X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fquick-charge.cgi;h=22f96852fad77b2f928496ad640d2475c0339b09;hb=ba5deb42e573673383c8e9dac0dfe3e4296c4b6d;hp=4a090f9dee183fe5bee429745c81e3728bae54dd;hpb=5893e4b788c0fa70347a9c9d9d964defa438f519;p=freeside.git

diff --git a/httemplate/edit/process/quick-charge.cgi b/httemplate/edit/process/quick-charge.cgi
index 4a090f9de..22f96852f 100644
--- a/httemplate/edit/process/quick-charge.cgi
+++ b/httemplate/edit/process/quick-charge.cgi
@@ -1,46 +1,50 @@
-%
-%  my $error = '';
-%  my $param = $cgi->Vars;
-%
-%  my @description = ();
-%  for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
-%    push @description, $param->{"description$row"}
-%      if ($param->{"description$row"} =~ /\S/);
-%  }
-%
-%  $param->{"custnum"} =~ /^(\d+)$/
-%    or $error .= "Illegal customer number " . $param->{"custnum"} . "  ";
-%  my $custnum = $1;
-%
-%  $param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
-%    or $error .= "Illegal amount " . $param->{"amount"} . "  ";
-%  my $amount = $1;
-%
-%  if ( $param->{'taxclass'} eq '(select)' ) {
-%    $error .= "Must select a tax class.  ";
-%  }
-%
-%  unless ( $error ) {
-%    my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-%      or $error .= "Unknown customer number $custnum.  ";
-%
-%    $error ||= $cust_main->charge( {
-%      'amount'     => $amount,
-%      'pkg'        => scalar($cgi->param('pkg')),
-%      'taxclass'   => scalar($cgi->param('taxclass')),
-%      'additional' => \@description,
-%    } );
-%  }
-%
-%  if ( $error ) {
-%
-%    $cgi->param('error', $error );
-%    
+% if ( $error ) {
+%   $cgi->param('error', $error );
 <% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %>
-%
-% }
+% } else {
 <% header("One-time charge added") %>
   <SCRIPT TYPE="text/javascript">
     window.top.location.reload();
   </SCRIPT>
   </BODY></HTML>
+% }
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
+my $error = '';
+my $param = $cgi->Vars;
+
+my @description = ();
+for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
+  push @description, $param->{"description$row"}
+    if ($param->{"description$row"} =~ /\S/);
+}
+
+$param->{"custnum"} =~ /^(\d+)$/
+  or $error .= "Illegal customer number " . $param->{"custnum"} . "  ";
+my $custnum = $1;
+
+$param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
+  or $error .= "Illegal amount " . $param->{"amount"} . "  ";
+my $amount = $1;
+
+if ( $param->{'taxclass'} eq '(select)' ) {
+  $error .= "Must select a tax class.  ";
+}
+
+unless ( $error ) {
+  my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+    or $error .= "Unknown customer number $custnum.  ";
+
+  $error ||= $cust_main->charge( {
+    'amount'     => $amount,
+    'pkg'        => scalar($cgi->param('pkg')),
+    'taxclass'   => scalar($cgi->param('taxclass')),
+    'classnum'   => scalar($cgi->param('classnum')),
+    'additional' => \@description,
+  } );
+}
+
+</%init>