X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fquick-cust_pkg.cgi;h=7a0f08280e8d72ac3b5cb51f4166d67aab43f042;hb=a83a000a027d1272e813259d09230d701d84df64;hp=7afc9f2bbc67eb2de2bfc55545f22ac462ade59e;hpb=c8cccb4a92adceb943c635fe62dad0d034462ce0;p=freeside.git

diff --git a/httemplate/edit/process/quick-cust_pkg.cgi b/httemplate/edit/process/quick-cust_pkg.cgi
index 7afc9f2bb..7a0f08280 100644
--- a/httemplate/edit/process/quick-cust_pkg.cgi
+++ b/httemplate/edit/process/quick-cust_pkg.cgi
@@ -1,27 +1,72 @@
-%
-%
-%#untaint custnum
-%$cgi->param('custnum') =~ /^(\d+)$/
-%  or die 'illegal custnum '. $cgi->param('custnum');
-%my $custnum = $1;
-%$cgi->param('pkgpart') =~ /^(\d+)$/
-%  or die 'illegal pkgpart '. $cgi->param('pkgpart');
-%my $pkgpart = $1;
-%
-%my @cust_pkg = ();
-%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, );
-%
 %if ($error) {
-%
-
-<!-- mason kludge -->
-%
-%  eidiot($error);
+%  $cgi->param('error', $error);
+<% $cgi->redirect(popurl(3). 'misc/order_pkg.html?'. $cgi->query_string ) %>
 %} else {
-%  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum".
-%                       "#cust_pkg". $cust_pkg[0]->pkgnum );
+%  my $frag = "cust_pkg". $cust_pkg->pkgnum;
+%  my $show = $curuser->default_customer_view =~ /^(jumbo|packages)$/
+%               ? ''
+%               : ';show=packages';
+<% header('Package ordered') %>
+  <SCRIPT TYPE="text/javascript">
+    // XXX fancy ajax rebuild table at some point, but a page reload will do for now
+
+    // XXX chop off trailing #target and replace... ?
+    window.top.location = '<% popurl(3). "view/cust_main.cgi?custnum=$custnum$show;fragment=$frag#$frag" %>';
+
+  </SCRIPT>
+
+  </BODY></HTML>
 %}
-%
-%
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+die "access denied"
+  unless $curuser->access_right('Order customer package');
+
+#untaint custnum (probably not necessary, searching for it is escape enough)
+$cgi->param('custnum') =~ /^(\d+)$/
+  or die 'illegal custnum '. $cgi->param('custnum');
+my $custnum = $1;
+my $cust_main = qsearchs({
+  'table'     => 'cust_main',
+  'hashref'   => { 'custnum' => $custnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die 'unknown custnum' unless $cust_main;
+
+#probably not necessary, taken care of by cust_pkg::check
+$cgi->param('pkgpart') =~ /^(\d+)$/
+  or die 'illegal pkgpart '. $cgi->param('pkgpart');
+my $pkgpart = $1;
+$cgi->param('refnum') =~ /^(\d*)$/
+  or die 'illegal refnum '. $cgi->param('refnum');
+my $refnum = $1;
+$cgi->param('locationnum') =~ /^(\-?\d*)$/
+  or die 'illegal locationnum '. $cgi->param('locationnum');
+my $locationnum = $1;
+
+my $cust_pkg = new FS::cust_pkg {
+  'custnum'     => $custnum,
+  'pkgpart'     => $pkgpart,
+  'start_date'  => ( scalar($cgi->param('start_date'))
+                       ? str2time($cgi->param('start_date'))
+                       : ''
+                   ),
+  'refnum'      => $refnum,
+  'locationnum' => $locationnum,
+};
+
+my %opt = ( 'cust_pkg' => $cust_pkg );
+
+if ( $locationnum == -1 ) {
+  my $cust_location = new FS::cust_location {
+    map { $_ => scalar($cgi->param($_)) }
+        qw( custnum address1 address2 city county state zip country )
+  };
+  $opt{'cust_location'} = $cust_location;
+}
 
+my $error = $cust_main->order_pkg( %opt );
 
+</%init>