diff options
| author | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
|---|---|---|
| committer | ivan <ivan> | 2008-01-13 21:35:54 +0000 |
| commit | 0930d22ffc440f80c1b222b2e750cadbabd9e8f6 (patch) | |
| tree | 59d6738ed4c685cd9bec804e9d3f661f4f37d72c /httemplate | |
| parent | f49f11d4c3c4ba9480cc5c9acfaa606a5ba73ad1 (diff) | |
ACLs
Diffstat (limited to 'httemplate')
87 files changed, 2614 insertions, 2364 deletions
diff --git a/httemplate/edit/REAL_cust_pkg.cgi b/httemplate/edit/REAL_cust_pkg.cgi index fe6984673..fea85456f 100755 --- a/httemplate/edit/REAL_cust_pkg.cgi +++ b/httemplate/edit/REAL_cust_pkg.cgi @@ -2,7 +2,6 @@ %#, menubar( %# "View this customer (#$custnum)" => popurl(2). "view/cust_main.cgi?$custnum", -%# 'Main Menu' => popurl(2) %#)); <LINK REL="stylesheet" TYPE="text/css" HREF="../elements/calendar-win2k-2.css" TITLE="win2k-2"> @@ -13,9 +12,12 @@ <FORM NAME="formname" ACTION="process/REAL_cust_pkg.cgi" METHOD="POST"> <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> +% # raw error from below % if ( $error ) { <FONT SIZE="+1" COLOR="#ff0000">Error: <% $error %></FONT> % } +% #or, regular error handler +<% include('/elements/error.html') %> <% ntable("#cccccc",2) %> @@ -122,16 +124,19 @@ my $format = "%m/%d/%Y %T %z (%Z)"; </%once> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates'); + my $error = ''; my( $pkgnum, $cust_pkg ); if ( $cgi->param('error') ) { - $error = $cgi->param('error'); $pkgnum = $cgi->param('pkgnum'); - if ( $error eq '_bill_areyousure' ) { + if ( $cgi->param('error') eq '_bill_areyousure' ) { if ( $cgi->param('bill') =~ /^([\s\d\/\:\-\(\w\)]*)$/ ) { my $bill = $1; + $cgi->param('error', ''); $error = "You are attempting to set the next bill date to $bill, which is in the past. This will charge the customer for the interval from $bill until now. Are you sure you want to do this? ". @@ -174,4 +179,3 @@ unless ( $part_pkg->is_prepaid ) { } </%init> - diff --git a/httemplate/edit/access_user.html b/httemplate/edit/access_user.html index 065e60c4b..224d8d722 100644 --- a/httemplate/edit/access_user.html +++ b/httemplate/edit/access_user.html @@ -42,3 +42,9 @@ }, ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/agent.cgi b/httemplate/edit/agent.cgi index 46ab5c705..11bfc5932 100755 --- a/httemplate/edit/agent.cgi +++ b/httemplate/edit/agent.cgi @@ -1,5 +1,4 @@ <% include("/elements/header.html","$action Agent", menubar( - 'Main Menu' => $p, 'View all agents' => $p. 'browse/agent.cgi', )) %> @@ -77,6 +76,9 @@ Agent #<% $agent->agentnum ? $agent->agentnum : "(NEW)" %> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + my $agent; if ( $cgi->param('error') ) { $agent = new FS::agent ( { @@ -94,5 +96,3 @@ my $action = $agent->agentnum ? 'Edit' : 'Add'; my $conf = new FS::Conf; </%init> - - diff --git a/httemplate/edit/agent_payment_gateway.html b/httemplate/edit/agent_payment_gateway.html index 9692199ef..4a7cedf79 100644 --- a/httemplate/edit/agent_payment_gateway.html +++ b/httemplate/edit/agent_payment_gateway.html @@ -1,20 +1,4 @@ -% -% -%$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum"; -%my $agent = qsearchs('agent', { 'agentnum' => $1 } ); -%die "agentnum $1 not found" unless $agent; -% -%#my @agent_payment_gateway; -%if ( $cgi->param('error') ) { -%} -% -%my $action = 'Add'; -% -% - - <% include("/elements/header.html","$action payment gateway override for ". $agent->agent, menubar( - 'Main Menu' => $p, #'View all payment gateways' => $p. 'browse/payment_gateway.html', 'View all agents' => $p. 'browse/agent.html', )) %> @@ -63,5 +47,22 @@ for <SELECT NAME="cardtype" MULTIPLE> <INPUT TYPE="submit" VALUE="Add gateway override"> </FORM> -</BODY> -</HTML> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum"; +my $agent = qsearchs('agent', { 'agentnum' => $1 } ); +die "agentnum $1 not found" unless $agent; + +#my @agent_payment_gateway; +if ( $cgi->param('error') ) { +} + +my $action = 'Add'; + +</%init> diff --git a/httemplate/edit/agent_type.cgi b/httemplate/edit/agent_type.cgi index bfef42fea..abf4bf89f 100755 --- a/httemplate/edit/agent_type.cgi +++ b/httemplate/edit/agent_type.cgi @@ -1,22 +1,4 @@ -% -% -%my($agent_type); -%if ( $cgi->param('error') ) { -% $agent_type = new FS::agent_type ( { -% map { $_, scalar($cgi->param($_)) } fields('agent') -% } ); -%} elsif ( $cgi->keywords ) { #editing -% my( $query ) = $cgi->keywords; -% $query =~ /^(\d+)$/; -% $agent_type=qsearchs('agent_type',{'typenum'=>$1}); -%} else { #adding -% $agent_type = new FS::agent_type {}; -%} -%my $action = $agent_type->typenum ? 'Edit' : 'Add'; -% -% <% include("/elements/header.html","$action Agent Type", menubar( - 'Main Menu' => "$p", 'View all agent types' => "${p}browse/agent_type.cgi", )) %> @@ -52,3 +34,24 @@ Select which packages agents of this type may sell to customers<BR> </FORM> <% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my($agent_type); +if ( $cgi->param('error') ) { + $agent_type = new FS::agent_type ( { + map { $_, scalar($cgi->param($_)) } fields('agent') + } ); +} elsif ( $cgi->keywords ) { #editing + my( $query ) = $cgi->keywords; + $query =~ /^(\d+)$/; + $agent_type=qsearchs('agent_type',{'typenum'=>$1}); +} else { #adding + $agent_type = new FS::agent_type {}; +} +my $action = $agent_type->typenum ? 'Edit' : 'Add'; + +</%init> diff --git a/httemplate/edit/bulk-cust_svc.html b/httemplate/edit/bulk-cust_svc.html index f2efc3ff9..6f6e3f850 100644 --- a/httemplate/edit/bulk-cust_svc.html +++ b/httemplate/edit/bulk-cust_svc.html @@ -1,9 +1,4 @@ -<% include("/elements/header.html", 'Bulk customer service change', - menubar( - 'Main Menu' => $p, - ), - ) -%> +<% include('/elements/header.html', 'Bulk customer service change') %> <SCRIPT TYPE="text/javascript" SRC="../elements/overlibmws.js"></SCRIPT> <SCRIPT TYPE="text/javascript" SRC="../elements/overlibmws_iframe.js"></SCRIPT> @@ -92,8 +87,11 @@ var confirm_change = '<P ALIGN="center"><B>Bulk customer service change - Are yo </FORM> -</BODY> -</HTML> +<% include('/elements/footer.html') %> +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +</%init> diff --git a/httemplate/edit/cust_bill_pay.cgi b/httemplate/edit/cust_bill_pay.cgi index 44e783eb7..28c14618f 100755 --- a/httemplate/edit/cust_bill_pay.cgi +++ b/httemplate/edit/cust_bill_pay.cgi @@ -1,4 +1,4 @@ -<% header("Apply Payment", '') %> +<% include('/elements/header-popup.html', 'Apply Payment') %> <% include('/elements/error.html') %> @@ -47,10 +47,15 @@ function changed(what) { <CENTER><INPUT TYPE="submit" VALUE="Apply"></CENTER> </FORM> -</BODY> -</HTML> + +<% include('/elements/footer.html') %> <%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #; + || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3 + my($paynum, $amount, $invnum); if ( $cgi->param('error') ) { $paynum = $cgi->param('paynum'); @@ -78,5 +83,5 @@ my @cust_bill = sort { $a->_date <=> $b->_date } grep { $_->owed != 0 } qsearch('cust_bill', { 'custnum' => $cust_pay->custnum } ); -</%init> +</%init> diff --git a/httemplate/edit/cust_credit.cgi b/httemplate/edit/cust_credit.cgi index 2ff09d00b..36109cf5d 100755 --- a/httemplate/edit/cust_credit.cgi +++ b/httemplate/edit/cust_credit.cgi @@ -48,12 +48,16 @@ Credit </FORM> </BODY> </HTML> - <%once> + my $conf = new FS::Conf; -</%once> +</%once> <%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Post credit'); + my($custnum, $amount, $reason); if ( $cgi->param('error') ) { #$cust_credit = new FS::cust_credit ( { @@ -76,4 +80,5 @@ my $_date = time; my $otaker = getotaker; my $p1 = popurl(1); + </%init> diff --git a/httemplate/edit/cust_credit_bill.cgi b/httemplate/edit/cust_credit_bill.cgi index ee29f8e0c..43ba4fb7e 100755 --- a/httemplate/edit/cust_credit_bill.cgi +++ b/httemplate/edit/cust_credit_bill.cgi @@ -1,4 +1,4 @@ -<% header("Apply Credit", '') %> +<% include('/elements/header-popup.html', 'Apply Credit') %> <% include('/elements/error.html') %> @@ -53,6 +53,11 @@ function changed(what) { </HTML> <%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Apply credit') #; + || $FS::CurrentUser::CurrentUser->access_right('Post credit'): #remove after 1.7.3 + my($crednum, $amount, $invnum); if ( $cgi->param('error') ) { #$cust_credit_bill = new FS::cust_credit_bill ( { @@ -85,5 +90,5 @@ my @cust_bill = sort { $a->_date <=> $b->_date } grep { $_->owed != 0 } qsearch('cust_bill', { 'custnum' => $cust_credit->custnum } ); -</%init> +</%init> diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi index be9dd1bfb..3ba097028 100755 --- a/httemplate/edit/cust_main.cgi +++ b/httemplate/edit/cust_main.cgi @@ -1,110 +1,10 @@ -% -% -% #for misplaced logic below -% #use FS::part_pkg; -% -% #for false laziness below (now more properly lazy) -% #use FS::svc_acct_pop; -% -% #for (other) false laziness below -% #use FS::agent; -% #use FS::type_pkgs; -% -%my $conf = new FS::Conf; -% -%#get record -% -%my $error = ''; -%my($custnum, $username, $password, $popnum, $cust_main, $saved_pkgpart, $saved_domsvc); -%my(@invoicing_list); -%my ($ss,$stateid,$payinfo); -%my $same = ''; -%if ( $cgi->param('error') ) { -% $error = $cgi->param('error'); -% $cust_main = new FS::cust_main ( { -% map { $_, scalar($cgi->param($_)) } fields('cust_main') -% } ); -% $custnum = $cust_main->custnum; -% $saved_domsvc = $cgi->param('domsvc') || ''; -% if ( $saved_domsvc =~ /^(\d+)$/ ) { -% $saved_domsvc = $1; -% } else { -% $saved_domsvc = ''; -% } -% $saved_pkgpart = $cgi->param('pkgpart_svcpart') || ''; -% if ( $saved_pkgpart =~ /^(\d+)_/ ) { -% $saved_pkgpart = $1; -% } else { -% $saved_pkgpart = ''; -% } -% $username = $cgi->param('username'); -% $password = $cgi->param('_password'); -% $popnum = $cgi->param('popnum'); -% @invoicing_list = split( /\s*,\s*/, $cgi->param('invoicing_list') ); -% $same = $cgi->param('same'); -% $cust_main->setfield('paid' => $cgi->param('paid')) if $cgi->param('paid'); -% $ss = $cust_main->ss; # don't mask an entered value on errors -% $stateid = $cust_main->stateid; # don't mask an entered value on errors -% $payinfo = $cust_main->payinfo; # don't mask an entered value on errors -%} elsif ( $cgi->keywords ) { #editing -% my( $query ) = $cgi->keywords; -% $query =~ /^(\d+)$/; -% $custnum=$1; -% $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ); -% if ( $cust_main->dbdef_table->column('paycvv') -% && length($cust_main->paycvv) ) { -% my $paycvv = $cust_main->paycvv; -% $paycvv =~ s/./*/g; -% $cust_main->paycvv($paycvv); -% } -% $saved_pkgpart = 0; -% $saved_domsvc = 0; -% $username = ''; -% $password = ''; -% $popnum = 0; -% @invoicing_list = $cust_main->invoicing_list; -% $ss = $cust_main->masked('ss'); -% $stateid = $cust_main->masked('stateid'); -% $payinfo = $cust_main->paymask; -%} else { -% $custnum=''; -% $cust_main = new FS::cust_main ( {} ); -% $cust_main->otaker( &getotaker ); -% $cust_main->referral_custnum( $cgi->param('referral_custnum') ); -% $saved_pkgpart = 0; -% $saved_domsvc = 0; -% $username = ''; -% $password = ''; -% $popnum = 0; -% @invoicing_list = (); -% push @invoicing_list, 'POST' -% unless $conf->exists('disablepostalinvoicedefault'); -% $ss = ''; -% $stateid = ''; -% $payinfo = ''; -%} -%$cgi->delete_all(); -% -%my $action = $custnum ? 'Edit' : 'Add'; -%$action .= ": ". $cust_main->name if $custnum; -% -%my $r = qq!<font color="#ff0000">*</font> !; -% -% - - -<!-- top --> - <% include('/elements/header.html', "Customer $action", '', ' onUnload="myclose()"' ) %> -% if ( $error ) { - -<FONT SIZE="+1" COLOR="#ff0000">Error: <% $error %></FONT><BR><BR> -% } +<% include('/elements.error.html') %> <FORM NAME="topform" STYLE="margin-bottom: 0"> <INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum %>"> @@ -544,3 +444,97 @@ function copyelement(from, to) { <% include('/elements/footer.html') %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer'); + +#for misplaced logic below +#use FS::part_pkg; + +#for false laziness below (now more properly lazy) +#use FS::svc_acct_pop; + +#for (other) false laziness below +#use FS::agent; +#use FS::type_pkgs; + +my $conf = new FS::Conf; + +#get record + +my($custnum, $username, $password, $popnum, $cust_main, $saved_pkgpart, $saved_domsvc); +my(@invoicing_list); +my ($ss,$stateid,$payinfo); +my $same = ''; +if ( $cgi->param('error') ) { + $cust_main = new FS::cust_main ( { + map { $_, scalar($cgi->param($_)) } fields('cust_main') + } ); + $custnum = $cust_main->custnum; + $saved_domsvc = $cgi->param('domsvc') || ''; + if ( $saved_domsvc =~ /^(\d+)$/ ) { + $saved_domsvc = $1; + } else { + $saved_domsvc = ''; + } + $saved_pkgpart = $cgi->param('pkgpart_svcpart') || ''; + if ( $saved_pkgpart =~ /^(\d+)_/ ) { + $saved_pkgpart = $1; + } else { + $saved_pkgpart = ''; + } + $username = $cgi->param('username'); + $password = $cgi->param('_password'); + $popnum = $cgi->param('popnum'); + @invoicing_list = split( /\s*,\s*/, $cgi->param('invoicing_list') ); + $same = $cgi->param('same'); + $cust_main->setfield('paid' => $cgi->param('paid')) if $cgi->param('paid'); + $ss = $cust_main->ss; # don't mask an entered value on errors + $stateid = $cust_main->stateid; # don't mask an entered value on errors + $payinfo = $cust_main->payinfo; # don't mask an entered value on errors +} elsif ( $cgi->keywords ) { #editing + my( $query ) = $cgi->keywords; + $query =~ /^(\d+)$/; + $custnum=$1; + $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ); + if ( $cust_main->dbdef_table->column('paycvv') + && length($cust_main->paycvv) ) { + my $paycvv = $cust_main->paycvv; + $paycvv =~ s/./*/g; + $cust_main->paycvv($paycvv); + } + $saved_pkgpart = 0; + $saved_domsvc = 0; + $username = ''; + $password = ''; + $popnum = 0; + @invoicing_list = $cust_main->invoicing_list; + $ss = $cust_main->masked('ss'); + $stateid = $cust_main->masked('stateid'); + $payinfo = $cust_main->paymask; +} else { + $custnum=''; + $cust_main = new FS::cust_main ( {} ); + $cust_main->otaker( &getotaker ); + $cust_main->referral_custnum( $cgi->param('referral_custnum') ); + $saved_pkgpart = 0; + $saved_domsvc = 0; + $username = ''; + $password = ''; + $popnum = 0; + @invoicing_list = (); + push @invoicing_list, 'POST' + unless $conf->exists('disablepostalinvoicedefault'); + $ss = ''; + $stateid = ''; + $payinfo = ''; +} +$cgi->delete_all(); + +my $action = $custnum ? 'Edit' : 'Add'; +$action .= ": ". $cust_main->name if $custnum; + +my $r = qq!<font color="#ff0000">*</font> !; + +</%init> diff --git a/httemplate/edit/cust_main_county-expand.cgi b/httemplate/edit/cust_main_county-expand.cgi index abf8e27f2..22e823021 100755 --- a/httemplate/edit/cust_main_county-expand.cgi +++ b/httemplate/edit/cust_main_county-expand.cgi @@ -18,6 +18,9 @@ <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + my($taxnum, $expansion, $taxclass); my($query) = $cgi->keywords; if ( $cgi->param('error') ) { diff --git a/httemplate/edit/cust_main_note.cgi b/httemplate/edit/cust_main_note.cgi index 58ea779a2..6c6a1a9a0 100755 --- a/httemplate/edit/cust_main_note.cgi +++ b/httemplate/edit/cust_main_note.cgi @@ -20,13 +20,12 @@ </HTML> <%init> -my($custnum, $comment, $notenum, $action); -$comment = ''; +my $comment; +my $notenum = ''; if ( $cgi->param('error') ) { $comment = $cgi->param('comment'); -}elsif ($cgi->param('notenum')) { - $cgi->param('notenum') =~ /^(\d+)$/; +} elsif ( $cgi->param('notenum') =~ /^(\d+)$/ ) { $notenum = $1; die "illegal query ". $cgi->keywords unless $notenum; my $note = qsearchs('cust_main_note', { 'notenum' => $notenum }); @@ -34,15 +33,13 @@ if ( $cgi->param('error') ) { $comment = $note->comments; } -$cgi->param('notenum') =~ /^(\d+)$/; -$notenum = $1; +$cgi->param('custnum') =~ /^(\d+)$/ or die "illeagl custnum"; +my $custnum = $1; -$cgi->param('custnum') =~ /^(\d+)$/; -$custnum = $1; +my $action = $notenum ? 'Edit' : 'Add'; -die "illegal query ". $cgi->keywords unless $custnum; - -$action = $notenum ? 'Edit' : 'Add'; +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right("$action customer note"); </%init> diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi index aaa200fc4..92abb7be8 100755 --- a/httemplate/edit/cust_pay.cgi +++ b/httemplate/edit/cust_pay.cgi @@ -86,6 +86,7 @@ Payment </HTML> <%once> + my $conf = new FS::Conf; my %payby = ( @@ -96,9 +97,13 @@ my %payby = ( ); my $money_char = $conf->config('money_char') || '$'; -</%once> +</%once> <%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); + my($link, $linknum, $paid, $payby, $payinfo, $_date); if ( $cgi->param('error') ) { $link = $cgi->param('link'); diff --git a/httemplate/edit/cust_pkg.cgi b/httemplate/edit/cust_pkg.cgi index 065136c55..ecc21195d 100755 --- a/httemplate/edit/cust_pkg.cgi +++ b/httemplate/edit/cust_pkg.cgi @@ -1,35 +1,3 @@ -% -% -%my %pkg = (); -%my %comment = (); -%my %all_pkg = (); -%my %all_comment = (); -%#foreach (qsearch('part_pkg', { 'disabled' => '' })) { -%# $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg'); -%# $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment'); -%#} -%foreach (qsearch('part_pkg', {} )) { -% $all_pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg'); -% $all_comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment'); -% next if $_->disabled; -% $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg'); -% $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment'); -%} -% -%my($custnum, %remove_pkg); -%if ( $cgi->param('error') ) { -% $custnum = $cgi->param('custnum'); -% %remove_pkg = map { $_ => 1 } $cgi->param('remove_pkg'); -%} else { -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/; -% $custnum = $1; -% %remove_pkg = (); -%} -% -%my $p1 = popurl(1); -% -% <% include('/elements/header.html', "Add/Edit Packages", '') %> <% include('/elements/error.html') %> @@ -147,3 +115,40 @@ Order new packages </FORM> <% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Bulk change customer packages'); + +my %pkg = (); +my %comment = (); +my %all_pkg = (); +my %all_comment = (); +#foreach (qsearch('part_pkg', { 'disabled' => '' })) { +# $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg'); +# $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment'); +#} +foreach (qsearch('part_pkg', {} )) { + $all_pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg'); + $all_comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment'); + next if $_->disabled; + $pkg{ $_ -> getfield('pkgpart') } = $_->getfield('pkg'); + $comment{ $_ -> getfield('pkgpart') } = $_->getfield('comment'); +} + +my($custnum, %remove_pkg); +if ( $cgi->param('error') ) { + $custnum = $cgi->param('custnum'); + %remove_pkg = map { $_ => 1 } $cgi->param('remove_pkg'); +} else { + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/; + $custnum = $1; + %remove_pkg = (); +} + +my $p1 = popurl(1); + +</%init> + diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi index b260949f0..3333f5d8c 100755 --- a/httemplate/edit/cust_refund.cgi +++ b/httemplate/edit/cust_refund.cgi @@ -1,33 +1,3 @@ -% -% -%my $conf = new FS::Conf; -%my $custnum = $cgi->param('custnum'); -%my $refund = $cgi->param('refund'); -%my $payby = $cgi->param('payby'); -%my $reason = $cgi->param('reason'); -% -%my( $paynum, $cust_pay ) = ( '', '' ); -%if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { -% $paynum = $1; -% $cust_pay = qsearchs('cust_pay', { paynum=>$paynum } ) -% or die "unknown payment # $paynum"; -% $refund ||= $cust_pay->unrefunded; -% if ( $custnum ) { -% die "payment # $paynum is not for specified customer # $custnum" -% unless $custnum == $cust_pay->custnum; -% } else { -% $custnum = $cust_pay->custnum; -% } -%} -%die "no custnum or paynum specified!" unless $custnum; -% -%my $_date = time; -% -%my $p1 = popurl(1); -% -% - - <% include('/elements/header.html', 'Refund '. ucfirst(lc($payby)). ' payment', '') %> <% include('/elements/error.html') %> @@ -138,3 +108,34 @@ <% include('/elements/footer.html') %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); + +my $conf = new FS::Conf; +my $custnum = $cgi->param('custnum'); +my $refund = $cgi->param('refund'); +my $payby = $cgi->param('payby'); +my $reason = $cgi->param('reason'); + +my( $paynum, $cust_pay ) = ( '', '' ); +if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { + $paynum = $1; + $cust_pay = qsearchs('cust_pay', { paynum=>$paynum } ) + or die "unknown payment # $paynum"; + $refund ||= $cust_pay->unrefunded; + if ( $custnum ) { + die "payment # $paynum is not for specified customer # $custnum" + unless $custnum == $cust_pay->custnum; + } else { + $custnum = $cust_pay->custnum; + } +} +die "no custnum or paynum specified!" unless $custnum; + +my $_date = time; + +my $p1 = popurl(1); + +</%init> diff --git a/httemplate/edit/inventory_class.html b/httemplate/edit/inventory_class.html index beefcd580..3ab47fe28 100644 --- a/httemplate/edit/inventory_class.html +++ b/httemplate/edit/inventory_class.html @@ -8,3 +8,9 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/part_bill_event.cgi b/httemplate/edit/part_bill_event.cgi index bb7aea49b..c7f452dc3 100755 --- a/httemplate/edit/part_bill_event.cgi +++ b/httemplate/edit/part_bill_event.cgi @@ -1,40 +1,6 @@ -<!