X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fquick-cust_pkg.cgi;h=57c696e7e8cbd9adb9b49bdc0119a14ce8e4b337;hb=3a02c437eadd9a39f7e56056ca987a4846650209;hp=66d02e307bc0b3aa04cf8fc4746a53101295a1cc;hpb=9509e5bfb7f9331303153cac24d7bfecbe2ea9f1;p=freeside.git

diff --git a/httemplate/edit/process/quick-cust_pkg.cgi b/httemplate/edit/process/quick-cust_pkg.cgi
index 66d02e307..57c696e7e 100644
--- a/httemplate/edit/process/quick-cust_pkg.cgi
+++ b/httemplate/edit/process/quick-cust_pkg.cgi
@@ -1,27 +1,68 @@
-%#untaint custnum
-%$cgi->param('custnum') =~ /^(\d+)$/
-%  or die 'illegal custnum '. $cgi->param('custnum');
-%my $custnum = $1;
-%$cgi->param('pkgpart') =~ /^(\d+)$/
-%  or die 'illegal pkgpart '. $cgi->param('pkgpart');
-%my $pkgpart = $1;
-%
-%my @cust_pkg = ();
-%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] );
-%
 %if ($error) {
 %  $cgi->param('error', $error);
-%  print $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string );
+<% $cgi->redirect(popurl(3). 'misc/order_pkg.html?'. $cgi->query_string ) %>
 %} else {
-%  my $frag = "cust_pkg". $cust_pkg[0]->pkgnum;
+%  my $frag = "cust_pkg". $cust_pkg->pkgnum;
+%  my $show = $curuser->default_customer_view =~ /^(jumbo|packages)$/
+%               ? ''
+%               : ';show=packages';
 <% header('Package ordered') %>
   <SCRIPT TYPE="text/javascript">
     // XXX fancy ajax rebuild table at some point, but a page reload will do for now
 
     // XXX chop off trailing #target and replace... ?
-    window.top.location = '<% popurl(3). "view/cust_main.cgi?keywords=$custnum;fragment=$frag#$frag" %>';
+    window.top.location = '<% popurl(3). "view/cust_main.cgi?custnum=$custnum$show;fragment=$frag#$frag" %>';
 
   </SCRIPT>
 
   </BODY></HTML>
 %}
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+die "access denied"
+  unless $curuser->access_right('Order customer package');
+
+#untaint custnum (probably not necessary, searching for it is escape enough)
+$cgi->param('custnum') =~ /^(\d+)$/
+  or die 'illegal custnum '. $cgi->param('custnum');
+my $custnum = $1;
+my $cust_main = qsearchs({
+  'table'     => 'cust_main',
+  'hashref'   => { 'custnum' => $custnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die 'unknown custnum' unless $cust_main;
+
+#probably not necessary, taken care of by cust_pkg::check
+$cgi->param('pkgpart') =~ /^(\d+)$/
+  or die 'illegal pkgpart '. $cgi->param('pkgpart');
+my $pkgpart = $1;
+$cgi->param('refnum') =~ /^(\d*)$/
+  or die 'illegal refnum '. $cgi->param('refnum');
+my $refnum = $1;
+$cgi->param('locationnum') =~ /^(\-?\d*)$/
+  or die 'illegal locationnum '. $cgi->param('locationnum');
+my $locationnum = $1;
+
+my $cust_pkg = new FS::cust_pkg {
+  'custnum'     => $custnum,
+  'pkgpart'     => $pkgpart,
+  'refnum'      => $refnum,
+  'locationnum' => $locationnum,
+};
+
+my %opt = ( 'cust_pkg' => $cust_pkg );
+
+if ( $locationnum == -1 ) {
+  my $cust_location = new FS::cust_location {
+    map { $_ => scalar($cgi->param($_)) }
+        qw( custnum address1 address2 city county state zip country )
+  };
+  $opt{'cust_location'} = $cust_location;
+}
+
+my $error = $cust_main->order_pkg( %opt );
+
+</%init>