diff options
| author | ivan <ivan> | 2011-08-03 00:05:01 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2011-08-03 00:05:01 +0000 |
| commit | 524f46a00ec9610c82a519bea2469cb1711abc1b (patch) | |
| tree | 6102fab6fd6b1a41bd276cf0804fa3625e8e828c /httemplate/search/elements/cust_pay_or_refund.html | |
| parent | 9fa60cbce4bb13ef227749706c99c5bf584bbf3e (diff) | |
resolve inconsistency with posting payments then not having the ACL to view them: add "View payments" and "View refunds" rights, redirect payment/refund posting back to customer view if you cannot see the result
Diffstat (limited to 'httemplate/search/elements/cust_pay_or_refund.html')
| -rwxr-xr-x | httemplate/search/elements/cust_pay_or_refund.html | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/httemplate/search/elements/cust_pay_or_refund.html b/httemplate/search/elements/cust_pay_or_refund.html index 8c32b79bd..002b1a4c2 100755 --- a/httemplate/search/elements/cust_pay_or_refund.html +++ b/httemplate/search/elements/cust_pay_or_refund.html @@ -74,8 +74,9 @@ $title = 'Unapplied ' if $unapplied; $title .= "\u$name_singular Search Results"; my $link = ''; -if ( ( $curuser->access_right('View invoices') #XXX for now - || $curuser->access_right('View customer payments') +if ( ( $curuser->access_right('View invoices') #remove in 2.5 (2.7?) + || ($curuser->access_right('View payments') && $table =~ /^cust_pay/) + || ($curuser->access_right('View refunds') && $table eq 'cust_refund') ) && ! $opt{'disable_link'} ) |