-<%
+<% $cgi->redirect(popurl(4). "browse/addr_block.cgi?". $cgi->query_string ) %>
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+die "access denied"
+ unless $curuser->access_right('Broadband configuration')
+ || $curuser->access_right('Broadband global configuration');
+
my $error = '';
-my $blocknum = $cgi->param('blocknum');
-my $addr_block = qsearchs('addr_block', { blocknum => $blocknum });
+$cgi->param('blocknum') =~ /^(\d+)$/ or die "invalid blocknum";
+my $blocknum = $1;
+
+my $addr_block = qsearchs({ 'table' => 'addr_block',
+ 'hashref' => { blocknum => $blocknum },
+ 'extra_sql' => ' AND '. $curuser->agentnums_sql(
+ 'null_right' => 'Broadband global configuration'
+ ),
+ })
+ or $error = "Unknown blocknum: $blocknum";
-if ( $addr_block) {
- $error = $addr_block->split_block;
-} else {
- $error = "Unknown blocknum: $blocknum";
-}
+$error ||= $addr_block->split_block;
+$cgi->param('error', $error)
+ if $error;
-if ( $error ) {
- $cgi->param('error', $error);
- print $cgi->redirect(popurl(4). "browse/addr_block.cgi?". $cgi->query_string );
-} else {
- print $cgi->redirect(popurl(4). "browse/addr_block.cgi");
-}
-%>
+</%init>