--mason kludge--> -% -% -%if ( $cgi->param('eventpart') && $cgi->param('eventpart') =~ /^(\d+)$/ ) { -% $cgi->param('eventpart', $1); -%} else { -% $cgi->param('eventpart', ''); -%} -% -%my ($creason, $newcreasonT, $newcreason); -%my ($sreason, $newsreasonT, $newsreason); -% -% -%my ($query) = $cgi->keywords; -%my $action = ''; -%my $part_bill_event = ''; -%my $currentreasonclass = ''; -%if ( $cgi->param('error') ) { -% $part_bill_event = new FS::part_bill_event ( { -% map { $_, scalar($cgi->param($_)) } fields('part_bill_event') -% } ); -%} -%if ( $query && $query =~ /^(\d+)$/ ) { -% $part_bill_event ||= qsearchs('part_bill_event',{'eventpart'=>$1}); -%} else { -% $part_bill_event ||= new FS::part_bill_event {}; -%} -%$action ||= $part_bill_event->eventpart ? 'Edit' : 'Add'; -%my $hashref = $part_bill_event->hashref; -% -% - - <% include('/elements/header.html', "$action Invoice Event Definition", menubar( - 'Main Menu' => popurl(2), 'View all invoice events' => popurl(2). 'browse/part_bill_event.cgi', ) ) @@ -536,7 +502,38 @@ Invoice Event #<% $hashref->{eventpart} ? $hashref->{eventpart} : "(NEW)" %> </FORM> - </BODY> -</HTML> +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +if ( $cgi->param('eventpart') && $cgi->param('eventpart') =~ /^(\d+)$/ ) { + $cgi->param('eventpart', $1); +} else { + $cgi->param('eventpart', ''); +} + +my ($creason, $newcreasonT, $newcreason); +my ($sreason, $newsreasonT, $newsreason); + +my ($query) = $cgi->keywords; +my $action = ''; +my $part_bill_event = ''; +my $currentreasonclass = ''; +if ( $cgi->param('error') ) { + $part_bill_event = new FS::part_bill_event ( { + map { $_, scalar($cgi->param($_)) } fields('part_bill_event') + } ); +} +if ( $query && $query =~ /^(\d+)$/ ) { + $part_bill_event ||= qsearchs('part_bill_event',{'eventpart'=>$1}); +} else { + $part_bill_event ||= new FS::part_bill_event {}; +} +$action ||= $part_bill_event->eventpart ? 'Edit' : 'Add'; +my $hashref = $part_bill_event->hashref; +</%init> diff --git a/httemplate/edit/part_export.cgi b/httemplate/edit/part_export.cgi index 72a07134b..d57979751 100644 --- a/httemplate/edit/part_export.cgi +++ b/httemplate/edit/part_export.cgi @@ -1,110 +1,4 @@ -<!-- mason kludge --> -% -% -%#if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) { -%# $cgi->param('clone', $1); -%#} else { -%# $cgi->param('clone', ''); -%#} -% -%my($query) = $cgi->keywords; -%my $action = ''; -%my $part_export = ''; -%if ( $cgi->param('error') ) { -% $part_export = new FS::part_export ( { -% map { $_, scalar($cgi->param($_)) } fields('part_export') -% } ); -%} elsif ( $query =~ /^(\d+)$/ ) { -% $part_export = qsearchs('part_export', { 'exportnum' => $1 } ); -%} else { -% $part_export = new FS::part_export; -%} -%$action ||= $part_export->exportnum ? 'Edit' : 'Add'; -% -%#my $exports = FS::part_export::export_info($svcdb); -%my $exports = FS::part_export::export_info(); -% -%my %layers = map { $_ => "$_ - ". $exports->{$_}{desc} } keys %$exports; -%$layers{''}=''; -% -%my $widget = new HTML::Widgets::SelectLayers( -% 'selected_layer' => $part_export->exporttype, -% 'options' => \%layers, -% 'form_name' => 'dummy', -% 'form_action' => 'process/part_export.cgi', -% 'form_text' => [qw( exportnum machine )], -%# 'form_checkbox' => [qw()], -% 'html_between' => "</TD></TR></TABLE>\n", -% 'layer_callback' => sub { -% my $layer = shift; -% my $html = qq!<INPUT TYPE="hidden" NAME="exporttype" VALUE="$layer">!. -% ntable("#cccccc",2); -% -% $html .= '<TR><TD ALIGN="right">Description</TD><TD BGCOLOR=#ffffff>'. -% $exports->{$layer}{notes}. '</TD></TR>' -% if $layer; -% -% foreach my $option ( keys %{$exports->{$layer}{options}} ) { -% my $optinfo = $exports->{$layer}{options}{$option}; -% die "Retreived non-ref export info option from $layer export: $optinfo" -% unless ref($optinfo); -% my $label = $optinfo->{label}; -% my $type = defined($optinfo->{type}) ? $optinfo->{type} : 'text'; -% my $value = $cgi->param($option) -% || ( $part_export->exportnum && $part_export->option($option) ) -% || ( (exists $optinfo->{default} && !$part_export->exportnum) -% ? $optinfo->{default} -% : '' -% ); -% $html .= qq!<TR><TD ALIGN="right">$label</TD><TD>!; -% if ( $type eq 'select' ) { -% $html .= qq!<SELECT NAME="$option">!; -% foreach my $select_option ( @{$optinfo->{options}} ) { -% #if ( ref($select_option) ) { -% #} else { -% my $selected = $select_option eq $value ? ' SELECTED' : ''; -% $html .= qq!<OPTION VALUE="$select_option"$selected>!. -% qq!$select_option</OPTION>!; -% #} -% } -% $html .= '</SELECT>'; -% } elsif ( $type eq 'textarea' ) { -% $html .= qq!<TEXTAREA NAME="$option" COLS=80 ROWS=8 WRAP="virtual">!. -% encode_entities($value). '</TEXTAREA>'; -% } elsif ( $type eq 'text' ) { -% $html .= qq!<INPUT TYPE="text" NAME="$option" VALUE="!. -% encode_entities($value). '" SIZE=64>'; -% } elsif ( $type eq 'checkbox' ) { -% $html .= qq!<INPUT TYPE="checkbox" NAME="$option" VALUE="1"!; -% $html .= ' CHECKED' if $value; -% $html .= '>'; -% } else { -% $html .= "unknown type $type"; -% } -% $html .= '</TD></TR>'; -% } -% $html .= '</TABLE>'; -% -% $html .= '<INPUT TYPE="hidden" NAME="options" VALUE="'. -% join(',', keys %{$exports->{$layer}{options}} ). '">'; -% -% $html .= '<INPUT TYPE="hidden" NAME="nodomain" VALUE="'. -% $exports->{$layer}{nodomain}. '">'; -% -% $html .= '<INPUT TYPE="submit" VALUE="'. -% ( $part_export->exportnum ? "Apply changes" : "Add export" ). -% '">'; -% -% $html; -% }, -%); -% -% - -<% include("/elements/header.html","$action Export", menubar( - 'Main Menu' => popurl(2), -), ' onLoad="visualize()"') -%> +<% include('/elements/header.html', "$action Export", '', ' onLoad="visualize()"') %> <% include('/elements/error.html') %> @@ -121,6 +15,109 @@ <TR> <TD ALIGN="right">Export</TD> <TD><% $widget->html %> -</BODY> -</HTML> +<% include('/elements/footer.html') %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +#if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) { +# $cgi->param('clone', $1); +#} else { +# $cgi->param('clone', ''); +#} + +my($query) = $cgi->keywords; +my $action = ''; +my $part_export = ''; +if ( $cgi->param('error') ) { + $part_export = new FS::part_export ( { + map { $_, scalar($cgi->param($_)) } fields('part_export') + } ); +} elsif ( $query =~ /^(\d+)$/ ) { + $part_export = qsearchs('part_export', { 'exportnum' => $1 } ); +} else { + $part_export = new FS::part_export; +} +$action ||= $part_export->exportnum ? 'Edit' : 'Add'; + +#my $exports = FS::part_export::export_info($svcdb); +my $exports = FS::part_export::export_info(); + +my %layers = map { $_ => "$_ - ". $exports->{$_}{desc} } keys %$exports; +$layers{''}=''; + +my $widget = new HTML::Widgets::SelectLayers( + 'selected_layer' => $part_export->exporttype, + 'options' => \%layers, + 'form_name' => 'dummy', + 'form_action' => 'process/part_export.cgi', + 'form_text' => [qw( exportnum machine )], +# 'form_checkbox' => [qw()], + 'html_between' => "</TD></TR></TABLE>\n", + 'layer_callback' => sub { + my $layer = shift; + my $html = qq!<INPUT TYPE="hidden" NAME="exporttype" VALUE="$layer">!. + ntable("#cccccc",2); + + $html .= '<TR><TD ALIGN="right">Description</TD><TD BGCOLOR=#ffffff>'. + $exports->{$layer}{notes}. '</TD></TR>' + if $layer; + + foreach my $option ( keys %{$exports->{$layer}{options}} ) { + my $optinfo = $exports->{$layer}{options}{$option}; + die "Retreived non-ref export info option from $layer export: $optinfo" + unless ref($optinfo); + my $label = $optinfo->{label}; + my $type = defined($optinfo->{type}) ? $optinfo->{type} : 'text'; + my $value = $cgi->param($option) + || ( $part_export->exportnum && $part_export->option($option) ) + || ( (exists $optinfo->{default} && !$part_export->exportnum) + ? $optinfo->{default} + : '' + ); + $html .= qq!<TR><TD ALIGN="right">$label</TD><TD>!; + if ( $type eq 'select' ) { + $html .= qq!<SELECT NAME="$option">!; + foreach my $select_option ( @{$optinfo->{options}} ) { + #if ( ref($select_option) ) { + #} else { + my $selected = $select_option eq $value ? ' SELECTED' : ''; + $html .= qq!<OPTION VALUE="$select_option"$selected>!. + qq!$select_option</OPTION>!; + #} + } + $html .= '</SELECT>'; + } elsif ( $type eq 'textarea' ) { + $html .= qq!<TEXTAREA NAME="$option" COLS=80 ROWS=8 WRAP="virtual">!. + encode_entities($value). '</TEXTAREA>'; + } elsif ( $type eq 'text' ) { + $html .= qq!<INPUT TYPE="text" NAME="$option" VALUE="!. + encode_entities($value). '" SIZE=64>'; + } elsif ( $type eq 'checkbox' ) { + $html .= qq!<INPUT TYPE="checkbox" NAME="$option" VALUE="1"!; + $html .= ' CHECKED' if $value; + $html .= '>'; + } else { + $html .= "unknown type $type"; + } + $html .= '</TD></TR>'; + } + $html .= '</TABLE>'; + + $html .= '<INPUT TYPE="hidden" NAME="options" VALUE="'. + join(',', keys %{$exports->{$layer}{options}} ). '">'; + + $html .= '<INPUT TYPE="hidden" NAME="nodomain" VALUE="'. + $exports->{$layer}{nodomain}. '">'; + + $html .= '<INPUT TYPE="submit" VALUE="'. + ( $part_export->exportnum ? "Apply changes" : "Add export" ). + '">'; + + $html; + }, +); + +</%init> diff --git a/httemplate/edit/part_pkg.cgi b/httemplate/edit/part_pkg.cgi index a337d2272..82d622610 100755 --- a/httemplate/edit/part_pkg.cgi +++ b/httemplate/edit/part_pkg.cgi @@ -1,5 +1,4 @@ -<% include("/elements/header.html","$action Package Definition", menubar( - 'Main Menu' => popurl(2), +<% include('/elements/header.html', "$action Package Definition", menubar( 'View all packages' => popurl(2). 'browse/part_pkg.cgi', )) %> % #), ' onLoad="visualize()"'); @@ -360,10 +359,18 @@ Line-item revenue recognition <BR><BR>Price plan <% $widget->html %> - </BODY> -</HTML> + +<% include('/elements/footer.html') %> <%init> +#1.7 +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +#1.9 +#die "access denied" +# unless $FS::CurrentUser::CurrentUser->access_right('Edit package definitions') +# || $FS::CurrentUser::CurrentUser->access_right('Edit global package definitions'); + if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) { $cgi->param('clone', $1); } else { diff --git a/httemplate/edit/part_referral.html b/httemplate/edit/part_referral.html index f4572c067..daf8773f0 100755 --- a/httemplate/edit/part_referral.html +++ b/httemplate/edit/part_referral.html @@ -10,3 +10,10 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit advertising sources') + || $FS::CurrentUser::CurrentUser->access_right('Edit global advertising sources'); + +</%init> diff --git a/httemplate/edit/part_svc.cgi b/httemplate/edit/part_svc.cgi index 9432839e7..4b8a24080 100755 --- a/httemplate/edit/part_svc.cgi +++ b/httemplate/edit/part_svc.cgi @@ -1,34 +1,7 @@ -% -%my $part_svc; -%my $clone = ''; -%if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {#clone -% #$cgi->param('clone') =~ /^(\d+)$/ or die "malformed query: $query"; -% $part_svc = qsearchs('part_svc', { 'svcpart'=>$1 } ) -% or die "unknown svcpart: $1"; -% $clone = $part_svc->svcpart; -% $part_svc->svcpart(''); -%} elsif ( $cgi->keywords ) { #edit -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/ or die "malformed query: $query"; -% $part_svc=qsearchs('part_svc', { 'svcpart'=>$1 } ) -% or die "unknown svcpart: $1"; -%} else { #adding -% $part_svc = new FS::part_svc {}; -%} -% -%my $action = $part_svc->svcpart ? 'Edit' : 'Add'; -%my $hashref = $part_svc->hashref; -%# my $p_svcdb = $part_svc->svcdb || 'svc_acct'; -% -% -% #" onLoad=\"visualize()\"" -% - -<% include("/elements/header.html","$action Service Definition", - menubar( 'Main Menu' => $p, - 'View all service definitions' => "${p}browse/part_svc.cgi" - ), - ) +<% include('/elements/header.html', "$action Service Definition", + menubar('View all service definitions' => "${p}browse/part_svc.cgi"), + #" onLoad=\"visualize()\"" + ) %> <FORM NAME="dummy"> @@ -350,6 +323,38 @@ that field. % Table <% $widget->html %> - </BODY> -</HTML> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $part_svc; +my $clone = ''; +if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {#clone + #$cgi->param('clone') =~ /^(\d+)$/ or die "malformed query: $query"; + $part_svc = qsearchs('part_svc', { 'svcpart'=>$1 } ) + or die "unknown svcpart: $1"; + $clone = $part_svc->svcpart; + $part_svc->svcpart(''); +} elsif ( $cgi->keywords ) { #edit + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "malformed query: $query"; + $part_svc=qsearchs('part_svc', { 'svcpart'=>$1 } ) + or die "unknown svcpart: $1"; +} else { #adding + $part_svc = new FS::part_svc {}; +} + +my $action = $part_svc->svcpart ? 'Edit' : 'Add'; +my $hashref = $part_svc->hashref; +# my $p_svcdb = $part_svc->svcdb || 'svc_acct'; + + + +</%init> + + diff --git a/httemplate/edit/part_virtual_field.cgi b/httemplate/edit/part_virtual_field.cgi index f7f20cfd7..04ba9b0c0 100644 --- a/httemplate/edit/part_virtual_field.cgi +++ b/httemplate/edit/part_virtual_field.cgi @@ -1,27 +1,3 @@ -% -%my ($vfieldpart, $part_virtual_field); -% -%if ( $cgi->param('error') ) { -% $part_virtual_field = new FS::part_virtual_field ( { -% map { $_, scalar($cgi->param($_)) } fields('part_virtual_field')}); -% $vfieldpart = $part_virtual_field->vfieldpart; -%} else { -% my($query) = $cgi->keywords; -% if ( $query =~ /^(\d+)$/ ) { #editing -% $vfieldpart=$1; -% $part_virtual_field=qsearchs('part_virtual_field', -% {'vfieldpart' => $vfieldpart}) -% or die "Unknown vfieldpart!"; -% -% } else { #adding -% $part_virtual_field = new FS::part_virtual_field({}); -% } -%} -%my $action = $part_virtual_field->vfieldpart ? 'Edit' : 'Add'; -% -%my $p1 = popurl(1); -% -% <% include('/elements/header.html', "$action Virtual Field Definition") %> <% include('/elements/error.html') %> @@ -97,3 +73,32 @@ Field #<B><%$vfieldpart or "(NEW)"%></B><BR><BR> <I>list_source</I> mean, <B>LEAVE THEM BLANK</B>. We mean it.</FONT> <% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my ($vfieldpart, $part_virtual_field); + +if ( $cgi->param('error') ) { + $part_virtual_field = new FS::part_virtual_field ( { + map { $_, scalar($cgi->param($_)) } fields('part_virtual_field')}); + $vfieldpart = $part_virtual_field->vfieldpart; +} else { + my($query) = $cgi->keywords; + if ( $query =~ /^(\d+)$/ ) { #editing + $vfieldpart=$1; + $part_virtual_field=qsearchs('part_virtual_field', + {'vfieldpart' => $vfieldpart}) + or die "Unknown vfieldpart!"; + + } else { #adding + $part_virtual_field = new FS::part_virtual_field({}); + } +} +my $action = $part_virtual_field->vfieldpart ? 'Edit' : 'Add'; + +my $p1 = popurl(1); + +</%init> diff --git a/httemplate/edit/payment_gateway.html b/httemplate/edit/payment_gateway.html index 84d453cdd..e3893cf49 100644 --- a/httemplate/edit/payment_gateway.html +++ b/httemplate/edit/payment_gateway.html @@ -1,25 +1,4 @@ -% -% -%my $payment_gateway; -%if ( $cgi->param('error') ) { -% $payment_gateway = new FS::payment_gateway ( { -% map { $_, scalar($cgi->param($_)) } fields('payment_gateway') -% } ); -%} elsif ( $cgi->keywords ) { -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/; -% $payment_gateway = qsearchs( 'payment_gateway', { 'gatewaynum' => $1 } ); -%} else { #adding -% $payment_gateway = new FS::payment_gateway {}; -%} -%my $action = $payment_gateway->gatewaynum ? 'Edit' : 'Add'; -%#my $hashref = $payment_gateway->hashref; -% -% - - <% include("/elements/header.html","$action Payment gateway", menubar( - 'Main Menu' => $p, 'View all payment gateways' => $p. 'browse/payment_gateway.html', )) %> @@ -127,6 +106,27 @@ Gateway #<% $payment_gateway->gatewaynum || "(NEW)" %> <BR><INPUT TYPE="submit" VALUE="<% $payment_gateway->gatewaynum ? "Apply changes" : "Add gateway" %>"> </FORM> - </BODY> -</HTML> +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $payment_gateway; +if ( $cgi->param('error') ) { + $payment_gateway = new FS::payment_gateway ( { + map { $_, scalar($cgi->param($_)) } fields('payment_gateway') + } ); +} elsif ( $cgi->keywords ) { + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/; + $payment_gateway = qsearchs( 'payment_gateway', { 'gatewaynum' => $1 } ); +} else { #adding + $payment_gateway = new FS::payment_gateway {}; +} +my $action = $payment_gateway->gatewaynum ? 