resolve inconsistency with posting payments then not having the ACL to view them: add "View payments" and "View refunds" rights, redirect payment/refund posting back to customer view if you cannot see the result

2 files changed, 4 insertions, 6 deletions

diff --git a/httemplate/view/cust_pay.html b/httemplate/view/cust_pay.html
index c9b2d51b5..d02f1543d 100644
--- a/httemplate/view/cust_pay.html
+++ b/httemplate/view/cust_pay.html
@@ -134,8 +134,8 @@
 my $curuser = $FS::CurrentUser::CurrentUser;
 
 die "access denied"
-  unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY
-  || $curuser->access_right('View customer payments');
+  unless $curuser->access_right('View invoices') #remove this in 2.5 (2.7?)
+  || $curuser->access_right('View payments');
 
 $cgi->param('paynum') =~ /^(\d+)$/ or die "no paynum";
 my $paynum = $1;
diff --git a/httemplate/view/cust_refund.html b/httemplate/view/cust_refund.html
index f19c61b1f..996b4c05a 100644
--- a/httemplate/view/cust_refund.html
+++ b/httemplate/view/cust_refund.html
@@ -105,10 +105,8 @@
 my $curuser = $FS::CurrentUser::CurrentUser;
 
 die "access denied"
-  unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY
-      || $curuser->access_right('View customer payments');
-      #'View customer refunds' ???
-
+  unless $curuser->access_right('View invoices') #remove this in 2.5 (2.7?)
+      || $curuser->access_right('View refunds');
 
 $cgi->param('refundnum') =~ /^(\d+)$/ or die "no refundnum";
 my $refundnum = $1;