diff options
| author | ivan <ivan> | 2010-11-03 23:44:48 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2010-11-03 23:44:48 +0000 |
| commit | f099e0dfa8f438a84d8f1bce36f5e5bda60481e5 (patch) | |
| tree | 613b8d984b33b9bc5b6b5158416d17d076180545 /httemplate/edit | |
| parent | 07277333b88457475d13e9bdfc24eaf83fc4ec49 (diff) | |
more granular ACLs for posting check vs. cash payments, processing credit card vs echecks, RT#7887
Diffstat (limited to 'httemplate/edit')
| -rwxr-xr-x | httemplate/edit/cust_pay.cgi | 10 | ||||
| -rwxr-xr-x | httemplate/edit/cust_refund.cgi | 14 | ||||
| -rwxr-xr-x | httemplate/edit/process/cust_pay.cgi | 10 | ||||
| -rwxr-xr-x | httemplate/edit/process/cust_refund.cgi | 15 |
4 files changed, 39 insertions, 10 deletions
diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi index 7c4e6620e..8e1c779dd 100755 --- a/httemplate/edit/cust_pay.cgi +++ b/httemplate/edit/cust_pay.cgi @@ -109,9 +109,6 @@ my $conf = new FS::Conf; my $money_char = $conf->config('money_char') || '$'; my $date_format = $conf->config('date_format') || '%m/%d/%Y'; -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); - my($link, $linknum, $paid, $payby, $payinfo, $_date); if ( $cgi->param('error') ) { $link = $cgi->param('link'); @@ -138,6 +135,13 @@ if ( $cgi->param('error') ) { die "illegal query ". $cgi->keywords; } +my @rights = ('Post payment'); +push @rights, 'Post check payment' if $payby eq 'BILL'; +push @rights, 'Post cash payment' if $payby eq 'CASH'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my $paybatch = "webui-$_date-$$-". rand() * 2**32; my $title = 'Post '. FS::payby->payname($payby). ' payment'; diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi index 59417b4c4..612e337f7 100755 --- a/httemplate/edit/cust_refund.cgi +++ b/httemplate/edit/cust_refund.cgi @@ -130,9 +130,6 @@ <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); - my $conf = new FS::Conf; my $date_format = $conf->config('date_format') || '%m/%d/%Y'; @@ -143,6 +140,17 @@ my $payinfo = $cgi->param('payinfo'); my $reason = $cgi->param('reason'); my $link = $cgi->param('popup') ? 'popup' : ''; +my @rights = (); +push @rights, 'Post refund' if $payby /^(BILL|CASH)$/; +push @rights, 'Post check refund' if $payby eq 'BILL'; +push @rights, 'Post cash refund ' if $payby eq 'CASH'; +push @rights, 'Refund payment' if $payby /^(CARD|CHEK)$/; +push @rights, 'Refund credit card payment' if $payby eq 'CARD'; +push @rights, 'Refund Echeck payment' if $payby eq 'CHEK'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my( $paynum, $cust_pay ) = ( '', '' ); if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { $paynum = $1; diff --git a/httemplate/edit/process/cust_pay.cgi b/httemplate/edit/process/cust_pay.cgi index c8b0aa7df..0cd408958 100755 --- a/httemplate/edit/process/cust_pay.cgi +++ b/httemplate/edit/process/cust_pay.cgi @@ -27,9 +27,6 @@ %} <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); - $cgi->param('linknum') =~ /^(\d+)$/ or die "Illegal linknum: ". $cgi->param('linknum'); my $linknum = $1; @@ -52,6 +49,13 @@ my $new = new FS::cust_pay ( { #} fields('cust_pay') } ); +my @rights = ('Post payment'); +push @rights, 'Post check payment' if $cust_pay->payby eq 'BILL'; +push @rights, 'Post cash payment' if $cust_pay->payby eq 'CASH'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my $error = $new->insert( 'manual' => 1 ); </%init> diff --git a/httemplate/edit/process/cust_refund.cgi b/httemplate/edit/process/cust_refund.cgi index 5749e5346..389bc990c 100755 --- a/httemplate/edit/process/cust_refund.cgi +++ b/httemplate/edit/process/cust_refund.cgi @@ -28,8 +28,21 @@ my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) my $link = $cgi->param('popup') ? 'popup' : ''; +my $payby = $cgi->param('payby'); + +my @rights = (); +push @rights, 'Post refund' if $payby /^(BILL|CASH)$/; +push @rights, 'Post check refund' if $payby eq 'BILL'; +push @rights, 'Post cash refund ' if $payby eq 'CASH'; +push @rights, 'Refund payment' if $payby /^(CARD|CHEK)$/; +push @rights, 'Refund credit card payment' if $payby eq 'CARD'; +push @rights, 'Refund Echeck payment' if $payby eq 'CHEK'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my $error = ''; -if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { +if ( $payby =~ /^(CARD|CHEK)$/ ) { my %options = (); my $bop = $FS::payby::payby2bop{$1}; $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/ |