'Edit' : 'Add'; +#my $hashref = $payment_gateway->hashref; + +</%init> diff --git a/httemplate/edit/pkg_class.html b/httemplate/edit/pkg_class.html index 6f2b072f1..eddbfc16e 100644 --- a/httemplate/edit/pkg_class.html +++ b/httemplate/edit/pkg_class.html @@ -14,3 +14,9 @@ ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/prepay_credit.cgi b/httemplate/edit/prepay_credit.cgi index c32c04d16..9e1c30ba6 100644 --- a/httemplate/edit/prepay_credit.cgi +++ b/httemplate/edit/prepay_credit.cgi @@ -1,38 +1,11 @@ -% -%my $agent = ''; -%my $agentnum = ''; -%if ( $cgi->param('agentnum') =~ /^(\d+)$/ ) { -% $agent = qsearchs('agent', { 'agentnum' => $agentnum=$1 } ); -%} -% -%tie my %multiplier, 'Tie::IxHash', -% 1 => 'seconds', -% 60 => 'minutes', -% 3600 => 'hours', -%; -% -%tie my %bytemultiplier, 'Tie::IxHash', -% 1 => 'bytes', -% 1000 => 'Kbytes', -% 1000000 => 'Mbytes', -% 1000000000 => 'Gbytes', -%; -% -%$cgi->param('multiplier', '60') unless $cgi->param('multiplier'); -%$cgi->param('upmultiplier', '1000000') unless $cgi->param('upmultiplier'); -%$cgi->param('downmultiplier', '1000000') unless $cgi->param('downmultiplier'); -%$cgi->param('totalmultiplier','1000000') unless $cgi->param('totalmultiplier'); - -<% include("/elements/header.html",'Generate prepaid cards'. ($agent ? ' for '. $agent->agent : ''), - menubar( 'Main Menu' => $p, )) -%> +<% include("/elements/header.html",'Generate prepaid cards'. ($agent ? ' for '. $agent->agent : '') ) %> <% include('/elements/error.html') %> <FORM ACTION="<%popurl(1)%>process/prepay_credit.cgi" METHOD="POST" NAME="OneTrueForm" onSubmit="document.OneTrueForm.submit.disabled=true"> Generate -<INPUT TYPE="text" NAME="num" VALUE="<% $cgi->param('num') || '(quantity)' %>" SIZE=10 MAXLENGTH=10 onFocus="if ( this.value == '(quantity)' ) { this.value = ''; }"> +<INPUT TYPE="text" NAME="num" VALUE="<% $cgi->param('num') || '(quantity)' |h %>" SIZE=10 MAXLENGTH=10 onFocus="if ( this.value == '(quantity)' ) { this.value = ''; }"> <SELECT NAME="type"> % foreach (qw(alpha alphanumeric numeric)) { @@ -52,10 +25,10 @@ prepaid cards <TABLE> <TR><TD>Value: -$<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amount') %>"> +$<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amount') |h %>"> </TD> <TD>and/or -<INPUT TYPE="text" NAME="seconds" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('seconds') %>"> +<INPUT TYPE="text" NAME="seconds" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('seconds') |h %>"> <SELECT NAME="multiplier"> % foreach my $multiplier ( keys %multiplier ) { @@ -66,7 +39,7 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou </TD></TR> <TR><TD></TD> <TD>and/or -<INPUT TYPE="text" NAME="upbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('upbytes') %>"> +<INPUT TYPE="text" NAME="upbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('upbytes') |h %>"> <SELECT NAME="upmultiplier"> % foreach my $multiplier ( keys %bytemultiplier ) { @@ -77,7 +50,7 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou </TD></TR> <TR><TD></TD> <TD>and/or -<INPUT TYPE="text" NAME="downbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('downbytes') %>"> +<INPUT TYPE="text" NAME="downbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('downbytes') |h %>"> <SELECT NAME="downmultiplier"> % foreach my $multiplier ( keys %bytemultiplier ) { @@ -88,7 +61,7 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou </TD></TR> <TR><TD></TD> <TD>and/or -<INPUT TYPE="text" NAME="totalbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('totalbytes') %>"> +<INPUT TYPE="text" NAME="totalbytes" SIZE=6 MAXLENGTH=5 VALUE="<% $cgi->param('totalbytes') |h %>"> <SELECT NAME="totalmultiplier"> % foreach my $multiplier ( keys %bytemultiplier ) { @@ -101,5 +74,37 @@ $<INPUT TYPE="text" NAME="amount" SIZE=8 MAXLENGTH=7 VALUE="<% $cgi->param('amou <BR><BR> <INPUT TYPE="submit" NAME="submit" VALUE="Generate" onSubmit="this.disabled = true"> -</FORM></BODY></HTML> +</FORM> +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $agent = ''; +my $agentnum = ''; +if ( $cgi->param('agentnum') =~ /^(\d+)$/ ) { + $agent = qsearchs('agent', { 'agentnum' => $agentnum=$1 } ); +} + +tie my %multiplier, 'Tie::IxHash', + 1 => 'seconds', + 60 => 'minutes', + 3600 => 'hours', +; + +tie my %bytemultiplier, 'Tie::IxHash', + 1 => 'bytes', + 1000 => 'Kbytes', + 1000000 => 'Mbytes', + 1000000000 => 'Gbytes', +; + +$cgi->param('multiplier', '60') unless $cgi->param('multiplier'); +$cgi->param('upmultiplier', '1000000') unless $cgi->param('upmultiplier'); +$cgi->param('downmultiplier', '1000000') unless $cgi->param('downmultiplier'); +$cgi->param('totalmultiplier','1000000') unless $cgi->param('totalmultiplier'); + +</%init> diff --git a/httemplate/edit/process/REAL_cust_pkg.cgi b/httemplate/edit/process/REAL_cust_pkg.cgi index ec951c86c..ebcb7e4ba 100755 --- a/httemplate/edit/process/REAL_cust_pkg.cgi +++ b/httemplate/edit/process/REAL_cust_pkg.cgi @@ -1,31 +1,36 @@ -%my $pkgnum = $cgi->param('pkgnum') or die; -%my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); -%my %hash = $old->hash; -%$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : ''; -%$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : ''; -%$hash{'last_bill'} = -% $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : ''; -%$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : ''; -%$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : ''; -% -%my $new; -%my $error; -%if ( $hash{'bill'} != $old->bill # if the next bill date was changed -% && $hash{'bill'} < time # to a date in the past -% && ! $cgi->param('bill_areyousure') # and it wasn't confirmed -% ) -%{ -% $error = '_bill_areyousure'; -%} else { -% $new = new FS::cust_pkg \%hash; -% $error = $new->replace($old); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string ) %> %} else { % my $custnum = $new->custnum; -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum". -% "#cust_pkg$pkgnum" ); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum#cust_pkg$pkgnum" ) %> %} +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates'); + +my $pkgnum = $cgi->param('pkgnum') or die; +my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); +my %hash = $old->hash; +$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : ''; +$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : ''; +$hash{'last_bill'} = + $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : ''; +$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : ''; +$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : ''; + +my $new; +my $error; +if ( $hash{'bill'} != $old->bill # if the next bill date was changed + && $hash{'bill'} < time # to a date in the past + && ! $cgi->param('bill_areyousure') # and it wasn't confirmed + ) +{ + $error = '_bill_areyousure'; +} else { + $new = new FS::cust_pkg \%hash; + $error = $new->replace($old); +} + +</%init> diff --git a/httemplate/edit/process/access_user.html b/httemplate/edit/process/access_user.html index 9f7c4ddbf..ca6bb603f 100644 --- a/httemplate/edit/process/access_user.html +++ b/httemplate/edit/process/access_user.html @@ -13,3 +13,9 @@ ) %> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/agent.cgi b/httemplate/edit/process/agent.cgi index 5128d7ae8..ad550cc37 100755 --- a/httemplate/edit/process/agent.cgi +++ b/httemplate/edit/process/agent.cgi @@ -1,29 +1,30 @@ -% -% -%my $agentnum = $cgi->param('agentnum'); -% -%my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum; -% -%my $new = new FS::agent ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('agent') -%} ); -% -%my $error; -%if ( $agentnum ) { -% $error=$new->replace($old); -%} else { -% $error=$new->insert; -% $agentnum=$new->getfield('agentnum'); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/agent.cgi"); +<% $cgi->redirect(popurl(3). "browse/agent.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $agentnum = $cgi->param('agentnum'); + +my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum; + +my $new = new FS::agent ( { + map { + $_, scalar($cgi->param($_)); + } fields('agent') +} ); + +my $error; +if ( $agentnum ) { + $error=$new->replace($old); +} else { + $error=$new->insert; + $agentnum=$new->getfield('agentnum'); +} +</%init> diff --git a/httemplate/edit/process/agent_payment_gateway.html b/httemplate/edit/process/agent_payment_gateway.html index 436317ec4..5b5fd948a 100644 --- a/httemplate/edit/process/agent_payment_gateway.html +++ b/httemplate/edit/process/agent_payment_gateway.html @@ -1,26 +1,29 @@ -% -% -%$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum"; -%my $agent = qsearchs('agent', { 'agentnum' => $1 } ); -%die "agentnum $1 not found" unless $agent; -% -%#my $old -% -%my @new = map { -% my $cardtype = $_; -% new FS::agent_payment_gateway { -% ( map { $_ => scalar($cgi->param($_)) } -% fields('agent_payment_gateway') -% ), -% 'cardtype' => $cardtype, -% }; -% } -% $cgi->param('cardtype'); -% -%foreach my $new (@new) { -% my $error = $new->insert; -% die $error if $error; -%} -% -% <% $cgi->redirect(popurl(3). "browse/agent.cgi") %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum"; +my $agent = qsearchs('agent', { 'agentnum' => $1 } ); +die "agentnum $1 not found" unless $agent; + +#my $old + +my @new = map { + my $cardtype = $_; + new FS::agent_payment_gateway { + ( map { $_ => scalar($cgi->param($_)) } + fields('agent_payment_gateway') + ), + 'cardtype' => $cardtype, + }; + } + $cgi->param('cardtype'); + +foreach my $new (@new) { + my $error = $new->insert; + die $error if $error; +} + +</%init> diff --git a/httemplate/edit/process/agent_type.cgi b/httemplate/edit/process/agent_type.cgi index b8d03705c..898e0667d 100755 --- a/httemplate/edit/process/agent_type.cgi +++ b/httemplate/edit/process/agent_type.cgi @@ -1,37 +1,35 @@ -% -% -%my $typenum = $cgi->param('typenum'); -%my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum; -% -%my $new = new FS::agent_type ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('agent_type') -%} ); -% -%my $error; -%if ( $typenum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $typenum = $new->getfield('typenum'); -%} -%#$error ||= $new->process_m2m( ); -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string ) %> %} else { -% -% my $error = $new->process_m2m( -% 'link_table' => 'type_pkgs', -% 'target_table' => 'part_pkg', -% 'params' => scalar($cgi->Vars) -% ); -% die $error if $error; -% -% print $cgi->redirect(popurl(3). "browse/agent_type.cgi"); +<% $cgi->redirect(popurl(3). "browse/agent_type.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $typenum = $cgi->param('typenum'); +my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum; + +my $new = new FS::agent_type ( { + map { + $_, scalar($cgi->param($_)); + } fields('agent_type') +} ); + +my $error; +if ( $typenum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $typenum = $new->getfield('typenum'); +} + + $error ||= $new->process_m2m( + 'link_table' => 'type_pkgs', + 'target_table' => 'part_pkg', + 'params' => scalar($cgi->Vars) + ); +<%/init> diff --git a/httemplate/edit/process/bulk-cust_svc.cgi b/httemplate/edit/process/bulk-cust_svc.cgi index ad4d67307..313b061ff 100644 --- a/httemplate/edit/process/bulk-cust_svc.cgi +++ b/httemplate/edit/process/bulk-cust_svc.cgi @@ -1,4 +1,9 @@ -% -% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi; + +</%init> diff --git a/httemplate/edit/process/cust_bill_pay.cgi b/httemplate/edit/process/cust_bill_pay.cgi index 962fc4eb9..43e672647 100755 --- a/httemplate/edit/process/cust_bill_pay.cgi +++ b/httemplate/edit/process/cust_bill_pay.cgi @@ -1,54 +1,50 @@ -% -% -%$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; -%my $paynum = $1; -% -%my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } ) -% or die "No such paynum"; -% -%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } ) -% or die "Bogus credit: not attached to customer"; -% -%my $custnum = $cust_main->custnum; -% -%my $new; -%if ($cgi->param('invnum') =~ /^Refund$/) { -% $new = new FS::cust_refund ( { -% 'reason' => 'Refunding payment', #enter reason in UI -% 'refund' => $cgi->param('amount'), -% 'payby' => 'BILL', -% #'_date' => $cgi->param('_date'), -% 'payinfo' => 'Cash', #enter payinfo in UI -% 'paynum' => $paynum, -% } ); -%} else { -% $new = new FS::cust_bill_pay ( { -% map { -% $_, scalar($cgi->param($_)); -% #} qw(custnum _date amount invnum) -% } fields('cust_bill_pay') -% } ); -%} -% -%my $error = $new->insert; -% %if ( $error ) { -% % $cgi->param('error', $error); -% <% $cgi->redirect(popurl(2). "cust_bill_pay.cgi?". $cgi->query_string ) %> -% -% %} else { -% -% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); -% -% <% header('Payment application sucessful') %> <SCRIPT TYPE="text/javascript"> window.top.location.reload(); </SCRIPT> - - </BODY></HTML> + </BODY> + </HTML> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #; + || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3 + +$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; +my $paynum = $1; + +my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } ) + or die "No such paynum"; + +my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } ) + or die "Bogus credit: not attached to customer"; + +my $custnum = $cust_main->custnum; + +my $new; +if ($cgi->param('invnum') =~ /^Refund$/) { + $new = new FS::cust_refund ( { + 'reason' => 'Refunding payment', #enter reason in UI + 'refund' => $cgi->param('amount'), + 'payby' => 'BILL', + #'_date' => $cgi->param('_date'), + 'payinfo' => 'Cash', #enter payinfo in UI + 'paynum' => $paynum, + } ); +} else { + $new = new FS::cust_bill_pay ( { + map { + $_, scalar($cgi->param($_)); + #} qw(custnum _date amount invnum) + } fields('cust_bill_pay') + } ); +} + +my $error = $new->insert; +</%init> diff --git a/httemplate/edit/process/cust_credit.cgi b/httemplate/edit/process/cust_credit.cgi index 9dcad7f68..8715ad61e 100755 --- a/httemplate/edit/process/cust_credit.cgi +++ b/httemplate/edit/process/cust_credit.cgi @@ -1,46 +1,10 @@ -% -% -%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; -%my $custnum = $1; -% -%$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum"; -%my $reasonnum = $1; -% -%my $oldAutoCommit = $FS::UID::AutoCommit; -%local $FS::UID::AutoCommit = 0; -%my $dbh = dbh; -% -%my $error = ''; -%if ($reasonnum == -1) { -% -% $error = 'Enter a new reason (or select an existing one)' -% unless $cgi->param('newreasonnum') !~ /^\s*$/; -% my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'), -% 'reason' => $cgi->param('newreasonnum'), -% }); -% $error ||= $reason->insert; -% $cgi->param('reasonnum', $reason->reasonnum) -% unless $error; -%} -% -%unless ($error) { -% my $new = new FS::cust_credit ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('cust_credit') -% } ); -% $error = $new->insert; -%} -% %if ( $error ) { % $cgi->param('reasonnum', $reasonnum); % $cgi->param('error', $error); % $dbh->rollback if $oldAutoCommit; -% % <% $cgi->redirect(popurl(2). "cust_credit.cgi?". $cgi->query_string ) %> % -% %} else { % % if ( $cgi->param('apply') eq 'yes' ) { @@ -59,4 +23,41 @@ </BODY></HTML> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Post credit'); + +$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; +my $custnum = $1; + +$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum"; +my $reasonnum = $1; + +my $oldAutoCommit = $FS::UID::AutoCommit; +local $FS::UID::AutoCommit = 0; +my $dbh = dbh; + +my $error = ''; +if ($reasonnum == -1) { + + $error = 'Enter a new reason (or select an existing one)' + unless $cgi->param('newreasonnum') !~ /^\s*$/; + my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'), + 'reason' => $cgi->param('newreasonnum'), + }); + $error ||= $reason->insert; + $cgi->param('reasonnum', $reason->reasonnum) + unless $error; +} + +unless ($error) { + my $new = new FS::cust_credit ( { + map { + $_, scalar($cgi->param($_)); + } fields('cust_credit') + } ); + $error = $new->insert; +} +</%init> diff --git a/httemplate/edit/process/cust_credit_bill.cgi b/httemplate/edit/process/cust_credit_bill.cgi index 7509a3f02..74ae00888 100755 --- a/httemplate/edit/process/cust_credit_bill.cgi +++ b/httemplate/edit/process/cust_credit_bill.cgi @@ -1,55 +1,51 @@ -% -% -%$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!"; -%my $crednum = $1; -% -%my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } ) -% or die "No such crednum"; -% -%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } ) -% or die "Bogus credit: not attached to customer"; -% -%my $custnum = $cust_main->custnum; -% -%my $new; -%if ($cgi->param('invnum') =~ /^Refund$/) { -% $new = new FS::cust_refund ( { -% 'reason' => ( $cust_credit->reason || 'refund from credit' ), -% 'refund' => $cgi->param('amount'), -% 'payby' => 'BILL', -% #'_date' => $cgi->param('_date'), -% #'payinfo' => 'Cash', -% 'payinfo' => 'Refund', -% 'crednum' => $crednum, -% } ); -%} else { -% $new = new FS::cust_credit_bill ( { -% map { -% $_, scalar($cgi->param($_)); -% #} qw(custnum _date amount invnum) -% } fields('cust_credit_bill') -% } ); -%} -% -%my $error = $new->insert; -% %if ( $error ) { -% % $cgi->param('error', $error); -% <% $cgi->redirect(popurl(2). "cust_credit_bill.cgi?". $cgi->query_string ) %> -% -% %} else { -% -% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); -% -% <% header('Credit application sucessful') %> <SCRIPT TYPE="text/javascript"> window.top.location.reload(); </SCRIPT> - - </BODY></HTML> + </BODY> + </HTML> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Apply credit') #; + || $FS::CurrentUser::CurrentUser->access_right('Post credit'): #remove after 1.7.3 + +$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!"; +my $crednum = $1; + +my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } ) + or die "No such crednum"; + +my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } ) + or die "Bogus credit: not attached to customer"; + +my $custnum = $cust_main->custnum; + +my $new; +if ($cgi->param('invnum') =~ /^Refund$/) { + $new = new FS::cust_refund ( { + 'reason' => ( $cust_credit->reason || 'refund from credit' ), + 'refund' => $cgi->param('amount'), + 'payby' => 'BILL', + #'_date' => $cgi->param('_date'), + #'payinfo' => 'Cash', + 'payinfo' => 'Refund', + 'crednum' => $crednum, + } ); +} else { + $new = new FS::cust_credit_bill ( { + map { + $_, scalar($cgi->param($_)); + #} qw(custnum _date amount invnum) + } fields('cust_credit_bill') + } ); +} + +my $error = $new->insert; +</%init> diff --git a/httemplate/edit/process/cust_main.cgi b/httemplate/edit/process/cust_main.cgi index 8de2092f9..b0c9e3e57 100755 --- a/httemplate/edit/process/cust_main.cgi +++ b/httemplate/edit/process/cust_main.cgi @@ -16,6 +16,9 @@ my $DEBUG = 0; </%once> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer'); + my $error = ''; #unmunge stuff diff --git a/httemplate/edit/process/cust_main_county-collapse.cgi b/httemplate/edit/process/cust_main_county-collapse.cgi index 4bcaf1de3..a917825ce 100755 --- a/httemplate/edit/process/cust_main_county-collapse.cgi +++ b/httemplate/edit/process/cust_main_county-collapse.cgi @@ -33,4 +33,12 @@ %print $cgi->redirect(popurl(3). "browse/cust_main_county.cgi"); % % +<%init> +#this isn't actually linked from anywhere just now, but it will be again soon + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + + +</%init> diff --git a/httemplate/edit/process/cust_main_county-expand.cgi b/httemplate/edit/process/cust_main_county-expand.cgi index 4e04f37fc..a8b4c2511 100755 --- a/httemplate/edit/process/cust_main_county-expand.cgi +++ b/httemplate/edit/process/cust_main_county-expand.cgi @@ -8,6 +8,9 @@ </HTML> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + $cgi->param('taxnum') =~ /^(\d+)$/ or die "Illegal taxnum!"; my $taxnum = $1; my $cust_main_county = qsearchs('cust_main_county',{'taxnum'=>$taxnum}) diff --git a/httemplate/edit/process/cust_main_county.html b/httemplate/edit/process/cust_main_county.html index 3d9d20b85..cb56166c8 100644 --- a/httemplate/edit/process/cust_main_county.html +++ b/httemplate/edit/process/cust_main_county.html @@ -4,3 +4,10 @@ #someday change the individual element and go away instead ) %> +<%init> + +my $conf = new FS::Conf; +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/cust_main_note.cgi b/httemplate/edit/process/cust_main_note.cgi index 8b9105bd8..9689ca6d6 100755 --- a/httemplate/edit/process/cust_main_note.cgi +++ b/httemplate/edit/process/cust_main_note.cgi @@ -1,42 +1,7 @@ -% -% -%$cgi->param('custnum') =~ /^(\d+)$/ -% or die "Illegal custnum: ". $cgi->param('custnum'); -%my $custnum = $1; -% -%$cgi->param('notenum') =~ /^(\d*)$/ -% or die "Illegal notenum: ". $cgi->param('notenum'); -%my $notenum = $1; -% -%my $otaker = $FS::CurrentUser::CurrentUser->name; -%$otaker = $FS::CurrentUser::CurrentUser->username -% if ($otaker eq "User, Legacy"); -% -%my $new = new FS::cust_main_note ( { -% notenum => $notenum, -% custnum => $custnum, -% _date => time, -% otaker => $otaker, -% comments => $cgi->param('comment'), -%} ); -% -%my $error; -%if ($notenum){ -% my $old = qsearchs('cust_main_note', { 'notenum' => $notenum }); -% $error = "No such note: $notenum" unless $old; -% unless($error){ -% map { $new->$_($old->$_) } ('_date', 'otaker'); -% $error = $new->replace($old); -% } -%}else{ -% $error = $new->insert; -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string ); -%} -% +<% $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string ) %> +%} else { % <% header('Note ' . ($notenum ? 