diff options
| author | ivan <ivan> | 2006-06-19 11:25:14 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2006-06-19 11:25:14 +0000 |
| commit | 41a6a1b1811e337be2fca47504ff9687b6b46cf8 (patch) | |
| tree | 2b9708c1e681a39f3c75b6fd0fa90672ef7353bd | |
| parent | 6b12c14cc10503d6b0783e8ef71fe44d9a9b37b6 (diff) | |
ACLs, take three or four or something
| -rw-r--r-- | FS/FS/AccessRight.pm | 42 | ||||
| -rw-r--r-- | FS/FS/access_user.pm | 23 | ||||
| -rw-r--r-- | FS/FS/cust_main.pm | 18 | ||||
| -rw-r--r-- | httemplate/elements/menu.html | 99 | ||||
| -rwxr-xr-x | httemplate/view/cust_main.cgi | 55 | ||||
| -rwxr-xr-x | httemplate/view/cust_main/packages.html | 91 | ||||
| -rw-r--r-- | httemplate/view/cust_main/payment_history.html | 78 |
7 files changed, 296 insertions, 110 deletions
diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm index 5229e1e65..f04779a07 100644 --- a/FS/FS/AccessRight.pm +++ b/FS/FS/AccessRight.pm @@ -84,10 +84,13 @@ assigned to users and/or groups. #'View Customer | View tickets', 'Edit customer', 'Cancel customer', - 'Delete customer', + 'Complimentary customer', #aka users-allow_comp + 'Delete customer', #aka. deletecustomers #Enable customer deletions. Be very careful! Deleting a customer will remove all traces that this customer ever existed! It should probably only be used when auditing a legacy database. Normally, you cancel all of a customers' packages if they cancel service. 'Order customer package', + 'One-time charge', 'Change customer package', + 'Bulk change customer packages', 'Edit customer package dates', 'Customize customer package', 'Suspend customer package', @@ -95,14 +98,43 @@ assigned to users and/or groups. 'Cancel customer package immediately', 'Cancel customer package later', - 'Provision service', - 'Unprovision service', - #legacy link stuff + 'Provision customer service', + 'Unprovision customer service', + + 'View/link unlinked services', #not agent-virtualizable without more work + + 'View invoices', 'Post payment', + 'Post payment batch', + 'Unapply payment', #aka. unapplypayments Enable "unapplication" of unclosed payments. 'Process payment', + 'Refund payment', + + 'Delete payment', #aka. deletepayments - Enable deletion of unclosed payments. Be very careful! Only delete payments that were data-entry errors, not adjustments. Optionally specify one or more comma-separated email addresses to be notified when a payment is deleted. + 'Post credit', - #more financial stuff + #'Apply credit', + 'Unapply credit', #aka unapplycredits Enable "unapplication" of unclosed credits. + 'Delete credit', #aka. deletecredits Enable deletion of unclosed credits. Be very careful! Only delete credits that were data-entry errors, not adjustments. Optionally specify one or more comma-separated email addresses to be notified when a credit is deleted. + + 'Credit card void', #aka. cc-void #Enable local-only voiding of echeck payments in addition to refunds against the payment gateway + 'Echeck void', #aka. echeck-void #Enable local-only voiding of echeck payments in addition to refunds against the payment gateway + 'Unvoid', #aka. unvoid #Enable unvoiding of voided payments + + 'List customers', + #'List zip codes', + 'List invoices', + 'List packages', + 'List services', + + 'Financial reports', + + 'Job queue', # these are not currently agent-virtualized + 'Import', # + 'Export', # + + 'Configuration', #none of the configuraiton is agent-virtualized either ); diff --git a/FS/FS/access_user.pm b/FS/FS/access_user.pm index c95d02984..e3bf2cb9f 100644 --- a/FS/FS/access_user.pm +++ b/FS/FS/access_user.pm @@ -192,6 +192,29 @@ sub agentnums_sql { ' )'; } +=item access_right + +Given a right name, returns true if this user has this right (currently via +group