summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorivan <ivan>2008-01-13 20:46:44 +0000
committerivan <ivan>2008-01-13 20:46:44 +0000
commitf9938915b0df2609f41c24d761d607595d5d0a34 (patch)
treeaa3fa94b86cc5422bd3530b0762033eb448bcdfe
parentd8c81a25cb29cf0ca5d7cdeb8160f79d4fbb0bc6 (diff)
ACLs
Diffstat
-rwxr-xr-xhttemplate/view/cust_bill.cgi1
-rw-r--r--httemplate/view/cust_main/payment_history.html45
-rw-r--r--httemplate/view/elements/svc_Common.html3
-rwxr-xr-xhttemplate/view/svc_acct.cgi62
-rw-r--r--httemplate/view/svc_broadband.cgi6
-rwxr-xr-xhttemplate/view/svc_domain.cgi81
-rw-r--r--httemplate/view/svc_external.cgi4
-rwxr-xr-xhttemplate/view/svc_forward.cgi6
-rw-r--r--httemplate/view/svc_www.cgi3
9 files changed, 116 insertions, 95 deletions
diff --git a/httemplate/view/cust_bill.cgi b/httemplate/view/cust_bill.cgi
index c5373ff19..951725531 100755
--- a/httemplate/view/cust_bill.cgi
+++ b/httemplate/view/cust_bill.cgi
@@ -1,5 +1,4 @@
<% include("/elements/header.html",'Invoice View', menubar(
- "Main Menu" => $p,
"View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum",
)) %>
diff --git a/httemplate/view/cust_main/payment_history.html b/httemplate/view/cust_main/payment_history.html
index 5af34c09c..19332f35d 100644
--- a/httemplate/view/cust_main/payment_history.html
+++ b/httemplate/view/cust_main/payment_history.html
@@ -126,10 +126,12 @@
% #completely unapplied
% $pre = '<B><FONT COLOR="#FF0000">Unapplied ';
% $post = '</FONT></B>';
-% $apply = qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_bill_pay.cgi?!.
-% $cust_pay->paynum.
-% qq!', 392, 336, 'cust_bill_pay_popup' ), CAPTION, 'Apply payment', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!;
-%
+% if ( $curuser->access_right('Apply payment') # ) {
+% || $curuser->access_right('Post payment') ) { #remove after 1.7.3
+% $apply = qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_bill_pay.cgi?!.
+% $cust_pay->paynum.
+% qq!', 392, 336, 'cust_bill_pay_popup' ), CAPTION, 'Apply payment', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!;
+% }
% } elsif ( scalar(@cust_bill_pay) == 1
% && scalar(@cust_pay_refund) == 0
% && $cust_pay->unapplied == 0 ) {
@@ -163,11 +165,14 @@
% if ( $cust_pay->unapplied > 0 ) {
% $desc .= '&nbsp;&nbsp;'.
% '<B><FONT COLOR="#FF0000">$'.
-% $cust_pay->unapplied. ' unapplied</FONT></B>'.
-% qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_bill_pay.cgi?!.
-% $cust_pay->paynum.
-% qq!', 392, 336, 'cust_bill_pay_popup' ), CAPTION, 'Apply payment', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!.
-% '<BR>';
+% $cust_pay->unapplied. ' unapplied</FONT></B>';
+% if ( $curuser->access_right('Apply payment') # ) {
+% || $curuser->access_right('Post payment') ) { #remove after 1.7.3
+% $desc .= qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_bill_pay.cgi?!.
+% $cust_pay->paynum.
+% qq!', 392, 336, 'cust_bill_pay_popup' ), CAPTION, 'Apply payment', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!;
+% }
+% $desc .= '<BR>';
% }
% }
%
@@ -301,9 +306,12 @@
% #completely unapplied
% $pre = '<B><FONT COLOR="#FF0000">Unapplied ';
% $post = '</FONT></B>';
-% $apply = qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_credit_bill.cgi?!.
-% $cust_credit->crednum.
-% qq!', 392, 336, 'cust_credit_bill_popup' ), CAPTION, 'Apply credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!;
+% if ( $curuser->access_right('Apply credit') # ) {
+% || $curuser->access_right('Post credit') ) { #remove after 1.7.3
+% $apply = qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_credit_bill.cgi?!.
+% $cust_credit->crednum.
