X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fcust_refund.cgi;h=e1975ed70ce8188556619f915121a457ac728991;hb=0bca43616911f2b48d9a0617e70a3bf0f30b92db;hp=59417b4c4806f3cef7c153808072b5dc1f2dbbb3;hpb=624b2d44625f69d71175c3348cae635d580c890b;p=freeside.git diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi index 59417b4c4..e1975ed70 100755 --- a/httemplate/edit/cust_refund.cgi +++ b/httemplate/edit/cust_refund.cgi @@ -10,7 +10,7 @@ <% small_custview($custnum, $conf->config('countrydefault')) %> % } -
@@ -130,9 +150,6 @@ <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); - my $conf = new FS::Conf; my $date_format = $conf->config('date_format') || '%m/%d/%Y'; @@ -143,6 +160,9 @@ my $payinfo = $cgi->param('payinfo'); my $reason = $cgi->param('reason'); my $link = $cgi->param('popup') ? 'popup' : ''; +die "access denied" + unless $FS::CurrentUser::CurrentUser->refund_access_right($payby); + my( $paynum, $cust_pay ) = ( '', '' ); if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { $paynum = $1; @@ -158,6 +178,9 @@ if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { } die "no custnum or paynum specified!" unless $custnum; +my $cust_main = qsearchs( 'cust_main', { 'custnum'=>$custnum } ); +die "unknown custnum $custnum" unless $cust_main; + my $_date = time; my $p1 = popurl(1);