diff options
Diffstat (limited to 'httemplate/edit/cust_pay.cgi')
| -rwxr-xr-x | httemplate/edit/cust_pay.cgi | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi index 7c4e6620e..8e1c779dd 100755 --- a/httemplate/edit/cust_pay.cgi +++ b/httemplate/edit/cust_pay.cgi @@ -109,9 +109,6 @@ my $conf = new FS::Conf; my $money_char = $conf->config('money_char') || '$'; my $date_format = $conf->config('date_format') || '%m/%d/%Y'; -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); - my($link, $linknum, $paid, $payby, $payinfo, $_date); if ( $cgi->param('error') ) { $link = $cgi->param('link'); @@ -138,6 +135,13 @@ if ( $cgi->param('error') ) { die "illegal query ". $cgi->keywords; } +my @rights = ('Post payment'); +push @rights, 'Post check payment' if $payby eq 'BILL'; +push @rights, 'Post cash payment' if $payby eq 'CASH'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my $paybatch = "webui-$_date-$$-". rand() * 2**32; my $title = 'Post '. FS::payby->payname($payby). ' payment'; |