ACLs

1 files changed, 28 insertions, 31 deletions

diff --git a/httemplate/misc/cancel-unaudited.cgi b/httemplate/misc/cancel-unaudited.cgi
index da60dc47b..4919c6632 100755
--- a/httemplate/misc/cancel-unaudited.cgi
+++ b/httemplate/misc/cancel-unaudited.cgi
@@ -1,36 +1,33 @@
-%
-%
-%my $dbh = dbh;
-% 
-%#untaint svcnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%
-%#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
-%#die "Unknown svcnum!" unless $svc_acct;
-%
-%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
-%die "Unknown svcnum!" unless $cust_svc;
-%my $cust_pkg = $cust_svc->cust_pkg;
-%if ( $cust_pkg ) {
-%  errorpage( 'This account has already been audited.  Cancel the '.
-%           qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum.
-%           '#cust_pkg'. $cust_pkg->pkgnum. '">'.
-%           'package</A> instead.');
-%}
-%
-%my $error = $cust_svc->cancel;
-%
 %if ( $error ) {
-%  
-
-<!-- mason kludge -->
-%
 %  errorpage($error);
 %} else {
-%  print $cgi->redirect(popurl(2));
+<% $cgi->redirect(popurl(2)) %>
 %}
-%
-%
 
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Unprovision customer service')
+      && $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services');
+
+#untaint svcnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+
+#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
+#die "Unknown svcnum!" unless $svc_acct;
+
+my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
+die "Unknown svcnum!" unless $cust_svc;
+my $cust_pkg = $cust_svc->cust_pkg;
+if ( $cust_pkg ) {
+  errorpage( 'This account has already been audited.  Cancel the '.
+           qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum.
+           '#cust_pkg'. $cust_pkg->pkgnum. '">'.
+           'package</A> instead.');
+}
+
+my $error = $cust_svc->cancel;
+
+</%init>