'updated' : 'added') ) %> <SCRIPT TYPE="text/javascript"> @@ -48,5 +13,48 @@ </SCRIPT> </BODY></HTML> % -% +% } +<%init> + +$cgi->param('custnum') =~ /^(\d+)$/ + or die "Illegal custnum: ". $cgi->param('custnum'); +my $custnum = $1; + +$cgi->param('notenum') =~ /^(\d*)$/ + or die "Illegal notenum: ". $cgi->param('notenum'); +my $notenum = $1; + +my $otaker = $FS::CurrentUser::CurrentUser->name; +$otaker = $FS::CurrentUser::CurrentUser->username + if ($otaker eq "User, Legacy"); + +my $new = new FS::cust_main_note ( { + notenum => $notenum, + custnum => $custnum, + _date => time, + otaker => $otaker, + comments => $cgi->param('comment'), +} ); + +my $error; +if ($notenum) { + + die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit customer note'); + + my $old = qsearchs('cust_main_note', { 'notenum' => $notenum }); + $error = "No such note: $notenum" unless $old; + unless ($error) { + map { $new->$_($old->$_) } ('_date', 'otaker'); + $error = $new->replace($old); + } + +} else { + + die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Add customer note'); + + $error = $new->insert; +} +</%init> diff --git a/httemplate/edit/process/cust_pay.cgi b/httemplate/edit/process/cust_pay.cgi index a34c88aba..647f6fc6c 100755 --- a/httemplate/edit/process/cust_pay.cgi +++ b/httemplate/edit/process/cust_pay.cgi @@ -1,32 +1,8 @@ -% -% -%$cgi->param('linknum') =~ /^(\d+)$/ -% or die "Illegal linknum: ". $cgi->param('linknum'); -%my $linknum = $1; -% -%$cgi->param('link') =~ /^(custnum|invnum|popup)$/ -% or die "Illegal link: ". $cgi->param('link'); -%my $field = my $link = $1; -%$field = 'custnum' if $field eq 'popup'; -% -%my $_date = str2time($cgi->param('_date')); -% -%my $new = new FS::cust_pay ( { -% $field => $linknum, -% _date => $_date, -% map { -% $_, scalar($cgi->param($_)); -% } qw(paid payby payinfo paybatch) -% #} fields('cust_pay') -%} ); -% -%my $error = $new->insert( 'manual' => 1 ); -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string ); +<% $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string ) %> %} elsif ( $field eq 'invnum' ) { -% print $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum"); +<% $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum") %> %} elsif ( $field eq 'custnum' ) { % if ( $cgi->param('apply') eq 'yes' ) { % my $cust_main = qsearchs('cust_main', { 'custnum' => $linknum }) @@ -34,7 +10,6 @@ % $cust_main->apply_payments; % } % if ( $link eq 'popup' ) { -% % <% header('Payment entered') %> <SCRIPT TYPE="text/javascript"> @@ -43,14 +18,38 @@ </BODY></HTML> % -% % } elsif ( $link eq 'custnum' ) { -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum") %> % } else { % die "unknown link $link"; % } % %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); + +$cgi->param('linknum') =~ /^(\d+)$/ + or die "Illegal linknum: ". $cgi->param('linknum'); +my $linknum = $1; + +$cgi->param('link') =~ /^(custnum|invnum|popup)$/ + or die "Illegal link: ". $cgi->param('link'); +my $field = my $link = $1; +$field = 'custnum' if $field eq 'popup'; + +my $_date = str2time($cgi->param('_date')); + +my $new = new FS::cust_pay ( { + $field => $linknum, + _date => $_date, + map { + $_, scalar($cgi->param($_)); + } qw(paid payby payinfo paybatch) + #} fields('cust_pay') +} ); + +my $error = $new->insert( 'manual' => 1 ); +</%init> diff --git a/httemplate/edit/process/cust_pkg.cgi b/httemplate/edit/process/cust_pkg.cgi index 25b826758..bdade321f 100755 --- a/httemplate/edit/process/cust_pkg.cgi +++ b/httemplate/edit/process/cust_pkg.cgi @@ -11,7 +11,7 @@ </HTML> % } elsif ( $action eq 'bulk' ) { -% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> % } else { % die "guru exception #5: action is neither change nor bulk!"; % } @@ -28,15 +28,27 @@ my @remove_pkgnums = map { $1; } $cgi->param('remove_pkg'); +my $curuser = $FS::CurrentUser::CurrentUser; + my( $action, $error_redirect ); my @pkgparts = (); if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi + $action = 'change'; $error_redirect = "misc/change_pkg.cgi"; @pkgparts = ($1); + + die "access denied" + unless $curuser->access_right('Change customer package'); + } else { #came from edit/cust_pkg.cgi + $action = 'bulk'; $error_redirect = "edit/cust_pkg.cgi"; + + die "access denied" + unless $curuser->access_right('Bulk change customer packages'); + foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) { if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) { my $num_pkgs = $1; @@ -48,6 +60,7 @@ if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi last; } } + } $error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums); diff --git a/httemplate/edit/process/cust_refund.cgi b/httemplate/edit/process/cust_refund.cgi index d95ab46dc..1a7a394b3 100755 --- a/httemplate/edit/process/cust_refund.cgi +++ b/httemplate/edit/process/cust_refund.cgi @@ -1,38 +1,43 @@ -%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; -%my $custnum = $1; -%my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) -% or die "unknown custnum $custnum"; -% -%my $error = ''; -%if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { -% my %options = (); -% my $bop = $FS::payby::payby2bop{$1}; -% $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/ -% or die "illegal refund amount ". $cgi->param('refund'); -% my $refund = "$1$2"; -% $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; -% my $paynum = $1; -% my $reason = $cgi->param('reason'); -% my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01'; -% $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/; -% $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund, -% 'paynum' => $paynum, -% 'reason' => $reason, -% %options ); -%} else { -% die 'unimplemented'; -% #my $new = new FS::cust_refund ( { -% # map { -% # $_, scalar($cgi->param($_)); -% # } ( fields('cust_refund'), 'paynum' ) -% #} ); -% #$error = $new->insert; -%} -% -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> %} +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); + +$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!"; +my $custnum = $1; +my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) + or die "unknown custnum $custnum"; + +my $error = ''; +if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { + my %options = (); + my $bop = $FS::payby::payby2bop{$1}; + $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/ + or die "illegal refund amount ". $cgi->param('refund'); + my $refund = "$1$2"; + $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!"; + my $paynum = $1; + my $reason = $cgi->param('reason'); + my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01'; + $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/; + $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund, + 'paynum' => $paynum, + 'reason' => $reason, + %options ); +} else { + die 'unimplemented'; + #my $new = new FS::cust_refund ( { + # map { + # $_, scalar($cgi->param($_)); + # } ( fields('cust_refund'), 'paynum' ) + #} ); + #$error = $new->insert; +} + +</%init> diff --git a/httemplate/edit/process/cust_svc.cgi b/httemplate/edit/process/cust_svc.cgi index e9d5f6238..e22cbb201 100644 --- a/httemplate/edit/process/cust_svc.cgi +++ b/httemplate/edit/process/cust_svc.cgi @@ -1,30 +1,30 @@ -% -% -%my $svcnum = $cgi->param('svcnum'); -% -%my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::cust_svc ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('cust_svc') -%} ); -% -%my $error; -%if ( $svcnum ) { -% $error=$new->replace($old); -%} else { -% $error=$new->insert; -% $svcnum=$new->getfield('svcnum'); -%} -% %if ( $error ) { -% #$cgi->param('error', $error); -% #print $cgi->redirect(popurl(2). "cust_svc.cgi?". $cgi->query_string ); % errorpage($error); %} else { % my $svcdb = $new->part_svc->svcdb; -% print $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum") %> %} -% -% +<%init> + +die 'access deined' + unless $FS::CurrentUser::CurrentUser->access_right('Change customer service'); + +my $svcnum = $cgi->param('svcnum'); + +my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::cust_svc ( { + map { + $_, scalar($cgi->param($_)); + } fields('cust_svc') +} ); + +my $error; +if ( $svcnum ) { + $error=$new->replace($old); +} else { + $error=$new->insert; + $svcnum=$new->getfield('svcnum'); +} + +</%init> diff --git a/httemplate/edit/process/domain_record.cgi b/httemplate/edit/process/domain_record.cgi index daf35ad6d..2e427e4fb 100755 --- a/httemplate/edit/process/domain_record.cgi +++ b/httemplate/edit/process/domain_record.cgi @@ -1,36 +1,30 @@ -% -% -%my $recnum = $cgi->param('recnum'); -% -%my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum; -% -%my $new = new FS::domain_record ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('domain_record') -%} ); -% -%my $error; -%if ( $recnum ) { -% $error=$new->replace($old); -%} else { -% $error=$new->insert; -% $recnum=$new->getfield('recnum'); -%} -% %if ( $error ) { -%# $cgi->param('error', $error); -%# print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ); -% #no edit screen to send them back to -% - -<!-- mason kludge --> -% % errorpage($error); %} else { % my $svcnum = $new->svcnum; -% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice'); + +my $recnum = $cgi->param('recnum'); + +my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum; + +my $new = new FS::domain_record ( { + map { + $_, scalar($cgi->param($_)); + } fields('domain_record') +} ); + +my $error; +if ( $recnum ) { + $error=$new->replace($old); +} else { + $error=$new->insert; + $recnum=$new->getfield('recnum'); +} +</%init> diff --git a/httemplate/edit/process/generic.cgi b/httemplate/edit/process/generic.cgi index e3ac113ae..642876386 100644 --- a/httemplate/edit/process/generic.cgi +++ b/httemplate/edit/process/generic.cgi @@ -1,73 +1,77 @@ -%# Welcome to generic.cgi. -%# -%# This script provides a generic edit/process/ backend for simple table -%# editing. All it knows how to do is take the values entered into -%# the script and insert them into the table specified by $cgi->param('table'). -%# If there's an existing record with the same primary key, it will be -%# replaced. (Deletion will be added in the future.) -%# -%# also see elements/process.html, newer and somewhat along the same lines, -%# though it still makes you setup a process file for the table. -%# perhaps safer, perhaps more of a pain in the ass. -%# -%# Special cgi params for this script: -%# table: the name of the table to be edited. The script will die horribly -%# if it can't find the table. -%# redirect_ok: URL to be displayed after a successful edit. The value of -%# the record's primary key will be passed as a keyword. -%# Defaults to (freeside root)/view/$table.cgi. -%# redirect_error: URL to be displayed if there's an error. The original -%# query string, plus the error message, will be passed. -%# Defaults to $cgi->referer() (i.e. go back where you -%# came from). -% -% -%use FS::Record qw(qsearchs dbdef); -%use DBIx::DBSchema; -%use DBIx::DBSchema::Table; -% -% -%my $error; -%my $p2 = popurl(2); -%my $p3 = popurl(3); -%my $table = $cgi->param('table'); -%my $dbdef = dbdef or die "Cannot fetch dbdef!"; -% -%my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table"; -% -%my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table"; -%my $pkey_val = $cgi->param($pkey); -% -% -%#warn "new FS::Record ( $table, (hashref) )"; -%my $new = FS::Record::new ( "FS::$table", { -% map { $_, scalar($cgi->param($_)) } fields($table) -%} ); -% -%#warn 'created $new of class '.ref($new); -% -%if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) { -% # edit -% $error = $new->replace($old); -%} else { -% #add -% $error = $new->insert; -% $pkey_val = $new->getfield($pkey); -% # New records usually don't have their primary keys set until after -% # they've been checked/inserted, so grab the new $pkey_val so we can -% # redirect to it. -%} -% -%my $redirect_ok = (($cgi->param('redirect_ok')) ? -% $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table"); -%my $redirect_error = (($cgi->param('redirect_error')) ? -% $cgi->param('redirect_error') : $cgi->referer()); -% %if($error) { % $cgi->param('error', $error); -% print $cgi->redirect($redirect_error . '?' . $cgi->query_string); +<% $cgi->redirect($redirect_error . '?' . $cgi->query_string) %> %} else { -% print $cgi->redirect($redirect_ok); +<% $cgi->redirect($redirect_ok) %> %} -% +<%doc> + +See elements/process.html, newer and somewhat along the same lines, +though it still makes you setup a process file for the table. +Perhaps safer, perhaps more of a pain in the ass. + +In any case, this is probably pretty deprecated; it is only used by +part_virtual_field.cgi, and so its ACL is hardcoded to 'Configuration'. + +Welcome to generic.cgi. + +This script provides a generic edit/process/ backend for simple table +editing. All it knows how to do is take the values entered into +the script and insert them into the table specified by $cgi->param('table'). +If there's an existing record with the same primary key, it will be +replaced. (Deletion will be added in the future.) + +Special cgi params for this script: +table: the name of the table to be edited. The script will die horribly + if it can't find the table. +redirect_ok: URL to be displayed after a successful edit. The value of + the record's primary key will be passed as a keyword. + Defaults to (freeside root)/view/$table.cgi. +redirect_error: URL to be displayed if there's an error. The original + query string, plus the error message, will be passed. + Defaults to $cgi->referer() (i.e. go back where you + came from). + +</%doc> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $error; +my $p2 = popurl(2); +my $p3 = popurl(3); +my $table = $cgi->param('table'); +my $dbdef = dbdef or die "Cannot fetch dbdef!"; + +my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table"; + +my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table"; +my $pkey_val = $cgi->param($pkey); + + +#warn "new FS::Record ( $table, (hashref) )"; +my $new = FS::Record::new ( "FS::$table", { + map { $_, scalar($cgi->param($_)) } fields($table) +} ); + +#warn 'created $new of class '.ref($new); + +if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) { + # edit + $error = $new->replace($old); +} else { + #add + $error = $new->insert; + $pkey_val = $new->getfield($pkey); + # New records usually don't have their primary keys set until after + # they've been checked/inserted, so grab the new $pkey_val so we can + # redirect to it. +} + +my $redirect_ok = (($cgi->param('redirect_ok')) ? + $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table"); +my $redirect_error = (($cgi->param('redirect_error')) ? + $cgi->param('redirect_error') : $cgi->referer()); +</%init> diff --git a/httemplate/edit/process/inventory_class.html b/httemplate/edit/process/inventory_class.html index c7be9e8dd..dbf978e72 100644 --- a/httemplate/edit/process/inventory_class.html +++ b/httemplate/edit/process/inventory_class.html @@ -3,3 +3,9 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/msgcat.cgi b/httemplate/edit/process/msgcat.cgi index 9711143d6..7175fa2b3 100644 --- a/httemplate/edit/process/msgcat.cgi +++ b/httemplate/edit/process/msgcat.cgi @@ -1,21 +1,22 @@ -% -% -%my $error; -%foreach my $param ( grep { /^\d+$/ } $cgi->param ) { -% my $old = qsearchs('msgcat', { msgnum=>$param } ); -% next if $old->msg eq $cgi->param($param); #no need to update identical records -% my $new = new FS::msgcat { $old->hash }; -% $new->msg($cgi->param($param)); -% $error = $new->replace($old); -% last if $error; -%} -% %if ( $error ) { % $cgi->param('error',$error); -% print $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string ); +<% $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/msgcat.cgi"); +<% $cgi->redirect(popurl(3). "browse/msgcat.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $error; +foreach my $param ( grep { /^\d+$/ } $cgi->param ) { + my $old = qsearchs('msgcat', { msgnum=>$param } ); + next if $old->msg eq $cgi->param($param); #no need to update identical records + my $new = new FS::msgcat { $old->hash }; + $new->msg($cgi->param($param)); + $error = $new->replace($old); + last if $error; +} +</%init> diff --git a/httemplate/edit/process/part_bill_event.cgi b/httemplate/edit/process/part_bill_event.cgi index af594f264..3534519fd 100755 --- a/httemplate/edit/process/part_bill_event.cgi +++ b/httemplate/edit/process/part_bill_event.cgi @@ -1,89 +1,92 @@ -% -%my $eventpart = $cgi->param('eventpart'); -% -%my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart; -% -%#s/days/seconds/ -%$cgi->param('seconds', int( $cgi->param('days') * 86400 ) ); -% -%my $error; -%if ( ! $cgi->param('plan_weight_eventcode') ) { -% $error = "Must select an action"; -%} else { -% -% $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s -% or die "illegal plan_weight_eventcode:". -% $cgi->param('plan_weight_eventcode'); -% $cgi->param('plan', $1); -% $cgi->param('weight', $2); -% my $eventcode = $3; -% my $plandata = ''; -% -% my $rnum; -% my $rtype; -% my $reasonm; -% my $class = ''; -% $class='c' if ($eventcode =~ /cancel/); -% $class='s' if ($eventcode =~ /suspend/); -% if ($class) { -% $cgi->param("${class}reason") =~ /^(-?\d+)$/ -% or $error = "Invalid ${class}reason"; -% $rnum = $1; -% if ($rnum == -1) { -% $cgi->param("new${class}reasonT") =~ /^(\d+)$/ -% or $error = "Invalid new${class}reasonT"; -% $rtype = $1; -% $cgi->param("new${class}reason") =~ /^([\s\w]+)$/ -% or $error = "Invalid new${class}reason"; -% $reasonm = $1; -% } -% } -% -% if ($rnum == -1 && !$error) { -% my $reason = new FS::reason ({ 'reason' => $reasonm, -% 'reason_type' => $rtype, -% }); -% $error = $reason->insert; -% unless ($error) { -% $rnum = $reason->reasonnum; -% $cgi->param("${class}reason", $rnum); -% $cgi->param("new${class}reason", ''); -% $cgi->param("new${class}reasonT", ''); -% } -% } -% -% while ( $eventcode =~ /%%%(\w+)%%%/ ) { -% my $field = $1; -% my $value = join(', ', $cgi->param($field) ); -% $cgi->param($field, $value); #in case it errors out -% $eventcode =~ s/%%%$field%%%/$value/; -% $plandata .