diff options
author | Mark Wells <mark@freeside.biz> | 2013-02-27 12:47:34 -0800 |
---|---|---|
committer | Mark Wells <mark@freeside.biz> | 2013-02-27 12:47:34 -0800 |
commit | 2920cfc494c2811ca7879d6ecaa353d216c9f69d (patch) | |
tree | 5d19fbcb32f75a67940609afa1cf71fc72297228 /httemplate | |
parent | a5e611f5ffc045a59fee9e1b03f8ac79ef794d00 (diff) |
"Edit password" ACL, #21178, part 2
Diffstat (limited to 'httemplate')
-rwxr-xr-x | httemplate/browse/part_svc.cgi | 15 | ||||
-rwxr-xr-x | httemplate/edit/part_svc.cgi | 16 | ||||
-rw-r--r-- | httemplate/edit/process/cust_svc.cgi | 2 | ||||
-rwxr-xr-x | httemplate/edit/svc_acct.cgi | 18 | ||||
-rw-r--r-- | httemplate/misc/process/change-password.html | 7 | ||||
-rw-r--r-- | httemplate/view/elements/svc_Common.html | 2 | ||||
-rw-r--r-- | httemplate/view/elements/svc_edit_link.html | 9 | ||||
-rwxr-xr-x | httemplate/view/svc_acct.cgi | 9 | ||||
-rw-r--r-- | httemplate/view/svc_acct/basics.html | 26 |
9 files changed, 70 insertions, 34 deletions
diff --git a/httemplate/browse/part_svc.cgi b/httemplate/browse/part_svc.cgi index a8f4a7c84..f941ae586 100755 --- a/httemplate/browse/part_svc.cgi +++ b/httemplate/browse/part_svc.cgi @@ -82,6 +82,7 @@ function part_export_areyousure(href) { % } % @dfields ; % my $rowspan = scalar(@fields) || 1; +% $rowspan++ if $part_svc->restrict_edit_password; % my $url = "${p}edit/part_svc.cgi?". $part_svc->svcpart; % % if ( $bgcolor eq $bgcolor1 ) { @@ -183,15 +184,21 @@ function part_export_areyousure(href) { % } else { <% $value %> -% } +% } </TD> % $n1="</TR><TR>"; -% } -% +% } #foreach $field +% if ( $part_svc->restrict_edit_password ) { + <TR> + <TD CLASS="grid" BGCOLOR="<% $bgcolor %>" COLSPAN=4 ALIGN="left"> + <B><% emt('Password editing restricted.') %></B> + </TD> + </TR> +% } </TR> -% } +% } #foreach $part_svc </TABLE> </BODY> diff --git a/httemplate/edit/part_svc.cgi b/httemplate/edit/part_svc.cgi index 007c24629..8a84b208a 100755 --- a/httemplate/edit/part_svc.cgi +++ b/httemplate/edit/part_svc.cgi @@ -407,6 +407,20 @@ % % } #foreach my $field (@fields) { % +% if ( $layer eq 'svc_acct' ) { +% # eww, more ugly special-caseyness +% $html .= +% '<TR><TD COLSPAN=3 ALIGN="right">'. +% emt('Require "Provision" access right to edit password'). +% '</TD><TD>'. +% '<INPUT TYPE="checkbox" NAME="restrict_edit_password" VALUE="Y"'. +% ($part_svc->restrict_edit_password ? ' CHECKED' : ''). +% '></TD></TR>'; +% } else { +% $html .= +% '<INPUT TYPE="hidden" NAME="restrict_edit_password" VALUE="">'; +% } +% % $part_svc->svcpart('') if $clone; #undone % $html .= "</TABLE>"; % @@ -414,7 +428,7 @@ % $layer, #form name % [ qw(svc svcpart classnum selfservice_access % disabled preserve -% exportnum), +% exportnum restrict_edit_password), % @fields ], % 'process/part_svc.cgi', % $p.'browse/part_svc.cgi', diff --git a/httemplate/edit/process/cust_svc.cgi b/httemplate/edit/process/cust_svc.cgi index e22cbb201..7cb1d6d8f 100644 --- a/httemplate/edit/process/cust_svc.cgi +++ b/httemplate/edit/process/cust_svc.cgi @@ -6,7 +6,7 @@ %} <%init> -die 'access