membership, eventually also via user overrides). + +=cut + +sub access_right { + my( $self, $rightname ) = @_; + my $sth = dbh->prepare(" + SELECT groupnum FROM access_usergroup + LEFT JOIN access_group USING ( groupnum ) + LEFT JOIN access_right + ON ( access_group.groupnum = access_right.rightobjnum ) + WHERE usernum = ? + AND righttype = 'FS::access_group' + AND rightname = ? + ") or die dbh->errstr; + $sth->execute($self->usernum, $rightname) or die $sth->errstr; + my $row = $sth->fetchrow_arrayref; + $row ? $row->[0] : ''; +} + =back =head1 BUGS diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm index 8956d5b26..511762e63 100644 --- a/FS/FS/cust_main.pm +++ b/FS/FS/cust_main.pm @@ -944,10 +944,13 @@ sub replace { $old = qsearchs( 'cust_main', { 'custnum' => $self->custnum } ); } - if ( $self->payby eq 'COMP' && $self->payby ne $old->payby - && $conf->config('users-allow_comp') ) { - return "You are not permitted to create complimentary accounts." - unless grep { $_ eq getotaker } $conf->config('users-allow_comp'); + my $curuser = $FS::CurrentUser::CurrentUser; + if ( $self->payby eq 'COMP' + && $self->payby ne $old->payby + && ! $curuser->access_right('Complimentary customer') + ) + { + return "You are not permitted to create complimentary accounts."; } local($ignore_expired_card) = 1 @@ -1302,9 +1305,12 @@ sub check { } elsif ( $self->payby eq 'COMP' ) { - if ( !$self->custnum && $conf->config('users-allow_comp') ) { + my $curuser = $FS::CurrentUser::CurrentUser; + if ( ! $self->custnum + && ! $curuser->access_right('Complimentary customer') + ) + { return "You are not permitted to create complimentary accounts." - unless grep { $_ eq getotaker } $conf->config('users-allow_comp'); } $error = $self->ut_textn('payinfo'); diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html index 8da197f34..05db0f659 100644 --- a/httemplate/elements/menu.html +++ b/httemplate/elements/menu.html @@ -3,6 +3,8 @@ my $conf = new FS::Conf; my $fsurl = $opt{'freeside_baseurl'}; + my $curuser = $FS::CurrentUser::CurrentUser; + #Active tickets not assigned to a customer tie my %report_customers_lists, 'Tie::IxHash', @@ -40,23 +42,27 @@ tie my %report_services_acct, 'Tie::IxHash', 'All accounts by username' => [ $fsurl.'search/svc_acct.cgi?username', '' ], 'All accounts by UID' => [ $fsurl.'search/svc_acct.cgi?uid', '' ], - 'Unlinked accounts' => [ $fsurl.'search/svc_acct.cgi?UN_uid', 'Pre-Freeside accounts without a customer record' ], ; + $report_services_acct{'Unlinked accounts'} = [ $fsurl.'search/svc_acct.cgi?UN_uid', 'Pre-Freeside accounts without a customer record' ] + if $curuser->access_right('View/link unlinked services'); tie my %report_services_domain, 'Tie::IxHash', 'All domains' => [ $fsurl.'search/svc_domain.cgi?domain', '' ], - 'Unlinked domains' => [ $fsurl.'search/svc_domain.cgi?UN_domain', 'Pre-Freeside domains without a customer record' ], ; + $report_services_domain{'Unlinked domains'} = [ $fsurl.'search/svc_domain.cgi?UN_domain', 'Pre-Freeside domains without a customer record' ] + if $curuser->access_right('View/link unlinked services'); tie my %report_services_forward, 'Tie::IxHash', 'All mail forwards' => [ $fsurl.'search/svc_forward.cgi?svcnum', '' ], - 'Unlinked mail forwards' => [ $fsurl.'search/svc_forward.cgi?UN_svcnum', 'Pre-Freeside mail forwards without a customer record' ], ; + $report_services_forward{'Unlinked mail forwards'} = [ $fsurl.'search/svc_forward.cgi?UN_svcnum', 'Pre-Freeside mail forwards without a customer record' ] + if $curuser->access_right('View/link unlinked services'); tie my %report_services_www, 'Tie::IxHash', 'All virtual hosts' => [ $fsurl.'search/svc_www.cgi?svcnum', '' ], - 'Unlinked virtual hosts' => [ $fsurl.'search/svc_www.cgi?UN_svcnum', 'Pre-Freeside virtual