</BODY></HTML>
% } else {
-<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum;show=payment_history") %>
% }
%}
<%init>
my $link = $cgi->param('popup') ? 'popup' : '';
+my $payby = $cgi->param('payby');
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->refund_access_right($payby);
+
my $error = '';
-if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) {
+if ( $payby =~ /^(CARD|CHEK)$/ ) {
my %options = ();
my $bop = $FS::payby::payby2bop{$1};
$cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
'reason' => $reason,
%options );
} else {
- my $new = new FS::cust_refund ( {
- map {
- $_, scalar($cgi->param($_));
- } fields('cust_refund') #huh? , 'paynum' )
- } );
- $error = $new->insert;
+ my %hash = map {
+ $_, scalar($cgi->param($_))
+ } fields('cust_refund');
+ my $paynum = $cgi->param('paynum');
+ $paynum =~ /^(\d*)$/ or die "Illegal paynum!";
+ if ($paynum) {
+ my $cust_pay = qsearchs('cust_pay',{ 'paynum' => $paynum });
+ die "Could not find paynum $paynum" unless $cust_pay;
+ $error = $cust_pay->refund(\%hash);
+ } else {
+ my $new = new FS::cust_refund ( \%hash );
+ $error = $new->insert;
+ }
}
</%init>