deined' +die 'access denied' unless $FS::CurrentUser::CurrentUser->access_right('Change customer service'); my $svcnum = $cgi->param('svcnum'); diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi index c1f74551d..627791ba7 100755 --- a/httemplate/edit/svc_acct.cgi +++ b/httemplate/edit/svc_acct.cgi @@ -9,19 +9,6 @@ <BR> % } -<SCRIPT TYPE="text/javascript"> -function randomPass() { - var i=0; - var pw_set='<% join('', 'a'..'z', 'A'..'Z', '0'..'9' ) %>'; - var pass=''; - while(i < 8) { - i++; - pass += pw_set.charAt(Math.floor(Math.random() * pw_set.length)); - } - document.OneTrueForm.clear_password.value = pass; -} -</SCRIPT> - <FORM NAME="OneTrueForm" ACTION="<% $p1 %>process/svc_acct.cgi" METHOD=POST> <INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>"> <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> @@ -57,10 +44,11 @@ function randomPass() { %if ( $part_svc->part_svc_column('_password')->columnflag ne 'F' ) { <TR> +% #XXX eventually should require "Edit Password" ACL <TD ALIGN="right"><% mt('Password') |h %></TD> <TD> - <INPUT TYPE="text" NAME="clear_password" VALUE="<% $password %>" SIZE=<% $pmax2 %> MAXLENGTH=<% $pmax %>> - <INPUT TYPE="button" VALUE="<% mt('Generate') |h %>" onclick="randomPass();"> + <INPUT TYPE="text" ID="clear_password" NAME="clear_password" VALUE="<% $password %>" SIZE=<% $pmax2 %> MAXLENGTH=<% $pmax %>> + <& /elements/random_pass.html, 'clear_password' &> </TD> </TR> %}else{ diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html index 7005439cc..7cab9c4e3 100644 --- a/httemplate/misc/process/change-password.html +++ b/httemplate/misc/process/change-password.html @@ -1,11 +1,16 @@ <%init> my $curuser = $FS::CurrentUser::CurrentUser; -die "access denied" unless $curuser->access_right('Edit password'); $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum"; my $svcnum = $1; my $svc_acct = FS::svc_acct->by_key($svcnum) or die "svc_acct $svcnum not found"; +my $part_svc = $svc_acct->part_svc; +die "access denied" unless ( + $curuser->access_right('Provision customer service') or + ( $curuser->access_right('Edit password') and + ! $part_svc->restrict_edit_password ) + ); my $error = $svc_acct->set_password($cgi->param('password')) || $svc_acct->replace; diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html index f7c685c28..46b9c28fa 100644 --- a/httemplate/view/elements/svc_Common.html +++ b/httemplate/view/elements/svc_Common.html @@ -52,7 +52,7 @@ function areyousure(href) { <% mt('Service #') |h %><B><% $svcnum %></B> % my $url = $opt{'edit_url'} || $p. 'edit/'. $opt{'table'}. '.cgi?'; -| <& /view/elements/svc_edit_link.html, 'svc' => $svc_x, 'edit_url' => $url &> +<& /view/elements/svc_edit_link.html, 'svc' => $svc_x, 'edit_url' => $url &> <BR> <% ntable("#cccccc") %><TR><TD><% ntable("#cccccc",2) %> diff --git a/httemplate/view/elements/svc_edit_link.html b/httemplate/view/elements/svc_edit_link.html index d65db0a8f..5438ed266 100644 --- a/httemplate/view/elements/svc_edit_link.html +++ b/httemplate/view/elements/svc_edit_link.html @@ -7,8 +7,12 @@ function