diff options
| author | ivan <ivan> | 2008-03-27 20:19:52 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2008-03-27 20:19:52 +0000 |
| commit | 8d029daaa89e10b9a3e320cccfaad14714e19581 (patch) | |
| tree | 4dad77ed2be286b953ef10d3cfebf1d8c704a694 | |
| parent | 1783fdb03ace7f8bc0b5236d1b3cd842753fd16d (diff) | |
resolve minor ACL glitch linking to payments
| -rwxr-xr-x | httemplate/search/cust_pay.cgi | 5 | ||||
| -rw-r--r-- | httemplate/view/cust_pay.html | 3 |
2 files changed, 6 insertions, 2 deletions
diff --git a/httemplate/search/cust_pay.cgi b/httemplate/search/cust_pay.cgi index e5465aee8..80a611d97 100755 --- a/httemplate/search/cust_pay.cgi +++ b/httemplate/search/cust_pay.cgi @@ -235,7 +235,10 @@ if ( $cgi->param('magic') ) { } -my $link = [ "${p}view/cust_pay.html?paynum=", 'paynum' ]; +my $link = ''; +$link = [ "${p}view/cust_pay.html?paynum=", 'paynum' ] + if $FS::CurrentUser::CurrentUser->access_right('View invoices'); #XXX for now + #later# if $FS::CurrentUser::CurrentUser->access_right('View customer payments'); my $cust_link = sub { my $cust_pay = shift; diff --git a/httemplate/view/cust_pay.html b/httemplate/view/cust_pay.html index 4037d3525..2e2344d40 100644 --- a/httemplate/view/cust_pay.html +++ b/httemplate/view/cust_pay.html @@ -101,7 +101,8 @@ my $curuser = $FS::CurrentUser::CurrentUser; die "access denied" - unless $curuser->access_right('View customer payments'); + unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY + || $curuser->access_right('View customer payments'); $cgi->param('paynum') =~ /^(\d+)$/ or die "no paynum"; my $paynum = $1; |