diff options
author | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
---|---|---|
committer | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
commit | 0930d22ffc440f80c1b222b2e750cadbabd9e8f6 (patch) | |
tree | 59d6738ed4c685cd9bec804e9d3f661f4f37d72c /httemplate/edit/process | |
parent | f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (diff) |
ACLs
Diffstat (limited to 'httemplate/edit/process')
46 files changed, 1183 insertions, 1046 deletions
diff --git a/httemplate/edit/process/REAL_cust_pkg.cgi b/httemplate/edit/process/REAL_cust_pkg.cgi index ec951c86c..ebcb7e4ba 100755 --- a/httemplate/edit/process/REAL_cust_pkg.cgi +++ b/httemplate/edit/process/REAL_cust_pkg.cgi @@ -1,31 +1,36 @@ -%my $pkgnum = $cgi->param('pkgnum') or die; -%my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); -%my %hash = $old->hash; -%$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : ''; -%$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : ''; -%$hash{'last_bill'} = -% $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : ''; -%$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : ''; -%$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : ''; -% -%my $new; -%my $error; -%if ( $hash{'bill'} != $old->bill # if the next bill date was changed -% && $hash{'bill'} < time # to a date in the past -% && ! $cgi->param('bill_areyousure') # and it wasn't confirmed -% ) -%{ -% $error = '_bill_areyousure'; -%} else { -% $new = new FS::cust_pkg \%hash; -% $error = $new->replace($old); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string ) %> %} else { % my $custnum = $new->custnum; -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum". -% "#cust_pkg$pkgnum" ); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum#cust_pkg$pkgnum" ) %> %} +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates'); + +my $pkgnum = $cgi->param('pkgnum') or die; +my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); +my %hash = $old->hash; +$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : ''; +$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : ''; +$hash{'last_bill'} = + $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : ''; +$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : ''; +$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : ''; + +my $new; +my $error; +if ( $hash{'bill'} != $old->bill # if the next bill date was changed + && $hash{'bill'} < time # to a date in the past + && ! $cgi->param('bill_areyousure') # and it wasn't confirmed + ) +{ + $error = '_bill_areyousure'; +} else { + $new = new FS::cust_pkg \%hash; + $error = $new->replace($old); +} + +</%init> diff --git a/httemplate/edit/process/access_user.html b/httemplate/edit/process/access_user.html index 9f7c4ddbf..ca6bb603f 100644 --- a/httemplate/edit/process/access_user.html +++ b/httemplate/edit/process/access_user.html @@ -13,3 +13,9 @@ ) %> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/agent.cgi b/httemplate/edit/process/agent.cgi index 5128d7ae8..ad550cc37 100755 --- a/httemplate/edit/process/agent.cgi +++ b/httemplate/edit/process/agent.cgi @@ -1,29 +1,30 @@ -% -% -%my $agentnum = $cgi->param('agentnum'); -% -%my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum; -% -%my $new = new FS::agent ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('agent') -%} ); -% -%my $error; -%if ( $agentnum ) { -% $error=$new->replace($old); -%} else { -% $error=$new->insert; -% $agentnum=$new->getfield('agentnum'); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/agent.cgi"); +<% $cgi->redirect(popurl(3). "browse/agent.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $agentnum = $cgi->param('agentnum'); + +my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum; + +my $new = new FS::agent ( { + map { + $_, scalar($cgi->param($_)); + } fields('agent') +} ); + +my $error; +if ( $agentnum ) { + $error=$new->replace($old); +} else { + $error=$new->insert; + $agentnum=$new->getfield('agentnum'); +} +</%init> diff --git a/httemplate/edit/process/agent_payment_gateway.html b/httemplate/edit/process/agent_payment_gateway.html index 436317ec4..5b5fd948a 100644 --- a/httemplate/edit/process/agent_payment_gateway.html +++ b/httemplate/edit/process/agent_payment_gateway.html @@ -1,26 +1,29 @@ -% -% -%$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum"; -%my $agent = qsearchs('agent', { 'agentnum' => $1 } ); -%die "agentnum $1 not found" unless $agent; -% -%#my $old -% -%my @new = map { -% my $cardtype = $_; -% new FS::agent_payment_gateway { -% ( map { $_ => scalar($cgi->param($_)) } -% fields('agent_payment_gateway') -% ), -% 'cardtype' => $cardtype, -% }; -% } -% $cgi->param('cardtype'); -% -%foreach my $new (@new) { -% my $error = $new->insert; -% die $error if $error; -%} -% -% <% $cgi->redirect(popurl(3). "browse/agent.cgi") %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum"; +my $agent = qsearchs('agent', { 'agentnum' => $1 } ); +die "agentnum $1 not found" unless $agent; + +#my $old + +my @new = map { + my $cardtype = $_; + new FS::agent_payment_gateway { + ( map { $_ => scalar($cgi->param($_)) } + fields('agent_payment_gateway') + ), + 'cardtype' => $cardtype, + }; + } + $cgi->param('cardtype'); + +foreach my $new (@new) { + my $error = $new->insert; + die $error if $error; +} + +</%init> diff --git a/httemplate/edit/process/agent_type.cgi b/httemplate/edit/process/agent_type.cgi index b8d03705c..898e0667d 100755 --- a/httemplate/edit/process/agent_type.cgi +++ b/httemplate/edit/process/agent_type.cgi @@ -1,37 +1,35 @@ -% -% -%my $typenum = $cgi->param('typenum'); -%my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum; -% -%my $new = new FS::agent_type ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('agent_type') -%} ); -% -%my $error; -%if ( $typenum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $typenum = $new->getfield('typenum'); -%} -%#$error ||= $new->process_m2m( ); -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string ) %> %} else { -% -% my $error = $new->process_m2m( -% 'link_table' => 'type_pkgs', -% 'target_table' => 'part_pkg', -% 'params' => scalar($cgi->Vars) -% ); -% die $error if $error; -% -% print $cgi->redirect(popurl(3). "browse/agent_type.cgi"); +<% $cgi->redirect(popurl(3). "browse/agent_type.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $typenum = $cgi->param('typenum'); +my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum; + +my $new = new FS::agent_type ( { + map { + $_, scalar($cgi->param($_)); + } fields('agent_type') +} ); + +my $error; +if ( $typenum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $typenum = $new->getfield('typenum'); +} + + $error ||= $new->process_m2m( + 'link_table' => 'type_pkgs', + 'target_table' => 'part_pkg', + 'params' => scalar($cgi->Vars) + ); +<%/init> diff --git a/httemplate/edit/process/bulk-cust_svc.cgi b/httemplate/edit/process/bulk-cust_svc.cgi index ad4d67307..313b061ff 100644 --- a/httemplate/edit/process/bulk-cust_svc.cgi +++ b/httemplate/edit/process/bulk-cust_svc.cgi @@ -1,4 +1,9 @@ -% -% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi; + +</%init> diff --git a/httemplate/edit/process/cust_bill_pay.cgi b/httemplate/edit/process/cust_bill_pay.cgi index 962fc4eb9..43e672647 100755 --- a/httemplate/edit/process/cust_bill_pay.cgi +++ b/httemplate/edit/process/cust_bill_pay.cgi @@ -1,54 +1,50 @@ -% -% -%$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; -%my $paynum = $1; -% -%my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } ) -% or die "No such paynum"; -% -%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } ) -% or die "Bogus credit: not attached to customer"; -% -%my $custnum = $cust_main->custnum; -% -%my $new; -%if ($cgi->param('invnum') =~ /^Refund$/) { -% $new = new FS::cust_refund ( { -% 'reason' => 'Refunding payment', #enter reason in UI -% 'refund' => $cgi->param('amount'), -% 'payby' => 'BILL', -% #'_date' => $cgi->param('_date'), -% 'payinfo' => 'Cash', #enter payinfo in UI -% 'paynum' => $paynum, -% } ); -%} else { -% $new = new FS::cust_bill_pay ( { -% map { -% $_, scalar($cgi->param($_)); -% #} qw(custnum _date amount invnum) -% } fields('cust_bill_pay') -% } ); -%} -% -%my $error = $new->insert; -% %if ( $error ) { -% % $cgi->param('error', $error); -% <% $cgi->redirect(popurl(2). "cust_bill_pay.cgi?". $cgi->query_string ) %> -% -% %} else { -% -% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); -% -% <% header('Payment application sucessful') %> <SCRIPT TYPE="text/javascript"> window.top.location.reload(); </SCRIPT> - - </BODY></HTML> + </BODY> + </HTML> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #; + || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3 + +$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; +my $paynum = $1; + +my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } ) + or die "No such paynum"; + +my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } ) + or die "Bogus credit: not attached to customer"; + +my $custnum = $cust_main->custnum; + +my $new; +if ($cgi->param('invnum') =~ /^Refund$/) { + $new = new FS::cust_refund ( { + 'reason' => 'Refunding payment', #enter reason in UI + 'refund' => $cgi->param('amount'), + 'payby' => 'BILL', + #'_date' => $cgi->param('_date'), + 'payinfo' => 'Cash', #enter payinfo in UI + 'paynum' => $paynum, + } ); +} else { + $new = new FS::cust_bill_pay ( { + map { + $_, scalar($cgi->param($_)); + #} qw(custnum _date amount invnum) + } fields('cust_bill_pay') + } ); +} + +my $error = $new->insert; +</%init> diff --git a/httemplate/edit/process/cust_credit.cgi b/httemplate/edit/process/cust_credit.cgi index 9dcad7f68..8715ad61e 100755 --- a/httemplate/edit/process/cust_credit.cgi +++ b/httemplate/edit/process/cust_credit.cgi @@ -1,46 +1,10 @@ -% -% -%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; -%my $custnum = $1; -% -%$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum"; -%my $reasonnum = $1; -% -%my $oldAutoCommit = $FS::UID::AutoCommit; -%local $FS::UID::AutoCommit = 0; -%my $dbh = dbh; -% -%my $error = ''; -%if ($reasonnum == -1) { -% -% $error = 'Enter a new reason (or select an existing one)' -% unless $cgi->param('newreasonnum') !~ /^\s*$/; -% my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'), -% 'reason' => $cgi->param('newreasonnum'), -% }); -% $error ||= $reason->insert; -% $cgi->param('reasonnum', $reason->reasonnum) -% unless $error; -%} -% -%unless ($error) { -% my $new = new FS::cust_credit ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('cust_credit') -% } ); -% $error = $new->insert; -%} -% %if ( $error ) { % $cgi->param('reasonnum', $reasonnum); % $cgi->param('error', $error); % $dbh->rollback if $oldAutoCommit; -% % <% $cgi->redirect(popurl(2). "cust_credit.cgi?". $cgi->query_string ) %> % -% %} else { % % if ( $cgi->param('apply') eq 'yes' ) { @@ -59,4 +23,41 @@ </BODY></HTML> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Post credit'); + +$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; +my $custnum = $1; + +$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum"; +my $reasonnum = $1; + +my $oldAutoCommit = $FS::UID::AutoCommit; +local $FS::UID::AutoCommit = 0; +my $dbh = dbh; + +my $error = ''; +if ($reasonnum == -1) { + + $error = 'Enter a new reason (or select an existing one)' + unless $cgi->param('newreasonnum') !~ /^\s*$/; + my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'), + 'reason' => $cgi->param('newreasonnum'), + }); + $error ||= $reason->insert; + $cgi->param('reasonnum', $reason->reasonnum) + unless $error; +} + +unless ($error) { + my $new = new FS::cust_credit ( { + map { + $_, scalar($cgi->param($_)); + } fields('cust_credit') + } ); + $error = $new->insert; +} +</%init> diff --git a/httemplate/edit/process/cust_credit_bill.cgi b/httemplate/edit/process/cust_credit_bill.cgi index 7509a3f02..74ae00888 100755 --- a/httemplate/edit/process/cust_credit_bill.cgi +++ b/httemplate/edit/process/cust_credit_bill.cgi @@ -1,55 +1,51 @@ -% -% -%$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!"; -%my $crednum = $1; -% -%my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } ) -% or die "No such crednum"; -% -%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } ) -% or die "Bogus credit: not attached to customer"; -% -%my $custnum = $cust_main->custnum; -% -%my $new; -%if ($cgi->param('invnum') =~ /^Refund$/) { -% $new = new FS::cust_refund ( { -% 'reason' => ( $cust_credit->reason || 'refund from credit' ), -% 'refund' => $cgi->param('amount'), -% 'payby' => 'BILL', -% #'_date' => $cgi->param('_date'), -% #'payinfo' => 'Cash', -% 'payinfo' => 'Refund', -% 'crednum' => $crednum, -% } ); -%} else { -% $new = new FS::cust_credit_bill ( { -% map { -% $_, scalar($cgi->param($_)); -% #} qw(custnum _date amount invnum) -% } fields('cust_credit_bill') -% } ); -%} -% -%my $error = $new->insert; -% %if ( $error ) { -% % $cgi->param('error', $error); -% <% $cgi->redirect(popurl(2). "cust_credit_bill.cgi?". $cgi->query_string ) %> -% -% %} else { -% -% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); -% -% <% header('Credit application sucessful') %> <SCRIPT TYPE="text/javascript"> window.top.location.reload(); </SCRIPT> - - </BODY></HTML> + </BODY> + </HTML> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Apply credit') #; + || $FS::CurrentUser::CurrentUser->access_right('Post credit'): #remove after 1.7.3 + +$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!"; +my $crednum = $1; + +my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } ) + or die "No such crednum"; + +my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } ) + or die "Bogus credit: not attached to customer"; + +my $custnum = $cust_main->custnum; + +my $new; +if ($cgi->param('invnum') =~ /^Refund$/) { + $new = new FS::cust_refund ( { + 'reason' => ( $cust_credit->reason || 'refund from credit' ), + 'refund' => $cgi->param('amount'), + 'payby' => 'BILL', + #'_date' => $cgi->param('_date'), + #'payinfo' => 'Cash', + 'payinfo' => 'Refund', + 'crednum' => $crednum, + } ); +} else { + $new = new FS::cust_credit_bill ( { + map { + $_, scalar($cgi->param($_)); + #} qw(custnum _date amount invnum) + } fields('cust_credit_bill') + } ); +} + +my $error = $new->insert; +</%init> diff --git a/httemplate/edit/process/cust_main.cgi b/httemplate/edit/process/cust_main.cgi index 8de2092f9..b0c9e3e57 100755 --- a/httemplate/edit/process/cust_main.cgi +++ b/httemplate/edit/process/cust_main.cgi @@ -16,6 +16,9 @@ my $DEBUG = 0; </%once> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer'); + my $error = ''; #unmunge stuff diff --git a/httemplate/edit/process/cust_main_county-collapse.cgi b/httemplate/edit/process/cust_main_county-collapse.cgi index 4bcaf1de3..a917825ce 100755 --- a/httemplate/edit/process/cust_main_county-collapse.cgi +++ b/httemplate/edit/process/cust_main_county-collapse.cgi @@ -33,4 +33,12 @@ %print $cgi->redirect(popurl(3). "browse/cust_main_county.cgi"); % % +<%init> +#this isn't actually linked from anywhere just now, but it will be again soon + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + + +</%init> diff --git a/httemplate/edit/process/cust_main_county-expand.cgi b/httemplate/edit/process/cust_main_county-expand.cgi index 4e04f37fc..a8b4c2511 100755 --- a/httemplate/edit/process/cust_main_county-expand.cgi +++ b/httemplate/edit/process/cust_main_county-expand.cgi @@ -8,6 +8,9 @@ </HTML> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + $cgi->param('taxnum') =~ /^(\d+)$/ or die "Illegal taxnum!"; my $taxnum = $1; my $cust_main_county = qsearchs('cust_main_county',{'taxnum'=>$taxnum}) diff --git a/httemplate/edit/process/cust_main_county.html b/httemplate/edit/process/cust_main_county.html index 3d9d20b85..cb56166c8 100644 --- a/httemplate/edit/process/cust_main_county.html +++ b/httemplate/edit/process/cust_main_county.html @@ -4,3 +4,10 @@ #someday change the individual element and go away instead ) %> +<%init> + +my $conf = new FS::Conf; +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/cust_main_note.cgi b/httemplate/edit/process/cust_main_note.cgi index 8b9105bd8..9689ca6d6 100755 --- a/httemplate/edit/process/cust_main_note.cgi +++ b/httemplate/edit/process/cust_main_note.cgi @@ -1,42 +1,7 @@ -% -% -%$cgi->param('custnum') =~ /^(\d+)$/ -% or die "Illegal custnum: ". $cgi->param('custnum'); -%my $custnum = $1; -% -%$cgi->param('notenum') =~ /^(\d*)$/ -% or die "Illegal notenum: ". $cgi->param('notenum'); -%my $notenum = $1; -% -%my $otaker = $FS::CurrentUser::CurrentUser->name; -%$otaker = $FS::CurrentUser::CurrentUser->username -% if ($otaker eq "User, Legacy"); -% -%my $new = new FS::cust_main_note ( { -% notenum => $notenum, -% custnum => $custnum, -% _date => time, -% otaker => $otaker, -% comments => $cgi->param('comment'), -%} ); -% -%my $error; -%if ($notenum){ -% my $old = qsearchs('cust_main_note', { 'notenum' => $notenum }); -% $error = "No such note: $notenum" unless $old; -% unless($error){ -% map { $new->$_($old->$_) } ('_date', 'otaker'); -% $error = $new->replace($old); -% } -%}else{ -% $error = $new->insert; -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string ); -%} -% +<% $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string ) %> +%} else { % <% header('Note ' . ($notenum ? 