areyousure_delete() { window.location.href = '<% $cancel_url %>'; } </SCRIPT> -<A HREF="<% $edit_url %>"><% mt("Edit this [_1]", $label) |h %></A> | -<A HREF="javascript:areyousure_delete()"><% mt('Unprovision this Service') |h %></A> +% if ( $curuser->access_right('Provision customer service') ) { +| <A HREF="<% $edit_url %>"><% mt("Edit this [_1]", $label) |h %></A> +% } +% if ( $curuser->access_right('Unprovision customer service') ) { +| <A HREF="javascript:areyousure_delete()"><% mt('Unprovision this Service') |h %></A> +% } % } <%init> my %opt = @_; @@ -20,4 +24,5 @@ my $cancel_url = $p . 'misc/unprovision.cgi?' . $svc_x->svcnum; my $cust_svc = $svc_x->cust_svc; # always exists my $cancel_date = $cust_svc->pkg_cancel_date; my ($label) = $cust_svc->label; +my $curuser = $FS::CurrentUser::CurrentUser; </%init> diff --git a/httemplate/view/svc_acct.cgi b/httemplate/view/svc_acct.cgi index 199591356..76631baad 100755 --- a/httemplate/view/svc_acct.cgi +++ b/httemplate/view/svc_acct.cgi @@ -37,7 +37,6 @@ &> <% mt('Service #') |h %><B><% $svcnum %></B> -| <& /view/elements/svc_edit_link.html, 'svc' => $svc_acct &> <& svc_acct/change_svc.html, 'part_svc' => \@part_svc, @@ -90,8 +89,12 @@ die "access denied" my $addl_from = ' LEFT JOIN cust_svc USING ( svcnum ) '. ' LEFT JOIN cust_pkg USING ( pkgnum ) '. ' LEFT JOIN cust_main USING ( custnum ) '; - -my($query) = $cgi->keywords; +my $query; +if ( $cgi->keywords ) { + ($query) = $cgi->keywords; +} else { + $query = $cgi->param('svcnum'); +} $query =~ /^(\d+)$/; my $svcnum = $1; my $svc_acct = qsearchs({ diff --git a/httemplate/view/svc_acct/basics.html b/httemplate/view/svc_acct/basics.html index 2d9953fcc..04e7bcff8 100644 --- a/httemplate/view/svc_acct/basics.html +++ b/httemplate/view/svc_acct/basics.html @@ -20,7 +20,7 @@ % if ( $password =~ /^\*\w+\* (.*)$/ ) { % $password = $1; % $show_pw .= '<I>('. mt('login disabled') .')</I> '; -% } +% } % if ( ! $password % && $svc_acct->_password_encryption ne 'plain' % && $svc_acct->_password @@ -28,13 +28,27 @@ % { % $show_pw .= '<I>('. uc($svc_acct->_password_encryption). ' '.mt('encrypted').')</I>'; % } elsif ( $conf->exists('showpasswords') ) { -% $show_pw .= '<PRE>'. encode_entities($password). '</PRE>'; +% $show_pw .= '<SPAN >'. encode_entities($password). '</PRE>'; % } else { +% $password = ''; % $show_pw .= '<I>('. mt('hidden') .')</I>'; -% } -% $password = ''; -<& /view/elements/tr.html, label=>mt('Password'), value=>$show_pw &> - +% } +<TR> + <TD ALIGN="right"><% mt('Password') %></TD> + <TD STYLE="background-color: #ffffff; white-space: nowrap"> + <% $show_pw %> +% my $curuser = $FS::CurrentUser::CurrentUser; +% if ( $curuser->access_right('Provision customer service') or +% ($curuser->access_right('Edit password') and +% ! $part_svc->restrict_edit_password) ) +% { + <& /elements/change_password.html, + 'svc_acct' => $svc_acct, + 'curr_value' => $password, + &> +% } + </TD> +</TR> % if ( $conf->exists('security_phrase') ) { <& /view/elements/tr.html, label=>mt('Security phrase'), value=>$svc_acct->sec_phrase &> |