X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fcust_pkg.cgi;h=c564c417e29f624339c268d20d39996d1d54ed2a;hb=b5c4237a34aef94976bc343c8d9e138664fc3984;hp=ecaec9bcbe3d4d76fcb36ba5bd075138e225f7ac;hpb=3d671921441ba8422650b54435a1959ad1d4c71d;p=freeside.git diff --git a/httemplate/edit/process/cust_pkg.cgi b/httemplate/edit/process/cust_pkg.cgi index ecaec9bcb..c564c417e 100755 --- a/httemplate/edit/process/cust_pkg.cgi +++ b/httemplate/edit/process/cust_pkg.cgi @@ -1,28 +1,31 @@ -<% -# +% if ($error) { +% $cgi->param('error', $error); +% $cgi->redirect(popurl(3). 'edit/cust_pkg.cgi?'. $cgi->query_string ); +% } else { +<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %> +% } +<%init> -use strict; -use vars qw( $cgi $custnum @remove_pkgnums @pkgparts $pkgpart $error ); -use CGI; -use CGI::Carp qw(fatalsToBrowser); -use FS::UID qw(cgisuidsetup); -use FS::CGI qw(popurl); -use FS::cust_pkg; +my $curuser = $FS::CurrentUser::CurrentUser; -$cgi = new CGI; # create form object -&cgisuidsetup($cgi); -$error = ''; +die "access denied" + unless $curuser->access_right('Bulk change customer packages'); + +my $error = ''; #untaint custnum $cgi->param('custnum') =~ /^(\d+)$/; -$custnum = $1; +my $custnum = $1; -@remove_pkgnums = map { +my @remove_pkgnums = map { /^(\d+)$/ or die "Illegal remove_pkg value!"; $1; } $cgi->param('remove_pkg'); -foreach $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) { +my( $action, $error_redirect ) = ( '', '' ); +my @pkgparts = (); + +foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) { if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) { my $num_pkgs = $1; while ( $num_pkgs-- ) { @@ -36,11 +39,4 @@ foreach $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) { $error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums); -if ($error) { - $cgi->param('error', $error); - print $cgi->redirect(popurl(2). "cust_pkg.cgi?". $cgi->query_string ); -} else { - print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum"); -} - -%> +