diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2016-08-18 13:56:11 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2016-08-18 13:56:11 -0700 |
| commit | 7e9422a954e8249627c256b53080ee6afeeed913 (patch) | |
| tree | 586a468dd46b82f55f0f6e903cfe38ea19df5ed7 | |
| parent | ac0bdc5e7860c6ab43d467f075505b0b4ec0245f (diff) | |
Fix Prospect edit, from Fernando-Kiernan
| -rw-r--r-- | httemplate/edit/prospect_main.html | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/httemplate/edit/prospect_main.html b/httemplate/edit/prospect_main.html index 7c02538..6aefe80 100644 --- a/httemplate/edit/prospect_main.html +++ b/httemplate/edit/prospect_main.html @@ -34,8 +34,10 @@ { 'field' => 'contactnum', 'type' => 'contact', 'colspan' => 7, - 'o2m_table' => 'contact', - 'm2_label' => 'Contact', + 'prospectnum' => $prospectnum, + 'm2m_method' => 'prospect_contact', + 'm2m_dstcol' => 'contactnum', + 'm2_label' => 'Contact', 'm2_error_callback' => $m2_error_callback, }, @@ -69,18 +71,25 @@ my $conf = new FS::Conf; my $prospectnum; if ( $cgi->param('error') ) { - $prospectnum = scalar($cgi->param('prospectnum')); + $cgi->param('prospectnum') =~ /^(\d*)$/ or die 'illegal prospectnum'; + $prospectnum = $1; die "access denied" unless $curuser->access_right(($prospectnum ? 'Edit' : 'New'). ' prospect'); } elsif ( $cgi->keywords ) { #editing + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die 'no prospectnum'; + $prospectnum = $1; + die "access denied" unless $curuser->access_right('Edit prospect'); } else { #new prospect + $prospectnum = ''; + die "access denied" unless $curuser->access_right('New prospect'); |