-% # If we can't see the unencrypted card, then bill now is an exercise in frustration
-%if ( ! $cust_main->is_encrypted($cust_main->payinfo) ) {
- (<A HREF="<% $p %>misc/bill.cgi?<% $cust_main->custnum %>">Bill now</A>)
+%# If we can't see the unencrypted card, then bill now is an exercise in
+%# frustration (without some sort of job queue magic to send it to a secure
+%# machine, anyway)
+%if ( $FS::CurrentUser::CurrentUser->access_right('Bill customer now')
+% && ! $cust_main->is_encrypted($cust_main->payinfo)
+% ) {
+%# (<A HREF="<% $p %>misc/bill.cgi?<% $cust_main->custnum %>">Bill now</A>)
+ (<% include('/elements/bill.html',
+ custnum => $cust_main->custnum,
+ label => 'Bill now',
+ url => $p.'view/cust_main.cgi?'.$cust_main->custnum,
+ ) %>)