From 2920cfc494c2811ca7879d6ecaa353d216c9f69d Mon Sep 17 00:00:00 2001 From: Mark Wells Date: Wed, 27 Feb 2013 12:47:34 -0800 Subject: "Edit password" ACL, #21178, part 2 --- httemplate/misc/process/change-password.html | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'httemplate/misc/process') diff --git a/httemplate/misc/process/change-password.html b/httemplate/misc/process/change-password.html index 7005439cc..7cab9c4e3 100644 --- a/httemplate/misc/process/change-password.html +++ b/httemplate/misc/process/change-password.html @@ -1,11 +1,16 @@ <%init> my $curuser = $FS::CurrentUser::CurrentUser; -die "access denied" unless $curuser->access_right('Edit password'); $cgi->param('svcnum') =~ /^(\d+)$/ or die "illegal svcnum"; my $svcnum = $1; my $svc_acct = FS::svc_acct->by_key($svcnum) or die "svc_acct $svcnum not found"; +my $part_svc = $svc_acct->part_svc; +die "access denied" unless ( + $curuser->access_right('Provision customer service') or + ( $curuser->access_right('Edit password') and + ! $part_svc->restrict_edit_password ) + ); my $error = $svc_acct->set_password($cgi->param('password')) || $svc_acct->replace; -- cgit v1.2.1