diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2017-04-27 13:07:23 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2017-04-27 13:07:23 -0700 |
| commit | 76ab8e3f6ebd579b2bf9804528b55189d47f77bc (patch) | |
| tree | 9c3a96a40c8f8296c648a6c0c7cc8d22f8801ac7 /httemplate | |
| parent | b3c02d2a1d52c0e095f7e34f857f7cd4be6385a9 (diff) | |
access control for List all customers, RT#75012
Diffstat (limited to 'httemplate')
| -rwxr-xr-x | httemplate/search/cust_main.cgi | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/httemplate/search/cust_main.cgi b/httemplate/search/cust_main.cgi index 74cc5f32c..cce4f0d7d 100755 --- a/httemplate/search/cust_main.cgi +++ b/httemplate/search/cust_main.cgi @@ -352,9 +352,11 @@ my(@cust_main, $sortby, $orderby); my @select = (); my @addl_headers = (); my @addl_cols = (); -if ( $cgi->param('browse') - || $cgi->param('otaker_on') - || $cgi->param('agentnum_on') +if ( ( $cgi->param('browse') + || $cgi->param('otaker_on') + || $cgi->param('agentnum_on') + ) + and $curuser->access_right('List all customers') ) { my %search = (); |