'updated' : 'added') ) %> <SCRIPT TYPE="text/javascript"> @@ -48,5 +13,48 @@ </SCRIPT> </BODY></HTML> % -% +% } +<%init> + +$cgi->param('custnum') =~ /^(\d+)$/ + or die "Illegal custnum: ". $cgi->param('custnum'); +my $custnum = $1; + +$cgi->param('notenum') =~ /^(\d*)$/ + or die "Illegal notenum: ". $cgi->param('notenum'); +my $notenum = $1; + +my $otaker = $FS::CurrentUser::CurrentUser->name; +$otaker = $FS::CurrentUser::CurrentUser->username + if ($otaker eq "User, Legacy"); + +my $new = new FS::cust_main_note ( { + notenum => $notenum, + custnum => $custnum, + _date => time, + otaker => $otaker, + comments => $cgi->param('comment'), +} ); + +my $error; +if ($notenum) { + + die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer note'); + + my $old = qsearchs('cust_main_note', { 'notenum' => $notenum }); + $error = "No such note: $notenum" unless $old; + unless ($error) { + map { $new->$_($old->$_) } ('_date', 'otaker'); + $error = $new->replace($old); + } + +} else { + + die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Add customer note'); + + $error = $new->insert; +} +</%init> diff --git a/httemplate/edit/process/cust_pay.cgi b/httemplate/edit/process/cust_pay.cgi index a34c88aba..647f6fc6c 100755 --- a/httemplate/edit/process/cust_pay.cgi +++ b/httemplate/edit/process/cust_pay.cgi @@ -1,32 +1,8 @@ -% -% -%$cgi->param('linknum') =~ /^(\d+)$/ -% or die "Illegal linknum: ". $cgi->param('linknum'); -%my $linknum = $1; -% -%$cgi->param('link') =~ /^(custnum|invnum|popup)$/ -% or die "Illegal link: ". $cgi->param('link'); -%my $field = my $link = $1; -%$field = 'custnum' if $field eq 'popup'; -% -%my $_date = str2time($cgi->param('_date')); -% -%my $new = new FS::cust_pay ( { -% $field => $linknum, -% _date => $_date, -% map { -% $_, scalar($cgi->param($_)); -% } qw(paid payby payinfo paybatch) -% #} fields('cust_pay') -%} ); -% -%my $error = $new->insert( 'manual' => 1 ); -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string ); +<% $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string ) %> %} elsif ( $field eq 'invnum' ) { -% print $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum"); +<% $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum") %> %} elsif ( $field eq 'custnum' ) { % if ( $cgi->param('apply') eq 'yes' ) { % my $cust_main = qsearchs('cust_main', { 'custnum' => $linknum }) @@ -34,7 +10,6 @@ % $cust_main->apply_payments; % } % if ( $link eq 'popup' ) { -% % <% header('Payment entered') %> <SCRIPT TYPE="text/javascript"> @@ -43,14 +18,38 @@ </BODY></HTML> % -% % } elsif ( $link eq 'custnum' ) { -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum") %> % } else { % die "unknown link $link"; % } % %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); + +$cgi->param('linknum') =~ /^(\d+)$/ + or die "Illegal linknum: ". $cgi->param('linknum'); +my $linknum = $1; + +$cgi->param('link') =~ /^(custnum|invnum|popup)$/ + or die "Illegal link: ". $cgi->param('link'); +my $field = my $link = $1; +$field = 'custnum' if $field eq 'popup'; + +my $_date = str2time($cgi->param('_date')); + +my $new = new FS::cust_pay ( { + $field => $linknum, + _date => $_date, + map { + $_, scalar($cgi->param($_)); + } qw(paid payby payinfo paybatch) + #} fields('cust_pay') +} ); + +my $error = $new->insert( 'manual' => 1 ); +</%init> diff --git a/httemplate/edit/process/cust_pkg.cgi b/httemplate/edit/process/cust_pkg.cgi index 25b826758..bdade321f 100755 --- a/httemplate/edit/process/cust_pkg.cgi +++ b/httemplate/edit/process/cust_pkg.cgi @@ -11,7 +11,7 @@ </HTML> % } elsif ( $action eq 'bulk' ) { -% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> % } else { % die "guru exception #5: action is neither change nor bulk!"; % } @@ -28,15 +28,27 @@ my @remove_pkgnums = map { $1; } $cgi->param('remove_pkg'); +my $curuser = $FS::CurrentUser::CurrentUser; + my( $action, $error_redirect ); my @pkgparts = (); if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi + $action = 'change'; $error_redirect = "misc/change_pkg.cgi"; @pkgparts = ($1); + + die "access denied" + unless $curuser->access_right('Change customer package'); + } else { #came from edit/cust_pkg.cgi + $action = 'bulk'; $error_redirect = "edit/cust_pkg.cgi"; + + die "access denied" + unless $curuser->access_right('Bulk change customer packages'); + foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) { if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) { my $num_pkgs = $1; @@ -48,6 +60,7 @@ if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi last; } } + } $error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums); diff --git a/httemplate/edit/process/cust_refund.cgi b/httemplate/edit/process/cust_refund.cgi index d95ab46dc..1a7a394b3 100755 --- a/httemplate/edit/process/cust_refund.cgi +++ b/httemplate/edit/process/cust_refund.cgi @@ -1,38 +1,43 @@ -%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; -%my $custnum = $1; -%my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) -% or die "unknown custnum $custnum"; -% -%my $error = ''; -%if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { -% my %options = (); -% my $bop = $FS::payby::payby2bop{$1}; -% $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/ -% or die "illegal refund amount ". $cgi->param('refund'); -% my $refund = "$1$2"; -% $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; -% my $paynum = $1; -% my $reason = $cgi->param('reason'); -% my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01'; -% $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/; -% $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund, -% 'paynum' => $paynum, -% 'reason' => $reason, -% %options ); -%} else { -% die 'unimplemented'; -% #my $new = new FS::cust_refund ( { -% # map { -% # $_, scalar($cgi->param($_)); -% # } ( fields('cust_refund'), 'paynum' ) -% #} ); -% #$error = $new->insert; -%} -% -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> %} +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); + +$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; +my $custnum = $1; +my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) + or die "unknown custnum $custnum"; + +my $error = ''; +if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { + my %options = (); + my $bop = $FS::payby::payby2bop{$1}; + $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/ + or die "illegal refund amount ". $cgi->param('refund'); + my $refund = "$1$2"; + $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; + my $paynum = $1; + my $reason = $cgi->param('reason'); + my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01'; + $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/; + $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund, + 'paynum' => $paynum, + 'reason' => $reason, + %options ); +} else { + die 'unimplemented'; + #my $new = new FS::cust_refund ( { + # map { + # $_, scalar($cgi->param($_)); + # } ( fields('cust_refund'), 'paynum' ) + #} ); + #$error = $new->insert; +} + +</%init> diff --git a/httemplate/edit/process/cust_svc.cgi b/httemplate/edit/process/cust_svc.cgi index e9d5f6238..e22cbb201 100644 --- a/httemplate/edit/process/cust_svc.cgi +++ b/httemplate/edit/process/cust_svc.cgi @@ -1,30 +1,30 @@ -% -% -%my $svcnum = $cgi->param('svcnum'); -% -%my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::cust_svc ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('cust_svc') -%} ); -% -%my $error; -%if ( $svcnum ) { -% $error=$new->replace($old); -%} else { -% $error=$new->insert; -% $svcnum=$new->getfield('svcnum'); -%} -% %if ( $error ) { -% #$cgi->param('error', $error); -% #print $cgi->redirect(popurl(2). "cust_svc.cgi?". $cgi->query_string ); % errorpage($error); %} else { % my $svcdb = $new->part_svc->svcdb; -% print $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum") %> %} -% -% +<%init> + +die 'access deined' + unless $FS::CurrentUser::CurrentUser->access_right('Change customer service'); + +my $svcnum = $cgi->param('svcnum'); + +my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::cust_svc ( { + map { + $_, scalar($cgi->param($_)); + } fields('cust_svc') +} ); + +my $error; +if ( $svcnum ) { + $error=$new->replace($old); +} else { + $error=$new->insert; + $svcnum=$new->getfield('svcnum'); +} + +</%init> diff --git a/httemplate/edit/process/domain_record.cgi b/httemplate/edit/process/domain_record.cgi index daf35ad6d..2e427e4fb 100755 --- a/httemplate/edit/process/domain_record.cgi +++ b/httemplate/edit/process/domain_record.cgi @@ -1,36 +1,30 @@ -% -% -%my $recnum = $cgi->param('recnum'); -% -%my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum; -% -%my $new = new FS::domain_record ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('domain_record') -%} ); -% -%my $error; -%if ( $recnum ) { -% $error=$new->replace($old); -%} else { -% $error=$new->insert; -% $recnum=$new->getfield('recnum'); -%} -% %if ( $error ) { -%# $cgi->param('error', $error); -%# print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ); -% #no edit screen to send them back to -% - -<!-- mason kludge --> -% % errorpage($error); %} else { % my $svcnum = $new->svcnum; -% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice'); + +my $recnum = $cgi->param('recnum'); + +my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum; + +my $new = new FS::domain_record ( { + map { + $_, scalar($cgi->param($_)); + } fields('domain_record') +} ); + +my $error; +if ( $recnum ) { + $error=$new->replace($old); +} else { + $error=$new->insert; + $recnum=$new->getfield('recnum'); +} +</%init> diff --git a/httemplate/edit/process/generic.cgi b/httemplate/edit/process/generic.cgi index e3ac113ae..642876386 100644 --- a/httemplate/edit/process/generic.cgi +++ b/httemplate/edit/process/generic.cgi @@ -1,73 +1,77 @@ -%# Welcome to generic.cgi. -%# -%# This script provides a generic edit/process/ backend for simple table -%# editing. All it knows how to do is take the values entered into -%# the script and insert them into the table specified by $cgi->param('table'). -%# If there's an existing record with the same primary key, it will be -%# replaced. (Deletion will be added in the future.) -%# -%# also see elements/process.html, newer and somewhat along the same lines, -%# though it still makes you setup a process file for the table. -%# perhaps safer, perhaps more of a pain in the ass. -%# -%# Special cgi params for this script: -%# table: the name of the table to be edited. The script will die horribly -%# if it can't find the table. -%# redirect_ok: URL to be displayed after a successful edit. The value of -%# the record's primary key will be passed as a keyword. -%# Defaults to (freeside root)/view/$table.cgi. -%# redirect_error: URL to be displayed if there's an error. The original -%# query string, plus the error message, will be passed. -%# Defaults to $cgi->referer() (i.e. go back where you -%# came from). -% -% -%use FS::Record qw(qsearchs dbdef); -%use DBIx::DBSchema; -%use DBIx::DBSchema::Table; -% -% -%my $error; -%my $p2 = popurl(2); -%my $p3 = popurl(3); -%my $table = $cgi->param('table'); -%my $dbdef = dbdef or die "Cannot fetch dbdef!"; -% -%my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table"; -% -%my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table"; -%my $pkey_val = $cgi->param($pkey); -% -% -%#warn "new FS::Record ( $table, (hashref) )"; -%my $new = FS::Record::new ( "FS::$table", { -% map { $_, scalar($cgi->param($_)) } fields($table) -%} ); -% -%#warn 'created $new of class '.ref($new); -% -%if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) { -% # edit -% $error = $new->replace($old); -%} else { -% #add -% $error = $new->insert; -% $pkey_val = $new->getfield($pkey); -% # New records usually don't have their primary keys set until after -% # they've been checked/inserted, so grab the new $pkey_val so we can -% # redirect to it. -%} -% -%my $redirect_ok = (($cgi->param('redirect_ok')) ? -% $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table"); -%my $redirect_error = (($cgi->param('redirect_error')) ? -% $cgi->param('redirect_error') : $cgi->referer()); -% %if($error) { % $cgi->param('error', $error); -% print $cgi->redirect($redirect_error . '?' . $cgi->query_string); +<% $cgi->redirect($redirect_error . '?' . $cgi->query_string) %> %} else { -% print $cgi->redirect($redirect_ok); +<% $cgi->redirect($redirect_ok) %> %} -% +<%doc> + +See elements/process.html, newer and somewhat along the same lines, +though it still makes you setup a process file for the table. +Perhaps safer, perhaps more of a pain in the ass. + +In any case, this is probably pretty deprecated; it is only used by +part_virtual_field.cgi, and so its ACL is hardcoded to 'Configuration'. + +Welcome to generic.cgi. + +This script provides a generic edit/process/ backend for simple table +editing. All it knows how to do is take the values entered into +the script and insert them into the table specified by $cgi->param('table'). +If there's an existing record with the same primary key, it will be +replaced. (Deletion will be added in the future.) + +Special cgi params for this script: +table: the name of the table to be edited. The script will die horribly + if it can't find the table. +redirect_ok: URL to be displayed after a successful edit. The value of + the record's primary key will be passed as a keyword. + Defaults to (freeside root)/view/$table.cgi. +redirect_error: URL to be displayed if there's an error. The original + query string, plus the error message, will be passed. + Defaults to $cgi->referer() (i.e. go back where you + came from). + +</%doc> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $error; +my $p2 = popurl(2); +my $p3 = popurl(3); +my $table = $cgi->param('table'); +my $dbdef = dbdef or die "Cannot fetch dbdef!"; + +my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table"; + +my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table"; +my $pkey_val = $cgi->param($pkey); + + +#warn "new FS::Record ( $table, (hashref) )"; +my $new = FS::Record::new ( "FS::$table", { + map { $_, scalar($cgi->param($_)) } fields($table) +} ); + +#warn 'created $new of class '.ref($new); + +if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) { + # edit + $error = $new->replace($old); +} else { + #add + $error = $new->insert; + $pkey_val = $new->getfield($pkey); + # New records usually don't have their primary keys set until after + # they've been checked/inserted, so grab the new $pkey_val so we can + # redirect to it. +} + +my $redirect_ok = (($cgi->param('redirect_ok')) ? + $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table"); +my $redirect_error = (($cgi->param('redirect_error')) ? + $cgi->param('redirect_error') : $cgi->referer()); +</%init> diff --git a/httemplate/edit/process/inventory_class.html b/httemplate/edit/process/inventory_class.html index c7be9e8dd..dbf978e72 100644 --- a/httemplate/edit/process/inventory_class.html +++ b/httemplate/edit/process/inventory_class.html @@ -3,3 +3,9 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/msgcat.cgi b/httemplate/edit/process/msgcat.cgi index 9711143d6..7175fa2b3 100644 --- a/httemplate/edit/process/msgcat.cgi +++ b/httemplate/edit/process/msgcat.cgi @@ -1,21 +1,22 @@ -% -% -%my $error; -%foreach my $param ( grep { /^\d+$/ } $cgi->param ) { -% my $old = qsearchs('msgcat', { msgnum=>$param } ); -% next if $old->msg eq $cgi->param($param); #no need to update identical records -% my $new = new FS::msgcat { $old->hash }; -% $new->msg($cgi->param($param)); -% $error = $new->replace($old); -% last if $error; -%} -% %if ( $error ) { % $cgi->param('error',$error); -% print $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string ); +<% $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/msgcat.cgi"); +<% $cgi->redirect(popurl(3). "browse/msgcat.