don't show 'Bill now' link unless the current user can...

1 files changed, 15 insertions, 13 deletions

diff --git a/httemplate/view/cust_main/billing.html b/httemplate/view/cust_main/billing.html
index 8562f9374..f1ceb52c2 100644
--- a/httemplate/view/cust_main/billing.html
+++ b/httemplate/view/cust_main/billing.html
@@ -1,23 +1,17 @@
-%
-%  my( $cust_main ) = @_;
-%  my @invoicing_list = $cust_main->invoicing_list;
-%  my $conf = new FS::Conf;
-%  my $money_char = $conf->config('money_char') || '$';
-%
-
-
 Billing information
-%  # If we can't see the unencrypted card, then bill now is an exercise in frustration 
-%if ( ! $cust_main->is_encrypted($cust_main->payinfo) ) { 
+%# If we can't see the unencrypted card, then bill now is an exercise in
+%# frustration (without some sort of job queue magic to send it to a secure
+%# machine, anyway)
+%if (  $FS::CurrentUser::CurrentUser->access_right('Bill customer now')
+%      && ! $cust_main->is_encrypted($cust_main->payinfo)
+%   ) { 
   (<A HREF="<% $p %>misc/bill.cgi?<% $cust_main->custnum %>">Bill now</A>)
 % } 
 
 <% ntable("#cccccc") %><TR><TD><% ntable("#cccccc",2) %>
-%
+
 %( my $balance = $cust_main->balance )
 %  =~ s/^(\-?)(.*)$/<FONT SIZE=+1>$1<\/FONT>$money_char$2/;
-%
-
 
 <TR>
   <TD ALIGN="right">Balance due</TD>
@@ -205,3 +199,11 @@ my $paystate_label = FS::Msgcat::_gettext('paystate');
 $paystate_label = 'Bank state' if $paystate_label =~/^paystate$/;
 
 </%once>
+<%init>
+
+my( $cust_main ) = @_;
+my @invoicing_list = $cust_main->invoicing_list;
+my $conf = new FS::Conf;
+my $money_char = $conf->config('money_char') || '$';
+
+</%init>