my $conf = new FS::Conf;
+ my $curuser = $FS::CurrentUser::CurrentUser;
+
my @payby = grep /\w/, $conf->config('payby');
#@payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH WEST COMP ))
@payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH COMP ))
<BR><BR><A NAME="history"><FONT SIZE="+2">Payment History</FONT></A><BR>
-<% if ( $payby{'BILL'} ) { %>
+<% if ( $payby{'BILL'} && $curuser->access_right('Post payment') ) { %>
<%= $s++ ? ' | ' : '' %>
<A HREF="<%= $p %>edit/cust_pay.cgi?payby=BILL;custnum=<%= $custnum %>">Post check payment</A>
<% } %>
-<% if ( $payby{'CASH'} ) { %>
+<% if ( $payby{'CASH'} && $curuser->access_right('Post payment') ) { %>
<%= $s++ ? ' | ' : '' %>
<A HREF="<%= $p %>edit/cust_pay.cgi?payby=CASH;custnum=<%= $custnum %>">Post cash payment</A>
<% } %>
-<% if ( $payby{'WEST'} ) { %>
+<% if ( $payby{'WEST'} && $curuser->access_right('Post payment') ) { %>
<%= $s++ ? ' | ' : '' %>
<A HREF="<%= $p %>edit/cust_pay.cgi?payby=WEST;custnum=<%= $custnum %>">Post Western Union payment</A>
<% } %>
-<% if ( $payby{'CARD'} || $payby{'DCRD'} ) { %>
+<% if ( ( $payby{'CARD'} || $payby{'DCRD'} )
+ && $curuser->access_right('Process payment')
+ ) {
+%>
<%= $s++ ? ' | ' : '' %>
<A HREF="<%= $p %>misc/payment.cgi?payby=CARD;custnum=<%= $custnum %>">Process credit card payment</A>
<% } %>
-<% if ( $payby{'CHEK'} || $payby{'DCHK'} ) { %>
+<% if ( ( $payby{'CHEK'} || $payby{'DCHK'} )
+ && $curuser->access_right('Process payment')
+ ) {
+%>
<%= $s++ ? ' | ' : '' %>
<A HREF="<%= $p %>misc/payment.cgi?payby=CHEK;custnum=<%= $custnum %>">Process electronic check (ACH) payment</A>
<% } %>
-<% if ( $payby{'MCRD'} ) { %>
+<% if ( $payby{'MCRD'} && $curuser->access_right('Post payment') ) { %>
<%= $s++ ? ' | ' : '' %>
<A HREF="<%= $p %>edit/cust_pay.cgi?payby=MCRD;custnum=<%= $custnum %>">Post manual credit card payment</A>
<BR>
-<A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('<%= $p %>edit/cust_credit.cgi?<%= $custnum %>', 392, 336, 'cust_credit_popup' ), CAPTION, 'Post credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK )">Post credit</A>
+<% if ( $curuser->access_right('Post credit') ) { %>
-<BR>
+ <A HREF="javascript:void(0);" onClick="overlib( OLiframeContent('<%= $p %>edit/cust_credit.cgi?<%= $custnum %>', 392, 336, 'cust_credit_popup' ), CAPTION, 'Post credit', STICKY, AUTOSTATUSCAP, MIDX, 0, MIDY, 0, DRAGGABLE, CLOSECLICK )">Post credit</A>
+
+ <BR>
+
+<% } %>
<%
#get payment history
: '';
my $post = ( $cust_bill->owed > 0 ) ? '</FONT></B>' : '';
my $invnum = $cust_bill->invnum;
+ my $link = $curuser->access_right('View invoices')
+ ? qq!<A HREF="${p}view/cust_bill.cgi?$invnum">!
+ : '';
push @history, {
'date' => $cust_bill->_date,
- 'desc' => qq!<A HREF="${p}view/cust_bill.cgi?$invnum">!. $pre.
+ 'desc' => $link. $pre.
"Invoice #$invnum (Balance \$". $cust_bill->owed. ')'.
