<INPUT TYPE="submit" NAME="submit"
VALUE="<% $attachnum ? "Apply Changes" : "Upload File" %>">
-% if(defined $attach) {
+% if(defined $attach and $curuser->access_right('Delete attachment')) {
<BR>
<INPUT TYPE="submit" NAME="delete" value="Delete File">
% }
<%init>
+my $curuser = $FS::CurrentUser::CurrentUser;
my $attachnum = '';
my $attach;
if ( $cgi->param('error') ) {
my $action = $attachnum ? 'Edit' : 'Add';
die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right("$action customer note");
+ unless $curuser->access_right("$action attachment");
</%init>