diff options
| author | ivan <ivan> | 2011-08-03 00:05:03 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2011-08-03 00:05:03 +0000 |
| commit | 8256b8f583dd8db0cd7e27e6089d356f5cc97377 (patch) | |
| tree | 4f81d3b2189662a019876f20fae667519090e12d /httemplate/search | |
| parent | 2e7177fab34d9b1a7366d14cab722aebdf7722a7 (diff) | |
resolve inconsistency with posting payments then not having the ACL to view them: add "View payments" and "View refunds" rights, redirect payment/refund posting back to customer view if you cannot see the result
Diffstat (limited to 'httemplate/search')
| -rwxr-xr-x | httemplate/search/elements/cust_pay_or_refund.html | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/httemplate/search/elements/cust_pay_or_refund.html b/httemplate/search/elements/cust_pay_or_refund.html index 8c32b79bd..002b1a4c2 100755 --- a/httemplate/search/elements/cust_pay_or_refund.html +++ b/httemplate/search/elements/cust_pay_or_refund.html @@ -74,8 +74,9 @@ $title = 'Unapplied ' if $unapplied; $title .= "\u$name_singular Search Results"; my $link = ''; -if ( ( $curuser->access_right('View invoices') #XXX for now - || $curuser->access_right('View customer payments') +if ( ( $curuser->access_right('View invoices') #remove in 2.5 (2.7?) + || ($curuser->access_right('View payments') && $table =~ /^cust_pay/) + || ($curuser->access_right('View refunds') && $table eq 'cust_refund') ) && ! $opt{'disable_link'} ) |