+ </TR>
+
+% if ( $part_svc->part_svc_column('usersvc')->columnflag ne 'F'
% || $part_svc->part_svc_column('usersvc')->columnvalue !~ /^\s*$/) {
-% print '<TR><TD ALIGN="right">Username</TD><TD><SELECT NAME="usersvc" SIZE=1>';
-% print '<OPTION VALUE="">(none)';
-% foreach $_ (keys %svc_acct) {
-% print "<OPTION", ($_ eq $usersvc) ? " SELECTED" : "",
-% qq! VALUE="$_">$svc_acct{$_}!;
-% }
-% print "</SELECT></TD></TR>";
-%}
-%
-%if ( $part_svc->part_svc_column('config')->columnflag ne 'F' &&
-% $FS::CurrentUser::CurrentUser->access_right('Edit www config') ) {
-% print '<TR><TD ALIGN="right">Config lines</TD><TD>';
-% print qq!<TEXTAREA NAME="config" rows="15" cols="80">$config</TEXTAREA></TD></TR>!
-%}else{
-% print qq!<INPUT TYPE="hidden" NAME="config" VALUE="$config">!;
-%}
-%
-%foreach my $field ($svc_www->virtual_fields) {
-% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) {
-% # If the flag is X, it won't even show up in $svc_acct->virtual_fields.
-% print $svc_www->pvf($field)->widget('HTML', 'edit',
-% $svc_www->getfield($field));
-% }
+ <TR>
+ <TD ALIGN="right">Username</TD>
+ <TD>
+ <SELECT NAME="usersvc" SIZE=1>
+ <OPTION VALUE="">(none)
+% foreach $_ (keys %svc_acct) {
+ <OPTION<% ($_ eq $usersvc) ? " SELECTED" : "" %> VALUE="<%$_%>"><% $svc_acct{$_} %>
+% }
+ <SELECT>
+ </TD>
+ </TR>
+% }
+
+% if ( $part_svc->part_svc_column('config')->columnflag ne 'F' &&
+% $FS::CurrentUser::CurrentUser->access_right('Edit www config') ) {
+ <TR>
+ <TD ALIGN="right">Config lines</TD>
+ <TD>
+ <TEXTAREA NAME="config" rows="15" cols="80"><% $config |h %></TEXTAREA>
+ </TD>
+ </TR>
+% } else {
+ <INPUT TYPE="hidden" NAME="config" VALUE="<% $config |h %>">
%}
-%
-%print '</TABLE><BR><INPUT TYPE="submit" VALUE="Submit">';
-%
+
+% foreach my $field ($svc_www->virtual_fields) {
+% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) {
+% # If the flag is X, it won't even show up in $svc_acct->virtual_fields.
+ <% $svc_www->pvf($field)->widget( 'HTML', 'edit',
+ $svc_www->getfield($field)
+ )
+ %>
+% }
+% }
+
+</TABLE>
+<BR>
+
+<INPUT TYPE="submit" VALUE="Submit">
</FORM>
<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+my $conf = new FS::Conf;
+
+my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_www, $config );
+
+if ( $cgi->param('error') ) {
+
+ $svc_www = new FS::svc_www ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_www')
+ } );
+ $svcnum = $svc_www->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $cgi->param('svcpart');
+ $config = $cgi->param('config');
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding
+
+ $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+ $pkgnum = $1;
+ $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+ $svcpart = $1;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ $svc_www = new FS::svc_www { svcpart => $svcpart };
+
+ $svcnum='';
+
+ $svc_www->set_default_and_fixed;
+
+} else { #editing
+
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "unparsable svcnum";
+ $svcnum=$1;
+ $svc_www=qsearchs('svc_www',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_www) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+ #$config=$cgi->escapeHTML($svc_www->config);
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+}
+my $action = $svc_www->svcnum ? 'Edit' : 'Add';
+
+my( %svc_acct, %arec );
+if ($pkgnum) {
+
+ my @u_acct_svcparts;
+ foreach my $svcpart (
+ map { $_->svcpart } qsearch( 'part_svc', { 'svcdb' => 'svc_acct' } )
+ ) {
+ next if $conf->exists('svc_www-usersvc_svcpart')
+ && ! grep { $svcpart == $_ }
+ $conf->config('svc_www-usersvc_svcpart');
+ push @u_acct_svcparts, $svcpart;
+ }
+
+ my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+ my($custnum)=$cust_pkg->getfield('custnum');
+ my($i_cust_pkg);
+ foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
+ my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
+ my($acct_svcpart);
+ foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
+ #record(s) in cust_svc ( for this
+ #pkgnum ! )
+ my($i_cust_svc);
+ foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) {
+ my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')});
+ $svc_acct{$svc_acct->getfield('svcnum')}=
+ $svc_acct->cust_svc->part_svc->svc. ': '. $svc_acct->email;
+ }
+ }
+ }
+
+
+ my($d_part_svc,@d_acct_svcparts);
+ foreach $d_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_domain'}) ) {
+ push @d_acct_svcparts,$d_part_svc->getfield('svcpart');
+ }
+
+ foreach $i_cust_pkg ( qsearch( 'cust_pkg', { 'custnum' => $custnum } ) ) {
+ my $cust_pkgnum = $i_cust_pkg->pkgnum;
+
+ foreach my $acct_svcpart (@d_acct_svcparts) {
+
+ foreach my $i_cust_svc (
+ qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum,
+ 'svcpart' => $acct_svcpart } )
+ ) {
+ my $svc_domain =
+ qsearchs( 'svc_domain', { 'svcnum' => $i_cust_svc->svcnum } );
+
+ my $extra_sql = "AND ( rectype = 'A' OR rectype = 'CNAME' )";
+ unless ( $conf->exists('svc_www-enable_subdomains') ) {
+ $extra_sql .= " AND ( reczone = '\@' OR reczone = '".
+ $svc_domain->domain. ".' )";
+ }
+
+ foreach my $domain_rec (
+ qsearch( 'domain_record',
+ {
+ 'svcnum' => $svc_domain->svcnum,
+ },
+ '',
+ $extra_sql,
+ )
+ ) {
+ $arec{$domain_rec->recnum} = $domain_rec->zone;
+ }
+
+ if ( $conf->exists('svc_www-enable_subdomains') ) {
+ $arec{'www.'. $svc_domain->domain} = 'www.'. $svc_domain->domain
+ unless qsearchs( 'domain_record', {
+ svcnum => $svc_domain->svcnum,
+ reczone => 'www',
+ } )
+ || qsearchs( 'domain_record', {
+ svcnum => $svc_domain->svcnum,
+ reczone => 'www.'.$svc_domain->domain.'.',
+ } );
+ }
+
+ $arec{'@.'. $svc_domain->domain} = $svc_domain->domain
+ unless qsearchs('domain_record', {
+ svcnum => $svc_domain->svcnum,
+ reczone => '@',
+ } )
+ || qsearchs('domain_record', {
+ svcnum => $svc_domain->svcnum,
+ reczone => $svc_domain->domain.'.',
+ } );
+
+ }
+
+ }
+ }
+
+} elsif ( $action eq 'Edit' ) {
+
+ my($domain_rec) = qsearchs('domain_record', { 'recnum'=>$svc_www->recnum });
+ $arec{$svc_www->recnum} = join '.', $domain_rec->recdata, $domain_rec->reczone;
+
+} else {
+ die "\$action eq Add, but \$pkgnum is null!\n";
+}
+
+my $p1 = popurl(1);
+
+</%init>