From d84fbd3987192e9bece5fc074dd7507dd1e2c7b7 Mon Sep 17 00:00:00 2001 From: mark Date: Mon, 14 Dec 2009 01:41:29 +0000 Subject: Add access right to view attachments --- httemplate/edit/cust_main_attach.cgi | 1 + 1 file changed, 1 insertion(+) (limited to 'httemplate/edit/cust_main_attach.cgi') diff --git a/httemplate/edit/cust_main_attach.cgi b/httemplate/edit/cust_main_attach.cgi index 5e9b16c99..a00731050 100755 --- a/httemplate/edit/cust_main_attach.cgi +++ b/httemplate/edit/cust_main_attach.cgi @@ -44,6 +44,7 @@ onclick="return(confirm('Delete this file?'));"> <%init> my $curuser = $FS::CurrentUser::CurrentUser; +die "access denied" if !$curuser->access_right('View attachments'); my $attachnum = ''; my $attach; if ( $cgi->param('error') ) { -- cgit v1.2.1