resolve inconsistency with posting payments then not having the ACL to view them: add "View payments" and "View refunds" rights, redirect payment/refund posting back to customer view if you cannot see the result

author: ivan <ivan> 2011-08-03 00:05:01 +0000
committer: ivan <ivan> 2011-08-03 00:05:01 +0000
commit: 524f46a00ec9610c82a519bea2469cb1711abc1b (patch)
tree: 6102fab6fd6b1a41bd276cf0804fa3625e8e828c /httemplate/misc/process/payment.cgi
parent: 9fa60cbce4bb13ef227749706c99c5bf584bbf3e (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi
index 9c8512785..5fa57e448 100644
--- a/httemplate/misc/process/payment.cgi
+++ b/httemplate/misc/process/payment.cgi
@@ -10,13 +10,16 @@
 
   <% include('/elements/footer.html') %>
 
-% } else {
+% #2.5/2.7?# } elsif ( $curuser->access_right('View payments') ) {
+% } elsif ( $curuser->access_right(['View invoices', 'View payments']) ) {
 <% $cgi->redirect(popurl(3). "view/cust_pay.html?paynum=$paynum" ) %>
+% } else {
+<% $cgi->redirect(popurl(3). "view/cust_main.html?custnum=$custnum" ) %>
 % }
 <%init>
 
-die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Process payment');
+my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" unless $curuser->access_right('Process payment');
 
 #some false laziness w/MyAccount::process_payment
author	ivan <ivan>	2011-08-03 00:05:01 +0000
committer	ivan <ivan>	2011-08-03 00:05:01 +0000
commit	524f46a00ec9610c82a519bea2469cb1711abc1b (patch)
tree	6102fab6fd6b1a41bd276cf0804fa3625e8e828c /httemplate/misc/process/payment.cgi
parent	9fa60cbce4bb13ef227749706c99c5bf584bbf3e (diff)