From 0930d22ffc440f80c1b222b2e750cadbabd9e8f6 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Sun, 13 Jan 2008 21:35:54 +0000
Subject: ACLs

---
 httemplate/edit/cust_bill_pay.cgi | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

(limited to 'httemplate/edit/cust_bill_pay.cgi')

diff --git a/httemplate/edit/cust_bill_pay.cgi b/httemplate/edit/cust_bill_pay.cgi
index 44e783eb7..28c14618f 100755
--- a/httemplate/edit/cust_bill_pay.cgi
+++ b/httemplate/edit/cust_bill_pay.cgi
@@ -1,4 +1,4 @@
-<% header("Apply Payment", '') %>
+<% include('/elements/header-popup.html', 'Apply Payment') %>
 
 <% include('/elements/error.html') %>
 
@@ -47,10 +47,15 @@ function changed(what) {
 <CENTER><INPUT TYPE="submit" VALUE="Apply"></CENTER>
 
 </FORM>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
 
 <%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #;
+      || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3
+
 my($paynum, $amount, $invnum);
 if ( $cgi->param('error') ) {
   $paynum = $cgi->param('paynum');
@@ -78,5 +83,5 @@ my @cust_bill = sort {    $a->_date  <=> $b->_date
                      }
                 grep { $_->owed != 0 }
                 qsearch('cust_bill', { 'custnum' => $cust_pay->custnum } );
-</%init>
 
+</%init>
-- 
cgit v1.2.1