X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fsearch%2Fcust_main.cgi;h=1bd2288019ce9f4c54524f7125c99edcfa118da1;hb=6f401f92ef5362b8e42e76fee24d89e46d78a0dd;hp=b2c977ad24d85524d48e139883907ecece4524ea;hpb=2eba3bb70e579c6799241e2d7d9df681febc8cdd;p=freeside.git

diff --git a/httemplate/search/cust_main.cgi b/httemplate/search/cust_main.cgi
index b2c977ad2..1bd228801 100755
--- a/httemplate/search/cust_main.cgi
+++ b/httemplate/search/cust_main.cgi
@@ -329,7 +329,8 @@
 my $curuser = $FS::CurrentUser::CurrentUser;
 
 die "access denied"
-  unless $curuser->access_right('List all customers');
+  unless $curuser->access_right('List all customers')
+      || $curuser->access_right('List customers');
 
 my $conf = new FS::Conf;
 my $maxrecords = $conf->config('maxsearchrecordsperpage') || 100;
@@ -350,9 +351,11 @@ my(@cust_main, $sortby, $orderby);
 my @select = ();
 my @addl_headers = ();
 my @addl_cols = ();
-if ( $cgi->param('browse')
-     || $cgi->param('otaker_on')
-     || $cgi->param('agentnum_on')
+if ( (    $cgi->param('browse')
+       || $cgi->param('otaker_on')
+       || $cgi->param('agentnum_on')
+     )
+     and $curuser->access_right('List all customers')
 ) {
 
   my %search = ();
@@ -586,7 +589,7 @@ sub cardsearch {
 
   my($card)=$cgi->param('card');
   $card =~ s/\D//g;
-  $card =~ /^(\d{13,16}|\d{8,9})$/ or errorpage(emt("Illegal card number"));
+  $card =~ /^(\d{13,19}|\d{8,9})$/ or errorpage(emt("Illegal card number"));
   my($payinfo)=$1;
 
   [ qsearch('cust_main',{'payinfo'=>$payinfo, 'payby'=>'CARD'}),