RT# 39340 - created access to payment only via ip address, fixes security by creating...

[freeside.git] / FS / FS / ClientAPI / MasonComponent.pm

diff --git a/FS/FS/ClientAPI/MasonComponent.pm b/FS/FS/ClientAPI/MasonComponent.pm
index 88baf07..e216d91 100644 (file)
--- a/FS/FS/ClientAPI/MasonComponent.pm
+++ b/FS/FS/ClientAPI/MasonComponent.pm
@@ -2,7 +2,7 @@ package FS::ClientAPI::MasonComponent;
 
 use strict;
 use vars qw( $cache $DEBUG $me );
-use subs qw( _cache );
+use subs qw( _cache _mason_comp );
 use FS::Mason qw( mason_interps );
 use FS::Conf;
 use FS::ClientAPI_SessionCache;
@@ -14,18 +14,23 @@ $DEBUG = 0;
 $me = '[FS::ClientAPI::MasonComponent]';
 
 my %allowed_comps = map { $_=>1 } qw(
+  /elements/customer-statement.html
   /elements/select-did.html
   /misc/areacodes.cgi
   /misc/exchanges.cgi
   /misc/phonenums.cgi
   /misc/states.cgi
   /misc/counties.cgi
+  /misc/cities.cgi
   /misc/svc_acct-domains.cgi
   /misc/part_svc-columns.cgi
+  /edit/elements/svc_forward.html
 );
 
 my %session_comps = map { $_=>1 } qw(
   /elements/location.html
+  /elements/tr-amount_fee.html
+  /elements/select-part_pkg.html
   /edit/cust_main/first_pkg/select-part_pkg.html
 );
 
@@ -36,11 +41,35 @@ my %session_callbacks = (
     my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
       or return "unknown custnum $custnum";
     my %args = @$argsref;
-    $args{object} = $cust_main;
+    $args{object} = $cust_main->bill_location;
     @$argsref = ( %args );
     return ''; #no error
   },
 
+  '/elements/tr-amount_fee.html' => sub {
+    my( $custnum, $argsref ) = @_;
+
+    my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+      or return "unknown custnum $custnum";
+
+    my $conf = new FS::Conf;
+
+    my %args = @$argsref;
+    %args = (
+      %args,
+      'process-pkgpart'    =>
+        scalar($conf->config('selfservice_process-pkgpart', $cust_main->agentnum)),
+      'process-display'    => scalar($conf->config('selfservice_process-display')),
+      'process-skip_first' => $conf->exists('selfservice_process-skip_first'),
+      'num_payments'       => scalar($cust_main->cust_pay), 
+      'surcharge_percentage' => scalar($conf->config('credit-card-surcharge-percentage', $cust_main->agentnum)),
+      'surcharge_flatfee'  => scalar($conf->config('credit-card-surcharge-flatfee', $cust_main->agentnum)),
+    );
+    @$argsref = ( %args );
+
+    return ''; #no error
+  },
+
   '/edit/cust_main/first_pkg/select-part_pkg.html' => sub {
     my( $custnum, $argsref ) = @_;
     my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
@@ -59,13 +88,49 @@ my %session_callbacks = (
            }
       qsearch( 'part_pkg', { 'disabled' => '' }, '', 'ORDER BY pkg' ); # case?
 
+    my $conf = new FS::Conf;
+    if ( $conf->exists('pkg-addon_classnum') ) {
+
+      my %classnum = map  { ( $_->addon_classnum => 1 ) }
+                     grep { $_->freq !~ /^0/ }
+                     map  { $_->part_pkg }
+                          $cust_main->ncancelled_pkgs;
+
+      unless ( $classnum{''} || ! keys %classnum ) {
+        @part_pkg = grep $classnum{ $_->classnum }, @part_pkg;
+      }
+    }
+
     my %args = @$argsref;
     $args{part_pkg} = \@part_pkg;
+    $args{first_svc} = \@first_svc;
+    $args{no_comment} = 1;
+    $args{label_callback} = sub { shift->pkg_comment };
     @$argsref = ( %args );
     return ''; #no error
 
   },
 
+  '/elements/select-part_pkg.html' => sub {
+    my( $custnum, $argsref ) = @_;
+    my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+      or return "unknown custnum $custnum";
+
+    my $pkgpart = $cust_main->agent->pkgpart_hashref;
+
+    #false laziness w/ edit/cust_main/first_pkg.html
+    my @first_svc = ( 'svc_acct', 'svc_phone' );
+
+    my @part_pkg =
+      grep { $pkgpart->{ $_->pkgpart } 
+                  || ( $_->agentnum && $_->agentnum == $cust_main->agentnum )
+           }
+      qsearch( 'part_pkg', { 'disabled' => '' }, '', 'ORDER BY pkg' ); # case?
+
+    push @$argsref, 'part_pkg' =>  \@part_pkg;
+    '';
+  },
+
 );
 
 my $outbuf;
@@ -73,8 +138,27 @@ my( $fs_interp, $rt_interp ) = mason_interps('standalone', 'outbuf'=>\$outbuf);
 
 sub mason_comp {
   my $packet = shift;
+  my $me = 'mason_comp';
+  my $namespace = 'FS::ClientAPI::MyAccount';
 
-  warn "$me mason_comp called on $packet\n" if $DEBUG;
+  _mason_comp($packet, $me, $namespace);
+
+}
+
+sub payment_only_mason_comp {
+  my $packet = shift;
+  my $me = 'payment_only_mason_comp';
+  my $namespace = 'FS::ClientAPI::PaymentOnly';
+
+  _mason_comp($packet, $me, $namespace);
+}
+
+sub _mason_comp {
+  my $packet = shift;
+  my $me = shift;
+  my $namespace = shift;
+
+  warn "$me called on $packet\n" if $DEBUG;
 
   my $comp = $packet->{'comp'};
   unless ( $allowed_comps{$comp} || $session_comps{$comp} ) {
@@ -85,7 +169,7 @@ sub mason_comp {
 
   if ( $session_comps{$comp} ) {
 
-    my $session = _cache->get($packet->{'session_id'})
+    my $session = _cache($namespace)->get($packet->{'session_id'})
       or return ( 'error' => "Can't resume session" ); #better error message
     my $custnum = $session->{'custnum'};
 
@@ -96,6 +180,7 @@ sub mason_comp {
 
   my $conf = new FS::Conf;
   $FS::Mason::Request::FSURL = $conf->config('selfservice_server-base_url');
+  $FS::Mason::Request::FSURL .= '/' unless $FS::Mason::Request::FSURL =~ /\/$/;
   $FS::Mason::Request::QUERY_STRING = $packet->{'query_string'} || '';
 
   $outbuf = '';
@@ -109,8 +194,10 @@ sub mason_comp {
 
 #hmm
 sub _cache {
+  my $namespace = shift || 'FS::ClientAPI::MyAccount';
+
   $cache ||= new FS::ClientAPI_SessionCache( {
-               'namespace' => 'FS::ClientAPI::MyAccount',
+               'namespace' => $namespace,
              } );
 }