hosts without a customer record' ], ; + $report_services_www{'Unlinked virtual hosts'} = [ $fsurl.'search/svc_www.cgi?UN_svcnum', 'Pre-Freeside virtual hosts without a customer record' ] + if $curuser->access_right('View/link unlinked services'); tie my %report_services_broadband, 'Tie::IxHash', 'All broadband services' => [ $fsurl.'search/svc_broadband.cgi?svcnum', '' ], @@ -65,28 +71,31 @@ tie my %report_services_external, 'Tie::IxHash', 'All external services' => [ $fsurl.'search/svc_external.cgi?id', '' ], - 'Unlinked external services' => [ $fsurl.'search/svc_external.cgi?UN_id', 'Pre-Freeside domains without a customer record' ], - ; - - tie my %report_services, 'Tie::IxHash', - 'Service definitions' => [ $fsurl.'browse/part_svc.cgi?orderby=active', 'Service definitions by number of active packages' ], - 'separator' => '', - 'Accounts' => [ \%report_services_acct, 'Access accounts and mailboxes' ], - 'Domains' => [ \%report_services_domain, 'Domains', ], - 'Mail forwards' => [ \%report_services_forward, 'Mail forwards', ], - 'Virtual hosts' => [ \%report_services_www, 'Virtual hosting', ], - 'Broadband services' => [ \%report_services_broadband, 'Fixed (username-less) broadband services', ], - 'External services' => [ \%report_services_external, 'External services', ], ; + $report_services_external{'Unlinked external services'} = [ $fsurl.'search/svc_external.cgi?UN_id', 'Pre-Freeside domains without a customer record' ] + if $curuser->access_right('View/link unlinked services'); - tie my %report_packages, 'Tie::IxHash', - 'Package definitions' => [ $fsurl.'browse/part_pkg.cgi?active=1', 'Package definitions by number of active packages' ], - 'separator' => '', - 'All customer packages' => [ $fsurl.'search/cust_pkg.cgi?pkgnum', 'List all customer packages', ], - 'Suspended customer packages' => [ $fsurl.'search/cust_pkg.cgi?magic=suspended', 'List suspended packages' ], - 'Customer packages with unconfigured services' => [ $fsurl.'search/cust_pkg.cgi?APKG_pkgnum', 'List packages which have provisionable services' ], - 'Advanced package reports' => [ $fsurl.'search/report_cust_pkg.html', 'by agent, date range, status, package definition' ], - ; + tie my %report_services, 'Tie::IxHash'; + if ( $curuser->access_right('Configuration') ) { + $report_services{'Service definitions'} = [ $fsurl.'browse/part_svc.cgi?orderby=active', 'Service definitions by number of active packages' ]; + $report_services{'separator'} = ''; + } + $report_services{'Accounts'} = [ \%report_services_acct, 'Access accounts and mailboxes' ]; + $report_services{'Domains'} = [ \%report_services_domain, 'Domains', ]; + $report_services{'Mail forwards'} = [ \%report_services_forward, 'Mail forwards', ]; + $report_services{'Virtual hosts'} = [ \%report_services_www, 'Virtual hosting', ]; + $report_services{'Broadband services'} = [ \%report_services_broadband, 'Fixed (username-less) broadband services', ]; + $report_services{'External services'} = [ \%report_services_external, 'External services', ]; + + tie my %report_packages, 'Tie::IxHash'; + if ( $curuser->access_right('Configuration') ) { + $report_packages{'Package definitions'} = [ $fsurl.'browse/part_pkg.cgi?active=1', 'Package definitions by number of active packages' ]; + $report_packages{'separator'} = ''; + } + $report_packages{'All customer packages'} = [ $fsurl.'search/cust_pkg.cgi?pkgnum', 'List all customer packages', ]; + $report_packages{'Suspended customer packages'} = [ $fsurl.'search/cust_pkg.cgi?magic=suspended', 'List suspended packages' ]; + $report_packages{'Customer packages with unconfigured services'} = [ $fsurl.'search/cust_pkg.cgi?APKG_pkgnum', 'List packages which have provisionable services' ]; + $report_packages{'Advanced package reports'} = [ $fsurl.'search/report_cust_pkg.html', 'by agent, date range, status, package definition' ]; tie my %report_financial, 'Tie::IxHash', 'Sales, Credits and Receipts' => [ $fsurl.'graph/report_money_time.html', 'Sales, credits and receipts summary graph' ], @@ -98,13 +107,17 @@ 'Sales Tax Liability' => [ $fsurl.'search/report_tax.html', 'Sales tax liability report' ], ; - tie my %report_menu, 'Tie::IxHash', - 'Customers' => [ \%report_customers, 'Customer reports' ], - 'Invoices' => [ \%report_invoices, 'Invoice reports' ], - 'Packages' => [ \%report_packages, 'Package reports' ], - 'Services' => [ \%report_services, 'Services reports' ], - 'Financial' => [ \%report_financial, 'Financial reports' ], - ; + tie my %report_menu, 'Tie::IxHash'; + $report_menu{'Customers'} = [ \%report_customers, 'Customer reports' ] + if $curuser->access_right('List customers'); + $report_menu{'Invoices'} = [ \%report_invoices, 'Invoice reports' ] + if $curuser->access_right('List invoices'); + $report_menu{'Packages'} = [ \%report_packages, 'Package reports' ] + if $curuser->access_right('List packages'); + $report_menu{'Services'} = [ \%report_services, 'Services reports' ] + if $curuser->access_right('List services'); + $report_menu{'Financial'} = [ \%report_financial, 'Financial reports' ] + if $curuser->access_right('Financial reports'); tie my %tools_importing, 'Tie::IxHash', 'Import customers from CSV file' => [ $fsurl.'misc/cust_main-import.cgi', '' ], @@ -120,12 +133,15 @@ # <!-- or <A HREF="browse/nas-sqlradius.cgi">RADIUS</A> # <BR> --> - tie my %tools_menu, 'Tie::IxHash', - 'Quick payment entry' => [ $fsurl.'misc/batch-cust_pay.html', 'Enter multiple payments in a batch' ], - 'Job Queue' => [ $fsurl.'search/queue.html', 'View pending job queue' ], - 'Importing' => [ \%tools_importing, 'Import tools' ], - 'Exporting' => [ \%tools_exporting, 'Export tools' ], - ; + tie my %tools_menu, 'Tie::IxHash', (); + $tools_menu{'Quick payment entry'} = [ $fsurl.'misc/batch-cust_pay.html', 'Enter multiple payments in a batch' ] + if $curuser->access_right('Post payment batch'); + $tools_menu{'Job Queue'} = [ $fsurl.'search/queue.html', 'View pending job queue' ] + if $curuser->access_right('Job queue'); + $tools_menu{'Importing'} = [ \%tools_importing, 'Import tools' ] + if $curuser->access_right('Import'); + $tools_menu{'Exporting'} = [ \%tools_exporting, 'Export tools' ] + if $curuser->access_right('Export'); tie my %config_employees, 'Tie::IxHash', 'View/Edit employees' => [ $fsurl.'browse/access_user.html', 'Setup internal users' ], @@ -191,10 +207,13 @@ ), 'Ticketing start page', ], - 'Reports' => [ \%report_menu, 'Lists, reporting and graphing' ], - 'Tools' => [ \%tools_menu, 'Tools' ], - 'Configuration' => [ \%config_menu, 'Configuraiton and setup' ], ; + $menu{'Reports'} = [ \%report_menu, 'Lists, reporting and graphing' ] + if keys %report_menu; + $menu{'Tools'} = [ \%tools_menu, 'Tools' ] + if keys %tools_menu; + $menu{'Configuration'} = [ \%config_menu, 'Configuraiton and setup' ] + if $curuser->access_right('Configuration'); use vars qw($gmenunum); $gmenunum = 0; diff --git a/httemplate/view/cust_main.cgi b/httemplate/view/cust_main.cgi index 58f2925d5..e7b3319c7 100755 --- a/httemplate/view/cust_main.cgi +++ b/httemplate/view/cust_main.cgi @@ -1,4 +1,3 @@ -<!-- mason kludge --> <% my $conf = new FS::Conf; @@ -12,13 +11,17 @@ foreach my $part_svc ( qsearch('part_svc',{}) ) { %> + <%= include("/elements/header.html","Customer View", include("/elements/menubar.html", 'Main Menu' => $p, )) %> + <% +my $curuser = $FS::CurrentUser::CurrentUser; + die "No customer specified (bad URL)!" unless $cgi->keywords; my($query) = $cgi->keywords; # needs parens with my, ->keywords returns array $query =~ /^(\d+)$/; @@ -26,10 +29,14 @@ my $custnum = $1; my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum}); die "Customer not found!" unless $cust_main; -print qq!