ACLs

[freeside.git] / httemplate / edit / process / cust_refund.cgi

diff --git a/httemplate/edit/process/cust_refund.cgi b/httemplate/edit/process/cust_refund.cgi
index d95ab46..1a7a394 100755 (executable)
--- a/httemplate/edit/process/cust_refund.cgi
+++ b/httemplate/edit/process/cust_refund.cgi
@@ -1,38 +1,43 @@
-%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
-%my $custnum = $1;
-%my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-%  or die "unknown custnum $custnum";
-%
-%my $error = '';
-%if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { 
-%  my %options = ();
-%  my $bop = $FS::payby::payby2bop{$1};
-%  $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
-%    or die "illegal refund amount ". $cgi->param('refund');
-%  my $refund = "$1$2";
-%  $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
-%  my $paynum = $1;
-%  my $reason = $cgi->param('reason');
-%  my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01';
-%  $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/;
-%  $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund,
-%                                                  'paynum' => $paynum,
-%                                                  'reason' => $reason,
-%                                                  %options );
-%} else {
-%  die 'unimplemented';
-%  #my $new = new FS::cust_refund ( {
-%  #  map {
-%  #    $_, scalar($cgi->param($_));
-%  #  } ( fields('cust_refund'), 'paynum' )
-%  #} );
-%  #$error = $new->insert;
-%}
-%
-%
 %if ( $error ) {
 %  $cgi->param('error', $error);
-%  print $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string ) %>
 %} else {
-%  print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
 %}
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Refund payment');
+
+$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
+my $custnum = $1;
+my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+  or die "unknown custnum $custnum";
+
+my $error = '';
+if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { 
+  my %options = ();
+  my $bop = $FS::payby::payby2bop{$1};
+  $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
+    or die "illegal refund amount ". $cgi->param('refund');
+  my $refund = "$1$2";
+  $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
+  my $paynum = $1;
+  my $reason = $cgi->param('reason');
+  my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01';
+  $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/;
+  $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund,
+                                                  'paynum' => $paynum,
+                                                  'reason' => $reason,
+                                                  %options );
+} else {
+  die 'unimplemented';
+  #my $new = new FS::cust_refund ( {
+  #  map {
+  #    $_, scalar($cgi->param($_));
+  #  } ( fields('cust_refund'), 'paynum' )
+  #} );
+  #$error = $new->insert;
+}
+
+</%init>