From 50fc1d226ec89bf5fb66622ee913ec9e470b8d6c Mon Sep 17 00:00:00 2001
From: Jonathan Prykop <jonathan@freeside.biz>
Date: Mon, 23 May 2016 16:55:57 -0500
Subject: RT#40215: OFM - Separate permissions for edit dates and contract
 dates [v3 only]

---
 httemplate/edit/REAL_cust_pkg.cgi         | 16 +++++++++++++---
 httemplate/edit/process/REAL_cust_pkg.cgi | 12 ++++++++----
 2 files changed, 21 insertions(+), 7 deletions(-)

(limited to 'httemplate/edit')

diff --git a/httemplate/edit/REAL_cust_pkg.cgi b/httemplate/edit/REAL_cust_pkg.cgi
index ac8aa40cb..606cf87e7 100755
--- a/httemplate/edit/REAL_cust_pkg.cgi
+++ b/httemplate/edit/REAL_cust_pkg.cgi
@@ -35,6 +35,11 @@ function confirm_changes() {
 <FORM NAME="formname" ACTION="process/REAL_cust_pkg.cgi" METHOD="POST">
 <INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
 
+% if ($contract_only) {
+  <INPUT TYPE="hidden" ID="contract_only_text" NAME="contract_only" VALUE="1">
+  <SCRIPT>submit_fields.push('contract_only');</SCRIPT>
+% }
+
 % # raw error from below
 % if ( $error ) { 
   <FONT SIZE="+1" COLOR="#ff0000">Error: <% $error %></FONT>
@@ -124,8 +129,10 @@ function confirm_changes() {
 % my $value = $cust_pkg->get($column);
 % $value = $value ? time2str($format, $value) : "";
 %
+% if ($contract_only and $column ne 'contract_end') {
+  <& .row_display, %ARGS &>
 % # if_primary for the dates that can't be edited on supplemental packages
-% if ($if_primary and $cust_pkg->main_pkgnum) {
+% } elsif ($if_primary and $cust_pkg->main_pkgnum) {
   <INPUT TYPE="hidden" ID="<%$column%>_text" VALUE="<% $cust_pkg->get($column) %>">
   <SCRIPT>submit_fields.push('<%$column%>');</SCRIPT>
   <& .row_display, %ARGS &>
@@ -198,12 +205,15 @@ my $date_format = $conf->config('date_format') || '%m/%d/%Y';
 
 my $format = $date_format. ' %T'; # %z (%Z)';
 
+my $contract_only = $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates') ? 0 : 1;
+
 </%shared>
 <%init>
 
+# see $contract_only in shared block above
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates');
-
+  unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates')
+      or $FS::CurrentUser::CurrentUser->access_right('Change package contract end date');
 
 my $error = '';
 my( $pkgnum, $cust_pkg );
diff --git a/httemplate/edit/process/REAL_cust_pkg.cgi b/httemplate/edit/process/REAL_cust_pkg.cgi
index fd2893487..0757c7611 100755
--- a/httemplate/edit/process/REAL_cust_pkg.cgi
+++ b/httemplate/edit/process/REAL_cust_pkg.cgi
@@ -14,12 +14,16 @@
 my $curuser = $FS::CurrentUser::CurrentUser;
 
 die "access denied"
-  unless $curuser->access_right('Edit customer package dates');
+  unless $curuser->access_right('Edit customer package dates')
+      or $curuser->access_right('Change package contract end date');
+
+my $contract_only = $curuser->access_right('Edit customer package dates') ? 0 : 1;
+$contract_only = 1 if $cgi->param('contract_only');
 
 my $pkgnum = $cgi->param('pkgnum') or die;
 my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
 my %hash = $old->hash;
-foreach ( qw( start_date setup bill last_bill contract_end ) ) {
+foreach ( $contract_only ? qw( contract_end ) : qw( start_date setup bill last_bill contract_end ) ) {
   if ( $cgi->param($_) =~ /^(\d+)$/ ) {
     $hash{$_} = $1;
   } else {
@@ -36,11 +40,11 @@ $error = $new->replace($old);
 if (!$error) {
   my @supp_pkgs = $old->supplemental_pkgs;
   foreach $new (@supp_pkgs) {
-    foreach ( qw( start_date setup contract_end ) ) {
+    foreach ( $contract_only ? qw( contract_end ) : qw( start_date setup contract_end ) ) {
       # propagate these to supplementals
       $new->set($_, $hash{$_});
     }
-    if ( $hash{'bill'} ne $old->get('bill') ) {
+    if (( $hash{'bill'} ne $old->get('bill') ) && !$contract_only ) {
       if ( $hash{'bill'} and $old->get('bill') ) {
         # adjust by the same interval
         my $diff = $hash{'bill'} - $old->get('bill');
-- 
cgit v1.2.1