From 09b21d0180c2ea23c7dd0b6611d26a4af184a56d Mon Sep 17 00:00:00 2001
From: mark <mark>
Date: Tue, 29 Dec 2009 01:00:48 +0000
Subject: Add Browse attachments ACL (RT#4964)

---
 httemplate/browse/cust_attachment.html | 3 ++-
 httemplate/elements/menu.html          | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'httemplate')

diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index d95f2b18c..e19259d05 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -62,7 +62,8 @@
 <%init>
 
 my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" if !$curuser->access-right('View attachments');
+die "access denied" if !$curuser->access_right('View attachments')
+                    or !$curuser->access_right('Browse attachments');
 
 my $conf = new FS::Conf;
 
diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html
index 4490517d0..d4a915e15 100644
--- a/httemplate/elements/menu.html
+++ b/httemplate/elements/menu.html
@@ -323,7 +323,7 @@ $tools_menu{'Ticketing'} = [ \%tools_ticketing, 'Ticketing tools' ]
 $tools_menu{'Time Queue'} =  [ $fsurl.'search/timeworked.html', 'View pending support time' ]
   if $curuser->access_right('Time queue');
 $tools_menu{'Attachments'} = [ $fsurl.'browse/cust_attachment.html', 'View customer attachments' ]
-  if !$conf->config('disable_cust_attachment') and $curuser->access_right('View attachments');
+  if !$conf->config('disable_cust_attachment') and $curuser->access_right('View attachments') and $curuser->access_right('Browse attachments');
 $tools_menu{'Importing'} =  [ \%tools_importing, 'Import tools' ]
   if $curuser->access_right('Import');
 $tools_menu{'Exporting'} =  [ \%tools_exporting, 'Export tools' ]
-- 
cgit v1.2.1