= "$field $value\n"; -% } -% $cgi->param('eventcode', $eventcode); -% $cgi->param('plandata', $plandata); -% -% unless($error){ -% my $new = new FS::part_bill_event ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('part_bill_event'), -% } ); -% $new->setfield('reason', $rnum); -% -% if ( $eventpart ) { -% $error = $new->replace($old); -% } else { -% $error = $new->insert; -% $eventpart = $new->getfield('eventpart'); -% } -% } -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3)."browse/part_bill_event.cgi"); +<% $cgi->redirect(popurl(3)."browse/part_bill_event.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $eventpart = $cgi->param('eventpart'); + +my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart; + +#s/days/seconds/ +$cgi->param('seconds', int( $cgi->param('days') * 86400 ) ); + +my $error; +if ( ! $cgi->param('plan_weight_eventcode') ) { + $error = "Must select an action"; +} else { + + $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s + or die "illegal plan_weight_eventcode:". + $cgi->param('plan_weight_eventcode'); + $cgi->param('plan', $1); + $cgi->param('weight', $2); + my $eventcode = $3; + my $plandata = ''; + + my $rnum; + my $rtype; + my $reasonm; + my $class = ''; + $class='c' if ($eventcode =~ /cancel/); + $class='s' if ($eventcode =~ /suspend/); + if ($class) { + $cgi->param("${class}reason") =~ /^(-?\d+)$/ + or $error = "Invalid ${class}reason"; + $rnum = $1; + if ($rnum == -1) { + $cgi->param("new${class}reasonT") =~ /^(\d+)$/ + or $error = "Invalid new${class}reasonT"; + $rtype = $1; + $cgi->param("new${class}reason") =~ /^([\s\w]+)$/ + or $error = "Invalid new${class}reason"; + $reasonm = $1; + } + } + + if ($rnum == -1 && !$error) { + my $reason = new FS::reason ({ 'reason' => $reasonm, + 'reason_type' => $rtype, + }); + $error = $reason->insert; + unless ($error) { + $rnum = $reason->reasonnum; + $cgi->param("${class}reason", $rnum); + $cgi->param("new${class}reason", ''); + $cgi->param("new${class}reasonT", ''); + } + } + + while ( $eventcode =~ /%%%(\w+)%%%/ ) { + my $field = $1; + my $value = join(', ', $cgi->param($field) ); + $cgi->param($field, $value); #in case it errors out + $eventcode =~ s/%%%$field%%%/$value/; + $plandata .= "$field $value\n"; + } + $cgi->param('eventcode', $eventcode); + $cgi->param('plandata', $plandata); + + unless($error){ + my $new = new FS::part_bill_event ( { + map { + $_, scalar($cgi->param($_)); + } fields('part_bill_event'), + } ); + $new->setfield('reason', $rnum); + + if ( $eventpart ) { + $error = $new->replace($old); + } else { + $error = $new->insert; + $eventpart = $new->getfield('eventpart'); + } + } +} + +</%init> diff --git a/httemplate/edit/process/part_export.cgi b/httemplate/edit/process/part_export.cgi index 0dd9eabae..b5f82e892 100644 --- a/httemplate/edit/process/part_export.cgi +++ b/httemplate/edit/process/part_export.cgi @@ -1,40 +1,41 @@ -% -% -%my $exportnum = $cgi->param('exportnum'); -% -%my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum; -% -%#fixup options -%#warn join('-', split(',',$cgi->param('options'))); -%my %options = map { -% my $value = $cgi->param($_); -% $value =~ s/\r\n/\n/g; #browsers? (textarea) -% $_ => $value; -%} split(',', $cgi->param('options')); -% -%my $new = new FS::part_export ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('part_export') -%} ); -% -%my $error; -%if ( $exportnum ) { -% #warn $old; -% #warn $exportnum; -% #warn $new->machine; -% $error = $new->replace($old,\%options); -%} else { -% $error = $new->insert(\%options); -%# $exportnum = $new->exportnum; -%} -% %if ( $error ) { % $cgi->param('error', $error ); -% print $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/part_export.cgi"); +<% $cgi->redirect(popurl(3). "browse/part_export.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $exportnum = $cgi->param('exportnum'); + +my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum; + +#fixup options +#warn join('-', split(',',$cgi->param('options'))); +my %options = map { + my $value = $cgi->param($_); + $value =~ s/\r\n/\n/g; #browsers? (textarea) + $_ => $value; +} split(',', $cgi->param('options')); + +my $new = new FS::part_export ( { + map { + $_, scalar($cgi->param($_)); + } fields('part_export') +} ); + +my $error; +if ( $exportnum ) { + #warn $old; + #warn $exportnum; + #warn $new->machine; + $error = $new->replace($old,\%options); +} else { + $error = $new->insert(\%options); +# $exportnum = $new->exportnum; +} +</%init> diff --git a/httemplate/edit/process/part_pkg.cgi b/httemplate/edit/process/part_pkg.cgi index b29e96305..f4d0c209e 100755 --- a/httemplate/edit/process/part_pkg.cgi +++ b/httemplate/edit/process/part_pkg.cgi @@ -1,103 +1,111 @@ -% -% -%my $dbh = dbh; -%my $conf = new FS::Conf; -% -%my $pkgpart = $cgi->param('pkgpart'); -% -%my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart; -% -%tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() }; -%my $href = $plans{$cgi->param('plan')}->{'fields'}; -% -%#fixup plandata -%my $error; -%my $plandata = $cgi->param('plandata'); -%my @plandata = split(',', $plandata); -%$cgi->param('plandata', -% join('', map { my $parser = sub { shift }; -% $parser = $href->{$_}{parse} if exists($href->{$_}{parse}); -% my $value = join(', ', &$parser($cgi->param($_))); -% my $check = $href->{$_}{check}; -% if ( $check && ! &$check($value) ) { -% $value = join(', ', $cgi->param($_)); -% $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value"; -% } -% "$_=$value\n"; -% } @plandata ) -%); -% -%foreach (qw( setuptax recurtax disabled )) { -% $cgi->param($_, '') unless defined $cgi->param($_); -%} -% -%my @agents; -%foreach ($cgi->param('agent_type')) { -% /^(\d+)$/; -% push @agents, $1 if $1; -%} -%$error = "At least one agent type must be specified." -% unless( scalar(@agents) || -% $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ || -% !$pkgpart && $conf->exists('agent-defaultpkg') -% ); -% -%my $new = new FS::part_pkg ( { -% map { -% $_ => scalar($cgi->param($_)); -% } fields('part_pkg') -%} ); -% -%my $oldAutoCommit = $FS::UID::AutoCommit; -%local $FS::UID::AutoCommit = 0; -% -%my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) } -% map { $_->svcpart } -% qsearch('part_svc', {} ); -% -%my $custnum = ''; -%if ( $error ) { -% -% # fall through -% -%} elsif ( $cgi->param('taxclass') eq '(select)' ) { -% -% $error = 'Must select a tax class'; -% -%} elsif ( $pkgpart ) { -% -% $error = $new->replace( $old, -% pkg_svc => \%pkg_svc, -% primary_svc => scalar($cgi->param('pkg_svc_primary')), -% ); -%} else { -% -% $error = $new->insert( pkg_svc => \%pkg_svc, -% primary_svc => scalar($cgi->param('pkg_svc_primary')), -% cust_pkg => $cgi->param('pkgnum'), -% custnum_ref => \$custnum, -% ); -% $pkgpart = $new->pkgpart; -%} -% -%unless ( $error || $conf->exists('agent_defaultpkg') ) { -% my $error = $new->process_m2m( -% 'link_table' => 'type_pkgs', -% 'target_table' => 'agent_type', -% 'params' => \@agents, -% ); -%} %if ( $error ) { % $dbh->rollback if $oldAutoCommit; % $cgi->param('error', $error ); -% print $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string ) %> %} elsif ( $custnum ) { % $dbh->commit or die $dbh->errstr if $oldAutoCommit; -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> %} else { % $dbh->commit or die $dbh->errstr if $oldAutoCommit; -% print $cgi->redirect(popurl(3). "browse/part_pkg.cgi"); +<% $cgi->redirect(popurl(3). "browse/part_pkg.cgi") %> %} -% -% +<%init> + +#1.7 +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +#1.9 +#die "access denied" +# unless $FS::CurrentUser::CurrentUser->access_right('Edit package definitions') +# || $FS::CurrentUser::CurrentUser->access_right('Edit global package definitions'); + +my $dbh = dbh; +my $conf = new FS::Conf; + +my $pkgpart = $cgi->param('pkgpart'); + +my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart; + +tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() }; +my $href = $plans{$cgi->param('plan')}->{'fields'}; + +#fixup plandata +my $error; +my $plandata = $cgi->param('plandata'); +my @plandata = split(',', $plandata); +$cgi->param('plandata', + join('', map { my $parser = sub { shift }; + $parser = $href->{$_}{parse} if exists($href->{$_}{parse}); + my $value = join(', ', &$parser($cgi->param($_))); + my $check = $href->{$_}{check}; + if ( $check && ! &$check($value) ) { + $value = join(', ', $cgi->param($_)); + $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value"; + } + "$_=$value\n"; + } @plandata ) +); + +foreach (qw( setuptax recurtax disabled )) { + $cgi->param($_, '') unless defined $cgi->param($_); +} + +my @agents; +foreach ($cgi->param('agent_type')) { + /^(\d+)$/; + push @agents, $1 if $1; +} +$error = "At least one agent type must be specified." + unless( scalar(@agents) || + $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ || + !$pkgpart && $conf->exists('agent-defaultpkg') + ); + +my $new = new FS::part_pkg ( { + map { + $_ => scalar($cgi->param($_)); + } fields('part_pkg') +} ); + +my $oldAutoCommit = $FS::UID::AutoCommit; +local $FS::UID::AutoCommit = 0; + +my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) } + map { $_->svcpart } + qsearch('part_svc', {} ); + +my $custnum = ''; +if ( $error ) { + + # fall through + +} elsif ( $cgi->param('taxclass') eq '(select)' ) { + + $error = 'Must select a tax class'; + +} elsif ( $pkgpart ) { + + $error = $new->replace( $old, + pkg_svc => \%pkg_svc, + primary_svc => scalar($cgi->param('pkg_svc_primary')), + ); +} else { + + $error = $new->insert( pkg_svc => \%pkg_svc, + primary_svc => scalar($cgi->param('pkg_svc_primary')), + cust_pkg => $cgi->param('pkgnum'), + custnum_ref => \$custnum, + ); + $pkgpart = $new->pkgpart; +} + +unless ( $error || $conf->exists('agent_defaultpkg') ) { + my $error = $new->process_m2m( + 'link_table' => 'type_pkgs', + 'target_table' => 'agent_type', + 'params' => \@agents, + ); +} + +</%init> diff --git a/httemplate/edit/process/part_referral.html b/httemplate/edit/process/part_referral.html index 14c1b7001..40cbc97bf 100755 --- a/httemplate/edit/process/part_referral.html +++ b/httemplate/edit/process/part_referral.html @@ -3,3 +3,10 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Edit advertising sources') + || $FS::CurrentUser::CurrentUser->access_right('Edit global advertising sources'); + +</%init> diff --git a/httemplate/edit/process/part_svc.cgi b/httemplate/edit/process/part_svc.cgi index 97abc5baf..65de3fc6c 100755 --- a/httemplate/edit/process/part_svc.cgi +++ b/httemplate/edit/process/part_svc.cgi @@ -1,4 +1,9 @@ -% -% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi; + +</%init> diff --git a/httemplate/edit/process/payment_gateway.html b/httemplate/edit/process/payment_gateway.html index 0b7e31395..b16bc3d27 100644 --- a/httemplate/edit/process/payment_gateway.html +++ b/httemplate/edit/process/payment_gateway.html @@ -1,34 +1,35 @@ -% -% -%my $gatewaynum = $cgi->param('gatewaynum'); -% -%my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum; -% -%my $new = new FS::payment_gateway ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('payment_gateway') -%} ); -% -%my @options = split(/\r?\n/, $cgi->param('gateway_options') ); -%pop @options -% if scalar(@options) % 2 && $options[-1] =~ /^\s*$/; -%my %options = @options; -% -%my $error; -%if ( $gatewaynum ) { -% $error=$new->replace($old, \%options); -%} else { -% $error=$new->insert(\%options); -% $gatewaynum=$new->getfield('gatewaynum'); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/payment_gateway.html"); +<% $cgi->redirect(popurl(3). "browse/payment_gateway.html") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $gatewaynum = $cgi->param('gatewaynum'); + +my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum; + +my $new = new FS::payment_gateway ( { + map { + $_, scalar($cgi->param($_)); + } fields('payment_gateway') +} ); + +my @options = split(/\r?\n/, $cgi->param('gateway_options') ); +pop @options + if scalar(@options) % 2 && $options[-1] =~ /^\s*$/; +my %options = @options; + +my $error; +if ( $gatewaynum ) { + $error=$new->replace($old, \%options); +} else { + $error=$new->insert(\%options); + $gatewaynum=$new->getfield('gatewaynum'); +} +</%init> diff --git a/httemplate/edit/process/pkg_class.html b/httemplate/edit/process/pkg_class.html index 183da805c..b196df3f7 100644 --- a/httemplate/edit/process/pkg_class.html +++ b/httemplate/edit/process/pkg_class.html @@ -3,3 +3,9 @@ 'viewall_dir' => 'browse', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/prepay_credit.cgi b/httemplate/edit/process/prepay_credit.cgi index 518f79d86..24ce25608 100644 --- a/httemplate/edit/process/prepay_credit.cgi +++ b/httemplate/edit/process/prepay_credit.cgi @@ -36,8 +36,7 @@ <% include("/elements/header.html", "$num prepaid cards generated". - ( $agent ? ' for '.$agent->agent : '' ), - menubar( 'Main menu' => popurl(3) ) + ( $agent ? ' for '.$agent->agent : '' ) ) %> @@ -60,4 +59,9 @@ </BODY></HTML> % } +<%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/quick-charge.cgi b/httemplate/edit/process/quick-charge.cgi index 4a090f9de..3c7cac51d 100644 --- a/httemplate/edit/process/quick-charge.cgi +++ b/httemplate/edit/process/quick-charge.cgi @@ -1,46 +1,49 @@ -% -% my $error = ''; -% my $param = $cgi->Vars; -% -% my @description = (); -% for ( my $row = 0; exists($param->{"description$row"}); $row++ ) { -% push @description, $param->{"description$row"} -% if ($param->{"description$row"} =~ /\S/); -% } -% -% $param->{"custnum"} =~ /^(\d+)$/ -% or $error .= "Illegal customer number " . $param->{"custnum"} . " "; -% my $custnum = $1; -% -% $param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/ -% or $error .= "Illegal amount " . $param->{"amount"} . " "; -% my $amount = $1; -% -% if ( $param->{'taxclass'} eq '(select)' ) { -% $error .= "Must select a tax class. "; -% } -% -% unless ( $error ) { -% my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) -% or $error .= "Unknown customer number $custnum. "; -% -% $error ||= $cust_main->charge( { -% 'amount' => $amount, -% 'pkg' => scalar($cgi->param('pkg')), -% 'taxclass' => scalar($cgi->param('taxclass')), -% 'additional' => \@description, -% } ); -% } -% -% if ( $error ) { -% -% $cgi->param('error', $error ); -% +% if ( $error ) { +% $cgi->param('error', $error ); <% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %> -% -% } +% } else { <% header("One-time charge added") %> <SCRIPT TYPE="text/javascript"> window.top.location.reload(); </SCRIPT> </BODY></HTML> +% } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('One-time charge'); + +my $error = ''; +my $param = $cgi->Vars; + +my @description = (); +for ( my $row = 0; exists($param->{"description$row"}); $row++ ) { + push @description, $param->{"description$row"} + if ($param->{"description$row"} =~ /\S/); +} + +$param->{"custnum"} =~ /^(\d+)$/ + or $error .= "Illegal customer number " . $param->{"custnum"} . " "; +my $custnum = $1; + +$param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/ + or $error .= "Illegal amount " . $param->{"amount"} . " "; +my $amount = $1; + +if ( $param->{'taxclass'} eq '(select)' ) { + $error .= "Must select a tax class. "; +} + +unless ( $error ) { + my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) + or $error .= "Unknown customer number $custnum. "; + + $error ||= $cust_main->charge( { + 'amount' => $amount, + 'pkg' => scalar($cgi->param('pkg')), + 'taxclass' => scalar($cgi->param('taxclass')), + 'additional' => \@description, + } ); +} + +</%init> diff --git a/httemplate/edit/process/quick-cust_pkg.cgi b/httemplate/edit/process/quick-cust_pkg.cgi index 66d02e307..6b65653c2 100644 --- a/httemplate/edit/process/quick-cust_pkg.cgi +++ b/httemplate/edit/process/quick-cust_pkg.cgi @@ -1,17 +1,6 @@ -%#untaint custnum -%$cgi->param('custnum') =~ /^(\d+)$/ -% or die 'illegal custnum '. $cgi->param('custnum'); -%my $custnum = $1; -%$cgi->param('pkgpart') =~ /^(\d+)$/ -% or die 'illegal pkgpart '. $cgi->param('pkgpart'); -%my $pkgpart = $1; -% -%my @cust_pkg = (); -%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] ); -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ); +<% $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ) %> %} else { % my $frag = "cust_pkg". $cust_pkg[0]->pkgnum; <% header('Package ordered') %> @@ -25,3 +14,20 @@ </BODY></HTML> %} +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Order customer package'); + +#untaint custnum +$cgi->param('custnum') =~ /^(\d+)$/ + or die 'illegal custnum '. $cgi->param('custnum'); +my $custnum = $1; +$cgi->param('pkgpart') =~ /^(\d+)$/ + or die 'illegal pkgpart '. $cgi->param('pkgpart'); +my $pkgpart = $1; + +my @cust_pkg = (); +my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] ); + +</%init> diff --git a/httemplate/edit/process/rate.cgi b/httemplate/edit/process/rate.cgi index c81f883b7..48d9322ca 100755 --- a/httemplate/edit/process/rate.cgi +++ b/httemplate/edit/process/rate.cgi @@ -1,4 +1,9 @@ -% -% my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi; -% <% $server->process %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi; + +</%init> diff --git a/httemplate/edit/process/reason.html b/httemplate/edit/process/reason.html index 55c1ea958..cb79ed254 100644 --- a/httemplate/edit/process/reason.html +++ b/httemplate/edit/process/reason.html @@ -4,3 +4,9 @@ $cgi->param('class') . '&', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/reason_type.html b/httemplate/edit/process/reason_type.html index 4ccccaddd..3172b27c4 100644 --- a/httemplate/edit/process/reason_type.html +++ b/httemplate/edit/process/reason_type.html @@ -4,3 +4,9 @@ $cgi->param('class') . '&', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/process/reg_code.cgi b/httemplate/edit/process/reg_code.cgi index d93bb55a2..c4327991d 100644 --- a/httemplate/edit/process/reg_code.cgi +++ b/httemplate/edit/process/reg_code.cgi @@ -1,50 +1,46 @@ -% -% -%$cgi->param('agentnum') =~ /^(\d+)$/ -% or errorpage('illegal agentnum '. $cgi->param('agentnum')); -%my $agentnum = $1; -%my $agent = qsearchs('agent', { 'agentnum' => $agentnum } ); -% -%my $error = ''; -% -%my $num = 0; -%if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) { -% $num = $1; -%} else { -% $error = 'Illegal number of codes: '. $cgi->param('num'); -%} -% -%my @pkgparts = -% map { /^pkgpart(.*)$/; $1 } -% grep { $cgi->param($_) } -% grep { /^pkgpart/ } -% $cgi->param; -% -%$error ||= $agent->generate_reg_codes($num, \@pkgparts); -% %unless ( ref($error) ) { % $cgi->param('error'. $error ); -% -<% - $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string ) -%> +<% $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string ) %> % } else { - <% include("/elements/header.html","$num registration codes generated for ". $agent->agent, menubar( - 'Main menu' => popurl(3), 'View all agents' => popurl(3). 'browse/agent.cgi', ) ) %> <PRE><FONT SIZE="+1"> % foreach my $code ( @$error ) { - <% $code %> % } - - </FONT></PRE> -</BODY></HTML> +<% include('/elements/footer.html') %> % } +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +$cgi->param('agentnum') =~ /^(\d+)$/ + or errorpage('illegal agentnum '. $cgi->param('agentnum')); +my $agentnum = $1; +my $agent = qsearchs('agent', { 'agentnum' => $agentnum } ); + +my $error = ''; + +my $num = 0; +if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) { + $num = $1; +} else { + $error = 'Illegal number of codes: '. $cgi->param('num'); +} + +my @pkgparts = + map { /^pkgpart(.