diff options
| author | ivan <ivan> | 2011-08-03 00:05:03 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2011-08-03 00:05:03 +0000 |
| commit | 8256b8f583dd8db0cd7e27e6089d356f5cc97377 (patch) | |
| tree | 4f81d3b2189662a019876f20fae667519090e12d /httemplate/misc | |
| parent | 2e7177fab34d9b1a7366d14cab722aebdf7722a7 (diff) | |
resolve inconsistency with posting payments then not having the ACL to view them: add "View payments" and "View refunds" rights, redirect payment/refund posting back to customer view if you cannot see the result
Diffstat (limited to 'httemplate/misc')
| -rw-r--r-- | httemplate/misc/process/payment.cgi | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi index 9c8512785..5fa57e448 100644 --- a/httemplate/misc/process/payment.cgi +++ b/httemplate/misc/process/payment.cgi @@ -10,13 +10,16 @@ <% include('/elements/footer.html') %> -% } else { +% #2.5/2.7?# } elsif ( $curuser->access_right('View payments') ) { +% } elsif ( $curuser->access_right(['View invoices', 'View payments']) ) { <% $cgi->redirect(popurl(3). "view/cust_pay.html?paynum=$paynum" ) %> +% } else { +<% $cgi->redirect(popurl(3). "view/cust_main.html?custnum=$custnum" ) %> % } <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Process payment'); +my $curuser = $FS::CurrentUser::CurrentUser; +die "access denied" unless $curuser->access_right('Process payment'); #some false laziness w/MyAccount::process_payment |