ACLs

author: ivan <ivan> 2008-01-13 21:14:19 +0000
committer: ivan <ivan> 2008-01-13 21:14:19 +0000
commit: f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (patch)
tree: 2104b5d1a05433756d3b91ee436cfaa8c24ab464 /httemplate/misc/delete-cust_pay.cgi
parent: 2d53d2ebdce80d0f0dc7f75ccf506a06c2f852f9 (diff)
1 files changed, 20 insertions, 16 deletions
diff --git a/httemplate/misc/delete-cust_pay.cgi b/httemplate/misc/delete-cust_pay.cgi
index a0fa414d5..38e7e4ba1 100755
--- a/httemplate/misc/delete-cust_pay.cgi
+++ b/httemplate/misc/delete-cust_pay.cgi
@@ -1,17 +1,21 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
-%my $custnum = $cust_pay->custnum;
-%
-%my $error = $cust_pay->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+% if ( $error ) {
+%   errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+% }
+<%init>
 
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Delete payment');
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+
+my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
+my $custnum = $cust_pay->custnum;
+
+my $error = $cust_pay->delete;
+
+</%init>
author	ivan <ivan>	2008-01-13 21:14:19 +0000
committer	ivan <ivan>	2008-01-13 21:14:19 +0000
commit	f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (patch)
tree	2104b5d1a05433756d3b91ee436cfaa8c24ab464 /httemplate/misc/delete-cust_pay.cgi
parent	2d53d2ebdce80d0f0dc7f75ccf506a06c2f852f9 (diff)