*)$/; $1 } + grep { $cgi->param($_) } + grep { /^pkgpart/ } + $cgi->param; + +$error ||= $agent->generate_reg_codes($num, \@pkgparts); + +</%init> diff --git a/httemplate/edit/process/router.cgi b/httemplate/edit/process/router.cgi index c69114ea4..7e0baf782 100644 --- a/httemplate/edit/process/router.cgi +++ b/httemplate/edit/process/router.cgi @@ -1,5 +1,3 @@ -% -% %local $FS::UID::AutoCommit=0; % %sub check { @@ -64,5 +62,9 @@ %dbh->commit or die dbh->errstr; %print $cgi->redirect(popurl(3). "browse/router.cgi"); % -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); +</%init> diff --git a/httemplate/edit/process/svc_Common.html b/httemplate/edit/process/svc_Common.html index f5c869a12..cf5f01f71 100644 --- a/httemplate/edit/process/svc_Common.html +++ b/httemplate/edit/process/svc_Common.html @@ -1,13 +1,16 @@ +<% include( 'elements/svc_Common.html', + 'table' => $table, + 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=", + 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;", + ) +%> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + $cgi->param('svcdb') =~ /^(svc_\w+)$/ or die "unparsable svcdb"; my $table = $1; require "FS/$table.pm"; </%init> -<% include( 'elements/svc_Common.html', - 'table' => $table, - 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=", - 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;", - ) -%> diff --git a/httemplate/edit/process/svc_acct.cgi b/httemplate/edit/process/svc_acct.cgi index d9aac9fac..0a89e253c 100755 --- a/httemplate/edit/process/svc_acct.cgi +++ b/httemplate/edit/process/svc_acct.cgi @@ -1,63 +1,64 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $old; -%if ( $svcnum ) { -% $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } ) -% or die "fatal: can't find account (svcnum $svcnum)!"; -%} else { -% $old = ''; -%} -% -%#unmunge popnum -%$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] ); -% -%#unmunge passwd -%if ( $cgi->param('_password') eq '*HIDDEN*' ) { -% die "fatal: no previous account to recall hidden password from!" unless $old; -% $cgi->param('_password',$old->getfield('_password')); -%} -% -%#unmunge usergroup -%$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] ); -% -%#unmunge bytecounts -%foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) { -% $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) ); -%} -% -%my %hash = $svcnum ? $old->hash : (); -%map { -% $hash{$_} = scalar($cgi->param($_)); -% #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir -% # shell quota slipip) -% } (fields('svc_acct'), qw ( pkgnum svcpart usergroup )); -%my $new = new FS::svc_acct ( \%hash ); -% -%my $error; -%if ( $svcnum ) { -% foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) { -% my %hash = map { $_ => $new->$_ } -% grep { $new->$_ } -% qw( seconds upbytes downbytes totalbytes ); -% -% $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes -% last; #once is enough -% } -% $error ||= $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->svcnum; -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum ); +<% $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum ) %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $old; +if ( $svcnum ) { + $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } ) + or die "fatal: can't find account (svcnum $svcnum)!"; +} else { + $old = ''; +} + +#unmunge popnum +$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] ); + +#unmunge passwd +if ( $cgi->param('_password') eq '*HIDDEN*' ) { + die "fatal: no previous account to recall hidden password from!" unless $old; + $cgi->param('_password',$old->getfield('_password')); +} + +#unmunge usergroup +$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] ); + +#unmunge bytecounts +foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) { + $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) ); +} + +my %hash = $svcnum ? $old->hash : (); +map { + $hash{$_} = scalar($cgi->param($_)); + #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir + # shell quota slipip) + } (fields('svc_acct'), qw ( pkgnum svcpart usergroup )); +my $new = new FS::svc_acct ( \%hash ); + +my $error; +if ( $svcnum ) { + foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) { + my %hash = map { $_ => $new->$_ } + grep { $new->$_ } + qw( seconds upbytes downbytes totalbytes ); + + $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes + last; #once is enough + } + $error ||= $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} +</%init> diff --git a/httemplate/edit/process/svc_acct_pop.cgi b/httemplate/edit/process/svc_acct_pop.cgi index 9e9df7bf0..75b89c88f 100755 --- a/httemplate/edit/process/svc_acct_pop.cgi +++ b/httemplate/edit/process/svc_acct_pop.cgi @@ -1,29 +1,30 @@ -% -% -%my $popnum = $cgi->param('popnum'); -% -%my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum; -% -%my $new = new FS::svc_acct_pop ( { -% map { -% $_, scalar($cgi->param($_)); -% } fields('svc_acct_pop') -%} ); -% -%my $error = ''; -%if ( $popnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $popnum=$new->getfield('popnum'); -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi"); +<% $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $popnum = $cgi->param('popnum'); + +my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum; + +my $new = new FS::svc_acct_pop ( { + map { + $_, scalar($cgi->param($_)); + } fields('svc_acct_pop') +} ); + +my $error = ''; +if ( $popnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $popnum=$new->getfield('popnum'); +} +</%init> diff --git a/httemplate/edit/process/svc_broadband.cgi b/httemplate/edit/process/svc_broadband.cgi index cf4604639..8600da349 100644 --- a/httemplate/edit/process/svc_broadband.cgi +++ b/httemplate/edit/process/svc_broadband.cgi @@ -1,37 +1,38 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $old; -%if ( $svcnum ) { -% $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } ) -% or die "fatal: can't find broadband service (svcnum $svcnum)!"; -%} else { -% $old = ''; -%} -% -%my $new = new FS::svc_broadband ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_broadband'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->svcnum; -%} -% %if ( $error ) { % $cgi->param('error', $error); % $cgi->param('ip_addr', $new->ip_addr); -% print $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum ); +<% $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum ) %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $old; +if ( $svcnum ) { + $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } ) + or die "fatal: can't find broadband service (svcnum $svcnum)!"; +} else { + $old = ''; +} + +my $new = new FS::svc_broadband ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_broadband'), qw( pkgnum svcpart ) ) +} ); + +my $error; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} +</%init> diff --git a/httemplate/edit/process/svc_domain.cgi b/httemplate/edit/process/svc_domain.cgi index 773143fe3..9993a879e 100755 --- a/httemplate/edit/process/svc_domain.cgi +++ b/httemplate/edit/process/svc_domain.cgi @@ -1,32 +1,33 @@ -% -% -%#remove this to actually test the domains! -%$FS::svc_domain::whois_hack = 1; -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $new = new FS::svc_domain ( { -% map { -% $_, scalar($cgi->param($_)); -% #} qw(svcnum pkgnum svcpart domain action purpose) -% } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) ) -%} ); -% -%my $error = ''; -%if ($cgi->param('svcnum')) { -% $error="Can't modify a domain!"; -%} else { -% $error=$new->insert; -% $svcnum=$new->svcnum; -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +#remove this to actually test the domains! +$FS::svc_domain::whois_hack = 1; + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $new = new FS::svc_domain ( { + map { + $_, scalar($cgi->param($_)); + #} qw(svcnum pkgnum svcpart domain action purpose) + } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) ) +} ); + +my $error = ''; +if ($cgi->param('svcnum')) { + $error="Can't modify a domain!"; +} else { + $error=$new->insert; + $svcnum=$new->svcnum; +} +</%init> diff --git a/httemplate/edit/process/svc_external.cgi b/httemplate/edit/process/svc_external.cgi index 97da6ba87..673e5a5a0 100755 --- a/httemplate/edit/process/svc_external.cgi +++ b/httemplate/edit/process/svc_external.cgi @@ -1,30 +1,31 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum =$1; -% -%my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::svc_external ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_external'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error = ''; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->getfield('svcnum'); -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum =$1; + +my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::svc_external ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_external'), qw( pkgnum svcpart ) ) +} ); + +my $error = ''; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->getfield('svcnum'); +} +</%init> diff --git a/httemplate/edit/process/svc_forward.cgi b/httemplate/edit/process/svc_forward.cgi index 3205312f1..fffad84d6 100755 --- a/httemplate/edit/process/svc_forward.cgi +++ b/httemplate/edit/process/svc_forward.cgi @@ -1,30 +1,31 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum =$1; -% -%my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum; -% -%my $new = new FS::svc_forward ( { -% map { -% ($_, scalar($cgi->param($_))); -% } ( fields('svc_forward'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error = ''; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->getfield('svcnum'); -%} -% %if ($error) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum"); +<% $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum") %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum =$1; + +my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum; + +my $new = new FS::svc_forward ( { + map { + ($_, scalar($cgi->param($_))); + } ( fields('svc_forward'), qw( pkgnum svcpart ) ) +} ); + +my $error = ''; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->getfield('svcnum'); +} +</%init> diff --git a/httemplate/edit/process/svc_phone.html b/httemplate/edit/process/svc_phone.html index 44235de63..27a703cdf 100644 --- a/httemplate/edit/process/svc_phone.html +++ b/httemplate/edit/process/svc_phone.html @@ -2,3 +2,9 @@ 'table' => 'svc_phone', ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +</%init> diff --git a/httemplate/edit/process/svc_www.cgi b/httemplate/edit/process/svc_www.cgi index e9a52aff2..f02d25305 100644 --- a/httemplate/edit/process/svc_www.cgi +++ b/httemplate/edit/process/svc_www.cgi @@ -1,37 +1,38 @@ -% -% -%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; -%my $svcnum = $1; -% -%my $old; -%if ( $svcnum ) { -% $old = qsearchs('svc_www', { 'svcnum' => $svcnum } ) -% or die "fatal: can't find website (svcnum $svcnum)!"; -%} else { -% $old = ''; -%} -% -%my $new = new FS::svc_www ( { -% map { -% ($_, scalar($cgi->param($_))); -% #} qw(svcnum pkgnum svcpart recnum usersvc) -% } ( fields('svc_www'), qw( pkgnum svcpart ) ) -%} ); -% -%my $error; -%if ( $svcnum ) { -% $error = $new->replace($old); -%} else { -% $error = $new->insert; -% $svcnum = $new->svcnum; -%} -% %if ( $error ) { % $cgi->param('error', $error); -% print $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string ); +<% $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string ) %> %} else { -% print $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum ); +<% $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum ) %> %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!"; +my $svcnum = $1; + +my $old; +if ( $svcnum ) { + $old = qsearchs('svc_www', { 'svcnum' => $svcnum } ) + or die "fatal: can't find website (svcnum $svcnum)!"; +} else { + $old = ''; +} + +my $new = new FS::svc_www ( { + map { + ($_, scalar($cgi->param($_))); + #} qw(svcnum pkgnum svcpart recnum usersvc) + } ( fields('svc_www'), qw( pkgnum svcpart ) ) +} ); + +my $error; +if ( $svcnum ) { + $error = $new->replace($old); +} else { + $error = $new->insert; + $svcnum = $new->svcnum; +} +</%init> diff --git a/httemplate/edit/quick-charge.html b/httemplate/edit/quick-charge.html index 92e0ae753..e8df37103 100644 --- a/httemplate/edit/quick-charge.html +++ b/httemplate/edit/quick-charge.html @@ -163,6 +163,9 @@ function validate_quick_charge () { </HTML> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('One-time charge'); + $cgi->param('custnum') =~ /^(\d+)$/ or die 'illegal custnum'; my $custnum = $1; diff --git a/httemplate/edit/rate.cgi b/httemplate/edit/rate.cgi index 269b3b09a..4c0abfe01 100644 --- a/httemplate/edit/rate.cgi +++ b/httemplate/edit/rate.cgi @@ -1,5 +1,4 @@ <% include("/elements/header.html","$action Rate plan", menubar( - 'Main Menu' => $p, 'View all rate plans' => "${p}browse/rate.cgi", )) %> diff --git a/httemplate/edit/rate_region.cgi b/httemplate/edit/rate_region.cgi index 47d1888e0..9dfcb3740 100644 --- a/httemplate/edit/rate_region.cgi +++ b/httemplate/edit/rate_region.cgi @@ -81,7 +81,7 @@ </TD> <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"> - <INPUT TYPE="text" SIZE=5 NAME="min_included<%$n%>" VALUE="<% $cgi->param("min_included$n") || $rate_detail->min_included %>"> + <INPUT TYPE="text" SIZE=5 NAME="min_included<%$n%>" VALUE="<% $cgi->param("min_included$n") || $rate_detail->min_included |h %>"> </TD> <TD CLASS="grid" BGCOLOR="<% $bgcolor %>"> diff --git a/httemplate/edit/reason.html b/httemplate/edit/reason.html index 512013ace..620a2ea15 100644 --- a/httemplate/edit/reason.html +++ b/httemplate/edit/reason.html @@ -42,3 +42,9 @@ 'viewall_url' => $p . "browse/reason.html?class=$class", ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +</%init> diff --git a/httemplate/edit/reason_type.html b/httemplate/edit/reason_type.html index 056544e5d..ea5650ec3 100644 --- a/httemplate/edit/reason_type.html +++ b/httemplate/edit/reason_type.html @@ -1,9 +1,3 @@ -% -%$cgi->param('class') =~ /^(\w)$/; -%my $class = $1; -% -%my $classname = $FS::reason_type::class_name{$class}; -% <% include( 'elements/edit.html', 'name' => $classname . ' Reason Type', 'table' => 'reason_type', @@ -22,3 +16,14 @@ 'new_hashref_callback' => sub {{ 'class' => $class }}, ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +$cgi->param('class') =~ /^(\w)$/; +my $class = $1; + +my $classname = $FS::reason_type::class_name{$class}; + +</%init> diff --git a/httemplate/edit/reg_code.cgi b/httemplate/edit/reg_code.cgi index 4ad39051a..e57ac09bf 100644 --- a/httemplate/edit/reg_code.cgi +++ b/httemplate/edit/reg_code.cgi @@ -1,16 +1,4 @@ -% -%my $agentnum = $cgi->param('agentnum'); -%$agentnum =~ /^(\d+)$/ or errorpage("illegal agentnum $agentnum"); -%$agentnum = $1; -%my $agent = qsearchs('agent', { 'agentnum' => $agentnum } ); -% -% - - -<% include("/elements/header.html",'Generate registration codes for '. $agent->agent, menubar( - 'Main Menu' => $p, - )) -%> +<% include('/elements/header.html', 'Generate registration codes for '. $agent->agent) %> <% include('/elements/error.html') %> @@ -39,5 +27,18 @@ registration codes for <B><% $agent->agent %></B> allowing the following package <BR> <INPUT TYPE="submit" NAME="submit" VALUE="Generate"> -</FORM></BODY></HTML> +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $agentnum = $cgi->param('agentnum'); +$agentnum =~ /^(\d+)$/ or errorpage("illegal agentnum $agentnum"); +$agentnum = $1; +my $agent = qsearchs('agent', { 'agentnum' => $agentnum } ); +</%init> diff --git a/httemplate/edit/router.cgi b/httemplate/edit/router.cgi index 8b01035d5..c08e54449 100755 --- a/httemplate/edit/router.cgi +++ b/httemplate/edit/router.cgi @@ -1,27 +1,7 @@ -<HTML><BODY> -% -% -%my $router; -%if ( $cgi->keywords ) { -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/; -% $router = qsearchs('router', { routernum => $1 }) -% or print $cgi->redirect(popurl(2)."browse/router.cgi") ; -%} else { -% $router = new FS::router ( { -% map { $_, scalar($cgi->param($_)) } fields('router') -% } ); -%} -% -%my $routernum = $router->routernum; -%my $action = $routernum ? 'Edit' : 'Add'; -% -%print header("$action Router", menubar( -% 'Main Menu' => "$p", -% 'View all routers' => "${p}browse/router.cgi", -%)); -% -%my $p3 = popurl(3); +<% include('/elements/header.html', "$action Router", menubar( + 'View all routers' => "${p}browse/router.cgi", + )) +%> <% include('/elements/error.html') %> @@ -70,5 +50,29 @@ Custom fields: <BR><BR><INPUT TYPE="submit" VALUE="Apply changes"> </FORM> -</BODY></HTML> +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $router; +if ( $cgi->keywords ) { + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/; + $router = qsearchs('router', { routernum => $1 }) + or print $cgi->redirect(popurl(2)."browse/router.cgi") ; +} else { + $router = new FS::router ( { + map { $_, scalar($cgi->param($_)) } fields('router') + } ); +} + +my $routernum = $router->routernum; +my $action = $routernum ? 'Edit' : 'Add'; + +my $p3 = popurl(3); + +</%init> diff --git a/httemplate/edit/svc_Common.html b/httemplate/edit/svc_Common.html index 6393f9ebc..6666d9720 100644 --- a/httemplate/edit/svc_Common.html +++ b/httemplate/edit/svc_Common.html @@ -1,5 +1,14 @@ +<% include('elements/svc_Common.html', + 'table' => $table, + 'post_url' => popurl(1). "process/svc_Common.html", + %opt, + ) +%> <%init> +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + # false laziness w/view/svc_Common.html $cgi->param('svcdb') =~ /^(svc_\w+)$/ or die "unparsable svcdb"; @@ -22,9 +31,3 @@ if ( UNIVERSAL::can("FS::$table", 'table_info') ) { } </%init> -<% include('elements/svc_Common.html', - 'table' => $table, - 'post_url' => popurl(1). "process/svc_Common.html", - %opt, - ) -%> diff --git a/httemplate/edit/svc_acct.cgi b/httemplate/edit/svc_acct.cgi index 5bf3f0dd1..58283ef54 100755 --- a/httemplate/edit/svc_acct.cgi +++ b/httemplate/edit/svc_acct.cgi @@ -1,132 +1,4 @@ -% -% -%my $conf = new FS::Conf; -%my @shells = $conf->config('shells'); -% -%my $curuser = $FS::CurrentUser::CurrentUser; -% -%my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_acct, @groups); -%if ( $cgi->param('error') ) { -% -% $svc_acct = new FS::svc_acct ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_acct') -% } ); -% $svcnum = $svc_acct->svcnum; -% $pkgnum = $cgi->param('pkgnum'); -% $svcpart = $cgi->param('svcpart'); -% $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } ); -% die "No part_svc entry for svcpart $svcpart!" unless $part_svc; -% @groups = $cgi->param('radius_usergroup'); -% -%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding -% -% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; -% $pkgnum = $1; -% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; -% $svcpart = $1; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -% $svc_acct = new FS::svc_acct({svcpart => $svcpart}); -% -% $svcnum=''; -% -%} else { #editing -% -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/ or die "unparsable svcnum"; -% $svcnum=$1; -% $svc_acct=qsearchs('svc_acct',{'svcnum'=>$svcnum}) -% or die "Unknown (svc_acct) svcnum!"; -% -% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) -% or die "Unknown (cust_svc) svcnum!"; -% -% $pkgnum=$cust_svc->pkgnum; -% $svcpart=$cust_svc->svcpart; -% -% $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } ); -% die "No part_svc entry for svcpart $svcpart!" unless $part_svc; -% -% @groups = $svc_acct->radius_groups; -% -%} -% -%my( $cust_pkg, $cust_main ) = ( '', '' ); -%if ( $pkgnum ) { -% $cust_pkg = qsearchs('cust_pkg', { 'pkgnum' => $pkgnum } ); -% $cust_main = $cust_pkg->cust_main; -%} -% -%unless ( $svcnum || $cgi->param('error') ) { #adding -% -% #set gecos -% if ($cust_main) { -% unless ( $part_svc->part_svc_column('uid')->columnflag eq 'F' ) { -% $svc_acct->setfield('finger', -% $cust_main->getfield('first') . " " . $cust_main->getfield('last') -% ); -% } -% } -% -% $svc_acct->set_default_and_fixed( { -% #false laziness w/svc-acct::_fieldhandlers -% 'usergroup' => sub { -% my( $self, $groups ) = @_; -% if ( ref($groups) eq 'ARRAY' ) { -% @groups = @$groups; -% $groups; -% } elsif ( length($groups) ) { -% @groups = split(/\s*,\s*/, $groups); -% [ @groups ]; -% } else { -% @groups = (); -% []; -% } -% } -% } ); -% -%} -% -%#fixed radius groups always override & display -%if ( $part_svc->part_svc_column('usergroup')->columnflag eq 'F' ) { -% @groups = split(',', $part_svc->part_svc_column('usergroup')->columnvalue); -%} -% -%my $action = $svcnum ? 