<A HREF="${p}edit/cust_main.cgi?$custnum">Edit this customer</A>!; - %> + +<% if ( $curuser->access_right('Edit customer') ) { %> + <A HREF="<%= $p %>edit/cust_main.cgi?<%= $custnum %>">Edit this customer</A> | +<% } %> + + <SCRIPT TYPE="text/javascript" SRC="../elements/overlibmws.js"></SCRIPT> <SCRIPT TYPE="text/javascript" SRC="../elements/overlibmws_iframe.js"></SCRIPT> <SCRIPT TYPE="text/javascript" SRC="../elements/overlibmws_draggable.js"></SCRIPT> @@ -60,37 +67,36 @@ var confirm_cancel = '<FORM METHOD="POST" ACTION="<%= $p %>misc/cust_main-cancel </SCRIPT> -<% if ( $cust_main->ncancelled_pkgs ) { %> +<% if ( $curuser->access_right('Cancel customer') + && $cust_main->ncancelled_pkgs + ) { +%> + <A HREF="javascript:void(0);" onClick="overlib(confirm_cancel, CAPTION, 'Confirm cancellation', STICKY, AUTOSTATUSCAP, CLOSETEXT, '', MIDX, 0, MIDY, 0, DRAGGABLE, WIDTH, 576, HEIGHT, 128, TEXTSIZE, 3, BGCOLOR, '#ff0000', CGCOLOR, '#ff0000' ); return false; ">Cancel this customer</A> | +<% } %> - | <A HREF="javascript:void(0);" onClick="overlib(confirm_cancel, CAPTION, 'Confirm cancellation', STICKY, AUTOSTATUSCAP, CLOSETEXT, '', MIDX, 0, MIDY, 0, DRAGGABLE, WIDTH, 576, HEIGHT, 128, TEXTSIZE, 3, BGCOLOR, '#ff0000', CGCOLOR, '#ff0000' ); return false; ">Cancel this customer</A> +<% if ( $conf->exists('deletecustomers') + && $curuser->access_right('Delete customer') + ) { +%> + <A HREF="<%= $p %>misc/delete-customer.cgi?<%= $custnum%>">Delete this customer</A> | <% } %> -<% -print qq! | <A HREF="${p}misc/delete-customer.cgi?$custnum">!. - 'Delete this customer</A>' - if $conf->exists('deletecustomers'); +<% unless ( $conf->exists('disable_customer_referrals') ) { %> + <A HREF="<%= popurl(2) %>edit/cust_main.cgi?referral_custnum=<%= $custnum %>">Refer a new customer</A> | + <A HREF="<%= popurl(2) %>search/cust_main.cgi?referral_custnum=<%= $custnum %>">View this customer's referrals</A> +<% } %> -unless ( $conf->exists('disable_customer_referrals') ) { - print qq! | <A HREF="!, popurl(2), - qq!edit/cust_main.cgi?referral_custnum=$custnum">!, - qq!Refer a new customer</A>!; - print qq! | <A HREF="!, popurl(2), - qq!search/cust_main.cgi?referral_custnum=$custnum">!, - qq!View this customer's referrals</A>!; -} - -print '<BR><BR>'; +<BR><BR> +<% my $signupurl = $conf->config('signupurl'); if ( $signupurl ) { -print "This customer's signup URL: ". - "<a href=\"$signupurl?ref=$custnum\">$signupurl?ref=$custnum</a><BR><BR>"; -} - %> + This customer's signup URL: <A HREF="<%= $signupurl %>?ref=<%= $custnum %>"><%= $signupurl %>?ref=<%= $custnum %></A><BR><BR> +<% } %> <A NAME="cust_main"></A> <TABLE BORDER=0> @@ -135,5 +141,4 @@ Comments <%= include('cust_main/payment_history.html', $cust_main ) %> <% } %> -</BODY></HTML> - +<%= include('/elements/footer.html') %> diff --git a/httemplate/view/cust_main/packages.html b/httemplate/view/cust_main/packages.html index 32e0ee1fc..8312a8663 100755 --- a/httemplate/view/cust_main/packages.html +++ b/httemplate/view/cust_main/packages.html @@ -2,6 +2,8 @@ my( $cust_main ) = @_; my $conf = new FS::Conf; + my $curuser = $FS::CurrentUser::CurrentUser; + my $packages = get_packages($cust_main, $conf); %> @@ -11,13 +13,21 @@ <A NAME="cust_pkg"><FONT SIZE="+2">Packages</FONT></A> -<%= include('order_pkg.html', $cust_main ) %> +<% if ( $curuser->access_right('Order customer package') ) { %> + <%= include('order_pkg.html', $cust_main ) %> +<% } %> -<% if ( $conf->config('payby-default') ne 'HIDE' ) { %> +<% if ( $curuser->access_right('One-time charge') + && $conf->config('payby-default') ne 'HIDE' + ) { +%> <%= include('quick-charge.html', $cust_main ) %> <% } %> -<A HREF="<%= $p %>edit/cust_pkg.cgi?