projects
/
freeside.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
allow multiple classnums in package search, RT#13922
[freeside.git]
/
httemplate
/
edit
/
cust_pay.cgi
diff --git
a/httemplate/edit/cust_pay.cgi
b/httemplate/edit/cust_pay.cgi
index
7c4e662
..
8e1c779
100755
(executable)
--- a/
httemplate/edit/cust_pay.cgi
+++ b/
httemplate/edit/cust_pay.cgi
@@
-109,9
+109,6
@@
my $conf = new FS::Conf;
my $money_char = $conf->config('money_char') || '$';
my $date_format = $conf->config('date_format') || '%m/%d/%Y';
my $money_char = $conf->config('money_char') || '$';
my $date_format = $conf->config('date_format') || '%m/%d/%Y';
-die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
-
my($link, $linknum, $paid, $payby, $payinfo, $_date);
if ( $cgi->param('error') ) {
$link = $cgi->param('link');
my($link, $linknum, $paid, $payby, $payinfo, $_date);
if ( $cgi->param('error') ) {
$link = $cgi->param('link');
@@
-138,6
+135,13
@@
if ( $cgi->param('error') ) {
die "illegal query ". $cgi->keywords;
}
die "illegal query ". $cgi->keywords;
}
+my @rights = ('Post payment');
+push @rights, 'Post check payment' if $payby eq 'BILL';
+push @rights, 'Post cash payment' if $payby eq 'CASH';
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
my $paybatch = "webui-$_date-$$-". rand() * 2**32;
my $title = 'Post '. FS::payby->payname($payby). ' payment';
my $paybatch = "webui-$_date-$$-". rand() * 2**32;
my $title = 'Post '. FS::payby->payname($payby). ' payment';