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $error; +foreach my $param ( grep { /^\d+$/ } $cgi->param ) { + my $old = qsearchs('msgcat', { msgnum=>$param } ); + next if $old->msg eq $cgi->param($param); #no need to update identical records + my $new = new FS::msgcat { $old->hash }; + $new->msg($cgi->param($param)); + $error = $new->replace($old); + last if $error; +} +</%init> diff --git a/httemplate/edit/process/part_bill_event.cgi b/httemplate/edit/process/part_bill_event.cgi index af594f264..3534519fd 100755 --- a/httemplate/edit/process/part_bill_event.cgi +++ b/httemplate/edit/process/part_bill_event.cgi @@ -1,89 +1,92 @@ -% -%my $eventpart = $cgi->param('eventpart'); -% -%my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart; -% -%#s/days/seconds/ -%$cgi->param('seconds', int( $cgi->param('days') * 86400 ) ); -% -%my $error; -%if ( ! $cgi->param('plan_weight_eventcode') ) { -% $error = "Must select an action"; -%} else { -% -% $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s -% or die "illegal plan_weight_eventcode:". -% $cgi->param('plan_weight_eventcode'); -% $cgi->param('plan', $1); -% $cgi->param('weight', $2); -% my $eventcode = $3; -% my $plandata = ''; -% -% my $rnum; -% my $rtype; -% my $reasonm; -% my $class = ''; -% $class='c' if ($eventcode =~ /cancel/); -% $class='s' if ($eventcode =~ /suspend/); -% if ($class) { -% $cgi->param("${class}reason") =~ /^(-?\d+)$/ -% or $error = "Invalid ${class}reason"; -% $rnum = $1; -% if ($rnum == -1) { -% $cgi->param("new${class}reasonT") =~ /^(\d+)$/ -% or $error = "Invalid new${class}reasonT"; -% $rtype = $1; -% $cgi->param("new${class}reason") =~ /^([\s\w]+)$/ -% or $error = "Invalid new${class}reason"; -% $reasonm = $1; -% } -% } -% -% if ($rnum == -1 && !$error) { -% my $reason = new FS::reason ({ 'reason' => $reasonm, -% 'reason_type' => $rtype, -% }); -% $error = $reason->insert; -% unless ($error) { -% $rnum = $reason->reasonnum; -% $cgi->param("${class}reason", $rnum); -% $cgi->param("new${class}reason", ''); -% $cgi->param("new${class}reasonT", ''); -% } -% } -% -% while ( $eventcode =~ /%%%(\w+)%%%/ ) { -% my $field = $1; -% my $value = join(', ', $cgi->param($field) ); -% $cgi->param($field, $value); #in case it errors out -% $eventcode =~ s/%%%$field%%%/$value/; -% $plandata .= "$field $value\n"; -% } -% $cgi->param('eventcode', $eventcode); -% $cgi->param('plandata', $plandata); -% -% unless($error){ -% my $new = new FS::part_bill_event ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('part_bill_event'), -% } ); -% $new->setfield('reason', $rnum); -% -% if ( $eventpart ) { -% $error = $new->replace($old); -% } else { -% $error = $new->insert; -% $eventpart = $new->getfield('eventpart'); -% } -% } -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3)."browse/part_bill_event.cgi"); +<% $cgi->redirect(popurl(3)."browse/part_bill_event.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $eventpart = $cgi->param('eventpart'); + +my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart; + +#s/days/seconds/ +$cgi->param('seconds', int( $cgi->param('days') * 86400 ) ); + +my $error; +if ( ! $cgi->param('plan_weight_eventcode') ) { + $error = "Must select an action"; +} else { + + $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s + or die "illegal plan_weight_eventcode:". + $cgi->param('plan_weight_eventcode'); + $cgi->param('plan', $1); + $cgi->param('weight', $2); + my $eventcode = $3; + my $plandata = ''; + + my $rnum; + my $rtype; + my $reasonm; + my $class = ''; + $class='c' if ($eventcode =~ /cancel/); + $class='s' if ($eventcode =~ /suspend/); + if ($class) { + $cgi->param("${class}reason") =~ /^(-?\d+)$/ + or $error = "Invalid ${class}reason"; + $rnum = $1; + if ($rnum == -1) { + $cgi->param("new${class}reasonT") =~ /^(\d+)$/ + or $error = "Invalid new${class}reasonT"; + $rtype = $1; + $cgi->param("new${class}reason") =~ /^([\s\w]+)$/ + or $error = "Invalid new${class}reason"; + $reasonm = $1; + } + } + + if ($rnum == -1 && !$error) { + my $reason = new FS::reason ({ 'reason' => $reasonm, + 'reason_type' => $rtype, + }); + $error = $reason->insert; + unless ($error) { + $rnum = $reason->reasonnum; + $cgi->param("${class}reason", $rnum); + $cgi->param("new${class}reason", ''); + $cgi->param("new${class}reasonT", ''); + } + } + + while ( $eventcode =~ /%%%(\w+)%%%/ ) { + my $field = $1; + my $value = join(', ', $cgi->param($field) ); + $cgi->param($field, $value); #in case it errors out + $eventcode =~ s/%%%$field%%%/$value/; + $plandata .= "$field $value\n"; + } + $cgi->param('eventcode', $eventcode); + $cgi->param('plandata', $plandata); + + unless($error){ + my $new = new FS::part_bill_event ( { + map { + $_, scalar($cgi->param($_)); + } fields('part_bill_event'), + } ); + $new->setfield('reason', $rnum); + + if ( $eventpart ) { + $error = $new->replace($old); + } else { + $error = $new->insert; + $eventpart = $new->getfield('eventpart'); + } + } +} + +</%init> diff --git a/httemplate/edit/process/part_export.cgi b/httemplate/edit/process/part_export.cgi index 0dd9eabae..b5f82e892 100644 --- a/httemplate/edit/process/part_export.cgi +++ b/httemplate/edit/process/part_export.cgi @@ -1,40 +1,41 @@ -% -% -%my $exportnum = $cgi->param('exportnum'); -% -%my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum; -% -%#fixup options -%#warn join('-', split(',',$cgi->param('options'))); -%my %options = map { -% my $value = $cgi->param($_); -% $value =~ s/\r\n/\n/g; #browsers? (textarea) -% $_ => $value; -%} split(',', $cgi->param('options')); -% -%my $new = new FS::part_export ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('part_export') -%} ); -% -%my $error; -%if ( $exportnum ) { -% #warn $old; -% #warn $exportnum; -% #warn $new->machine; -% $error = $new->replace($old,\%options); -%} else { -% $error = $new->insert(\%options); -%# $exportnum = $new->exportnum; -%} -% %if ( $error ) { % $cgi->param('error', $error ); -% print $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/part_export.cgi"); +<% $cgi->redirect(popurl(3). "browse/part_export.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $exportnum = $cgi->param('exportnum'); + +my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum; + +#fixup options +#warn join('-', split(',',$cgi->param('options'))); +my %options = map { + my $value = $cgi->param($_); + $value =~ s/\r\n/\n/g; #browsers? (textarea) + $_ => $value; +} split(',', $cgi->param('options')); + +my $new = new FS::part_export ( { + map { + $_, scalar($cgi->param($_)); + } fields('part_export') +} ); + +my $error; +if ( $exportnum ) { + #warn $old; + #warn $exportnum; + #warn $new->machine; + $error = $new->replace($old,\%options); +} else { + $error = $new->insert(\%options); +# $exportnum = $new->exportnum; +} +</%init> diff --git a/httemplate/edit/process/part_pkg.cgi b/httemplate/edit/process/part_pkg.cgi index b29e96305..f4d0c209e 100755 --- a/httemplate/edit/process/part_pkg.cgi +++ b/httemplate/edit/process/part_pkg.cgi @@ -1,103 +1,111 @@ -% -% -%my $dbh = dbh; -%my $conf = new FS::Conf; -% -%my $pkgpart = $cgi->param('pkgpart'); -% -%my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart; -% -%tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() }; -%my $href = $plans{$cgi->param('plan')}->{'fields'}; -% -%#fixup plandata -%my $error; -%my $plandata = $cgi->param('plandata'); -%my @plandata = split(',', $plandata); -%$cgi->param('plandata', -% join('', map { my $parser = sub { shift }; -% $parser = $href->{$_}{parse} if exists($href->{$_}{parse}); -% my $value = join(', ', &$parser($cgi->param($_))); -% my $check = $href->{$_}{check}; -% if ( $check && ! &$check($value) ) { -% $value = join(', ', $cgi->param($_)); -% $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value"; -% } -% "$_=$value\n"; -% } @plandata ) -%); -% -%foreach (qw( setuptax recurtax disabled )) { -% $cgi->param($_, '') unless defined $cgi->param($_); -%} -% -%my @agents; -%foreach ($cgi->param('agent_type')) { -% /^(\d+)$/; -% push @agents, $1 if $1; -%} -%$error = "At least one agent type must be specified." -% unless( scalar(@agents) || -% $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ || -% !