diff options
| author | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
| commit | 0930d22ffc440f80c1b222b2e750cadbabd9e8f6 (patch) | |
| tree | 59d6738ed4c685cd9bec804e9d3f661f4f37d72c /httemplate/edit/process/cust_pkg.cgi | |
| parent | f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (diff) | |
ACLs
Diffstat (limited to 'httemplate/edit/process/cust_pkg.cgi')
| -rwxr-xr-x | httemplate/edit/process/cust_pkg.cgi | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/httemplate/edit/process/cust_pkg.cgi b/httemplate/edit/process/cust_pkg.cgi index 25b826758..bdade321f 100755 --- a/httemplate/edit/process/cust_pkg.cgi +++ b/httemplate/edit/process/cust_pkg.cgi @@ -11,7 +11,7 @@ </HTML> % } elsif ( $action eq 'bulk' ) { -% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> % } else { % die "guru exception #5: action is neither change nor bulk!"; % } @@ -28,15 +28,27 @@ my @remove_pkgnums = map { $1; } $cgi->param('remove_pkg'); +my $curuser = $FS::CurrentUser::CurrentUser; + my( $action, $error_redirect ); my @pkgparts = (); if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi + $action = 'change'; $error_redirect = "misc/change_pkg.cgi"; @pkgparts = ($1); + + die "access denied" + unless $curuser->access_right('Change customer package'); + } else { #came from edit/cust_pkg.cgi + $action = 'bulk'; $error_redirect = "edit/cust_pkg.cgi"; + + die "access denied" + unless $curuser->access_right('Bulk change customer packages'); + foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) { if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) { my $num_pkgs = $1; @@ -48,6 +60,7 @@ if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi last; } } + } $error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums); |