diff options
Diffstat (limited to 'httemplate')
| -rw-r--r-- | httemplate/misc/process/payment.cgi | 9 | ||||
| -rwxr-xr-x | httemplate/search/elements/cust_pay_or_refund.html | 5 | ||||
| -rw-r--r-- | httemplate/view/cust_pay.html | 4 | ||||
| -rw-r--r-- | httemplate/view/cust_refund.html | 6 |
4 files changed, 13 insertions, 11 deletions
diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi index 9c8512785..5fa57e448 100644 --- a/httemplate/misc/process/payment.cgi +++ b/httemplate/misc/process/payment.cgi @@ -10,13 +10,16 @@ <% include('/elements/footer.html') %> -% } else { +% #2.5/2.7?# } elsif ( $curuser->access_right('View payments') ) { +% } elsif ( $curuser->access_right(['View invoices', 'View payments']) ) { <% $cgi->redirect(popurl(3). "view/cust_pay.html?paynum=$paynum" ) %> +% } else { +<% $cgi->redirect(popurl(3). "view/cust_main.html?custnum=$custnum" ) %> % } <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Process payment'); +my $curuser = $FS::CurrentUser::CurrentUser; +die "access denied" unless $curuser->access_right('Process payment'); #some false laziness w/MyAccount::process_payment diff --git a/httemplate/search/elements/cust_pay_or_refund.html b/httemplate/search/elements/cust_pay_or_refund.html index 8c32b79bd..002b1a4c2 100755 --- a/httemplate/search/elements/cust_pay_or_refund.html +++ b/httemplate/search/elements/cust_pay_or_refund.html @@ -74,8 +74,9 @@ $title = 'Unapplied ' if $unapplied; $title .= "\u$name_singular Search Results"; my $link = ''; -if ( ( $curuser->access_right('View invoices') #XXX for now - || $curuser->access_right('View customer payments') +if ( ( $curuser->access_right('View invoices') #remove in 2.5 (2.7?) + || ($curuser->access_right('View payments') && $table =~ /^cust_pay/) + || ($curuser->access_right('View refunds') && $table eq 'cust_refund') ) && ! $opt{'disable_link'} ) diff --git a/httemplate/view/cust_pay.html b/httemplate/view/cust_pay.html index c9b2d51b5..d02f1543d 100644 --- a/httemplate/view/cust_pay.html +++ b/httemplate/view/cust_pay.html @@ -134,8 +134,8 @@ my $curuser = $FS::CurrentUser::CurrentUser; die "access denied" - unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY - || $curuser->access_right('View customer payments'); + unless $curuser->access_right('View invoices') #remove this in 2.5 (2.7?) + || $curuser->access_right('View payments'); $cgi->param('paynum') =~ /^(\d+)$/ or die "no paynum"; my $paynum = $1; diff --git a/httemplate/view/cust_refund.html b/httemplate/view/cust_refund.html index f19c61b1f..996b4c05a 100644 --- a/httemplate/view/cust_refund.html +++ b/httemplate/view/cust_refund.html @@ -105,10 +105,8 @@ my $curuser = $FS::CurrentUser::CurrentUser; die "access denied" - unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY - || $curuser->access_right('View customer payments'); - #'View customer refunds' ??? - + unless $curuser->access_right('View invoices') #remove this in 2.5 (2.7?) + || $curuser->access_right('View refunds'); $cgi->param('refundnum') =~ /^(\d+)$/ or die "no refundnum"; my $refundnum = $1; |