From 2bee469e81f4963d83b9bf020c817dcb436a6a80 Mon Sep 17 00:00:00 2001 From: ivan Date: Sun, 13 Jan 2008 21:36:09 +0000 Subject: ACLs --- httemplate/edit/process/quick-cust_pkg.cgi | 37 +++++++++++++----------------- 1 file changed, 16 insertions(+), 21 deletions(-) (limited to 'httemplate/edit/process/quick-cust_pkg.cgi') diff --git a/httemplate/edit/process/quick-cust_pkg.cgi b/httemplate/edit/process/quick-cust_pkg.cgi index d03ef2cba..3a7af8ae7 100644 --- a/httemplate/edit/process/quick-cust_pkg.cgi +++ b/httemplate/edit/process/quick-cust_pkg.cgi @@ -1,27 +1,22 @@ -% -% -%#untaint custnum -%$cgi->param('custnum') =~ /^(\d+)$/ -% or die 'illegal custnum '. $cgi->param('custnum'); -%my $custnum = $1; -%$cgi->param('pkgpart') =~ /^(\d+)$/ -% or die 'illegal pkgpart '. $cgi->param('pkgpart'); -%my $pkgpart = $1; -% -%my @cust_pkg = (); -%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, ); -% %if ($error) { -% - - -% % errorpage($error); %} else { -% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum". -% "#cust_pkg". $cust_pkg[0]->pkgnum ); +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum#cust_pkg". $cust_pkg[0]->pkgnum ); %} -% -% +<%init> + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right('Order customer package'); + +#untaint custnum +$cgi->param('custnum') =~ /^(\d+)$/ + or die 'illegal custnum '. $cgi->param('custnum'); +my $custnum = $1; +$cgi->param('pkgpart') =~ /^(\d+)$/ + or die 'illegal pkgpart '. $cgi->param('pkgpart'); +my $pkgpart = $1; +my @cust_pkg = (); +my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, ); + -- cgit v1.2.1