X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fcust_refund.cgi;h=e1975ed70ce8188556619f915121a457ac728991;hb=998b32d356338772484814a477d9efb159206b8d;hp=94c0993d77be108c47dbe13d4df3f4fb3abe4387;hpb=46a7257273fdae101658c8a1ee74f654ca0876b5;p=freeside.git diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi index 94c0993d7..e1975ed70 100755 --- a/httemplate/edit/cust_refund.cgi +++ b/httemplate/edit/cust_refund.cgi @@ -10,7 +10,7 @@ <% small_custview($custnum, $conf->config('countrydefault')) %> % } -
@@ -130,10 +150,9 @@ <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); - my $conf = new FS::Conf; +my $date_format = $conf->config('date_format') || '%m/%d/%Y'; + my $custnum = $cgi->param('custnum'); my $refund = $cgi->param('refund'); my $payby = $cgi->param('payby'); @@ -141,6 +160,9 @@ my $payinfo = $cgi->param('payinfo'); my $reason = $cgi->param('reason'); my $link = $cgi->param('popup') ? 'popup' : ''; +die "access denied" + unless $FS::CurrentUser::CurrentUser->refund_access_right($payby); + my( $paynum, $cust_pay ) = ( '', '' ); if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { $paynum = $1; @@ -156,6 +178,9 @@ if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { } die "no custnum or paynum specified!" unless $custnum; +my $cust_main = qsearchs( 'cust_main', { 'custnum'=>$custnum } ); +die "unknown custnum $custnum" unless $cust_main; + my $_date = time; my $p1 = popurl(1);