-my @pkgparts;
-foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
- if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
- my $num_pkgs = $1;
- while ( $num_pkgs-- ) {
- push @pkgparts,$pkgpart;
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+my( $action, $error_redirect ) = ( '', '' );
+my @pkgparts = ();
+if ( $cgi->param('action') eq 'change' ) { #came from misc/change_pkg.cgi
+
+ $action = 'change';
+ $error_redirect = "misc/change_pkg.cgi";
+ @pkgparts = ($1);
+
+ die "access denied"
+ unless $curuser->access_right('Change customer package');
+
+} elsif ( $cgi->param('action') eq 'bulk' ) { #came from edit/cust_pkg.cgi
+
+ $action = 'bulk';
+ $error_redirect = "edit/cust_pkg.cgi";
+
+ die "access denied"
+ unless $curuser->access_right('Bulk change customer packages');
+
+ foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
+ if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
+ my $num_pkgs = $1;
+ while ( $num_pkgs-- ) {
+ push @pkgparts,$pkgpart;
+ }
+ } else {
+ $error = "Illegal quantity";
+ last;