more granular ACLs for posting check vs. cash payments, processing credit card vs echecks, RT#7887

1 files changed, 11 insertions, 3 deletions

diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi
index 59417b4c4..612e337f7 100755
--- a/httemplate/edit/cust_refund.cgi
+++ b/httemplate/edit/cust_refund.cgi
@@ -130,9 +130,6 @@
 
 <%init>
 
-die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Refund payment');
-
 my $conf = new FS::Conf;
 my $date_format = $conf->config('date_format') || '%m/%d/%Y';
 
@@ -143,6 +140,17 @@ my $payinfo = $cgi->param('payinfo');
 my $reason  = $cgi->param('reason');
 my $link    = $cgi->param('popup') ? 'popup' : '';
 
+my @rights = ();
+push @rights, 'Post refund'                if $payby /^(BILL|CASH)$/;
+push @rights, 'Post check refund'          if $payby eq 'BILL';
+push @rights, 'Post cash refund '          if $payby eq 'CASH';
+push @rights, 'Refund payment'             if $payby /^(CARD|CHEK)$/;
+push @rights, 'Refund credit card payment' if $payby eq 'CARD';
+push @rights, 'Refund Echeck payment'      if $payby eq 'CHEK';
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
 my( $paynum, $cust_pay ) = ( '', '' );
 if ( $cgi->param('paynum') =~ /^(\d+)$/ ) {
   $paynum = $1;