'Edit' : 'Add'; -% -%my $svc = $part_svc->getfield('svc'); -% -%my $otaker = getotaker; -% -%my $username = $svc_acct->username; -%my $password; -%if ( $svc_acct->_password ) { -% if ( $conf->exists('showpasswords') || ! $svcnum ) { -% $password = $svc_acct->_password; -% } else { -% $password = "*HIDDEN*"; -% } -%} else { -% $password = ''; -%} -% -%my $ulen = -% $conf->exists('usernamemax') -% ? $conf->config('usernamemax') -% : dbdef->table('svc_acct')->column('username')->length; -%my $ulen2 = $ulen+2; -% -%my $pmax = $conf->config('passwordmax') || 8; -%my $pmax2 = $pmax+2; -% -%my $p1 = popurl(1); -% -% - - -<% include("/elements/header.html","$action $svc account") %> +<% include('/elements/header.html', "$action $svc account") %> <% include('/elements/error.html') %> @@ -445,4 +317,136 @@ Service # <% $svcnum ? "<B>$svcnum</B>" : " (NEW)" %><BR> <INPUT TYPE="submit" VALUE="Submit"> -</FORM></BODY></HTML> +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +my $conf = new FS::Conf; +my @shells = $conf->config('shells'); + +my $curuser = $FS::CurrentUser::CurrentUser; + +my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_acct, @groups); +if ( $cgi->param('error') ) { + + $svc_acct = new FS::svc_acct ( { + map { $_, scalar($cgi->param($_)) } fields('svc_acct') + } ); + $svcnum = $svc_acct->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } ); + die "No part_svc entry for svcpart $svcpart!" unless $part_svc; + @groups = $cgi->param('radius_usergroup'); + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_acct = new FS::svc_acct({svcpart => $svcpart}); + + $svcnum=''; + +} else { #editing + + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_acct=qsearchs('svc_acct',{'svcnum'=>$svcnum}) + or die "Unknown (svc_acct) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc = qsearchs( 'part_svc', { 'svcpart' => $svcpart } ); + die "No part_svc entry for svcpart $svcpart!" unless $part_svc; + + @groups = $svc_acct->radius_groups; + +} + +my( $cust_pkg, $cust_main ) = ( '', '' ); +if ( $pkgnum ) { + $cust_pkg = qsearchs('cust_pkg', { 'pkgnum' => $pkgnum } ); + $cust_main = $cust_pkg->cust_main; +} + +unless ( $svcnum || $cgi->param('error') ) { #adding + + #set gecos + if ($cust_main) { + unless ( $part_svc->part_svc_column('uid')->columnflag eq 'F' ) { + $svc_acct->setfield('finger', + $cust_main->getfield('first') . " " . $cust_main->getfield('last') + ); + } + } + + $svc_acct->set_default_and_fixed( { + #false laziness w/svc-acct::_fieldhandlers + 'usergroup' => sub { + my( $self, $groups ) = @_; + if ( ref($groups) eq 'ARRAY' ) { + @groups = @$groups; + $groups; + } elsif ( length($groups) ) { + @groups = split(/\s*,\s*/, $groups); + [ @groups ]; + } else { + @groups = (); + []; + } + } + } ); + +} + +#fixed radius groups always override & display +if ( $part_svc->part_svc_column('usergroup')->columnflag eq 'F' ) { + @groups = split(',', $part_svc->part_svc_column('usergroup')->columnvalue); +} + +my $action = $svcnum ? 'Edit' : 'Add'; + +my $svc = $part_svc->getfield('svc'); + +my $otaker = getotaker; + +my $username = $svc_acct->username; +my $password; +if ( $svc_acct->_password ) { + if ( $conf->exists('showpasswords') || ! $svcnum ) { + $password = $svc_acct->_password; + } else { + $password = "*HIDDEN*"; + } +} else { + $password = ''; +} + +my $ulen = + $conf->exists('usernamemax') + ? $conf->config('usernamemax') + : dbdef->table('svc_acct')->column('username')->length; +my $ulen2 = $ulen+2; + +my $pmax = $conf->config('passwordmax') || 8; +my $pmax2 = $pmax+2; + +my $p1 = popurl(1); + +</%init> diff --git a/httemplate/edit/svc_acct_pop.cgi b/httemplate/edit/svc_acct_pop.cgi index 641aa0378..3c16a1f95 100755 --- a/httemplate/edit/svc_acct_pop.cgi +++ b/httemplate/edit/svc_acct_pop.cgi @@ -1,57 +1,50 @@ -<!-- mason kludge --> -% -% -%my $svc_acct_pop; -%if ( $cgi->param('error') ) { -% $svc_acct_pop = new FS::svc_acct_pop ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_acct_pop') -% } ); -%} elsif ( $cgi->keywords ) { #editing -% my($query)=$cgi->keywords; -% $query =~ /^(\d+)$/; -% $svc_acct_pop=qsearchs('svc_acct_pop',{'popnum'=>$1}); -%} else { #adding -% $svc_acct_pop = new FS::svc_acct_pop {}; -%} -%my $action = $svc_acct_pop->popnum ? 'Edit' : 'Add'; -%my $hashref = $svc_acct_pop->hashref; -% -%my $p1 = popurl(1); -%print header("$action Access Number", menubar( -% 'Main Menu' => popurl(2), -% 'View all Access Numbers' => popurl(2). "browse/svc_acct_pop.cgi", -%)); -% -%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'), -% "</FONT>" -% if $cgi->param('error'); -% -%print qq!<FORM ACTION="${p1}process/svc_acct_pop.cgi" METHOD=POST>!; -% -%#display -% -%print qq!<INPUT TYPE="hidden" NAME="popnum" VALUE="$hashref->{popnum}">!, -% "POP #", $hashref->{popnum} ? $hashref->{popnum} : "(NEW)"; -% -%print <<END; -%<PRE> -%City <INPUT TYPE="text" NAME="city" SIZE=32 VALUE="$hashref->{city}"> -%State <INPUT TYPE="text" NAME="state" SIZE=16 MAXLENGTH=16 VALUE="$hashref->{state}"> -%Area Code <INPUT TYPE="text" NAME="ac" SIZE=4 MAXLENGTH=3 VALUE="$hashref->{ac}"> -%Exchange <INPUT TYPE="text" NAME="exch" SIZE=4 MAXLENGTH=3 VALUE="$hashref->{exch}"> -%Local <INPUT TYPE="text" NAME="loc" SIZE=5 MAXLENGTH=4 VALUE="$hashref->{loc}"> -%</PRE> -%END -% -%print qq!<BR><INPUT TYPE="submit" VALUE="!, -% $hashref->{popnum} ? "Apply changes" : "Add Access Number", -% qq!">!; -% -%print <<END; -% </FORM> -% </BODY> -%</HTML> -%END -% -% +<% include('/elements/header.html', "$action Access Number", menubar( + 'View all Access Numbers' => popurl(2). "browse/svc_acct_pop.cgi", + )) +%> +<% include('/elements/error.html') %> + +<FORM ACTION="<%$p1%>process/svc_acct_pop.cgi" METHOD=POST> + +<INPUT TYPE="hidden" NAME="popnum" VALUE="<% $hashref->{popnum} %>"> +Access Number #<% $hashref->{popnum} ? $hashref->{popnum} : "(NEW)" %> + +<PRE> +City <INPUT TYPE="text" NAME="city" SIZE=32 VALUE="<% $hashref->{city} %>"> +State <INPUT TYPE="text" NAME="state" SIZE=16 MAXLENGTH=16 VALUE="<% $hashref->{state} %>"> +Area Code <INPUT TYPE="text" NAME="ac" SIZE=4 MAXLENGTH=3 VALUE="<% $hashref->{ac} %>"> +Exchange <INPUT TYPE="text" NAME="exch" SIZE=4 MAXLENGTH=3 VALUE="<% $hashref->{exch} %>"> +Local <INPUT TYPE="text" NAME="loc" SIZE=5 MAXLENGTH=4 VALUE="<% $hashref->{loc} %>"> +</PRE> + +<BR> +<INPUT TYPE="submit" VALUE="<% $hashref->{popnum} ? "Apply changes" : "Add Access Number" %>"> + +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Configuration'); + +my $svc_acct_pop; +if ( $cgi->param('error') ) { + $svc_acct_pop = new FS::svc_acct_pop ( { + map { $_, scalar($cgi->param($_)) } fields('svc_acct_pop') + } ); +} elsif ( $cgi->keywords ) { #editing + my($query)=$cgi->keywords; + $query =~ /^(\d+)$/; + $svc_acct_pop=qsearchs('svc_acct_pop',{'popnum'=>$1}); +} else { #adding + $svc_acct_pop = new FS::svc_acct_pop {}; +} +my $action = $svc_acct_pop->popnum ? 'Edit' : 'Add'; +my $hashref = $svc_acct_pop->hashref; + +my $p1 = popurl(1); + +</%init> diff --git a/httemplate/edit/svc_broadband.cgi b/httemplate/edit/svc_broadband.cgi index a1580ce01..c2fb58dda 100644 --- a/httemplate/edit/svc_broadband.cgi +++ b/httemplate/edit/svc_broadband.cgi @@ -1,91 +1,4 @@ -%# If it's stupid but it works, it's still stupid. -%# -Kristian -% -%use HTML::Widgets::SelectLayers; -%use Tie::IxHash; -% -%my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_broadband ); -%if ( $cgi->param('error') ) { -% -% $svc_broadband = new FS::svc_broadband ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_broadband'), qw(svcpart) -% } ); -% $svcnum = $svc_broadband->svcnum; -% $pkgnum = $cgi->param('pkgnum'); -% $svcpart = $svc_broadband->svcpart; -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding -% -% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; -% $pkgnum = $1; -% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; -% $svcpart = $1; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -% $svc_broadband = new FS::svc_broadband({ svcpart => $svcpart }); -% -% $svcnum=''; -% -% $svc_broadband->set_default_and_fixed; -% -%} else { #editing -% -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/ or die "unparsable svcnum"; -% $svcnum=$1; -% $svc_broadband=qsearchs('svc_broadband',{'svcnum'=>$svcnum}) -% or die "Unknown (svc_broadband) svcnum!"; -% -% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) -% or die "Unknown (cust_svc) svcnum!"; -% -% $pkgnum=$cust_svc->pkgnum; -% $svcpart=$cust_svc->svcpart; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} -%my $action = $svc_broadband->svcnum ? 'Edit' : 'Add'; -% -%if ($pkgnum) { -% -% #Nothing? -% -%} elsif ( $action eq 'Edit' ) { -% -% #Nothing? -% -%} else { -% die "\$action eq Add, but \$pkgnum is null!\n"; -%} -% -%my $p1 = popurl(1); -% -%my ($ip_addr, $speed_up, $speed_down, $blocknum, $mac_addr, -% $latitude, $longitude, $altitude, $vlan_profile, $auth_key, -% $description) = -% ($svc_broadband->ip_addr, -% $svc_broadband->speed_up, -% $svc_broadband->speed_down, -% $svc_broadband->blocknum, -% $svc_broadband->mac_addr, -% $svc_broadband->latitude, -% $svc_broadband->longitude, -% $svc_broadband->altitude, -% $svc_broadband->vlan_profile, -% $svc_broadband->auth_key, -% $svc_broadband->description, -% ); -% -% - - -<% include("/elements/header.html","Broadband Service $action", '') %> +<% include('/elements/header.html', "Broadband Service $action") %> <% include('/elements/error.html') %> @@ -246,6 +159,96 @@ Service #<B><%$svcnum ? $svcnum : "(NEW)"%></B><BR><BR> <BR> <INPUT TYPE="submit" NAME="submit" VALUE="Submit"> </FORM> -</BODY> -</HTML> +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +# If it's stupid but it works, it's still stupid. +# -Kristian + +use HTML::Widgets::SelectLayers; +use Tie::IxHash; + +my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_broadband ); +if ( $cgi->param('error') ) { + + $svc_broadband = new FS::svc_broadband ( { + map { $_, scalar($cgi->param($_)) } fields('svc_broadband'), qw(svcpart) + } ); + $svcnum = $svc_broadband->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $svc_broadband->svcpart; + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_broadband = new FS::svc_broadband({ svcpart => $svcpart }); + + $svcnum=''; + + $svc_broadband->set_default_and_fixed; + +} else { #editing + + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_broadband=qsearchs('svc_broadband',{'svcnum'=>$svcnum}) + or die "Unknown (svc_broadband) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} +my $action = $svc_broadband->svcnum ? 'Edit' : 'Add'; + +if ($pkgnum) { + + #Nothing? + +} elsif ( $action eq 'Edit' ) { + + #Nothing? + +} else { + die "\$action eq Add, but \$pkgnum is null!\n"; +} + +my $p1 = popurl(1); + +my ($ip_addr, $speed_up, $speed_down, $blocknum, $mac_addr, + $latitude, $longitude, $altitude, $vlan_profile, $auth_key, + $description) = + ($svc_broadband->ip_addr, + $svc_broadband->speed_up, + $svc_broadband->speed_down, + $svc_broadband->blocknum, + $svc_broadband->mac_addr, + $svc_broadband->latitude, + $svc_broadband->longitude, + $svc_broadband->altitude, + $svc_broadband->vlan_profile, + $svc_broadband->auth_key, + $svc_broadband->description, + ); + +</%init> diff --git a/httemplate/edit/svc_domain.cgi b/httemplate/edit/svc_domain.cgi index 60c67a005..56ba604bf 100755 --- a/httemplate/edit/svc_domain.cgi +++ b/httemplate/edit/svc_domain.cgi @@ -1,67 +1,3 @@ -%my($svcnum, $pkgnum, $svcpart, $kludge_action, $purpose, $part_svc, -% $svc_domain); -%if ( $cgi->param('error') ) { -% -% $svc_domain = new FS::svc_domain ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_domain') -% } ); -% $svcnum = $svc_domain->svcnum; -% $pkgnum = $cgi->param('pkgnum'); -% $svcpart = $cgi->param('svcpart'); -% $kludge_action = $cgi->param('action'); -% $purpose = $cgi->param('purpose'); -% $part_svc = qsearchs('part_svc', { 'svcpart' => $svcpart } ); -% die "No part_svc entry!" unless $part_svc; -% -%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding -% -% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; -% $pkgnum = $1; -% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; -% $svcpart = $1; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -% $svc_domain = new FS::svc_domain({}); -% -% $svcnum=''; -% -% $svc_domain->set_default_and_fixed; -% -%} else { #editing -% -% $kludge_action = ''; -% $purpose = ''; -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/ or die "unparsable svcnum"; -% $svcnum=$1; -% $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum}) -% or die "Unknown (svc_domain) svcnum!"; -% -% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) -% or die "Unknown (cust_svc) svcnum!"; -% -% $pkgnum=$cust_svc->pkgnum; -% $svcpart=$cust_svc->svcpart; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} -%my $action = $svcnum ? 'Edit' : 'Add'; -% -%my $svc = $part_svc->getfield('svc'); -% -%my $otaker = getotaker; -% -%my $domain = $svc_domain->domain; -% -%my $p1 = popurl(1); -% -% - - <% include('/elements/header.html', "$action $svc", '') %> <% include('/elements/error.html') %> @@ -85,3 +21,71 @@ </FORM> <% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +my($svcnum, $pkgnum, $svcpart, $kludge_action, $purpose, $part_svc, + $svc_domain); +if ( $cgi->param('error') ) { + + $svc_domain = new FS::svc_domain ( { + map { $_, scalar($cgi->param($_)) } fields('svc_domain') + } ); + $svcnum = $svc_domain->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $kludge_action = $cgi->param('action'); + $purpose = $cgi->param('purpose'); + $part_svc = qsearchs('part_svc', { 'svcpart' => $svcpart } ); + die "No part_svc entry!" unless $part_svc; + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_domain = new FS::svc_domain({}); + + $svcnum=''; + + $svc_domain->set_default_and_fixed; + +} else { #editing + + $kludge_action = ''; + $purpose = ''; + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum}) + or die "Unknown (svc_domain) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} +my $action = $svcnum ? 'Edit' : 'Add'; + +my $svc = $part_svc->getfield('svc'); + +my $otaker = getotaker; + +my $domain = $svc_domain->domain; + +my $p1 = popurl(1); + +</%init> diff --git a/httemplate/edit/svc_external.cgi b/httemplate/edit/svc_external.cgi index 393e71c38..0df842b21 100644 --- a/httemplate/edit/svc_external.cgi +++ b/httemplate/edit/svc_external.cgi @@ -1,99 +1,102 @@ -%my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_external ); -%if ( $cgi->param('error') ) { -% -% $svc_external = new FS::svc_external ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_external') -% } ); -% $svcnum = $svc_external->svcnum; -% $pkgnum = $cgi->param('pkgnum'); -% $svcpart = $cgi->param('svcpart'); -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding -% -% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; -% $pkgnum = $1; -% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; -% $svcpart = $1; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -% $svc_external = new FS::svc_external { svcpart => $svcpart }; -% -% $svcnum=''; -% -% $svc_external->set_default_and_fixed; -% -%} else { #adding -% -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/ or die "unparsable svcnum"; -% $svcnum=$1; -% $svc_external=qsearchs('svc_external',{'svcnum'=>$svcnum}) -% or die "Unknown (svc_external) svcnum!"; -% -% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) -% or die "Unknown (cust_svc) svcnum!"; -% -% $pkgnum=$cust_svc->pkgnum; -% $svcpart=$cust_svc->svcpart; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} -%my $action = $svc_external->svcnum ? 'Edit' : 'Add'; -% -%my $p1 = popurl(1); -%print header("External service $action", ''); -% -%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'), -% "</FONT>" -% if $cgi->param('error'); -% -%print qq!<FORM ACTION="${p1}process/svc_external.cgi" METHOD=POST>!; -% -%#display -% -% -%#svcnum -%print qq!<INPUT TYPE="hidden" NAME="svcnum" VALUE="$svcnum">!; -%print qq!Service #<B>!, $svcnum ? $svcnum : "(NEW)", "</B><BR><BR>"; -% -%#pkgnum -%print qq!<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">!; -% -%#svcpart -%print qq!<INPUT TYPE="hidden" NAME="svcpart" VALUE="$svcpart">!; -% -%my($id,$title)=( -% $svc_external->id, -% $svc_external->title, -%); -% -%print &ntable("#cccccc",2), -% '<TR><TD ALIGN="right">External ID</TD><TD>'. -% qq!<INPUT TYPE="text" NAME="id" VALUE="$id">!. -% '</TD></TR>'. -% '<TR><TD ALIGN="right">Title</TD><TD>'. -% qq!<INPUT TYPE="text" NAME="title" VALUE="$title">!. -% '</TD></TR>'; -% -%foreach my $field ($svc_external->virtual_fields) { -% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) { -% # If the flag is X, it won't even show up in $svc_acct->virtual_fields. -% print $svc_external->pvf($field)->widget('HTML', 'edit', -% $svc_external->getfield($field)); -% } -%} -% -% +<% include('/elements/header.html', "External service $action") %> + +<% include('/elements/error.html') %> + +<FORM ACTION="<%$p1%>process/svc_external.cgi" METHOD=POST> + +<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>"> +Service #<B><% $svcnum ? $svcnum : "(NEW)" %></B> +<BR><BR> + +<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> + +<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> + +% my $id = $svc_external->id; +% my $title = $svc_external->title; +% +<% &ntable("#cccccc",2) %> + <TR> + <TD ALIGN="right">External ID</TD> + <TD><INPUT TYPE="text" NAME="id" VALUE="<% $id %>"></TD> + </TR> + <TR> + <TD ALIGN="right">Title</TD> + <TD><INPUT TYPE="text" NAME="title" VALUE="<% $title %>"></TD> + </TR> + +% foreach my $field ($svc_external->virtual_fields) { +% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) { +% # If the flag is X, it won't even show up in $svc_acct->virtual_fields. + <% $svc_external->pvf($field)->widget( 'HTML', + 'edit', + $svc_external->getfield($field) + ) + %> +% } +% } + +</TABLE> +<BR> + +<INPUT TYPE="submit" VALUE="Submit"> +</FORM> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_external ); +if ( $cgi->param('error') ) { + + $svc_external = new FS::svc_external ( { + map { $_, scalar($cgi->param($_)) } fields('svc_external') + } ); + $svcnum = $svc_external->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_external = new FS::svc_external { svcpart => $svcpart }; + + $svcnum=''; + + $svc_external->set_default_and_fixed; + +} else { #adding + + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_external=qsearchs('svc_external',{'svcnum'=>$svcnum}) + or die "Unknown (svc_external) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; +} +my $action = $svc_external->svcnum ? 