+% qq!', 392, 336, 'cust_credit_bill_popup' ), CAPTION, 'Apply credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!;
+% }
% } elsif ( scalar(@cust_credit_bill) == 1
% && scalar(@cust_credit_refund) == 0
% && $cust_credit->credited == 0 ) {
@@ -336,11 +344,14 @@
% }
% if ( $cust_credit->credited > 0 ) {
% $desc .= '&nbsp;&nbsp;<B><FONT COLOR="#FF0000">$'.
-% $cust_credit->credited. ' unapplied</FONT></B>'.
-% qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_credit_bill.cgi?!.
-% $cust_credit->crednum.
-% qq!', 392, 336, 'cust_credit_bill_popup' ), CAPTION, 'Apply credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!.
-% '<BR>';
+% $cust_credit->credited. ' unapplied</FONT></B>';
+% if ( $curuser->access_right('Apply credit') # ) {
+% || $curuser->access_right('Post credit') ) { #remove after 1.7.3
+% $desc .= qq! (<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('${p}edit/cust_credit_bill.cgi?!.
+% $cust_credit->crednum.
+% qq!', 392, 336, 'cust_credit_bill_popup' ), CAPTION, 'Apply credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK ); return false;">apply</A>)!;
+% }
+% $desc .= '<BR>';
% }
% }
%#
diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html
index f5b65ac49..0500248b1 100644
--- a/httemplate/view/elements/svc_Common.html
+++ b/httemplate/view/elements/svc_Common.html
@@ -90,8 +90,7 @@ Service #<B><% $svcnum %></B>
<%init>
die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
- || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+ unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
my(%opt) = @_;
diff --git a/httemplate/view/svc_acct.cgi b/httemplate/view/svc_acct.cgi
index d764afee6..e6d2b690f 100755
--- a/httemplate/view/svc_acct.cgi
+++ b/httemplate/view/svc_acct.cgi
@@ -90,38 +90,42 @@
</TD></TR></TABLE><BR>
% }
-
-<SCRIPT TYPE="text/javascript">
-function enable_change () {
- if ( document.OneTrueForm.svcpart.selectedIndex > 1 ) {
- document.OneTrueForm.submit.disabled = false;
- } else {
- document.OneTrueForm.submit.disabled = true;
- }
-}
-</SCRIPT>
-<FORM NAME="OneTrueForm" ACTION="<%$p%>edit/process/cust_svc.cgi">
-<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
-<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
-% #print qq!<BR><A HREF="../misc/sendconfig.cgi?$svcnum">Send account information</A>!;
+% my @part_svc = ();
+% if ($FS::CurrentUser::CurrentUser->access_right('Change customer service')) {
+
+ <SCRIPT TYPE="text/javascript">
+ function enable_change () {
+ if ( document.OneTrueForm.svcpart.selectedIndex > 1 ) {
+ document.OneTrueForm.submit.disabled = false;
+ } else {
+ document.OneTrueForm.submit.disabled = true;
+ }
+ }
+ </SCRIPT>
+
+ <FORM NAME="OneTrueForm" ACTION="<%$p%>edit/process/cust_svc.cgi">
+ <INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>">
+ <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
+
+% #print qq!<BR><A HREF="../misc/sendconfig.cgi?$svcnum">Send account information</A>!;
%
-% my @part_svc = ();
-% if ( $pkgnum ) {
-% @part_svc = grep { $_->svcdb eq 'svc_acct'
-% && $_->svcpart != $part_svc->svcpart }
-% $cust_pkg->available_part_svc;
-% } else {
-% @part_svc = qsearch('part_svc', {
-% svcdb => 'svc_acct',
-% disabled => '',
-% svcpart => { op=>'!=', value=>$part_svc->svcpart },
-% } );
-% }
+% if ( $pkgnum ) {
+% @part_svc = grep { $_->svcdb eq 'svc_acct'
+% && $_->svcpart != $part_svc->svcpart }
+% $cust_pkg->available_part_svc;
+% } else {
+% @part_svc = qsearch('part_svc', {
+% svcdb => 'svc_acct',
+% disabled => '',
+% svcpart => { op=>'!=', value=>$part_svc->svcpart },