<%= $cust_main->custnum %>">Bulk order and cancel packages</A> (preserves services) +<% if ( $curuser->access_right('Bulk change customer packages') ) { %> + <A HREF="<%= $p %>edit/cust_pkg.cgi?<%= $cust_main->custnum %>">Bulk order and cancel packages</A> (preserves services) +<% } %> + <BR><BR> <% if ( @$packages ) { %> @@ -70,10 +80,19 @@ foreach my $pkg (sort pkgsort_pkgnum_cancel @$packages) { <TD ROWSPAN=<%= $rowspan || 1 %>> <A NAME="cust_pkg<%=$pkg->{pkgnum}%>"><%=$pkg->{pkgnum}%></A>: <%=$pkg->{pkg}%> - <%=$pkg->{comment}%><BR> -<% unless ($pkg->{cancel}) { %> - ( <%=pkg_change_link($pkg)%> ) - ( <%=pkg_dates_link($pkg)%> | <%=pkg_customize_link($pkg,$cust_main->custnum)%> ) -<% } %> + <FONT SIZE=-1> + <% unless ( $pkg->{cancel} ) { %> + <% if ( $curuser->access_right('Change customer package') ) { %> + ( <%=pkg_change_link($pkg)%> ) + <% } %> + <% if ( $curuser->access_right('Edit customer package dates') ) { %> + ( <%=pkg_dates_link($pkg)%> ) + <% } %> + <% if ( $curuser->access_right('Customize customer package') ) { %> + ( <%=pkg_customize_link($pkg,$cust_main->custnum)%> ) + <% } %> + <% } %> + </FONT> </TD> <TD ROWSPAN=<%= $rowspan || 1 %>> <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%"> @@ -182,7 +201,16 @@ foreach my $pkg (sort pkgsort_pkgnum_cancel @$packages) { <% } %> <TR> - <TD COLSPAN=<%=$colspan%>>( <%= pkg_unsuspend_link($pkg) %> | <%= pkg_cancel_link($pkg) %> )</TD> + <TD COLSPAN=<%=$colspan%>> + <FONT SIZE=-1> + <% if ( $curuser->access_right('Unsuspend customer package') ) { %> + ( <%= pkg_unsuspend_link($pkg) %> ) + <% } %> + <% if ( $curuser->access_right('Cancel customer package') ) { %> + ( <%= pkg_cancel_link($pkg) %> ) + <% } %> + </FONT> + </TD> </TR> <% } else { %> <!-- #status: active --> @@ -196,7 +224,13 @@ foreach my $pkg (sort pkgsort_pkgnum_cancel @$packages) { </TR> <TR> - <TD COLSPAN=<%=$colspan%>>( <%= pkg_cancel_link($pkg) %> )</TD> + <TD COLSPAN=<%=$colspan%>> + <FONT SIZE=-1> + <% if ( $curuser->access_right('Cancel customer package immediately') ) { %> + ( <%= pkg_cancel_link($pkg) %> ) + <% } %> + </FONT> + </TD> </TR> <% } else { %> @@ -258,7 +292,19 @@ foreach my $pkg (sort pkgsort_pkgnum_cancel @$packages) { <% if ( $pkg->{freq} ) { %> <TR> - <TD COLSPAN=<%=$colspan%>>( <%= pkg_suspend_link($pkg) %> | <%= pkg_cancel_link($pkg) %> )</TD> + <TD COLSPAN=<%=$colspan%>> + <FONT SIZE=-1> + <% if ( $curuser->access_right('Suspend customer package') ) { %> + ( <%= pkg_suspend_link($pkg) %> ) + <% } %> + <% if ( $curuser->access_right('Cancel customer package immediately') ) { %> + ( <%= pkg_cancel_link($pkg) %> ) + <% } %> + <% if ( $curuser->access_right('Cancel customer package later') ) { %> + ( <%= pkg_expire_link($pkg) %> ) + <% } %> + <FONT> + </TD> </TR> <% } %> @@ -278,14 +324,20 @@ foreach my $pkg (sort pkgsort_pkgnum_cancel @$packages) { print '<TR>' if ($cnt > 0); %> <TD><%=svc_link($svcpart,$service)%></TD> - <TD><%=svc_label_link($svcpart,$service)%><BR>( <%=svc_unprovision_link($service)%> )</TD> + <TD><%=svc_label_link($svcpart,$service)%> + <% if ( $curuser->access_right('Unprovision customer service') ) { %> + <BR>( <%=svc_unprovision_link($service)%> ) + <% } %> + </TD> </TR> <% $cnt++; } - if ($svcpart->{count} < $svcpart->{quantity}) { + if ( $svcpart->{count} < $svcpart->{quantity} + && $curuser->access_right('Provision customer services') + ) { print qq!<TR>\n! if ($cnt > 0); - print qq! <TD COLSPAN=2>!.svc_provision_link($pkg, $svcpart, $conf).qq!</TD>\n</TR>\n!; + print qq! <TD COLSPAN=2>!.svc_provision_link($pkg, $svcpart, $conf, $curuser).qq!