ACLs

1 files changed, 27 insertions, 24 deletions

diff --git a/httemplate/misc/process/delete-customer.cgi b/httemplate/misc/process/delete-customer.cgi
index d0d237ee8..d509a5e0e 100755
--- a/httemplate/misc/process/delete-customer.cgi
+++ b/httemplate/misc/process/delete-customer.cgi
@@ -1,30 +1,33 @@
-%
-%
-%my $conf = new FS::Conf;
-%die "Customer deletions not enabled" unless $conf->exists('deletecustomers');
-%
-%$cgi->param('custnum') =~ /^(\d+)$/;
-%my $custnum = $1;
-%my $new_custnum;
-%if ( $cgi->param('new_custnum') ) {
-%  $cgi->param('new_custnum') =~ /^(\d+)$/
-%    or die "Illegal new customer number: ". $cgi->param('new_custnum');
-%  $new_custnum = $1;
-%} else {
-%  $new_custnum = '';
-%}
-%my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } )
-%  or die "Customer not found: $custnum";
-%
-%my $error = $cust_main->delete($new_custnum);
-%
 %if ( $error ) {
 %  $cgi->param('error', $error);
-%  print $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "delete-customer.cgi?". $cgi->query_string ) %>
 %} elsif ( $new_custnum ) {
-%  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$new_custnum") %>
 %} else {
-%  print $cgi->redirect(popurl(3));
+<% $cgi->redirect(popurl(3)) %>
 %}
-%
+<%init>
+
+my $conf = new FS::Conf;
+die "Customer deletions not enabled in configuration"
+  unless $conf->exists('deletecustomers');
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Delete customer');
+
+$cgi->param('custnum') =~ /^(\d+)$/;
+my $custnum = $1;
+my $new_custnum;
+if ( $cgi->param('new_custnum') ) {
+  $cgi->param('new_custnum') =~ /^(\d+)$/
+    or die "Illegal new customer number: ". $cgi->param('new_custnum');
+  $new_custnum = $1;
+} else {
+  $new_custnum = '';
+}
+my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } )
+  or die "Customer not found: $custnum";
+
+my $error = $cust_main->delete($new_custnum);
 
+</%init>