From 2bee469e81f4963d83b9bf020c817dcb436a6a80 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Sun, 13 Jan 2008 21:36:09 +0000
Subject: ACLs

---
 httemplate/edit/process/cust_pay.cgi | 61 ++++++++++++++++++------------------
 1 file changed, 30 insertions(+), 31 deletions(-)

(limited to 'httemplate/edit/process/cust_pay.cgi')

diff --git a/httemplate/edit/process/cust_pay.cgi b/httemplate/edit/process/cust_pay.cgi
index a34c88aba..647f6fc6c 100755
--- a/httemplate/edit/process/cust_pay.cgi
+++ b/httemplate/edit/process/cust_pay.cgi
@@ -1,32 +1,8 @@
-%
-%
-%$cgi->param('linknum') =~ /^(\d+)$/
-%  or die "Illegal linknum: ". $cgi->param('linknum');
-%my $linknum = $1;
-%
-%$cgi->param('link') =~ /^(custnum|invnum|popup)$/
-%  or die "Illegal link: ". $cgi->param('link');
-%my $field = my $link = $1;
-%$field = 'custnum' if $field eq 'popup';
-%
-%my $_date = str2time($cgi->param('_date'));
-%
-%my $new = new FS::cust_pay ( {
-%  $field => $linknum,
-%  _date  => $_date,
-%  map {
-%    $_, scalar($cgi->param($_));
-%  } qw(paid payby payinfo paybatch)
-%  #} fields('cust_pay')
-%} );
-%
-%my $error = $new->insert( 'manual' => 1 );
-%
 %if ($error) {
 %  $cgi->param('error', $error);
-%  print $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string );
+<% $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string ) %>
 %} elsif ( $field eq 'invnum' ) {
-%  print $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum");
+<% $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum") %>
 %} elsif ( $field eq 'custnum' ) {
 %  if ( $cgi->param('apply') eq 'yes' ) {
 %    my $cust_main = qsearchs('cust_main', { 'custnum' => $linknum })
@@ -34,7 +10,6 @@
 %    $cust_main->apply_payments;
 %  }
 %  if ( $link eq 'popup' ) {
-%
 %    
 <% header('Payment entered') %>
     <SCRIPT TYPE="text/javascript">
@@ -43,14 +18,38 @@
 
     </BODY></HTML>
 %
-%
 %  } elsif ( $link eq 'custnum' ) {
-%    print $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum") %>
 %  } else {
 %    die "unknown link $link";
 %  }
 %
 %}
-%
-%
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
+
+$cgi->param('linknum') =~ /^(\d+)$/
+  or die "Illegal linknum: ". $cgi->param('linknum');
+my $linknum = $1;
+
+$cgi->param('link') =~ /^(custnum|invnum|popup)$/
+  or die "Illegal link: ". $cgi->param('link');
+my $field = my $link = $1;
+$field = 'custnum' if $field eq 'popup';
+
+my $_date = str2time($cgi->param('_date'));
+
+my $new = new FS::cust_pay ( {
+  $field => $linknum,
+  _date  => $_date,
+  map {
+    $_, scalar($cgi->param($_));
+  } qw(paid payby payinfo paybatch)
+  #} fields('cust_pay')
+} );
+
+my $error = $new->insert( 'manual' => 1 );
 
+</%init>
-- 
cgit v1.2.1