From f099e0dfa8f438a84d8f1bce36f5e5bda60481e5 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Wed, 3 Nov 2010 23:44:48 +0000
Subject: more granular ACLs for posting check vs. cash payments, processing
 credit card vs echecks, RT#7887

---
 httemplate/edit/process/cust_pay.cgi | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'httemplate/edit/process/cust_pay.cgi')

diff --git a/httemplate/edit/process/cust_pay.cgi b/httemplate/edit/process/cust_pay.cgi
index c8b0aa7df..0cd408958 100755
--- a/httemplate/edit/process/cust_pay.cgi
+++ b/httemplate/edit/process/cust_pay.cgi
@@ -27,9 +27,6 @@
 %}
 <%init>
 
-die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
-
 $cgi->param('linknum') =~ /^(\d+)$/
   or die "Illegal linknum: ". $cgi->param('linknum');
 my $linknum = $1;
@@ -52,6 +49,13 @@ my $new = new FS::cust_pay ( {
   #} fields('cust_pay')
 } );
 
+my @rights = ('Post payment');
+push @rights, 'Post check payment' if $cust_pay->payby eq 'BILL';
+push @rights, 'Post cash payment'  if $cust_pay->payby eq 'CASH';
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
 my $error = $new->insert( 'manual' => 1 );
 
 </%init>
-- 
cgit v1.2.1