Merge branch 'master' of git.freeside.biz:/home/git/freeside

author: Mark Wells <mark@freeside.biz> 2015-08-17 22:22:43 -0700
committer: Mark Wells <mark@freeside.biz> 2015-08-17 22:22:43 -0700
commit: 866994096d21b914815cb06353397dc4d00438f3 (patch)
tree: 3ad8cb381c080f68765edb43b6b55ef0dd409ac2 /httemplate/misc/process/template_image-delete.cgi
parent: feba5016425b52740c29653383343d0d1887a592 (diff)
parent: 89525f062092c185344ec7318406b1c9086d1eda (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/httemplate/misc/process/template_image-delete.cgi b/httemplate/misc/process/template_image-delete.cgi
new file mode 100644
index 000000000..58c3f2c68
--- /dev/null
+++ b/httemplate/misc/process/template_image-delete.cgi
@@ -0,0 +1,28 @@
+<% $server->process %>
+
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+# make sure user can generally edit
+die "access denied"
+  unless $curuser->access_right([ 'Edit templates', 'Edit global templates' ]);
+
+# make sure user can edit this particular image
+my %arg = $cgi->param('arg');
+my $imgnum = $arg{'imgnum'};
+die "bad imgnum" unless $imgnum =~ /^\d+$/;
+die "access denied" unless qsearchs({
+               'table'     => 'template_image',
+               'select'    => 'imgnum',
+               'hashref'   => { 'imgnum' => $imgnum },
+               'extra_sql' => ' AND ' . 
+                              $curuser->agentnums_sql(
+                                'null_right' => ['Edit global templates']
+                              ),
+             });
+
+my $server =
+  new FS::UI::Web::JSRPC 'FS::template_image::process_image_delete', $cgi;
+
+</%init>
author	Mark Wells <mark@freeside.biz>	2015-08-17 22:22:43 -0700
committer	Mark Wells <mark@freeside.biz>	2015-08-17 22:22:43 -0700
commit	866994096d21b914815cb06353397dc4d00438f3 (patch)
tree	3ad8cb381c080f68765edb43b6b55ef0dd409ac2 /httemplate/misc/process/template_image-delete.cgi
parent	feba5016425b52740c29653383343d0d1887a592 (diff)
parent	89525f062092c185344ec7318406b1c9086d1eda (diff)