projects / freeside.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
C is for Cookie^WControl
[freeside.git] / httemplate / view / cust_main.cgi
diff --git a/httemplate/view/cust_main.cgi b/httemplate/view/cust_main.cgi
index 20e8201..850b48b 100755 (executable)
--- a/httemplate/view/cust_main.cgi
+++ b/httemplate/view/cust_main.cgi
@@ -1,27 +1,9 @@
-%
-%
-%my $conf = new FS::Conf;
-%
-%my $curuser = $FS::CurrentUser::CurrentUser;
-%
-%die "No customer specified (bad URL)!" unless $cgi->keywords;
-%my($query) = $cgi->keywords; # needs parens with my, ->keywords returns array
-%$query =~ /^(\d+)$/;
-%my $custnum = $1;
-%my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum});
-%die "Customer not found!" unless $cust_main;
-%
-%
-
-
 <% include("/elements/header.html","Customer View: ". $cust_main->name ) %>
-% if ( $curuser->access_right('Edit customer') ) { 
 
+% if ( $curuser->access_right('Edit customer') ) { 
   <A HREF="<% $p %>edit/cust_main.cgi?<% $custnum %>">Edit this customer</A> | 
 % } 
 
-
-
 <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws.js"></SCRIPT>
 <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws_iframe.js"></SCRIPT>
 <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws_draggable.js"></SCRIPT>
@@ -155,11 +137,35 @@ Comments
 
 
 <BR><BR>
+
+% #XXX enable me# if ( $curuser->access_right('View customer packages') { 
 <% include('cust_main/packages.html', $cust_main ) %>
-% if ( $conf->config('payby-default') ne 'HIDE' ) { 
+% #}
 
+% if ( $conf->config('payby-default') ne 'HIDE' ) { 
   <% include('cust_main/payment_history.html', $cust_main ) %>
 % } 
 
 
 <% include('/elements/footer.html') %>
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+die "access denied"
+  unless $curuser->access_right('View customer');
+
+my $conf = new FS::Conf;
+
+die "No customer specified (bad URL)!" unless $cgi->keywords;
+my($query) = $cgi->keywords; # needs parens with my, ->keywords returns array
+$query =~ /^(\d+)$/;
+my $custnum = $1;
+my $cust_main = qsearchs({
+  'table'     => 'cust_main',
+  'hashref'   => {'custnum'=>$custnum},
+  'extra_sql' => ' AND '. $curuser->agentnums_sql,
+});
+die "Customer not found!" unless $cust_main;
+
+</%init>
Freeside billing, trouble ticketing, network monitoring and provisioning