ACLs

author: ivan <ivan> 2008-01-13 21:14:19 +0000
committer: ivan <ivan> 2008-01-13 21:14:19 +0000
commit: f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (patch)
tree: 2104b5d1a05433756d3b91ee436cfaa8c24ab464 /httemplate/misc/email-invoice.cgi
parent: 2d53d2ebdce80d0f0dc7f75ccf506a06c2f852f9 (diff)
1 files changed, 18 insertions, 17 deletions
diff --git a/httemplate/misc/email-invoice.cgi b/httemplate/misc/email-invoice.cgi
index 8a3dd90b1..269722f67 100755
--- a/httemplate/misc/email-invoice.cgi
+++ b/httemplate/misc/email-invoice.cgi
@@ -1,18 +1,19 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $template = $2;
-%my $invnum = $3;
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Can't find invoice!\n" unless $cust_bill;
-%
-%$cust_bill->email($template); 
-%
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%print $cgi->redirect("${p}view/cust_main.cgi?$custnum");
-%
-%
+<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %>
+<%init>
 
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $template = $2;
+my $invnum = $3;
+my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+die "Can't find invoice!\n" unless $cust_bill;
+
+$cust_bill->email($template); 
+
+my $custnum = $cust_bill->getfield('custnum');
+
+</%init>
author	ivan <ivan>	2008-01-13 21:14:19 +0000
committer	ivan <ivan>	2008-01-13 21:14:19 +0000
commit	f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (patch)
tree	2104b5d1a05433756d3b91ee436cfaa8c24ab464 /httemplate/misc/email-invoice.cgi
parent	2d53d2ebdce80d0f0dc7f75ccf506a06c2f852f9 (diff)