summaryrefslogtreecommitdiff
path: root/httemplate/view/cust_bill-ps.cgi
diff options
context:
space:
mode:
Diffstat (limited to 'httemplate/view/cust_bill-ps.cgi')
-rwxr-xr-xhttemplate/view/cust_bill-ps.cgi17
1 files changed, 14 insertions, 3 deletions
diff --git a/httemplate/view/cust_bill-ps.cgi b/httemplate/view/cust_bill-ps.cgi
index e730a822a..5313dbf02 100755
--- a/httemplate/view/cust_bill-ps.cgi
+++ b/httemplate/view/cust_bill-ps.cgi
@@ -1,4 +1,8 @@
-<%
+<% $cust_bill->print_ps( '', $templatename) %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
#untaint invnum
my($query) = $cgi->keywords;
@@ -6,8 +10,15 @@ $query =~ /^((.+)-)?(\d+)$/;
my $templatename = $2;
my $invnum = $3;
-my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+my $cust_bill = qsearchs({
+ 'select' => 'cust_bill.*',
+ 'table' => 'cust_bill',
+ 'addl_from' => 'LEFT JOIN cust_main USING ( custnum )',
+ 'hashref' => { 'invnum' => $invnum },
+ 'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
die "Invoice #$invnum not found!" unless $cust_bill;
http_header('Content-Type' => 'application/postscript' );
-%><%= $cust_bill->print_ps( '', $templatename) %>
+
+</%init>
generated by cgit v1.2.1 (git 2.18.0) at 2025-08-02 01:00:22 +0000