diff options
author | ivan <ivan> | 2006-06-19 11:25:14 +0000 |
---|---|---|
committer | ivan <ivan> | 2006-06-19 11:25:14 +0000 |
commit | 41a6a1b1811e337be2fca47504ff9687b6b46cf8 (patch) | |
tree | 2b9708c1e681a39f3c75b6fd0fa90672ef7353bd /FS | |
parent | 6b12c14cc10503d6b0783e8ef71fe44d9a9b37b6 (diff) |
ACLs, take three or four or something
Diffstat (limited to 'FS')
-rw-r--r-- | FS/FS/AccessRight.pm | 42 | ||||
-rw-r--r-- | FS/FS/access_user.pm | 23 | ||||
-rw-r--r-- | FS/FS/cust_main.pm | 18 |
3 files changed, 72 insertions, 11 deletions
diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm index 5229e1e65..f04779a07 100644 --- a/FS/FS/AccessRight.pm +++ b/FS/FS/AccessRight.pm @@ -84,10 +84,13 @@ assigned to users and/or groups. #'View Customer | View tickets', 'Edit customer', 'Cancel customer', - 'Delete customer', + 'Complimentary customer', #aka users-allow_comp + 'Delete customer', #aka. deletecustomers #Enable customer deletions. Be very careful! Deleting a customer will remove all traces that this customer ever existed! It should probably only be used when auditing a legacy database. Normally, you cancel all of a customers' packages if they cancel service. 'Order customer package', + 'One-time charge', 'Change customer package', + 'Bulk change customer packages', 'Edit customer package dates', 'Customize customer package', 'Suspend customer package', @@ -95,14 +98,43 @@ assigned to users and/or groups. 'Cancel customer package immediately', 'Cancel customer package later', - 'Provision service', - 'Unprovision service', - #legacy link stuff + 'Provision customer service', + 'Unprovision customer service', + + 'View/link unlinked services', #not agent-virtualizable without more work + + 'View invoices', 'Post payment', + 'Post payment batch', + 'Unapply payment', #aka. unapplypayments Enable "unapplication" of unclosed payments. 'Process payment', + 'Refund payment', + + 'Delete payment', #aka. deletepayments - Enable deletion of unclosed payments. Be very careful! Only delete payments that were data-entry errors, not adjustments. Optionally specify one or more comma-separated email addresses to be notified when a payment is deleted. + 'Post credit', - #more financial stuff + #'Apply credit', + 'Unapply credit', #aka unapplycredits Enable "unapplication" of unclosed credits. + 'Delete credit', #aka. deletecredits Enable deletion of unclosed credits. Be very careful! Only delete credits that were data-entry errors, not adjustments. Optionally specify one or more comma-separated email addresses to be notified when a credit is deleted. + + 'Credit card void', #aka. cc-void #Enable local-only voiding of echeck payments in addition to refunds against the payment gateway + 'Echeck void', #aka. echeck-void #Enable local-only voiding of echeck payments in addition to refunds against the payment gateway + 'Unvoid', #aka. unvoid #Enable unvoiding of voided payments + + 'List customers', + #'List zip codes', + 'List invoices', + 'List packages', + 'List services', + + 'Financial reports', + + 'Job queue', # these are not currently agent-virtualized + 'Import', # + 'Export', # + + 'Configuration', #none of the configuraiton is agent-virtualized either ); diff --git a/FS/FS/access_user.pm b/FS/FS/access_user.pm index c95d02984..e3bf2cb9f 100644 --- a/FS/FS/access_user.pm +++ b/FS/FS/access_user.pm @@ -192,6 +192,29 @@ sub agentnums_sql { ' )'; } +=item access_right + +Given a right name, returns true if this user has this right (currently via +group membership, eventually also via user overrides). + +=cut + +sub access_right { + my( $self, $rightname ) = @_; + my $sth = dbh->prepare(" + SELECT groupnum FROM access_usergroup + LEFT JOIN access_group USING ( groupnum ) + LEFT JOIN access_right + ON ( access_group.groupnum = access_right.rightobjnum ) + WHERE usernum = ? + AND righttype = 'FS::access_group' + AND rightname = ? + ") or die dbh->errstr; + $sth->execute($self->usernum, $rightname) or die $sth->errstr; + my $row = $sth->fetchrow_arrayref; + $row ? $row->[0] : ''; +} + =back =head1 BUGS diff --git a/FS/FS/cust_main.pm b/FS/FS/cust_main.pm index 8956d5b26..511762e63 100644 --- a/FS/FS/cust_main.pm +++ b/FS/FS/cust_main.pm @@ -944,10 +944,13 @@ sub replace { $old = qsearchs( 'cust_main', { 'custnum' => $self->custnum } ); } - if ( $self->payby eq 'COMP' && $self->payby ne $old->payby - && $conf->config('users-allow_comp') ) { - return "You are not permitted to create complimentary accounts." - unless grep { $_ eq getotaker } $conf->config('users-allow_comp'); + my $curuser = $FS::CurrentUser::CurrentUser; + if ( $self->payby eq 'COMP' + && $self->payby ne $old->payby + && ! $curuser->access_right('Complimentary customer') + ) + { + return "You are not permitted to create complimentary accounts."; } local($ignore_expired_card) = 1 @@ -1302,9 +1305,12 @@ sub check { } elsif ( $self->payby eq 'COMP' ) { - if ( !$self->custnum && $conf->config('users-allow_comp') ) { + my $curuser = $FS::CurrentUser::CurrentUser; + if ( ! $self->custnum + && ! $curuser->access_right('Complimentary customer') + ) + { return "You are not permitted to create complimentary accounts." - unless grep { $_ eq getotaker } $conf->config('users-allow_comp'); } $error = $self->ut_textn('payinfo'); |