'Edit' : 'Add'; -</TABLE><BR><INPUT TYPE="submit" VALUE="Submit"> - </FORM> - </BODY> -</HTML> +my $p1 = popurl(1); +</%init> diff --git a/httemplate/edit/svc_forward.cgi b/httemplate/edit/svc_forward.cgi index c9159b3e1..96a00a5aa 100755 --- a/httemplate/edit/svc_forward.cgi +++ b/httemplate/edit/svc_forward.cgi @@ -1,111 +1,4 @@ -<!-- mason kludge --> -% -% -%my $conf = new FS::Conf; -% -%my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_forward); -%if ( $cgi->param('error') ) { -% $svc_forward = new FS::svc_forward ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_forward') -% } ); -% $svcnum = $svc_forward->svcnum; -% $pkgnum = $cgi->param('pkgnum'); -% $svcpart = $cgi->param('svcpart'); -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding -% -% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; -% $pkgnum = $1; -% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; -% $svcpart = $1; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -% $svc_forward = new FS::svc_forward({}); -% -% $svcnum=''; -% -% $svc_forward->set_default_and_fixed; -% -%} else { #editing -% -% my($query) = $cgi->keywords; -% -% $query =~ /^(\d+)$/ or die "unparsable svcnum"; -% $svcnum=$1; -% $svc_forward=qsearchs('svc_forward',{'svcnum'=>$svcnum}) -% or die "Unknown (svc_forward) svcnum!"; -% -% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) -% or die "Unknown (cust_svc) svcnum!"; -% -% $pkgnum=$cust_svc->pkgnum; -% $svcpart=$cust_svc->svcpart; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} -%my $action = $svc_forward->svcnum ? 'Edit' : 'Add'; -% -%my %email; -% -%#starting with those currently attached -%foreach my $method (qw( srcsvc_acct dstsvc_acct )) { -% my $svc_acct = $svc_forward->$method(); -% $email{$svc_acct->svcnum} = $svc_acct->email if $svc_acct; -%} -% -%if ($pkgnum) { -% -% #find all possible user svcnums (and emails) -% -% #and including the rest for this customer -% my($u_part_svc,@u_acct_svcparts); -% foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) { -% push @u_acct_svcparts,$u_part_svc->getfield('svcpart'); -% } -% -% my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); -% my($custnum)=$cust_pkg->getfield('custnum'); -% my($i_cust_pkg); -% foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) { -% my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum'); -% my($acct_svcpart); -% foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding -% #record(s) in cust_svc ( for this -% #pkgnum ! ) -% foreach my $i_cust_svc ( -% qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum, -% 'svcpart' => $acct_svcpart } ) -% ) { -% my $svc_acct = -% qsearchs( 'svc_acct', { 'svcnum' => $i_cust_svc->svcnum } ); -% $email{$svc_acct->svcnum} = $svc_acct->email; -% } -% } -% } -% -%} elsif ( $action eq 'Add' ) { -% die "\$action eq Add, but \$pkgnum is null!\n"; -%} -% -%my($srcsvc,$dstsvc,$dst)=( -% $svc_forward->srcsvc, -% $svc_forward->dstsvc, -% $svc_forward->dst, -%); -%my $src = $svc_forward->dbdef_table->column('src') ? $svc_forward->src : ''; -% -%#display -% -% - - -<% include("/elements/header.html","Mail Forward $action") %> +<% include('/elements/header.html', "Mail Forward $action") %> <% include('/elements/error.html') %> @@ -172,5 +65,111 @@ function dstchanged(what) { </TABLE> <BR><INPUT TYPE="submit" VALUE="Submit"> </FORM> - </BODY> -</HTML> + +<% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +my $conf = new FS::Conf; + +my($svcnum, $pkgnum, $svcpart, $part_svc, $svc_forward); +if ( $cgi->param('error') ) { + $svc_forward = new FS::svc_forward ( { + map { $_, scalar($cgi->param($_)) } fields('svc_forward') + } ); + $svcnum = $svc_forward->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_forward = new FS::svc_forward({}); + + $svcnum=''; + + $svc_forward->set_default_and_fixed; + +} else { #editing + + my($query) = $cgi->keywords; + + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_forward=qsearchs('svc_forward',{'svcnum'=>$svcnum}) + or die "Unknown (svc_forward) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} +my $action = $svc_forward->svcnum ? 'Edit' : 'Add'; + +my %email; + +#starting with those currently attached +foreach my $method (qw( srcsvc_acct dstsvc_acct )) { + my $svc_acct = $svc_forward->$method(); + $email{$svc_acct->svcnum} = $svc_acct->email if $svc_acct; +} + +if ($pkgnum) { + + #find all possible user svcnums (and emails) + + #and including the rest for this customer + my($u_part_svc,@u_acct_svcparts); + foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) { + push @u_acct_svcparts,$u_part_svc->getfield('svcpart'); + } + + my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); + my($custnum)=$cust_pkg->getfield('custnum'); + my($i_cust_pkg); + foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) { + my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum'); + my($acct_svcpart); + foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding + #record(s) in cust_svc ( for this + #pkgnum ! ) + foreach my $i_cust_svc ( + qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum, + 'svcpart' => $acct_svcpart } ) + ) { + my $svc_acct = + qsearchs( 'svc_acct', { 'svcnum' => $i_cust_svc->svcnum } ); + $email{$svc_acct->svcnum} = $svc_acct->email; + } + } + } + +} elsif ( $action eq 'Add' ) { + die "\$action eq Add, but \$pkgnum is null!\n"; +} + +my($srcsvc,$dstsvc,$dst)=( + $svc_forward->srcsvc, + $svc_forward->dstsvc, + $svc_forward->dst, +); +my $src = $svc_forward->dbdef_table->column('src') ? $svc_forward->src : ''; + +</%init> diff --git a/httemplate/edit/svc_phone.cgi b/httemplate/edit/svc_phone.cgi index ca62b6416..78b849c8d 100644 --- a/httemplate/edit/svc_phone.cgi +++ b/httemplate/edit/svc_phone.cgi @@ -9,3 +9,9 @@ }, ) %> +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +</%init> diff --git a/httemplate/edit/svc_www.cgi b/httemplate/edit/svc_www.cgi index e19a4fa08..e64928694 100644 --- a/httemplate/edit/svc_www.cgi +++ b/httemplate/edit/svc_www.cgi @@ -1,227 +1,240 @@ -%my $conf = new FS::Conf; -% -%my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_www, $config ); -% -%if ( $cgi->param('error') ) { -% -% $svc_www = new FS::svc_www ( { -% map { $_, scalar($cgi->param($_)) } fields('svc_www') -% } ); -% $svcnum = $svc_www->svcnum; -% $pkgnum = $cgi->param('pkgnum'); -% $svcpart = $cgi->param('svcpart'); -% $config = $cgi->param('config'); -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding -% -% $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; -% $pkgnum = $1; -% $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; -% $svcpart = $1; -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -% $svc_www = new FS::svc_www { svcpart => $svcpart }; -% -% $svcnum=''; -% -% $svc_www->set_default_and_fixed; -% -%} else { #editing -% -% my($query) = $cgi->keywords; -% $query =~ /^(\d+)$/ or die "unparsable svcnum"; -% $svcnum=$1; -% $svc_www=qsearchs('svc_www',{'svcnum'=>$svcnum}) -% or die "Unknown (svc_www) svcnum!"; -% -% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) -% or die "Unknown (cust_svc) svcnum!"; -% -% $pkgnum=$cust_svc->pkgnum; -% $svcpart=$cust_svc->svcpart; -% $config=$cgi->escapeHTML($svc_www->config); -% -% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); -% die "No part_svc entry!" unless $part_svc; -% -%} -%my $action = $svc_www->svcnum ? 'Edit' : 'Add'; -% -%my( %svc_acct, %arec ); -%if ($pkgnum) { -% -% my @u_acct_svcparts; -% foreach my $svcpart ( -% map { $_->svcpart } qsearch( 'part_svc', { 'svcdb' => 'svc_acct' } ) -% ) { -% next if $conf->exists('svc_www-usersvc_svcpart') -% && ! grep { $svcpart == $_ } -% $conf->config('svc_www-usersvc_svcpart'); -% push @u_acct_svcparts, $svcpart; -% } -% -% my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); -% my($custnum)=$cust_pkg->getfield('custnum'); -% my($i_cust_pkg); -% foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) { -% my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum'); -% my($acct_svcpart); -% foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding -% #record(s) in cust_svc ( for this -% #pkgnum ! ) -% my($i_cust_svc); -% foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) { -% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')}); -% $svc_acct{$svc_acct->getfield('svcnum')}= -% $svc_acct->cust_svc->part_svc->svc. ': '. $svc_acct->email; -% } -% } -% } -% -% -% my($d_part_svc,@d_acct_svcparts); -% foreach $d_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_domain'}) ) { -% push @d_acct_svcparts,$d_part_svc->getfield('svcpart'); -% } -% -% foreach $i_cust_pkg ( qsearch( 'cust_pkg', { 'custnum' => $custnum } ) ) { -% my $cust_pkgnum = $i_cust_pkg->pkgnum; -% -% foreach my $acct_svcpart (@d_acct_svcparts) { -% -% foreach my $i_cust_svc ( -% qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum, -% 'svcpart' => $acct_svcpart } ) -% ) { -% my $svc_domain = -% qsearchs( 'svc_domain', { 'svcnum' => $i_cust_svc->svcnum } ); -% -% my $extra_sql = "AND ( rectype = 'A' OR rectype = 'CNAME' )"; -% unless ( $conf->exists('svc_www-enable_subdomains') ) { -% $extra_sql .= " AND ( reczone = '\@' OR reczone = '". -% $svc_domain->domain. ".' )"; -% } -% -% foreach my $domain_rec ( -% qsearch( 'domain_record', -% { -% 'svcnum' => $svc_domain->svcnum, -% }, -% '', -% $extra_sql, -% ) -% ) { -% $arec{$domain_rec->recnum} = $domain_rec->zone; -% } -% -% if ( $conf->exists('svc_www-enable_subdomains') ) { -% $arec{'www.'. $svc_domain->domain} = 'www.'. $svc_domain->domain -% unless qsearchs( 'domain_record', { -% svcnum => $svc_domain->svcnum, -% reczone => 'www', -% } ) -% || qsearchs( 'domain_record', { -% svcnum => $svc_domain->svcnum, -% reczone => 'www.'.$svc_domain->domain.'.', -% } ); -% } -% -% $arec{'@.'. $svc_domain->domain} = $svc_domain->domain -% unless qsearchs('domain_record', { -% svcnum => $svc_domain->svcnum, -% reczone => '@', -% } ) -% || qsearchs('domain_record', { -% svcnum => $svc_domain->svcnum, -% reczone => $svc_domain->domain.'.', -% } ); -% -% } -% -% } -% } -% -%} elsif ( $action eq 'Edit' ) { -% -% my($domain_rec) = qsearchs('domain_record', { 'recnum'=>$svc_www->recnum }); -% $arec{$svc_www->recnum} = join '.', $domain_rec->recdata, $domain_rec->reczone; -% -%} else { -% die "\$action eq Add, but \$pkgnum is null!\n"; -%} -% -% -%my $p1 = popurl(1); - -<% include("/elements/header.html", "Web Hosting $action", '') %> - -%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'), -% "</FONT>" -% if $cgi->param('error'); -% -%print qq!<FORM ACTION="${p1}process/svc_www.cgi" METHOD=POST>!; -% -%#display -% -% -% -%#svcnum -%print qq!<INPUT TYPE="hidden" NAME="svcnum" VALUE="$svcnum">!; -%print qq!Service #<B>!, $svcnum ? $svcnum : "(NEW)", "</B><BR><BR>"; -% -%#pkgnum -%print qq!<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">!; -% -%#svcpart -%print qq!<INPUT TYPE="hidden" NAME="svcpart" VALUE="$svcpart">!; -% -%my($recnum,$usersvc)=( -% $svc_www->recnum, -% $svc_www->usersvc, -%); -% -%print &ntable("#cccccc",2), -% '<TR><TD ALIGN="right">Zone</TD><TD><SELECT NAME="recnum" SIZE=1>'; -%foreach $_ (keys %arec) { -% print "<OPTION", $_ eq $recnum ? " SELECTED" : "", -% qq! VALUE="$_">$arec{$_}!; -%} -%print "</SELECT></TD></TR>"; -% -%if ( $part_svc->part_svc_column('usersvc')->columnflag ne 'F' +<% include('/elements/header.html', "Web Hosting $action") %> + +<% include('/elements.error.html') %> + +<FORM ACTION="<%$p1%>process/svc_www.cgi" METHOD=POST> + +<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum %>"> +Service #<B><% $svcnum ? $svcnum : "(NEW)" %></B> +<BR><BR> + +<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>"> + +<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>"> + +% my $recnum = $svc_www->recnum; +% my $usersvc = $svc_www->usersvc; + +<% &ntable("#cccccc",2) %> + + <TR> + <TD ALIGN="right">Zone</TD> + <TD> + <SELECT NAME="recnum" SIZE=1> +% foreach $_ (keys %arec) { + <OPTION<% $_ eq $recnum ? " SELECTED" : "" %> VALUE="<%$_%>"><%$arec{$_}%> +% } + </SELECT> + </TD> + </TR> + +% if ( $part_svc->part_svc_column('usersvc')->columnflag ne 'F' % || $part_svc->part_svc_column('usersvc')->columnvalue !~ /^\s*$/) { -% print '<TR><TD ALIGN="right">Username</TD><TD><SELECT NAME="usersvc" SIZE=1>'; -% print '<OPTION VALUE="">(none)'; -% foreach $_ (keys %svc_acct) { -% print "<OPTION", ($_ eq $usersvc) ? " SELECTED" : "", -% qq! VALUE="$_">$svc_acct{$_}!; -% } -% print "</SELECT></TD></TR>"; -%} -% -%if ( $part_svc->part_svc_column('config')->columnflag ne 'F' && -% $FS::CurrentUser::CurrentUser->access_right('Edit www config') ) { -% print '<TR><TD ALIGN="right">Config lines</TD><TD>'; -% print qq!<TEXTAREA NAME="config" rows="15" cols="80">$config</TEXTAREA></TD></TR>! -%}else{ -% print qq!<INPUT TYPE="hidden" NAME="config" VALUE="$config">!; -%} -% -%foreach my $field ($svc_www->virtual_fields) { -% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) { -% # If the flag is X, it won't even show up in $svc_acct->virtual_fields. -% print $svc_www->pvf($field)->widget('HTML', 'edit', -% $svc_www->getfield($field)); -% } + <TR> + <TD ALIGN="right">Username</TD> + <TD> + <SELECT NAME="usersvc" SIZE=1> + <OPTION VALUE="">(none) +% foreach $_ (keys %svc_acct) { + <OPTION<% ($_ eq $usersvc) ? " SELECTED" : "" %> VALUE="<%$_%>"><% $svc_acct{$_} %> +% } + <SELECT> + </TD> + </TR> +% } + +% if ( $part_svc->part_svc_column('config')->columnflag ne 'F' && +% $FS::CurrentUser::CurrentUser->access_right('Edit www config') ) { + <TR> + <TD ALIGN="right">Config lines</TD> + <TD> + <TEXTAREA NAME="config" rows="15" cols="80"><% $config |h %></TEXTAREA> + </TD> + </TR> +% } else { + <INPUT TYPE="hidden" NAME="config" VALUE="<% $config |h %>"> %} -% -%print '</TABLE><BR><INPUT TYPE="submit" VALUE="Submit">'; -% + +% foreach my $field ($svc_www->virtual_fields) { +% if ( $part_svc->part_svc_column($field)->columnflag ne 'F' ) { +% # If the flag is X, it won't even show up in $svc_acct->virtual_fields. + <% $svc_www->pvf($field)->widget( 'HTML', 'edit', + $svc_www->getfield($field) + ) + %> +% } +% } + +</TABLE> +<BR> + +<INPUT TYPE="submit" VALUE="Submit"> </FORM> <% include('/elements/footer.html') %> + +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific? + +my $conf = new FS::Conf; + +my( $svcnum, $pkgnum, $svcpart, $part_svc, $svc_www, $config ); + +if ( $cgi->param('error') ) { + + $svc_www = new FS::svc_www ( { + map { $_, scalar($cgi->param($_)) } fields('svc_www') + } ); + $svcnum = $svc_www->svcnum; + $pkgnum = $cgi->param('pkgnum'); + $svcpart = $cgi->param('svcpart'); + $config = $cgi->param('config'); + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} elsif ( $cgi->param('pkgnum') && $cgi->param('svcpart') ) { #adding + + $cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum'; + $pkgnum = $1; + $cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart'; + $svcpart = $1; + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + + $svc_www = new FS::svc_www { svcpart => $svcpart }; + + $svcnum=''; + + $svc_www->set_default_and_fixed; + +} else { #editing + + my($query) = $cgi->keywords; + $query =~ /^(\d+)$/ or die "unparsable svcnum"; + $svcnum=$1; + $svc_www=qsearchs('svc_www',{'svcnum'=>$svcnum}) + or die "Unknown (svc_www) svcnum!"; + + my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum}) + or die "Unknown (cust_svc) svcnum!"; + + $pkgnum=$cust_svc->pkgnum; + $svcpart=$cust_svc->svcpart; + #$config=$cgi->escapeHTML($svc_www->config); + + $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart}); + die "No part_svc entry!" unless $part_svc; + +} +my $action = $svc_www->svcnum ? 'Edit' : 'Add'; + +my( %svc_acct, %arec ); +if ($pkgnum) { + + my @u_acct_svcparts; + foreach my $svcpart ( + map { $_->svcpart } qsearch( 'part_svc', { 'svcdb' => 'svc_acct' } ) + ) { + next if $conf->exists('svc_www-usersvc_svcpart') + && ! grep { $svcpart == $_ } + $conf->config('svc_www-usersvc_svcpart'); + push @u_acct_svcparts, $svcpart; + } + + my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum}); + my($custnum)=$cust_pkg->getfield('custnum'); + my($i_cust_pkg); + foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) { + my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum'); + my($acct_svcpart); + foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding + #record(s) in cust_svc ( for this + #pkgnum ! ) + my($i_cust_svc); + foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) { + my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')}); + $svc_acct{$svc_acct->getfield('svcnum')}= + $svc_acct->cust_svc->part_svc->svc. ': '. $svc_acct->email; + } + } + } + + + my($d_part_svc,@d_acct_svcparts); + foreach $d_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_domain'}) ) { + push @d_acct_svcparts,$d_part_svc->getfield('svcpart'); + } + + foreach $i_cust_pkg ( qsearch( 'cust_pkg', { 'custnum' => $custnum } ) ) { + my $cust_pkgnum = $i_cust_pkg->pkgnum; + + foreach my $acct_svcpart (@d_acct_svcparts) { + + foreach my $i_cust_svc ( + qsearch( 'cust_svc', { 'pkgnum' => $cust_pkgnum, + 'svcpart' => $acct_svcpart } ) + ) { + my $svc_domain = + qsearchs( 'svc_domain', { 'svcnum' => $i_cust_svc->svcnum } ); + + my $extra_sql = "AND ( rectype = 'A' OR rectype = 'CNAME' )"; + unless ( $conf->exists('svc_www-enable_subdomains') ) { + $extra_sql .= " AND ( reczone = '\@' OR reczone = '". + $svc_domain->domain. ".' )"; + } + + foreach my $domain_rec ( + qsearch( 'domain_record', + { + 'svcnum' => $svc_domain->svcnum, + }, + '', + $extra_sql, + ) + ) { + $arec{$domain_rec->recnum} = $domain_rec->zone; + } + + if ( $conf->exists('svc_www-enable_subdomains') ) { + $arec{'www.'. $svc_domain->domain} = 'www.'. $svc_domain->domain + unless qsearchs( 'domain_record', { + svcnum => $svc_domain->svcnum, + reczone => 'www', + } ) + || qsearchs( 'domain_record', { + svcnum => $svc_domain->svcnum, + reczone => 'www.'.$svc_domain->domain.'.', + } ); + } + + $arec{'@.'. $svc_domain->domain} = $svc_domain->domain + unless qsearchs('domain_record', { + svcnum => $svc_domain->svcnum, + reczone => '@', + } ) + || qsearchs('domain_record', { + svcnum => $svc_domain->svcnum, + reczone => $svc_domain->domain.'.', + } ); + + } + + } + } + +} elsif ( $action eq 'Edit' ) { + + my($domain_rec) = qsearchs('domain_record', { 'recnum'=>$svc_www->recnum }); + $arec{$svc_www->recnum} = join '.', $domain_rec->recdata, $domain_rec->reczone; + +} else { + die "\$action eq Add, but \$pkgnum is null!\n"; +} + +my $p1 = popurl(1); + +</%init> |