+% } );
+% }
%
-
+% }
Service #<B><% $svcnum %></B>
| <A HREF="<%$p%>edit/svc_acct.cgi?<%$svcnum%>">Edit this service</A>
+
% if ( @part_svc ) {
| <SELECT NAME="svcpart" onChange="enable_change()">
@@ -134,6 +138,7 @@ Service #<B><% $svcnum %></B>
</SELECT>
<INPUT NAME="submit" TYPE="submit" VALUE="Change" disabled>
+
% }
@@ -330,8 +335,7 @@ Service #<B><% $svcnum %></B>
<%init>
die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
- || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+ unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
my $conf = new FS::Conf;
diff --git a/httemplate/view/svc_broadband.cgi b/httemplate/view/svc_broadband.cgi
index a76e5a3d1..e614fe418 100644
--- a/httemplate/view/svc_broadband.cgi
+++ b/httemplate/view/svc_broadband.cgi
@@ -4,8 +4,7 @@
)
: ( "Cancel this (unaudited) website" =>
"${p}misc/cancel-unaudited.cgi?$svcnum" )
- ),
- "Main menu" => $p,
+ )
))
%>
@@ -144,8 +143,7 @@ Add router named
<%init>
die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
- || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+ unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
my($query) = $cgi->keywords;
$query =~ /^(\d+)$/;
diff --git a/httemplate/view/svc_domain.cgi b/httemplate/view/svc_domain.cgi
index 8653c4f42..a58d75ed6 100755
--- a/httemplate/view/svc_domain.cgi
+++ b/httemplate/view/svc_domain.cgi
@@ -4,14 +4,19 @@
)
: ( "Delete this (unaudited) domain" =>
"javascript:areyousure('${p}misc/cancel-unaudited.cgi?$svcnum', 'Delete $domain and all records?' )" )
- ),
- "Main menu" => $p,
+ )
)) %>
Service #<% $svcnum %>
<BR>Service: <B><% $part_svc->svc %></B>
<BR>Domain name: <B><% $domain %></B>
-<BR>Catch all email <A HREF="<% ${p} %>misc/catchall.cgi?<% $svcnum %>">(change)</A>:
+<BR>Catch all email
+% if ( $FS::CurrentUser::CurrentUser->access_right('Edit domain catchall') ) {
+ <BR>Catch all email<A HREF="<% ${p} %>misc/catchall.cgi?<% $svcnum %>">(change)</A>:
+} else {
+ <BR>Catch all email:
+% }
+
<% $email ? "<B>$email</B>" : "<I>(none)<I>" %>
<BR><BR><A HREF="<% ${p} %>misc/whois.cgi?custnum=<%$custnum%>;svcnum=<%$svcnum%>;domain=<%$domain%>">View whois information.</A>
<BR><BR>
@@ -50,7 +55,9 @@ Service #<% $svcnum %>
<td CLASS="grid" BGCOLOR="<% $bgcolor %>"><% $type %></td>
<td CLASS="grid" BGCOLOR="<% $bgcolor %>"><% $domain_record->recdata %>
-% unless ( $domain_record->rectype eq 'SOA' ) {
+% unless ( $domain_record->rectype eq 'SOA'
+% || ! $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice')
+% ) {
% ( my $recdata = $domain_record->recdata ) =~ s/"/\\'\\'/g;
(<A HREF="javascript:areyousure('<%$p%>misc/delete-domain_record.cgi?<%$domain_record->recnum%>', 'Delete \'<% $domain_record->reczone %> <% $type %> <% $recdata %>\' ?' )">delete</A>)
% }
@@ -69,42 +76,50 @@ Service #<% $svcnum %>
</table>
% }
+% if ( $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice') ) {
+ <BR>
+ <FORM METHOD="POST" ACTION="<%$p%>edit/process/domain_record.cgi">
+ <INPUT TYPE="hidden" NAME="svcnum" VALUE="<%$svcnum%>">
+ <INPUT TYPE="text" NAME="reczone">
+ <INPUT TYPE="hidden" NAME="recaf" VALUE="IN"> IN
+ <SELECT NAME="rectype">
+% foreach (qw( A NS CNAME MX PTR TXT) ) {
+ <OPTION VALUE="<%$_%>"><%$_%></OPTION>
+% }
+ </SELECT>
+ <INPUT TYPE="text" NAME="recdata">
+ <INPUT TYPE="submit" VALUE="Add record">
+ </FORM>
+
+ <BR><BR>
+ or
+ <BR><BR>
+
+ <FORM NAME="SlaveForm" METHOD="POST" ACTION="<%$p%>edit/process/domain_record.cgi">
+ <INPUT TYPE="hidden" NAME="svcnum" VALUE="<%$svcnum%>">
+% if ( @records ) {
