separate edit and delete rights for customer notes, RT#76001

5 files changed, 14 insertions, 10 deletions

diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm
index 42db7e0..09d4987 100644
--- a/FS/FS/AccessRight.pm
+++ b/FS/FS/AccessRight.pm
@@ -258,6 +258,7 @@ tie my %rights, 'Tie::IxHash',
   'Customer note and attachment rights' => [
     'Add customer note', #NEW
     'Edit customer note', #NEW
+    'Delete customer note', #NEWEST
     'View attachments', #NEW
     'Browse attachments', #NEW
     'Download attachment', #NEW
diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm
index f7b1686..b39e52b 100644
--- a/FS/FS/access_right.pm
+++ b/FS/FS/access_right.pm
@@ -260,6 +260,7 @@ sub _upgrade_data { # class method
                                      ],
     'Resend invoices' => 'Print and mail invoices',
     'List customers' => 'Customers: Customer churn report',
+    'Edit customer note' => 'Delete customer note',
   );
 
 #  foreach my $old_acl ( keys %onetime ) {
diff --git a/httemplate/misc/delete-note.html b/httemplate/misc/delete-note.html
index 436326f..e6d2127 100644
--- a/httemplate/misc/delete-note.html
+++ b/httemplate/misc/delete-note.html
@@ -1,6 +1,6 @@
 <%init>
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Edit customer note');
+  unless $FS::CurrentUser::CurrentUser->access_right('Delete customer note');
 
 my ($notenum) = $cgi->keywords;
 $notenum =~ /^\d+$/ or die "bad notenum '$notenum'";
@@ -8,4 +8,4 @@ my $note = FS::cust_main_note->by_key($notenum)
   or die "notenum '$notenum' not found";
 $note->delete;
 </%init>
-<% $cgi->redirect($p.'view/cust_main.cgi?'.$note->custnum) %>
+<% $cgi->redirect($p.'view/cust_main.cgi?custnum='.$note->custnum. ';show=notes') %>
diff --git a/httemplate/view/cust_main/menu.html b/httemplate/view/cust_main/menu.html
index 9e910f8..dcba1fb 100644
--- a/httemplate/view/cust_main/menu.html
+++ b/httemplate/view/cust_main/menu.html
@@ -206,7 +206,7 @@ my @menu = (
       confexists  => '!cust_main-disable_notes',
       acl         => 'Add customer note',
       width       => 875,
-      height      => 538,
+      height      => 548,
     },
     {
       label       => 'Attach file',
diff --git a/httemplate/view/cust_main/notes/notes.html b/httemplate/view/cust_main/notes/notes.html
index f998ba4..c643003 100644
--- a/httemplate/view/cust_main/notes/notes.html
+++ b/httemplate/view/cust_main/notes/notes.html
@@ -69,19 +69,21 @@ function display_notes_classnum (classnum) {
 %                                             "?custnum=$custnum".
 %                                             ";notenum=$notenum",
 %                            'actionlabel' => emt('Edit customer note'),
-%                            'width'       => 616,
-%                            'height'      => 575,
+%                            'width'       => 875,
+%                            'height'      => 548,
 %                            'frame'       => 'top',
 %                        );
 %   my $clickjs = qq!onclick="$onclick"!;
 %
 %   my $edit = '';
-%   if ($curuser->access_right('Edit customer note') ) {
+%   if ( $curuser->access_right('Edit customer note') ) {
+%     $edit = qq! <A HREF="javascript:void(0);" $clickjs>(!.emt('edit').')</A>';
+%   }
+%   if ( $curuser->access_right('Delete customer note') ) {
 %     my $delete_url = $fsurl.'misc/delete-note.html?'.$notenum;
-%     $edit = qq! <A HREF="javascript:void(0);" $clickjs>(!.emt('edit').')</A>'.
-%             qq! <A HREF="$delete_url" !.
-%             qq! onclick="return confirm('Delete this note?')">!.
-%             '('.emt('delete').')</A>';
+%     $edit .= qq! <A HREF="$delete_url" !.
+%              qq! onclick="return confirm('Delete this note?')">!.
+%              '('.emt('delete').')</A>';
 %   }
 %
     <TR CLASS="grid custnote<% $note->sticky ? ' stickynote' : '' %>"