X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=httemplate%2Fview%2Fcust_bill-ps.cgi;h=881491f69c5432e9e8f1832a83acf5915cfbd4e1;hb=8ef00c68688492b2afa3dde8d3d467f89f238c40;hp=f838e1b17b2b1a8854d62841347debb174fece5e;hpb=3ce7691203a7737406bf2d4442f7fd84b81f847e;p=freeside.git

diff --git a/httemplate/view/cust_bill-ps.cgi b/httemplate/view/cust_bill-ps.cgi
index f838e1b17..881491f69 100755
--- a/httemplate/view/cust_bill-ps.cgi
+++ b/httemplate/view/cust_bill-ps.cgi
@@ -1,14 +1,35 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $templatename = $2;
-%my $invnum = $3;
-%
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Invoice #$invnum not found!" unless $cust_bill;
-%
-%http_header('Content-Type' => 'application/postscript' );
-%
-<% $cust_bill->print_ps( '', $templatename) %>
+<% $cust_bill->print_ps(\%opt) %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
+
+my( $invnum, $template, $notice_name );
+my($query) = $cgi->keywords;
+if ( $query =~ /^((.+)-)?(\d+)(.pdf)?$/ ) {
+  $template = $2;
+  $invnum = $3;
+  $notice_name = 'Invoice';
+} else {
+  $invnum = $cgi->param('invnum');
+  $template = $cgi->param('template');
+  $notice_name = ( $cgi->param('notice_name') || 'Invoice' );
+}
+
+my %opt = (
+  'template'    => $template,
+  'notice_name' => $notice_name,
+);
+
+my $cust_bill = qsearchs({
+  'select'    => 'cust_bill.*',
+  'table'     => 'cust_bill',
+  'addl_from' => 'LEFT JOIN cust_main USING ( custnum )',
+  'hashref'   => { 'invnum' => $invnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die "Invoice #$invnum not found!" unless $cust_bill;
+
+http_header('Content-Type' => 'application/postscript' );
+
+</%init>