From 0930d22ffc440f80c1b222b2e750cadbabd9e8f6 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Sun, 13 Jan 2008 21:35:54 +0000
Subject: ACLs

---
 httemplate/edit/process/quick-charge.cgi | 83 +++++++++++++++++---------------
 1 file changed, 43 insertions(+), 40 deletions(-)

(limited to 'httemplate/edit/process/quick-charge.cgi')

diff --git a/httemplate/edit/process/quick-charge.cgi b/httemplate/edit/process/quick-charge.cgi
index 4a090f9de..3c7cac51d 100644
--- a/httemplate/edit/process/quick-charge.cgi
+++ b/httemplate/edit/process/quick-charge.cgi
@@ -1,46 +1,49 @@
-%
-%  my $error = '';
-%  my $param = $cgi->Vars;
-%
-%  my @description = ();
-%  for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
-%    push @description, $param->{"description$row"}
-%      if ($param->{"description$row"} =~ /\S/);
-%  }
-%
-%  $param->{"custnum"} =~ /^(\d+)$/
-%    or $error .= "Illegal customer number " . $param->{"custnum"} . "  ";
-%  my $custnum = $1;
-%
-%  $param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
-%    or $error .= "Illegal amount " . $param->{"amount"} . "  ";
-%  my $amount = $1;
-%
-%  if ( $param->{'taxclass'} eq '(select)' ) {
-%    $error .= "Must select a tax class.  ";
-%  }
-%
-%  unless ( $error ) {
-%    my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-%      or $error .= "Unknown customer number $custnum.  ";
-%
-%    $error ||= $cust_main->charge( {
-%      'amount'     => $amount,
-%      'pkg'        => scalar($cgi->param('pkg')),
-%      'taxclass'   => scalar($cgi->param('taxclass')),
-%      'additional' => \@description,
-%    } );
-%  }
-%
-%  if ( $error ) {
-%
-%    $cgi->param('error', $error );
-%    
+% if ( $error ) {
+%   $cgi->param('error', $error );
 <% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %>
-%
-% }
+% } else {
 <% header("One-time charge added") %>
   <SCRIPT TYPE="text/javascript">
     window.top.location.reload();
   </SCRIPT>
   </BODY></HTML>
+% }
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
+my $error = '';
+my $param = $cgi->Vars;
+
+my @description = ();
+for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
+  push @description, $param->{"description$row"}
+    if ($param->{"description$row"} =~ /\S/);
+}
+
+$param->{"custnum"} =~ /^(\d+)$/
+  or $error .= "Illegal customer number " . $param->{"custnum"} . "  ";
+my $custnum = $1;
+
+$param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
+  or $error .= "Illegal amount " . $param->{"amount"} . "  ";
+my $amount = $1;
+
+if ( $param->{'taxclass'} eq '(select)' ) {
+  $error .= "Must select a tax class.  ";
+}
+
+unless ( $error ) {
+  my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+    or $error .= "Unknown customer number $custnum.  ";
+
+  $error ||= $cust_main->charge( {
+    'amount'     => $amount,
+    'pkg'        => scalar($cgi->param('pkg')),
+    'taxclass'   => scalar($cgi->param('taxclass')),
+    'additional' => \@description,
+  } );
+}
+
+</%init>
-- 
cgit v1.2.1