diff options
| author | Jonathan Prykop <jonathan@freeside.biz> | 2015-08-17 23:01:31 -0500 |
|---|---|---|
| committer | Jonathan Prykop <jonathan@freeside.biz> | 2015-08-24 19:35:06 -0500 |
| commit | 4ff211f203e8b99b12735de5ffd239f03425ea7f (patch) | |
| tree | dfd854aeb70b2dcbf61ee7fd60d79e585849a92b /httemplate/misc/process/template_image-delete.cgi | |
| parent | 64c20943b248398a194699fb0066b44b200b7405 (diff) | |
RT#18830: Upload file to message template
Diffstat (limited to 'httemplate/misc/process/template_image-delete.cgi')
| -rw-r--r-- | httemplate/misc/process/template_image-delete.cgi | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/httemplate/misc/process/template_image-delete.cgi b/httemplate/misc/process/template_image-delete.cgi new file mode 100644 index 000000000..58c3f2c68 --- /dev/null +++ b/httemplate/misc/process/template_image-delete.cgi @@ -0,0 +1,28 @@ +<% $server->process %> + +<%init> + +my $curuser = $FS::CurrentUser::CurrentUser; + +# make sure user can generally edit +die "access denied" + unless $curuser->access_right([ 'Edit templates', 'Edit global templates' ]); + +# make sure user can edit this particular image +my %arg = $cgi->param('arg'); +my $imgnum = $arg{'imgnum'}; +die "bad imgnum" unless $imgnum =~ /^\d+$/; +die "access denied" unless qsearchs({ + 'table' => 'template_image', + 'select' => 'imgnum', + 'hashref' => { 'imgnum' => $imgnum }, + 'extra_sql' => ' AND ' . + $curuser->agentnums_sql( + 'null_right' => ['Edit global templates'] + ), + }); + +my $server = + new FS::UI::Web::JSRPC 'FS::template_image::process_image_delete', $cgi; + +</%init> |