update the tax class editor to enable taxclass adding, RT#2929

[freeside.git] / httemplate / edit / part_pkg.cgi

diff --git a/httemplate/edit/part_pkg.cgi b/httemplate/edit/part_pkg.cgi
index 2837e47..ec001cb 100755 (executable)
--- a/httemplate/edit/part_pkg.cgi
+++ b/httemplate/edit/part_pkg.cgi
@@ -1,12 +1,9 @@
-<% include("/elements/header.html","$action Package Definition", menubar(
-  'Main Menu' => popurl(2),
+<% include('/elements/header.html', "$action Package Definition", menubar(
   'View all packages' => popurl(2). 'browse/part_pkg.cgi',
 )) %>
 % #), ' onLoad="visualize()"'); 
 
-% if ( $cgi->param('error') ) { 
-  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
-% } 
+<% include('/elements/error.html') %>
 
 <FORM NAME="dummy">
 
@@ -180,10 +177,18 @@ Line-item revenue recognition
 %  }
 %
 %  push @fixups, "pkg_svc$svcpart";
+%
+%  my $quan = 0;
+%  if ( $cgi->param("pkg_svc$svcpart") =~ /^\s*(\d+)\s*$/ ) {
+%    $quan = $1;
+%  } elsif ( $pkg_svc->quantity ) {
+%    $quan = $pkg_svc->quantity;
+%  }
+
 
   <TR>
     <TD>
-      <INPUT TYPE="text" NAME="pkg_svc<% $svcpart %>" SIZE=4 MAXLENGTH=3 VALUE="<% $cgi->param("pkg_svc$svcpart") || $pkg_svc->quantity || 0 %>">
+      <INPUT TYPE="text" NAME="pkg_svc<% $svcpart %>" SIZE=4 MAXLENGTH=3 VALUE="<% $quan %>">
     </TD>
    
     <TD>
@@ -207,10 +212,9 @@ Line-item revenue recognition
 
 
 </TR></TABLE></TD></TR></TABLE>
-% foreach my $f ( qw( clone pkgnum ) ) { 
-
-  <INPUT TYPE="hidden" NAME="<% $f %>" VALUE="<% $cgi->param($f) %>">
-% } 
+% foreach my $f ( qw( clone pkgnum ) ) { #safe, these were untained in %init 
+    <INPUT TYPE="hidden" NAME="<% $f %>" VALUE="<% $cgi->param($f) %>">
+% }
 
 <INPUT TYPE="hidden" NAME="pkgpart" VALUE="<% $part_pkg->pkgpart %>">
 %
@@ -239,6 +243,7 @@ Line-item revenue recognition
 %  delete $freq{$_} foreach grep { ! /^\d+$/ } keys %freq;
 %}
 %
+%#this should be replaced by /elements/selectlayers.html
 %my $widget = new HTML::Widgets::SelectLayers(
 %  'selected_layer' => $part_pkg->plan,
 %  'options'        => \%options,
@@ -355,8 +360,8 @@ Line-item revenue recognition
 
 
 <BR><BR>Price plan <% $widget->html %>
-  </BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
 <%init>
 
 if ( $cgi->param('clone') && $cgi->param('clone') =~ /^(\d+)$/ ) {
@@ -370,6 +375,13 @@ if ( $cgi->param('pkgnum') && $cgi->param('pkgnum') =~ /^(\d+)$/ ) {
   $cgi->param('pkgnum', '');
 }
 
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+die "access denied"
+  unless $curuser->access_right('Edit package definitions')
+      || $curuser->access_right('Edit global package definitions')
+      || ( $cgi->param('pkgnum') && $curuser->access_right('Customize customer package') );
+
 my ($query) = $cgi->keywords;
 
 my $conf = new FS::Conf;