<INPUT TYPE="hidden" NAME="orderby" VALUE="$orderby">
<INPUT TYPE="hidden" NAME="show_deleted" VALUE="$disabled">!
,
- 'query' => { 'table' => 'cust_attachment',
- 'hashref' => $hashref,
- 'extra_sql' => 'ORDER BY '.$orderby,
- },
+ 'query' => $query,
'count_query' => $count_query,
'header' => [ selflink('#',orderby => 'attachnum'),
selflink('Customer',orderby => 'custnum'),
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" if !$curuser->access-right('View attachments');
+die "access denied" if !$curuser->access_right('View attachments')
+ or !$curuser->access_right('Browse attachments');
my $conf = new FS::Conf;
}
}
-my $hashref = $disabled ?
- { disabled => { op => '>', value => 0 } } :
- { disabled => '' };
-
-my $count_query = 'SELECT COUNT(*) FROM cust_attachment WHERE '. ($disabled ?
- 'disabled > 0' : 'disabled IS NULL');
-
my $orderby = $cgi->param('orderby') || 'custnum';
+my ( $query, $count_query, ) = do {
+ my @agentnums = $curuser->agentnums;
+ {
+ table => 'cust_attachment',
+ hashref
+ => { disabled => $disabled ? { op => '>', value => 0 } : undef, },
+ order_by => "ORDER BY $orderby",
+ addl_from => 'JOIN cust_main USING (custnum)',
+ extra_sql
+ => 'AND agentnum IN (' . join( ',', @agentnums, 'NULL', ) . ')',
+ },
+ 'SELECT COUNT(*) FROM cust_attachment'
+ . ' JOIN cust_main USING (custnum)'
+ . ' WHERE agentnum in (' . join( ',', @agentnums, 'NULL', ) . ')'
+ . ( $disabled ? 'and disabled > 0' : '' );
+};
+
my $sub_cust = sub {
my $c = qsearchs('cust_main', { custnum => shift->custnum } );
- return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+ return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
};
my $sub_date = sub {
projects / freeside.git / blobdiff