From 524f46a00ec9610c82a519bea2469cb1711abc1b Mon Sep 17 00:00:00 2001 From: ivan Date: Wed, 3 Aug 2011 00:05:01 +0000 Subject: resolve inconsistency with posting payments then not having the ACL to view them: add "View payments" and "View refunds" rights, redirect payment/refund posting back to customer view if you cannot see the result --- httemplate/misc/process/payment.cgi | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'httemplate/misc/process') diff --git a/httemplate/misc/process/payment.cgi b/httemplate/misc/process/payment.cgi index 9c8512785..5fa57e448 100644 --- a/httemplate/misc/process/payment.cgi +++ b/httemplate/misc/process/payment.cgi @@ -10,13 +10,16 @@ <% include('/elements/footer.html') %> -% } else { +% #2.5/2.7?# } elsif ( $curuser->access_right('View payments') ) { +% } elsif ( $curuser->access_right(['View invoices', 'View payments']) ) { <% $cgi->redirect(popurl(3). "view/cust_pay.html?paynum=$paynum" ) %> +% } else { +<% $cgi->redirect(popurl(3). "view/cust_main.html?custnum=$custnum" ) %> % } <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Process payment'); +my $curuser = $FS::CurrentUser::CurrentUser; +die "access denied" unless $curuser->access_right('Process payment'); #some false laziness w/MyAccount::process_payment -- cgit v1.2.1