</TD>\n</TR>\n!; } } } @@ -393,7 +445,7 @@ sub svc_label_link { } sub svc_provision_link { - my ($pkg, $svcpart, $conf) = @_; + my ($pkg, $svcpart, $conf, $curuser) = @_; ( my $svc_nbsp = $svcpart->{svc} ) =~ s/\s+/ /g; my $num_left = $svcpart->{quantity} - $svcpart->{count}; my $pkgnum_svcpart = "pkgnum$pkg->{pkgnum}-svcpart$svcpart->{svcpart}"; @@ -411,7 +463,10 @@ sub svc_provision_link { my $link = qq!<A CLASS="provision" HREF="$url">!. "Provision $svc_nbsp ($num_left)</A>"; - if ( $conf->exists('legacy_link') ) { + if ( $conf->exists('legacy_link') + && $curuser->access_right('View/link unlinked services') + ) + { $link .= '<BR>'. qq!<A CLASS="provision" HREF="${p}misc/link.cgi?!. qq!$pkgnum_svcpart">!. @@ -475,7 +530,11 @@ sub pkg_cancel_link { my $pkg = shift or return ''; qq!<A HREF="javascript:areyousure('${p}misc/cancel_pkg.cgi?$pkg->{pkgnum}', !. qq!'Permanently delete included services and cancel this package?')">!. - qq!Cancel now</A> | !. + qq!Cancel now</A>!; +} + +sub pkg_expire_link { + my $pkg = shift or return ''; qq!<A HREF="${p}misc/expire_pkg.cgi?$pkg->{pkgnum}">Cancel later</A>!; } diff --git a/httemplate/view/cust_main/payment_history.html b/httemplate/view/cust_main/payment_history.html index f0cd993ff..b7621d57a 100644 --- a/httemplate/view/cust_main/payment_history.html +++ b/httemplate/view/cust_main/payment_history.html @@ -4,6 +4,8 @@ my $conf = new FS::Conf; + my $curuser = $FS::CurrentUser::CurrentUser; + my @payby = grep /\w/, $conf->config('payby'); #@payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH WEST COMP )) @payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH COMP )) @@ -16,42 +18,48 @@ <BR><BR><A NAME="history"><FONT SIZE="+2">Payment History</FONT></A><BR> -<% if ( $payby{'BILL'} ) { %> +<% if ( $payby{'BILL'} && $curuser->access_right('Post payment') ) { %> <%= $s++ ? ' | ' : '' %> <A HREF="<%= $p %>edit/cust_pay.cgi?payby=BILL;custnum=<%= $custnum %>">Post check payment</A> <% } %> -<% if ( $payby{'CASH'} ) { %> +<% if ( $payby{'CASH'} && $curuser->access_right('Post payment') ) { %> <%= $s++ ? ' | ' : '' %> <A HREF="<%= $p %>edit/cust_pay.cgi?payby=CASH;custnum=<%= $custnum %>">Post cash payment</A> <% } %> -<% if ( $payby{'WEST'} ) { %> +<% if ( $payby{'WEST'} && $curuser->access_right('Post payment') ) { %> <%= $s++ ? ' | ' : '' %> <A HREF="<%= $p %>edit/cust_pay.cgi?payby=WEST;custnum=<%= $custnum %>">Post Western Union payment</A> <% } %> -<% if ( $payby{'CARD'} || $payby{'DCRD'} ) { %> +<% if ( ( $payby{'CARD'} || $payby{'DCRD'} ) + && $curuser->access_right('Process payment') + ) { +%> <%= $s++ ? ' | ' : '' %> <A HREF="<%= $p %>misc/payment.cgi?payby=CARD;custnum=<%= $custnum %>">Process credit card payment</A> <% } %> -<% if ( $payby{'CHEK'} || $payby{'DCHK'} ) { %> +<% if ( ( $payby{'CHEK'} || $payby{'DCHK'} ) + && $curuser->access_right('Process payment') + ) { +%> <%= $s++ ? ' | ' : '' %> <A HREF="<%= $p %>misc/payment.cgi?payby=CHEK;custnum=<%= $custnum %>">Process electronic check (ACH) payment</A> <% } %> -<% if ( $payby{'MCRD'} ) { %> +<% if ( $payby{'MCRD'} && $curuser->access_right('Post payment') ) { %> <%= $s++ ? ' | ' : '' %> <A HREF="<%= $p %>edit/cust_pay.cgi?payby=MCRD;custnum=<%= $custnum %>">Post manual credit card payment</A> @@ -60,9 +68,13 @@ <BR> -<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('<%= $p %>edit/cust_credit.cgi?<%= $custnum %>', 392, 336, 'cust_credit_popup' ), CAPTION, 'Post credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK )">Post credit</A> +<% if ( $curuser->access_right('Post credit') ) { %> -<BR> + <A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('<%= $p %>edit/cust_credit.cgi?<%= $custnum %>', 392, 336, 'cust_credit_popup' ), CAPTION, 'Post credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK )">Post credit</A> + + <BR> + +<% } %> <% #get payment history @@ -75,11 +87,14 @@ foreach my $cust_bill ($cust_main->cust_bill) { : ''; my $post = ( $cust_bill->owed > 0 ) ? '</FONT></B>' : ''; my $invnum = $cust_bill->invnum; + my $link = $curuser->access_right('View invoices') + ? qq!