diff options
| author | Mark Wells <mark@freeside.biz> | 2012-04-04 10:08:37 -0700 |
|---|---|---|
| committer | Mark Wells <mark@freeside.biz> | 2012-04-04 10:08:37 -0700 |
| commit | 583e90e3de4d707996084dc82b794f26063b7fea (patch) | |
| tree | e3c319516458ee6e88891e181ded261b6ac58a07 /httemplate | |
| parent | c2ee6c5c4f274bbf86729cacd2fe011ea71f725d (diff) | |
options to limit access to full customer list, #15928
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/elements/menu.html | 2 | ||||
| -rwxr-xr-x | httemplate/search/cust_main.cgi | 2 | ||||
| -rw-r--r-- | httemplate/search/elements/search-html.html | 6 | ||||
| -rw-r--r-- | httemplate/search/elements/search.html | 10 |
4 files changed, 15 insertions, 5 deletions
diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html index 3b0969f5c..a2b0ff39b 100644 --- a/httemplate/elements/menu.html +++ b/httemplate/elements/menu.html @@ -106,7 +106,7 @@ $report_customers_lists{'with USPS-unvalidated addresses'} = [ $fsurl. 'search/c tie my %report_customers, 'Tie::IxHash'; $report_customers{'List customers'} = [ \%report_customers_lists, 'List customers' ] - if $curuser->access_right('List customers'); + if $curuser->access_right('List all customers'); $report_customers{'Zip code distribution'} = [ $fsurl. 'search/report_cust_main-zip.html', 'Zip codes by number of customers' ]; $report_customers{'Customer signup report'} = [ $fsurl. 'graph/report_cust_signup.html', 'New customer signups by date' ], $report_customers{'Advanced customer reports'} = [ $fsurl. 'search/report_cust_main.html', 'by status, signup date, agent, etc.' ] diff --git a/httemplate/search/cust_main.cgi b/httemplate/search/cust_main.cgi index aae8c7e99..859ef04e6 100755 --- a/httemplate/search/cust_main.cgi +++ b/httemplate/search/cust_main.cgi @@ -334,7 +334,7 @@ my $curuser = $FS::CurrentUser::CurrentUser; die "access denied" - unless $curuser->access_right('List customers'); + unless $curuser->access_right('List all customers'); my $conf = new FS::Conf; my $maxrecords = $conf->config('maxsearchrecordsperpage'); diff --git a/httemplate/search/elements/search-html.html b/httemplate/search/elements/search-html.html index af0c8fc09..53167c26e 100644 --- a/httemplate/search/elements/search-html.html +++ b/httemplate/search/elements/search-html.html @@ -130,7 +130,9 @@ </TD> -% unless ( $opt{'disable_download'} || $type eq 'html-print' ) { +% if ( $curuser->access_right('Download report data') +% and !$opt{'disable_download'} +% and $type ne 'html-print' ) { <TD ALIGN="right"> @@ -470,6 +472,8 @@ % } <%init> +my $curuser = $FS::CurrentUser::CurrentUser; + my %args = @_; my $type = $args{'type'}; my $header = $args{'header'}; diff --git a/httemplate/search/elements/search.html b/httemplate/search/elements/search.html index 81ec4d082..9bc66b6fa 100644 --- a/httemplate/search/elements/search.html +++ b/httemplate/search/elements/search.html @@ -170,7 +170,6 @@ Example: % <% include('search-csv.html', header=>$header, rows=>$rows, opt=>\%opt ) %> % -% #} elsif ( $type eq 'excel' ) { % } elsif ( $type =~ /\.xls$/ ) { % <% include('search-xls.html', header=>$header, rows=>$rows, opt=>\%opt ) %> @@ -179,7 +178,7 @@ Example: % <% include('search-xml.html', rows=>$rows, opt=>\%opt ) %> % -% } else { # regular HTML +% } else { % <% include('search-html.html', type => $type, @@ -205,6 +204,11 @@ my $curuser = $FS::CurrentUser::CurrentUser; my $type = $cgi->param('_type') =~ /^(csv|\w*\.xls|xml|select|html(-print)?)$/ ? $1 : 'html' ; +if ( !$curuser->access_right('Download report data') ) { + $opt{'disable_download'} = 1; + $type = 'html'; +} + my %align = ( 'l' => 'left', 'r' => 'right', @@ -363,6 +367,8 @@ unless ( $type =~ /^(csv|\w*.xls)$/) { $maxrecords ||= $confmax; } + $opt{'disable_maxselect'} ||= $conf->exists('disable_maxselect'); + $limit = $maxrecords ? "LIMIT $maxrecords" : ''; $offset = $cgi->param('offset') =~ /^(\d+)$/ ? $1 : 0; |