ACLs

[freeside.git] / httemplate / edit / process / cust_credit_bill.cgi

diff --git a/httemplate/edit/process/cust_credit_bill.cgi b/httemplate/edit/process/cust_credit_bill.cgi
index 23e2e6c..74ae008 100755 (executable)
--- a/httemplate/edit/process/cust_credit_bill.cgi
+++ b/httemplate/edit/process/cust_credit_bill.cgi
@@ -1,4 +1,19 @@
-<%
+%if ( $error ) {
+%  $cgi->param('error', $error);
+<% $cgi->redirect(popurl(2). "cust_credit_bill.cgi?". $cgi->query_string ) %>
+%} else {
+<% header('Credit application sucessful') %>
+  <SCRIPT TYPE="text/javascript">
+    window.top.location.reload();
+  </SCRIPT>
+  </BODY>
+  </HTML>
+% } 
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Apply credit') #;
+      || $FS::CurrentUser::CurrentUser->access_right('Post credit'): #remove after 1.7.3
 
 $cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!";
 my $crednum = $1;
@@ -14,11 +29,12 @@ my $custnum = $cust_main->custnum;
 my $new;
 if ($cgi->param('invnum') =~ /^Refund$/) {
   $new = new FS::cust_refund ( {
-    'reason'  => $cust_credit->reason,
+    'reason'  => ( $cust_credit->reason || 'refund from credit' ),
     'refund'  => $cgi->param('amount'),
     'payby'   => 'BILL',
     #'_date'   => $cgi->param('_date'),
-    'payinfo' => 'Cash',
+    #'payinfo' => 'Cash',
+    'payinfo' => 'Refund',
     'crednum' => $crednum,
   } );
 } else {
@@ -32,12 +48,4 @@ if ($cgi->param('invnum') =~ /^Refund$/) {
 
 my $error = $new->insert;
 
-if ( $error ) {
-  $cgi->param('error', $error);
-  print $cgi->redirect(popurl(2). "cust_credit_bill.cgi?". $cgi->query_string );
-} else {
-  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-}
-
-
-%>
+</%init>