X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fcust_main.cgi;h=fac7ef27c0db5a692aa7210d160a5c9a5f6de12d;hb=5fa9ce1b7c8b934e96a6a2f850a4e788eb76f495;hp=d3004f1c6cbca9cf89c90f5ad0a3828de9c9c733;hpb=bc73aa9d59454c87b2e5deecfff07dcd57fca954;p=freeside.git diff --git a/httemplate/edit/cust_main.cgi b/httemplate/edit/cust_main.cgi index d3004f1c6..fac7ef27c 100755 --- a/httemplate/edit/cust_main.cgi +++ b/httemplate/edit/cust_main.cgi @@ -1,14 +1,18 @@ <% include('/elements/header.html', "Customer $action", '', - ' onUnload="myclose()"' + ' onUnload="myclose()"' #hmm, in billing.html ) %> -<% include('/elements/init_overlib.html') %> - <% include('/elements/error.html') %> -
<% include('/elements/footer.html') %> <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Edit customer'); +my $curuser = $FS::CurrentUser::CurrentUser; -#for misplaced logic below -#use FS::part_pkg; - -#for false laziness below (now more properly lazy) -#use FS::svc_acct_pop; - -#for (other) false laziness below -#use FS::agent; -#use FS::type_pkgs; +#probably redundant given the checks below... +die "access denied" + unless $curuser->access_right('New customer') + || $curuser->access_right('Edit customer'); my $conf = new FS::Conf; -my $taxpre = $conf->exists('tax-ship_address') ? 'ship_' : ''; #get record -my($custnum, $username, $password, $popnum, $cust_main, $saved_pkgpart, $saved_domsvc); -my(@invoicing_list); -my ($ss,$stateid,$payinfo); +my($custnum, $cust_main, $ss, $stateid, $payinfo, @invoicing_list); my $same = ''; +my $pkgpart_svcpart = ''; #first_pkg +my($username, $password, $popnum, $saved_domsvc) = ( '', '', 0, 0 ); #svc_acct +my %svc_phone = (); + if ( $cgi->param('error') ) { + $cust_main = new FS::cust_main ( { map { $_, scalar($cgi->param($_)) } fields('cust_main') } ); + $custnum = $cust_main->custnum; - $saved_domsvc = $cgi->param('domsvc') || ''; - if ( $saved_domsvc =~ /^(\d+)$/ ) { - $saved_domsvc = $1; - } else { - $saved_domsvc = ''; - } - $saved_pkgpart = $cgi->param('pkgpart_svcpart') || ''; - if ( $saved_pkgpart =~ /^(\d+)_/ ) { - $saved_pkgpart = $1; - } else { - $saved_pkgpart = ''; - } - $username = $cgi->param('username'); - $password = $cgi->param('_password'); - $popnum = $cgi->param('popnum'); + + die "access denied" + unless $curuser->access_right($custnum ? 'Edit customer' : 'New customer'); + @invoicing_list = split( /\s*,\s*/, $cgi->param('invoicing_list') ); $same = $cgi->param('same'); $cust_main->setfield('paid' => $cgi->param('paid')) if $cgi->param('paid'); $ss = $cust_main->ss; # don't mask an entered value on errors $stateid = $cust_main->stateid; # don't mask an entered value on errors $payinfo = $cust_main->payinfo; # don't mask an entered value on errors + + $pkgpart_svcpart = $cgi->param('pkgpart_svcpart') || ''; + + #svc_acct + $username = $cgi->param('username'); + $password = $cgi->param('_password'); + $popnum = $cgi->param('popnum'); + $saved_domsvc = $cgi->param('domsvc') || ''; + if ( $saved_domsvc =~ /^(\d+)$/ ) { + $saved_domsvc = $1; + } else { + $saved_domsvc = ''; + } + + #svc_phone + $svc_phone{$_} = $cgi->param($_) + foreach qw( countrycode phonenum sip_password pin phone_name ); + } elsif ( $cgi->keywords ) { #editing + + die "access denied" + unless $curuser->access_right('Edit customer'); + my( $query ) = $cgi->keywords; $query =~ /^(\d+)$/; $custnum=$1; @@ -741,31 +286,27 @@ if ( $cgi->param('error') ) { $paycvv =~ s/./*/g; $cust_main->paycvv($paycvv); } - $saved_pkgpart = 0; - $saved_domsvc = 0; - $username = ''; - $password = ''; - $popnum = 0; @invoicing_list = $cust_main->invoicing_list; $ss = $cust_main->masked('ss'); $stateid = $cust_main->masked('stateid'); $payinfo = $cust_main->paymask; -} else { + +} else { #new customer + + die "access denied" + unless $curuser->access_right('New customer'); + $custnum=''; $cust_main = new FS::cust_main ( {} ); $cust_main->otaker( &getotaker ); $cust_main->referral_custnum( $cgi->param('referral_custnum') ); - $saved_pkgpart = 0; - $saved_domsvc = 0; - $username = ''; - $password = ''; - $popnum = 0; @invoicing_list = (); push @invoicing_list, 'POST' unless $conf->exists('disablepostalinvoicedefault'); $ss = ''; $stateid = ''; $payinfo = ''; + } my $error = $cgi->param('error');