$pkgpart && $conf->exists('agent-defaultpkg') -% ); -% -%my $new = new FS::part_pkg ( { -% map { -% $_ => scalar($cgi->param($_)); -% } fields('part_pkg') -%} ); -% -%my $oldAutoCommit = $FS::UID::AutoCommit; -%local $FS::UID::AutoCommit = 0; -% -%my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) } -% map { $_->svcpart } -% qsearch('part_svc', {} ); -% -%my $custnum = ''; -%if ( $error ) { -% -% # fall through -% -%} elsif ( $cgi->param('taxclass') eq '(select)' ) { -% -% $error = 'Must select a tax class'; -% -%} elsif ( $pkgpart ) { -% -% $error = $new->replace( $old, -% pkg_svc => \%pkg_svc, -% primary_svc => scalar($cgi->param('pkg_svc_primary')), -% ); -%} else { -% -% $error = $new->insert( pkg_svc => \%pkg_svc, -% primary_svc => scalar($cgi->param('pkg_svc_primary')), -% cust_pkg => $cgi->param('pkgnum'), -% custnum_ref => \$custnum, -% ); -% $pkgpart = $new->pkgpart; -%} -% -%unless ( $error || $conf->exists('agent_defaultpkg') ) { -% my $error = $new->process_m2m( -% 'link_table' => 'type_pkgs', -% 'target_table' => 'agent_type', -% 'params' => \@agents, -% ); -%} %if ( $error ) { % $dbh->rollback if $oldAutoCommit; % $cgi->param('error', $error ); -% print $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string ) %> %} elsif ( $custnum ) { % $dbh->commit or die $dbh->errstr if $oldAutoCommit; -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> %} else { % $dbh->commit or die $dbh->errstr if $oldAutoCommit; -% print $cgi->redirect(popurl(3). "browse/part_pkg.cgi"); +<% $cgi->redirect(popurl(3). "browse/part_pkg.cgi") %> %} -% -% +<%init> + +#1.7 +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +#1.9 +#die "access denied" +# unless $FS::CurrentUser::CurrentUser->access_right('Edit package definitions') +# || $FS::CurrentUser::CurrentUser->access_right('Edit global package definitions'); + +my $dbh = dbh; +my $conf = new FS::Conf; + +my $pkgpart = $cgi->param('pkgpart'); + +my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart; + +tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() }; +my $href = $plans{$cgi->param('plan')}->{'fields'}; + +#fixup plandata +my $error; +my $plandata = $cgi->param('plandata'); +my @plandata = split(',', $plandata); +$cgi->param('plandata', + join('', map { my $parser = sub { shift }; + $parser = $href->{$_}{parse} if exists($href->{$_}{parse}); + my $value = join(', ', &$parser($cgi->param($_))); + my $check = $href->{$_}{check}; + if ( $check && ! &$check($value) ) { + $value = join(', ', $cgi->param($_)); + $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value"; + } + "$_=$value\n"; + } @plandata ) +); + +foreach (qw( setuptax recurtax disabled )) { + $cgi->param($_, '') unless defined $cgi->param($_); +} + +my @agents; +foreach ($cgi->param('agent_type')) { + /^(\d+)$/; + push @agents, $1 if $1; +} +$error = "At least one agent type must be specified." + unless( scalar(@agents) || + $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ || + !$pkgpart && $conf->exists('agent-defaultpkg') + ); + +my $new = new FS::part_pkg ( { + map { + $_ => scalar($cgi->param($_)); + } fields('part_pkg') +} ); + +my $oldAutoCommit = $FS::UID::AutoCommit; +local $FS::UID::AutoCommit = 0; + +my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) } + map { $_->svcpart } + qsearch('part_svc', {} ); + +my $custnum = ''; +if ( $error ) { + + # fall through + +} elsif ( $cgi->param('taxclass') eq '(select)' ) { + + $error = 'Must select a tax class'; + +} elsif ( $pkgpart ) { + + $error = $new->replace( $old, + pkg_svc => \%pkg_svc, + primary_svc => scalar($cgi->param('pkg_svc_primary')), + ); +} else { + + $error = $new->insert( pkg_svc => \%pkg_svc, + primary_svc => scalar($cgi->param('pkg_svc_primary')), + cust_pkg => $cgi->param('pkgnum'), + custnum_ref => \$custnum, + ); + $pkgpart = $new->pkgpart; +} + +unless ( $error || $conf->exists('agent_defaultpkg') ) { + my $error = $new->process_m2m( + 'link_table' => 'type_pkgs', + 'target_table' => 'agent_type', + 'params' => \@agents, + ); +} + +</%init> diff --git a/httemplate/edit/process/part_referral.html b/httemplate/edit/process/part_referral.html index 14c1b7001..40cbc97bf 100755 --- a/httemplate/edit/process/part_referral.html +++ b/httemplate/edit/process/part_referral.html @@ -3,3 +3,10 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit advertising sources') + || $FS::CurrentUser::CurrentUser->access_right('Edit global advertising sources'); + +</%init> diff --git a/httemplate/edit/process/part_svc.cgi b/httemplate/edit/process/part_svc.cgi index 97abc5baf..65de3fc6c 100755 --- a/httemplate/edit/process/part_svc.cgi +++ b/httemplate/edit/process/part_svc.cgi @@ -1,4 +1,9 @@ -% -% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi; + +</%init> diff --git a/httemplate/edit/process/payment_gateway.html b/httemplate/edit/process/payment_gateway.html index 0b7e31395..b16bc3d27 100644 --- a/httemplate/edit/process/payment_gateway.html +++ b/httemplate/edit/process/payment_gateway.html @@ -1,34 +1,35 @@ -% -% -%my $gatewaynum = $cgi->param('gatewaynum'); -% -%my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum; -% -%my $new = new FS::payment_gateway ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('payment_gateway') -%} ); -% -%my @options = split(/\r?\n/, $cgi->param('gateway_options') ); -%pop @options -% if scalar(@options) % 2 && $options[-1] =~ /^\s*$/; -%my %options = @options; -% -%my $error; -%if ( $gatewaynum ) { -% $error=$new->replace($old, \%options); -%} else { -% $error=$new->insert(\%options); -% $gatewaynum=$new->getfield('gatewaynum'); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/payment_gateway.html"); +<% $cgi->redirect(popurl(3). "browse/payment_gateway.html") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $gatewaynum = $cgi->param('gatewaynum'); + +my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum; + +my $new = new FS::payment_gateway ( { + map { + $_, scalar($cgi->param($_)); + } fields('payment_gateway') +} ); + +my @options = split(/\r?\n/, $cgi->param('gateway_options') ); +pop @options + if scalar(@options) % 2 && $options[-1] =~ /^\s*$/; +my %options = @options; + +my $error; +if ( $gatewaynum ) { + $error=$new->replace($old, \%options); +} else { + $error=$new->insert(\%options); + $gatewaynum=$new->getfield('gatewaynum'); +} +</%init> diff --git a/httemplate/edit/process/pkg_class.html b/httemplate/edit/process/pkg_class.html index 183da805c..b196df3f7 100644 --- a/httemplate/edit/process/pkg_class.html +++ b/httemplate/edit/process/pkg_class.html @@ -3,3 +3,9 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/prepay_credit.cgi b/httemplate/edit/process/prepay_credit.cgi index 518f79d86..24ce25608 100644 --- a/httemplate/edit/process/prepay_credit.cgi +++ b/httemplate/edit/process/prepay_credit.cgi @@ -36,8 +36,7 @@ <% include("/elements/header.html", "$num prepaid cards generated". - ( $agent ? ' for '.$agent->agent : '' ), - menubar( 'Main menu' => popurl(3) ) + ( $agent ? ' for '.$agent->agent : '' ) ) %> @@ -60,4 +59,9 @@ </BODY></HTML> % } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/quick-charge.cgi b/httemplate/edit/process/quick-charge.cgi index 4a090f9de..3c7cac51d 100644 --- a/httemplate/edit/process/quick-charge.cgi +++ b/httemplate/edit/process/quick-charge.cgi @@ -1,46 +1,49 @@ -% -% my $error = ''; -% my $param = $cgi->Vars; -% -% my @description = (); -% for ( my $row = 0; exists($param->{"description$row"}); $row++ ) { -% push @description, $param->{"description$row"} -% if ($param->{"description$row"} =~ /\S/); -% } -% -% $param->{"custnum"} =~ /^(\d+)$/ -% or $error .= "Illegal customer number " . $param->{"custnum"} . " "; -% my $custnum = $1; -% -% $param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/ -% or $error .= "Illegal amount " . $param->{"amount"} . " "; -% my $amount = $1; -% -% if ( $param->{'taxclass'} eq '(select)' ) { -% $error .= "Must select a tax class. "; -% } -% -% unless ( $error ) { -% my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) -% or $error .