- $post. '</A>',
+ $post. ( $link ? '</A>' : '' ),
'charge' => $cust_bill->charged,
};
}
&& $cust_pay->payby =~ /^(CARD|CHEK)$/
&& time-$cust_pay->_date < $refund_days*86400
&& $cust_pay->unrefunded > 0
+ && $curuser->access_right('Refund payment')
) {
$refund = qq! (<A HREF="${p}edit/cust_refund.cgi?payby=$1;!.
qq!paynum=!. $cust_pay->paynum. '"'.
my $void = '';
if ( $cust_pay->closed !~ /^Y/i
- && ( $cust_pay->payby ne 'CARD' || $conf->exists('cc-void') )
- && ( $cust_pay->payby ne 'CHEK' || $conf->exists('echeck-void') )
- ) {
+ && ( ( $cust_pay->payby eq 'CARD'
+ && $conf->exists('cc-void')
+ && $curuser->acccess_right('Credit card void')
+ )
+ || ( $cust_pay->payby eq 'CHEK'
+ && $conf->exists('echeck-void')
+ && $curuser->acccess_right('Echeck void')
+ )
+ )
+ )
+ {
$void = qq! (<A HREF="javascript:areyousure('!.
qq!${p}misc/void-cust_pay.cgi?!. $cust_pay->paynum.
qq!', 'Are you sure you want to void this payment?')"!.
}
my $delete = '';
- if ( $cust_pay->closed !~ /^Y/i && $conf->exists('deletepayments') ) {
+ if ( $cust_pay->closed !~ /^Y/i
+ && $conf->exists('deletepayments')
+ && $curuser->access_right('Delete payment')
+ )
+ {
$delete = qq! (<A HREF="javascript:areyousure('!.
qq!${p}misc/delete-cust_pay.cgi?!. $cust_pay->paynum.
qq!', 'Are you sure you want to delete this payment?')"!.
my $unapply = '';
if ( $cust_pay->closed !~ /^Y/i
&& $conf->exists('unapplypayments')
- && scalar(@cust_bill_pay) ) {
+ && scalar(@cust_bill_pay)
+ && $curuser->access_right('Unapply payment')
+ )
+ {
$unapply = qq! (<A HREF="javascript:areyousure('!.
qq!${p}misc/unapply-cust_pay.cgi?!. $cust_pay->paynum.
qq!', 'Are you sure you want to unapply this payment?')"!.
my $info = $payby ? " ($payby$payinfo)" : '';
my $unvoid = '';
- if ( $cust_pay_void->closed !~ /^Y/i && $conf->exists('unvoid') ) {
+ if ( $cust_pay_void->closed !~ /^Y/i
+ && $conf->exists('unvoid')
+ && $curuser->access_right('Unvoid')
+ )
+ {
$unvoid = qq! (<A HREF="javascript:areyousure('!.
qq!${p}misc/unvoid-cust_pay_void.cgi?!. $cust_pay_void->paynum.
qq!', 'Are you sure you want to unvoid this payment?')"!.
}
#
my $delete = '';
- if ( $cust_credit->closed !~ /^Y/i && $conf->exists('deletecredits') ) {
+ if ( $cust_credit->closed !~ /^Y/i
+ && $conf->exists('deletecredits')
+ && $curuser->access_right('Delete credit')
+ )
+ {
$delete = qq! (<A HREF="javascript:areyousure('!.
qq!${p}misc/delete-cust_credit.cgi?!. $cust_credit->crednum.
qq!', 'Are you sure you want to delete this credit?')">!.
my $unapply = '';
if ( $cust_credit->closed !~ /^Y/i
&& $conf->exists('unapplycredits')
- && scalar(@cust_credit_bill) ) {
+ && scalar(@cust_credit_bill)
+ && $curuser->access_right('Unapply credit')
+ )
+ {
$unapply = qq! (<A HREF="javascript:areyousure('!.
qq!${p}misc/unapply-cust_credit.cgi?!. $cust_credit->crednum.
qq!', 'Are you sure you want to unapply this credit?')">!.