Add Browse attachments ACL (RT#4964)

3 files changed, 5 insertions, 3 deletions

diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm
index 8e771a9c0..ec0cce53b 100644
--- a/FS/FS/AccessRight.pm
+++ b/FS/FS/AccessRight.pm
@@ -220,7 +220,8 @@ tie my %rights, 'Tie::IxHash',
   'Customer note and attachment rights' => [
     'Add customer note', #NEW
     'Edit customer note', #NEW
-    'View attachments',
+    'View attachments', #NEW
+    'Browse attachments', #NEW
     'Download attachment', #NEW
     'Add attachment', #NEW
     'Edit attachment', #NEW
diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index d95f2b18c..e19259d05 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -62,7 +62,8 @@
 <%init>
 
 my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" if !$curuser->access-right('View attachments');
+die "access denied" if !$curuser->access_right('View attachments')
+                    or !$curuser->access_right('Browse attachments');
 
 my $conf = new FS::Conf;
 
diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html
index ce0278f13..167559d0b 100644
--- a/httemplate/elements/menu.html
+++ b/httemplate/elements/menu.html
@@ -323,7 +323,7 @@ $tools_menu{'Ticketing'} = [ \%tools_ticketing, 'Ticketing tools' ]
 $tools_menu{'Time Queue'} =  [ $fsurl.'search/report_timeworked.html', 'View pending support time' ]
   if $curuser->access_right('Time queue');
 $tools_menu{'Attachments'} = [ $fsurl.'browse/cust_attachment.html', 'View customer attachments' ]
-  if !$conf->config('disable_cust_attachment') and $curuser->access_right('View attachments');
+  if !$conf->config('disable_cust_attachment') and $curuser->access_right('View attachments') and $curuser->access_right('Browse attachments');
 $tools_menu{'Importing'} =  [ \%tools_importing, 'Import tools' ]
   if $curuser->access_right('Import');
 $tools_menu{'Exporting'} =  [ \%tools_exporting, 'Export tools' ]