$title .= "\u$name_singular Search Results";
my $link = '';
-if ( ( $curuser->access_right('View invoices') #XXX for now
- || $curuser->access_right('View customer payments')
+if ( ( $curuser->access_right('View invoices') #remove in 2.5 (2.7?)
+ || ($curuser->access_right('View payments') && $table =~ /^cust_pay/)
+ || ($curuser->access_right('View refunds') && $table eq 'cust_refund')
)
&& ! $opt{'disable_link'}
)
$title = $agent->agent. " $title";
}
+ if ( $cgi->param('refnum') && $cgi->param('refnum') =~ /^(\d+)$/ ) {
+ push @search, "refnum = $1";
+ my $part_referral = qsearchs('part_referral', { 'refnum' => $1 } );
+ die "unknown refnum $1" unless $part_referral;
+ $title = $part_referral->referral. " $title";
+ }
+
+ if ( $cgi->param('cust_classnum') ) {
+ my @classnums = grep /^\d+$/, $cgi->param('cust_classnum');
+ push @search, 'cust_main.classnum IN('.join(',',@classnums).')'
+ if @classnums;
+ }
+
if ( $cgi->param('custnum') =~ /^(\d+)$/ ) {
push @search, "custnum = $1";
}
push @search, "$table.payinfo = '$1'";
}
+ if ( $cgi->param('ccpay') =~ /^([\w-:]+)$/ ) {
+ # I think that's all the characters we need to allow.
+ # To avoid confusion, this parameter searches both auth and order_number.
+ push @search, "($table.auth LIKE '$1%') OR ($table.order_number LIKE '$1%')";
+ push @fields, 'auth', 'order_number';
+ push @header, 'Auth #', 'Transaction #';
+ $align .= 'rr';
+
+ }
+
if ( $cgi->param('usernum') =~ /^(\d+)$/ ) {
push @search, "$table.usernum = $1";
}
$orderby = "LOWER(company || ' ' || last || ' ' || first )";
+ } elsif ( $cgi->param('magic') eq 'batchnum' ) {
+
+ $cgi->param('batchnum') =~ /^(\d+)$/
+ or die "illegal batchnum: ".$cgi->param('batchnum');
+
+ push @search, "batchnum = $1";
+
+ $orderby = "LOWER(company || ' ' || last || ' ' || first )";
+
} else {
die "unknown search magic: ". $cgi->param('magic');
}