X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fcust_bill_pay.cgi;h=43e67264767c2884d8df4c154f4fa745464d323a;hb=0930d22ffc440f80c1b222b2e750cadbabd9e8f6;hp=fc668bb0780845f2037d7db10417b310028e39eb;hpb=2c757d7db4cb6a7b9655de13206fcc84fb7ce61f;p=freeside.git

diff --git a/httemplate/edit/process/cust_bill_pay.cgi b/httemplate/edit/process/cust_bill_pay.cgi
index fc668bb07..43e672647 100755
--- a/httemplate/edit/process/cust_bill_pay.cgi
+++ b/httemplate/edit/process/cust_bill_pay.cgi
@@ -1,4 +1,19 @@
-<%
+%if ( $error ) {
+%  $cgi->param('error', $error);
+<% $cgi->redirect(popurl(2). "cust_bill_pay.cgi?". $cgi->query_string ) %>
+%} else {
+<% header('Payment application sucessful') %>
+  <SCRIPT TYPE="text/javascript">
+    window.top.location.reload();
+  </SCRIPT>
+  </BODY>
+  </HTML>
+% } 
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #;
+      || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3
 
 $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
 my $paynum = $1;
@@ -32,20 +47,4 @@ if ($cgi->param('invnum') =~ /^Refund$/) {
 
 my $error = $new->insert;
 
-if ( $error ) {
-
-  $cgi->param('error', $error);
-  %><%= $cgi->redirect(popurl(2). "cust_bill_pay.cgi?". $cgi->query_string ) %><%
-
-} else {
-
-  #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-
-  %><%= header('Payment application sucessful') %>
-  <SCRIPT TYPE="text/javascript">
-    window.top.location.reload();
-  </SCRIPT>
-
-  </BODY></HTML>
-
-<% } %>
+</%init>