add separate ACL for employee reports, RT#22516

5 files changed, 10 insertions, 8 deletions

diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html
index 14d36c31d..5689b12d2 100644
--- a/httemplate/elements/menu.html
+++ b/httemplate/elements/menu.html
@@ -294,9 +294,11 @@ tie my %report_ticketing, 'Tie::IxHash',
   'Advanced ticket reports' => [ $fsurl.'rt/Search/Build.html?NewQuery=1', 'List tickets by any criteria' ],
 ;
 
-tie my %report_employees, 'Tie::IxHash',
-  'Employee Commission Report' => [ $fsurl.'search/report_employee_commission.html', '' ],
-  'Employee Audit Report' => [ $fsurl.'search/report_employee_audit.html', 'Employee audit report' ],
+tie my %report_employees, 'Tie::IxHash';
+$report_employees{'Employee Commission Report'} = [ $fsurl.'search/report_employee_commission.html', '' ]
+  if $curuser->access_right('Employees: Commission Report');
+$report_employees{'Employee Audit Report'} = [ $fsurl.'search/report_employee_audit.html', 'Employee audit report' ]
+  if $curuser->access_right('Employees: Audit Report');
 ;
 
 tie my %report_bill_event, 'Tie::IxHash',
@@ -397,7 +399,7 @@ $report_menu{'Tickets'}        = [ \%report_ticketing, 'Ticket reports' ]
   if $conf->config('ticket_system')
   ;#&& FS::TicketSystem->access_right(\%session, 'Something');
 $report_menu{'Employees'}      =  [ \%report_employees, 'Employee reports'  ]
-  if $curuser->access_right('Financial reports');
+  if keys %report_employees;
 $report_menu{'Billing events'} =  [ \%report_bill_event, 'Billing events' ]
   if $curuser->access_right('Billing event reports');
 $report_menu{'Financial'}      = [ \%report_financial, 'Financial reports' ]
diff --git a/httemplate/search/employee_audit.html b/httemplate/search/employee_audit.html
index 753c7bff3..2bc6ff46e 100644
--- a/httemplate/search/employee_audit.html
+++ b/httemplate/search/employee_audit.html
@@ -7,7 +7,7 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Financial reports');
+  unless $FS::CurrentUser::CurrentUser->access_right('Employees: Audit Report');
 
 my %tables = (
     cust_pay        => 'Payments',
diff --git a/httemplate/search/part_pkg.html b/httemplate/search/part_pkg.html
index 2178346e2..a90f13c95 100644
--- a/httemplate/search/part_pkg.html
+++ b/httemplate/search/part_pkg.html
@@ -23,7 +23,7 @@
 
 my $curuser = $FS::CurrentUser::CurrentUser;
 die "access denied"
-  unless $curuser->access_right('Financial reports');
+  unless $curuser->access_right('Employees: Commission Report'); #that's all this does so far
 
 my $conf = new FS::Conf;
 my $money_char = $conf->config('money_char') || '$';
diff --git a/httemplate/search/report_employee_audit.html b/httemplate/search/report_employee_audit.html
index 757b8232f..461849b76 100644
--- a/httemplate/search/report_employee_audit.html
+++ b/httemplate/search/report_employee_audit.html
@@ -23,7 +23,7 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Financial reports');
+  unless $FS::CurrentUser::CurrentUser->access_right('Employees: Audit Report');
 
 my %tables = (
     cust_pay        => 'Payments',
diff --git a/httemplate/search/report_employee_commission.html b/httemplate/search/report_employee_commission.html
index 51afad3b5..ebfcae82d 100644
--- a/httemplate/search/report_employee_commission.html
+++ b/httemplate/search/report_employee_commission.html
@@ -25,6 +25,6 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Financial reports');
+  unless $FS::CurrentUser::CurrentUser->access_right('Employees: Commission Report');
 
 </%init>