= "Unknown customer number $custnum. "; -% -% $error ||= $cust_main->charge( { -% 'amount' => $amount, -% 'pkg' => scalar($cgi->param('pkg')), -% 'taxclass' => scalar($cgi->param('taxclass')), -% 'additional' => \@description, -% } ); -% } -% -% if ( $error ) { -% -% $cgi->param('error', $error ); -% +% if ( $error ) { +% $cgi->param('error', $error ); <% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %> -% -% } +% } else { <% header("One-time charge added") %> <SCRIPT TYPE="text/javascript"> window.top.location.reload(); </SCRIPT> </BODY></HTML> +% } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('One-time charge'); + +my $error = ''; +my $param = $cgi->Vars; + +my @description = (); +for ( my $row = 0; exists($param->{"description$row"}); $row++ ) { + push @description, $param->{"description$row"} + if ($param->{"description$row"} =~ /\S/); +} + +$param->{"custnum"} =~ /^(\d+)$/ + or $error .= "Illegal customer number " . $param->{"custnum"} . " "; +my $custnum = $1; + +$param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/ + or $error .= "Illegal amount " . $param->{"amount"} . " "; +my $amount = $1; + +if ( $param->{'taxclass'} eq '(select)' ) { + $error .= "Must select a tax class. "; +} + +unless ( $error ) { + my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) + or $error .= "Unknown customer number $custnum. "; + + $error ||= $cust_main->charge( { + 'amount' => $amount, + 'pkg' => scalar($cgi->param('pkg')), + 'taxclass' => scalar($cgi->param('taxclass')), + 'additional' => \@description, + } ); +} + +</%init> diff --git a/httemplate/edit/process/quick-cust_pkg.cgi b/httemplate/edit/process/quick-cust_pkg.cgi index 66d02e307..6b65653c2 100644 --- a/httemplate/edit/process/quick-cust_pkg.cgi +++ b/httemplate/edit/process/quick-cust_pkg.cgi @@ -1,17 +1,6 @@ -%#untaint custnum -%$cgi->param('custnum') =~ /^(\d+)$/ -% or die 'illegal custnum '. $cgi->param('custnum'); -%my $custnum = $1; -%$cgi->param('pkgpart') =~ /^(\d+)$/ -% or die 'illegal pkgpart '. $cgi->param('pkgpart'); -%my $pkgpart = $1; -% -%my @cust_pkg = (); -%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] ); -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ); +<% $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ) %> %} else { % my $frag = "cust_pkg". $cust_pkg[0]->pkgnum; <% header('Package ordered') %> @@ -25,3 +14,20 @@ </BODY></HTML> %} +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Order customer package'); + +#untaint custnum +$cgi->param('custnum') =~ /^(\d+)$/ + or die 'illegal custnum '. $cgi->param('custnum'); +my $custnum = $1; +$cgi->param('pkgpart') =~ /^(\d+)$/ + or die 'illegal pkgpart '. $cgi->param('pkgpart'); +my $pkgpart = $1; + +my @cust_pkg = (); +my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] ); + +</%init> diff --git a/httemplate/edit/process/rate.cgi b/httemplate/edit/process/rate.cgi index c81f883b7..48d9322ca 100755 --- a/httemplate/edit/process/rate.cgi +++ b/httemplate/edit/process/rate.cgi @@ -1,4 +1,9 @@ -% -% my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi; + +</%init> diff --git a/httemplate/edit/process/reason.html b/httemplate/edit/process/reason.html index 55c1ea958..cb79ed254 100644 --- a/httemplate/edit/process/reason.html +++ b/httemplate/edit/process/reason.html @@ -4,3 +4,9 @@ $cgi->param('class') . '&', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/reason_type.html b/httemplate/edit/process/reason_type.html index 4ccccaddd..3172b27c4 100644 --- a/httemplate/edit/process/reason_type.html +++ b/httemplate/edit/process/reason_type.html @@ -4,3 +4,9 @@ $cgi->param('class') . '&', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/reg_code.cgi b/httemplate/edit/process/reg_code.cgi index d93bb55a2..c4327991d 100644 --- a/httemplate/edit/process/reg_code.cgi +++ b/httemplate/edit/process/reg_code.cgi @@ -1,50 +1,46 @@ -% -% -%$cgi->param('agentnum') =~ /^(\d+)$/ -% or errorpage('illegal agentnum '. $cgi->param('agentnum')); -%my $agentnum = $1; -%my $agent = qsearchs('agent', { 'agentnum' => $agentnum } ); -% -%my $error = ''; -% -%my $num = 0; -%if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) { -% $num = $1; -%} else { -% $error = 'Illegal number of codes: '. $cgi->param('num'); -%} -% -%my @pkgparts = -% map { /^pkgpart(.*)$/; $1 } -% grep { $cgi->param($_) } -% grep { /^pkgpart/ } -% $cgi->param; -% -%$error ||= $agent->generate_reg_codes($num, \@pkgparts); -% %unless ( ref($error) ) { % $cgi->param('error'. $error ); -% -<% - $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string ) -%> +<% $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string ) %> % } else { - <% include("/elements/header.html","$num registration codes generated for ". $agent->agent, menubar( - 'Main menu' => popurl(3), 'View all agents' => popurl(3). 'browse/agent.cgi', ) ) %> <PRE><FONT SIZE="+1"> % foreach my $code ( @$error ) { - <% $code %> % } - - </FONT></PRE> -</BODY></HTML> +<% include('/elements/footer.html') %> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +$cgi->param('agentnum') =~ /^(\d+)$/ + or errorpage('illegal agentnum '. $cgi->param('agentnum')); +my $agentnum = $1; +my $agent = qsearchs('agent', { 'agentnum' => $agentnum } ); + +my $error = ''; + +my $num = 0; +if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) { + $num = $1; +} else { + $error = 'Illegal number of codes: '. $cgi->param('num'); +} + +my @pkgparts = + map { /^pkgpart(.*)$/; $1 } + grep { $cgi->param($_) } + grep { /^pkgpart/ } + $cgi->param; + +$error ||= $agent->generate_reg_codes($num, \@pkgparts); + +</%init> diff --git a/httemplate/edit/process/router.cgi b/httemplate/edit/process/router.cgi index c69114ea4..7e0baf782 100644 --- a/httemplate/edit/process/router.cgi +++ b/httemplate/edit/process/router.cgi @@ -1,5 +1,3 @@ -% -% %local $FS::UID::AutoCommit=0; % %sub check { @@ -64,5 +62,9 @@ %dbh->commit or die dbh->errstr; %print $cgi->redirect(popurl(3). "browse/router.cgi"); % -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +</%init> diff --git a/httemplate/edit/process/svc_Common.html b/httemplate/edit/process/svc_Common.html index f5c869a12..cf5f01f71 100644 --- a/httemplate/edit/process/svc_Common.html +++ b/httemplate/edit/process/svc_Common.html @@ -1,13 +1,16 @@ +<% include( 'elements/svc_Common.html', + 'table' => $table, + 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=", + 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;", + ) +%> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + $cgi->param('svcdb') =~ /^(svc_\w+)$/ or die "unparsable svcdb"; my $table = $1; require "FS/$table.pm"; </%init> -<% include( 'elements/svc_Common.html', - 'table' => $table, - 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=", - 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;", - ) -%> diff --git a/httemplate/edit/process/svc_acct.cgi b/httemplate/edit/process/svc_acct.cgi index d9aac9fac..0a89e253c 100755 --- a/httemplate/edit/process/svc_acct.cgi +++ b/httemplate/edit/process/svc_acct.cgi @@ -1,63 +1,64 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $old; -%if ( $svcnum ) { -% $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } ) -% or die "fatal: can't find account (svcnum $svcnum)!"; -%} else { -% $old = ''; -%} -% -%#unmunge popnum -%$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] ); -% -%#unmunge passwd -%if ( $cgi->param('_password') eq '*HIDDEN*' ) { -% die "fatal: no previous account to recall hidden password from!" unless $old; -% $cgi->param('_password',$old->getfield('_password')); -%} -% -%#unmunge usergroup -%$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] ); -% -%#unmunge bytecounts -%foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) { -% $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) ); -%} -% -%my %hash = $svcnum ? $old->hash : (); -%map { -% $hash{$_} = scalar($cgi->param($_)); -% #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir -% # shell quota slipip) -% } (fields('svc_acct'), qw ( pkgnum svcpart usergroup )); -%my $new = new FS::svc_acct ( \%hash ); -% -%my $error; -%if ( $svcnum ) { -% foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) { -% my %hash = map { $_ => $new->$_ } -% grep { $new->$_ } -% qw( seconds upbytes downbytes totalbytes ); -% -% $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes -% last; #once is enough -% } -% $error ||= $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->svcnum; -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum ); +<% $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum ) %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $old; +if ( $svcnum ) { + $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } ) + or die "fatal: can't find account (svcnum $svcnum)!"; +} else { + $old = ''; +} + +#unmunge popnum +$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] ); + +#unmunge passwd +if ( $cgi->param('_password') eq '*HIDDEN*' ) { + die "fatal: no previous account to recall hidden password from!" unless $old; + $cgi->param('_password',$old->getfield('_password')); +} + +#unmunge usergroup +$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] ); + +#unmunge bytecounts +foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) { + $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) ); +} + +my %hash = $svcnum ? $old->hash : (); +map { + $hash{$_} = scalar($cgi->param($_)); + #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir + # shell quota slipip) + } (fields('svc_acct'), qw ( pkgnum svcpart usergroup )); +my $new = new FS::svc_acct ( \%hash ); + +my $error; +if ( $svcnum ) { + foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) { + my %hash = map { $_ => $new->$_ } + grep { $new->$_ } + qw( seconds upbytes downbytes totalbytes ); + + $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes + last; #once is enough + } + $error ||= $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} +</%init> diff --git a/httemplate/edit/process/svc_acct_pop.cgi b/httemplate/edit/process/svc_acct_pop.cgi index 9e9df7bf0..75b89c88f 100755 --- a/httemplate/edit/process/svc_acct_pop.cgi +++ b/httemplate/edit/process/svc_acct_pop.cgi @@ -1,29 +1,30 @@ -% -% -%my $popnum = $cgi->param('popnum'); -% -%my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum; -% -%my $new = new FS::svc_acct_pop ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('svc_acct_pop') -%} ); -% -%my $error = ''; -%if ( $popnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $popnum=$new->getfield('popnum'); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi"); +<% $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $popnum = $cgi->param('popnum'); + +my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum; + +my $new = new FS::svc_acct_pop ( { + map { + $_, scalar($cgi->param($_)); + } fields('svc_acct_pop') +} ); + +my $error = ''; +if ( $popnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $popnum=$new->getfield('popnum'); +} +</%init> diff --git a/httemplate/edit/process/svc_broadband.cgi b/httemplate/edit/process/svc_broadband.cgi index cf4604639..8600da349 100644 --- a/httemplate/edit/process/svc_broadband.cgi +++ b/httemplate/edit/process/svc_broadband.cgi @@ -1,37 +1,38 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $old; -%if ( $svcnum ) { -% $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } ) -% or die "fatal: can't find broadband service (svcnum $svcnum)!"; -%} else { -% $old = ''; -%} -% -%my $new = new FS::svc_broadband ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_broadband'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->svcnum; -%} -% %if ( $error ) { % $cgi->param('error', $error); % $cgi->param('ip_addr', $new->ip_addr); -% print $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum ); +<% $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum ) %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $old; +if ( $svcnum ) { + $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } ) + or die "fatal: can't find broadband service (svcnum $svcnum)!"; +} else { + $old = ''; +} + +my $new = new FS::svc_broadband ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_broadband'), qw( pkgnum svcpart ) ) +} ); + +my $error; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} +</%init> diff --git a/httemplate/edit/process/svc_domain.cgi b/httemplate/edit/process/svc_domain.cgi index 773143fe3..9993a879e 100755 --- a/httemplate/edit/process/svc_domain.cgi +++ b/httemplate/edit/process/svc_domain.cgi @@ -1,32 +1,33 @@ -% -% -%#remove this to actually test the domains! -%$FS::svc_domain::whois_hack = 1; -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $new = new FS::svc_domain ( { -% map { -% $_, scalar($cgi->param($_)); -% #} qw(svcnum pkgnum svcpart domain action purpose) -% } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) ) -%} ); -% -%my $error = ''; -%if ($cgi->param('svcnum')) { -% $error="Can't modify a domain!"; -%} else { -% $error=$new->insert; -% $svcnum=$new->svcnum; -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +#remove this to actually test the domains! +$FS::svc_domain::whois_hack = 1; + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $new = new FS::svc_domain ( { + map { + $_, scalar($cgi->param($_)); + #} qw(svcnum pkgnum svcpart domain action purpose) + } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) ) +} ); + +my $error = ''; +if ($cgi->param('svcnum')) { + $error="Can't modify a domain!"; +} else { + $error=$new->insert; + $svcnum=$new->svcnum; +} +</%init> diff --git a/httemplate/edit/process/svc_external.cgi b/httemplate/edit/process/svc_external.cgi index 97da6ba87..673e5a5a0 100755 --- a/httemplate/edit/process/svc_external.cgi +++ b/httemplate/edit/process/svc_external.cgi @@ -1,30 +1,31 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum =$1; -% -%my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::svc_external ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_external'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error = ''; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->getfield('svcnum'); -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum =$1; + +my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::svc_external ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_external'), qw( pkgnum svcpart ) ) +} ); + +my $error = ''; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->getfield('svcnum'); +} +</%init> diff --git a/httemplate/edit/process/svc_forward.cgi b/httemplate/edit/process/svc_forward.cgi index 3205312f1..fffad84d6 100755 --- a/httemplate/edit/process/svc_forward.cgi +++ b/httemplate/edit/process/svc_forward.cgi @@ -1,30 +1,31 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum =$1; -% -%my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::svc_forward ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_forward'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error = ''; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->getfield('svcnum'); -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum =$1; + +my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::svc_forward ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_forward'), qw( pkgnum svcpart ) ) +} ); + +my $error = ''; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->getfield('svcnum'); +} +</%init> diff --git a/httemplate/edit/process/svc_phone.html b/httemplate/edit/process/svc_phone.html index 44235de63..27a703cdf 100644 --- a/httemplate/edit/process/svc_phone.html +++ b/httemplate/edit/process/svc_phone.html @@ -2,3 +2,9 @@ 'table' => 'svc_phone', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +</%init> diff --git a/httemplate/edit/process/svc_www.cgi b/httemplate/edit/process/svc_www.cgi index e9a52aff2..f02d25305 100644 --- a/httemplate/edit/process/svc_www.cgi +++ b/httemplate/edit/process/svc_www.cgi @@ -1,37 +1,38 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $old; -%if ( $svcnum ) { -% $old = qsearchs('svc_www', { 'svcnum' => $svcnum } ) -% or die "fatal: can't find website (svcnum $svcnum)!"; -%} else { -% $old = ''; -%} -% -%my $new = new FS::svc_www ( { -% map { -% ($_, scalar($cgi->param($_))); -% #} qw(svcnum pkgnum svcpart recnum usersvc) -% } ( fields('svc_www'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->svcnum; -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum ); +<% $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum ) %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $old; +if ( $svcnum ) { + $old = qsearchs('svc_www', { 'svcnum' => $svcnum } ) + or die "fatal: can't find website (svcnum $svcnum)!"; +} else { + $old = ''; +} + +my $new = new FS::svc_www ( { + map { + ($_, scalar($cgi->param($_))); + #} qw(svcnum pkgnum svcpart recnum usersvc) + } ( fields('svc_www'), qw( pkgnum svcpart ) ) +} ); + +my $error; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} +</%init> |