diff options
| author | ivan <ivan> | 2007-02-05 12:51:05 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2007-02-05 12:51:05 +0000 |
| commit | 17856ff5c299e4db21da28116f2666655c03f2c7 (patch) | |
| tree | 0311558e18ed2b79765658a334d656330207c33b /httemplate/view/cust_main.cgi | |
| parent | 8b3782a95dcbc9fe5311b0522416791055a32f4d (diff) | |
C is for Cookie^WControl
Diffstat (limited to 'httemplate/view/cust_main.cgi')
| -rwxr-xr-x | httemplate/view/cust_main.cgi | 46 |
1 files changed, 26 insertions, 20 deletions
diff --git a/httemplate/view/cust_main.cgi b/httemplate/view/cust_main.cgi index 20e8201e6..850b48b27 100755 --- a/httemplate/view/cust_main.cgi +++ b/httemplate/view/cust_main.cgi @@ -1,27 +1,9 @@ -% -% -%my $conf = new FS::Conf; -% -%my $curuser = $FS::CurrentUser::CurrentUser; -% -%die "No customer specified (bad URL)!" unless $cgi->keywords; -%my($query) = $cgi->keywords; # needs parens with my, ->keywords returns array -%$query =~ /^(\d+)$/; -%my $custnum = $1; -%my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum}); -%die "Customer not found!" unless $cust_main; -% -% - - <% include("/elements/header.html","Customer View: ". $cust_main->name ) %> -% if ( $curuser->access_right('Edit customer') ) { +% if ( $curuser->access_right('Edit customer') ) { <A HREF="<% $p %>edit/cust_main.cgi?<% $custnum %>">Edit this customer</A> | % } - - <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws.js"></SCRIPT> <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws_iframe.js"></SCRIPT> <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws_draggable.js"></SCRIPT> @@ -155,11 +137,35 @@ Comments <BR><BR> + +% #XXX enable me# if ( $curuser->access_right('View customer packages') { <% include('cust_main/packages.html', $cust_main ) %> -% if ( $conf->config('payby-default') ne 'HIDE' ) { +% #} +% if ( $conf->config('payby-default') ne 'HIDE' ) { <% include('cust_main/payment_history.html', $cust_main ) %> % } <% include('/elements/footer.html') %> +<%init> + +my $curuser = $FS::CurrentUser::CurrentUser; + +die "access denied" + unless $curuser->access_right('View customer'); + +my $conf = new FS::Conf; + +die "No customer specified (bad URL)!" unless $cgi->keywords; +my($query) = $cgi->keywords; # needs parens with my, ->keywords returns array +$query =~ /^(\d+)$/; +my $custnum = $1; +my $cust_main = qsearchs({ + 'table' => 'cust_main', + 'hashref' => {'custnum'=>$custnum}, + 'extra_sql' => ' AND '. $curuser->agentnums_sql, +}); +die "Customer not found!" unless $cust_main; + +</%init> |