<A HREF="${p}view/cust_bill.cgi?$invnum">! + : ''; push @history, { 'date' => $cust_bill->_date, - 'desc' => qq!<A HREF="${p}view/cust_bill.cgi?$invnum">!. $pre. + 'desc' => $link. $pre. "Invoice #$invnum (Balance \$". $cust_bill->owed. ')'. - $post. '</A>', + $post. ( $link ? '</A>' : '' ), 'charge' => $cust_bill->charged, }; } @@ -169,6 +184,7 @@ foreach my $cust_pay ($cust_main->cust_pay) { && $cust_pay->payby =~ /^(CARD|CHEK)$/ && time-$cust_pay->_date < $refund_days*86400 && $cust_pay->unrefunded > 0 + && $curuser->access_right('Refund payment') ) { $refund = qq! (<A HREF="${p}edit/cust_refund.cgi?payby=$1;!. qq!paynum=!. $cust_pay->paynum. '"'. @@ -178,9 +194,17 @@ foreach my $cust_pay ($cust_main->cust_pay) { my $void = ''; if ( $cust_pay->closed !~ /^Y/i - && ( $cust_pay->payby ne 'CARD' || $conf->exists('cc-void') ) - && ( $cust_pay->payby ne 'CHEK' || $conf->exists('echeck-void') ) - ) { + && ( ( $cust_pay->payby eq 'CARD' + && $conf->exists('cc-void') + && $curuser->acccess_right('Credit card void') + ) + || ( $cust_pay->payby eq 'CHEK' + && $conf->exists('echeck-void') + && $curuser->acccess_right('Echeck void') + ) + ) + ) + { $void = qq! (<A HREF="javascript:areyousure('!. qq!${p}misc/void-cust_pay.cgi?!. $cust_pay->paynum. qq!', 'Are you sure you want to void this payment?')"!. @@ -193,7 +217,11 @@ foreach my $cust_pay ($cust_main->cust_pay) { } my $delete = ''; - if ( $cust_pay->closed !~ /^Y/i && $conf->exists('deletepayments') ) { + if ( $cust_pay->closed !~ /^Y/i + && $conf->exists('deletepayments') + && $curuser->access_right('Delete payment') + ) + { $delete = qq! (<A HREF="javascript:areyousure('!. qq!${p}misc/delete-cust_pay.cgi?!. $cust_pay->paynum. qq!', 'Are you sure you want to delete this payment?')"!. @@ -204,7 +232,10 @@ foreach my $cust_pay ($cust_main->cust_pay) { my $unapply = ''; if ( $cust_pay->closed !~ /^Y/i && $conf->exists('unapplypayments') - && scalar(@cust_bill_pay) ) { + && scalar(@cust_bill_pay) + && $curuser->access_right('Unapply payment') + ) + { $unapply = qq! (<A HREF="javascript:areyousure('!. qq!${p}misc/unapply-cust_pay.cgi?!. $cust_pay->paynum. qq!', 'Are you sure you want to unapply this payment?')"!. @@ -236,7 +267,11 @@ foreach my $cust_pay_void ($cust_main->cust_pay_void) { my $info = $payby ? " ($payby$payinfo)" : ''; my $unvoid = ''; - if ( $cust_pay_void->closed !~ /^Y/i && $conf->exists('unvoid') ) { + if ( $cust_pay_void->closed !~ /^Y/i + && $conf->exists('unvoid') + && $curuser->access_right('Unvoid') + ) + { $unvoid = qq! (<A HREF="javascript:areyousure('!. qq!${p}misc/unvoid-cust_pay_void.cgi?!. $cust_pay_void->paynum. qq!', 'Are you sure you want to unvoid this payment?')"!. @@ -314,7 +349,11 @@ foreach my $cust_credit ($cust_main->cust_credit) { } # my $delete = ''; - if ( $cust_credit->closed !~ /^Y/i && $conf->exists('deletecredits') ) { + if ( $cust_credit->closed !~ /^Y/i + && $conf->exists('deletecredits') + && $curuser->access_right('Delete credit') + ) + { $delete = qq! (<A HREF="javascript:areyousure('!. qq!${p}misc/delete-cust_credit.cgi?!. $cust_credit->crednum. qq!', 'Are you sure you want to delete this credit?')">!. @@ -324,7 +363,10 @@ foreach my $cust_credit ($cust_main->cust_credit) { my $unapply = ''; if ( $cust_credit->closed !~ /^Y/i && $conf->exists('unapplycredits') - && scalar(@cust_credit_bill) ) { + && scalar(@cust_credit_bill) + && $curuser->access_right('Unapply credit') + ) + { $unapply = qq! (<A HREF="javascript:areyousure('!. qq!${p}misc/unapply-cust_credit.cgi?!. $cust_credit->crednum. qq!', 'Are you sure you want to unapply this credit?')">!. |