X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fcust_pkg.cgi;h=c564c417e29f624339c268d20d39996d1d54ed2a;hb=b71b1576c68bc40ad26592b354feace37a029f0e;hp=df8471c27b792dc37cc82d7ffe0a59b9256ea9b1;hpb=eb9668a6f3181ee02cb335272c5ee4616e61fd09;p=freeside.git

diff --git a/httemplate/edit/process/cust_pkg.cgi b/httemplate/edit/process/cust_pkg.cgi
index df8471c27..c564c417e 100755
--- a/httemplate/edit/process/cust_pkg.cgi
+++ b/httemplate/edit/process/cust_pkg.cgi
@@ -1,4 +1,15 @@
-<%
+% if ($error) {
+%   $cgi->param('error', $error);
+%   $cgi->redirect(popurl(3). 'edit/cust_pkg.cgi?'. $cgi->query_string );
+% } else {
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
+% }
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+die "access denied"
+  unless $curuser->access_right('Bulk change customer packages');
 
 my $error = '';
 
@@ -11,33 +22,21 @@ my @remove_pkgnums = map {
   $1;
 } $cgi->param('remove_pkg');
 
-my $error_redirect;
-my @pkgparts;
-if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi
-  $error_redirect = "misc/change_pkg.cgi";
-  @pkgparts = ($1);
-} else { #came from edit/cust_pkg.cgi
-  $error_redirect = "edit/cust_pkg.cgi";
-  foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
-    if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
-      my $num_pkgs = $1;
-      while ( $num_pkgs-- ) {
-        push @pkgparts,$pkgpart;
-      }
-    } else {
-      $error = "Illegal quantity";
-      last;
+my( $action, $error_redirect ) = ( '', '' );
+my @pkgparts = ();
+
+foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
+  if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
+    my $num_pkgs = $1;
+    while ( $num_pkgs-- ) {
+      push @pkgparts,$pkgpart;
     }
+  } else {
+    $error = "Illegal quantity";
+    last;
   }
 }
 
 $error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums);
 
-if ($error) {
-  $cgi->param('error', $error);
-  print $cgi->redirect(popurl(3). $error_redirect. '?'. $cgi->query_string );
-} else {
-  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-}
-
-%>
+</%init>