prohibit self-service changing of suspended services passwords, RT#26140

[freeside.git] / FS / FS / ClientAPI / passwd.pm

diff --git a/FS/FS/ClientAPI/passwd.pm b/FS/FS/ClientAPI/passwd.pm
index b22d761..8001e4f 100644 (file)
--- a/FS/FS/ClientAPI/passwd.pm
+++ b/FS/FS/ClientAPI/passwd.pm
@@ -23,6 +23,11 @@ sub passwd {
                                          'domsvc'    => $svc_domain->svcnum, }
                          );
   return { error => 'User not found.' } unless $svc_acct;
+
+  my $cust_pkg = $svc_acct->cust_svc->cust_pkg;
+  return { error => "Can't change password for a suspended service" }
+    if $cust_pkg && $cust_pkg->status eq 'suspended';
+
   return { error => 'Incorrect password.' }
     unless $svc_acct->check_password($old_password);