don't link to customer service view unless the user has the ACL to view the resulting...

[freeside.git] / FS / FS / UI / Web.pm

diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm
index 6a97f96..2e9261b 100644 (file)
--- a/FS/FS/UI/Web.pm
+++ b/FS/FS/UI/Web.pm
@@ -138,6 +138,10 @@ sub svc_label_link {
 
 sub svc_X_link {
   my ($x, $m, $part_svc, $cust_svc) = @_ or return '';
+
+  return $x
+   unless $FS::CurrentUser::CurrentUser->access_right('View customer services');
+
   my $ahref = svc_url(
     'ahref'    => 1,
     'm'        => $m,
@@ -149,6 +153,15 @@ sub svc_X_link {
   "$ahref$x</A>";
 }
 
+#this probably needs an ACL too...
+sub svc_export_links {
+  my ($m, $part_svc, $cust_svc) = @_ or return '';
+
+  my $ahref = $cust_svc->export_links;
+
+  join('', @$ahref);
+}
+
 sub parse_lt_gt {
   my($cgi, $field) = @_;
 
@@ -324,8 +337,8 @@ setting is supplied, the <B>cust-fields</B> configuration value.
 =cut
 
 sub cust_fields {
-  my $svc_x = shift;
-  warn "FS::UI::Web::cust_fields called for $svc_x ".
+  my $record = shift;
+  warn "FS::UI::Web::cust_fields called for $record ".
        "(cust_fields: @cust_fields)"
     if $DEBUG > 1;
 
@@ -334,12 +347,12 @@ sub cust_fields {
 
   my $seen_unlinked = 0;
   map { 
-    if ( $svc_x->custnum ) {
-      warn "  $svc_x -> $_"
+    if ( $record->custnum ) {
+      warn "  $record -> $_"
         if $DEBUG > 1;
-      $svc_x->$_(@_);
+      $record->$_(@_);
     } else {
-      warn "  ($svc_x unlinked)"
+      warn "  ($record unlinked)"
         if $DEBUG > 1;
       $seen_unlinked++ ? '' : '(unlinked)';
     }