+ Delete all records and
+% }
+ Slave from nameserver IP
+ <INPUT TYPE="hidden" NAME="svcnum" VALUE="<%$svcnum%>">
+ <INPUT TYPE="hidden" NAME="reczone" VALUE="@">
+ <INPUT TYPE="hidden" NAME="recaf" VALUE="IN">
+ <INPUT TYPE="hidden" NAME="rectype" VALUE="_mstr">
+ <INPUT TYPE="text" NAME="recdata">
+ <INPUT TYPE="submit" VALUE="Slave domain" onClick="return slave_areyousure()">
+ </FORM>
+
+% }
-<BR>
-<FORM METHOD="POST" ACTION="<%$p%>edit/process/domain_record.cgi">
-<INPUT TYPE="hidden" NAME="svcnum" VALUE="<%$svcnum%>">
-<INPUT TYPE="text" NAME="reczone">
-<INPUT TYPE="hidden" NAME="recaf" VALUE="IN"> IN
- <SELECT NAME="rectype">
-% foreach (qw( A NS CNAME MX PTR TXT) ) {
-
- <OPTION VALUE="<%$_%>"><%$_%></OPTION>
-% }
-
- </SELECT>
-<INPUT TYPE="text" NAME="recdata"> <INPUT TYPE="submit" VALUE="Add record">
-</FORM><BR><BR>or<BR><BR>
-<FORM NAME="SlaveForm" METHOD="POST" ACTION="<%$p%>edit/process/domain_record.cgi">
-<INPUT TYPE="hidden" NAME="svcnum" VALUE="<%$svcnum%>">
-% if ( @records ) {
- Delete all records and
-% }
+<BR><BR>
-Slave from nameserver IP
-<INPUT TYPE="hidden" NAME="svcnum" VALUE="<%$svcnum%>">
-<INPUT TYPE="hidden" NAME="reczone" VALUE="@">
-<INPUT TYPE="hidden" NAME="recaf" VALUE="IN">
-<INPUT TYPE="hidden" NAME="rectype" VALUE="_mstr">
-<INPUT TYPE="text" NAME="recdata"> <INPUT TYPE="submit" VALUE="Slave domain" onClick="return slave_areyousure()">
-</FORM>
-<BR><BR><% joblisting({'svcnum'=>$svcnum}, 1) %>
+<% joblisting({'svcnum'=>$svcnum}, 1) %>
<% include('/elements/footer.html') %>
<%init>
die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
- || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+ unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
my($query) = $cgi->keywords;
$query =~ /^(\d+)$/;
diff --git a/httemplate/view/svc_external.cgi b/httemplate/view/svc_external.cgi
index b87166a17..553d2362a 100644
--- a/httemplate/view/svc_external.cgi
+++ b/httemplate/view/svc_external.cgi
@@ -5,7 +5,6 @@
: ( "Cancel this (unaudited) external service" =>
"${p}misc/cancel-unaudited.cgi?$svcnum" )
),
- "Main menu" => $p,
)) %>
<A HREF="<%$p%>edit/svc_external.cgi?<%$svcnum%>">Edit this information</A><BR>
@@ -30,8 +29,7 @@
<%init>
die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
- || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+ unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
my($query) = $cgi->keywords;
$query =~ /^(\d+)$/;
diff --git a/httemplate/view/svc_forward.cgi b/httemplate/view/svc_forward.cgi
index 487ebb220..745147761 100755
--- a/httemplate/view/svc_forward.cgi
+++ b/httemplate/view/svc_forward.cgi
@@ -1,6 +1,5 @@
% die "access denied"
-% unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
-% || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+% unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
%
%my $conf = new FS::Conf;
%
@@ -38,8 +37,7 @@
% )
% : ( "Cancel this (unaudited) mail forward" =>
% "${p}misc/cancel-unaudited.cgi?$svcnum" )
-% ),
-% "Main menu" => $p,
+% )
%));
%
%my($srcsvc,$dstsvc,$dst) = (
diff --git a/httemplate/view/svc_www.cgi b/httemplate/view/svc_www.cgi
index 37f186465..d6d458ca5 100644
--- a/httemplate/view/svc_www.cgi
+++ b/httemplate/view/svc_www.cgi
@@ -1,6 +1,5 @@
% die "access denied"
-% unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
-% || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+% unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
%
%my($query) = $cgi->keywords;
%$query =~ /^(\d+)$/;
generated by cgit v1.2.1 (git 2.18.0) at 2024-09-29 10:18:18 +0000