X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fbrowse%2Fcust_attachment.html;h=268bd4a0a28e103601db9659b225c45cd306ac60;hp=d95f2b18cd75e8dd3b022fd4d643b089356c314e;hb=refs%2Fheads%2F24899_agent_virt_attach_report;hpb=d84fbd3987192e9bece5fc074dd7507dd1e2c7b7

diff --git a/httemplate/browse/cust_attachment.html b/httemplate/browse/cust_attachment.html
index d95f2b18c..268bd4a0a 100755
--- a/httemplate/browse/cust_attachment.html
+++ b/httemplate/browse/cust_attachment.html
@@ -11,10 +11,7 @@
                     <INPUT TYPE="hidden" NAME="orderby" VALUE="$orderby">
                     <INPUT TYPE="hidden" NAME="show_deleted" VALUE="$disabled">!
                     , 
-                 'query'       => { 'table'     => 'cust_attachment',
-                                    'hashref'   => $hashref,
-                                    'extra_sql' => 'ORDER BY '.$orderby,
-                                  },
+                 'query'       => $query,
                  'count_query' => $count_query,
                  'header' => [ selflink('#',orderby => 'attachnum'),
                                selflink('Customer',orderby => 'custnum'),
@@ -62,7 +59,8 @@
 <%init>
 
 my $curuser = $FS::CurrentUser::CurrentUser;
-die "access denied" if !$curuser->access-right('View attachments');
+die "access denied" if !$curuser->access_right('View attachments')
+                    or !$curuser->access_right('Browse attachments');
 
 my $conf = new FS::Conf;
 
@@ -89,18 +87,28 @@ else {
   }
 }
 
-my $hashref = $disabled ? 
-  { disabled => { op => '>', value => 0 } } :
-  { disabled => '' };
-
-my $count_query = 'SELECT COUNT(*) FROM cust_attachment WHERE '. ($disabled ?
-  'disabled > 0' : 'disabled IS NULL');
-
 my $orderby = $cgi->param('orderby') || 'custnum';
 
+my ( $query, $count_query, ) = do {
+    my @agentnums = $curuser->agentnums;
+    {
+        table => 'cust_attachment',
+        hashref
+          => { disabled => $disabled ? { op => '>', value => 0 } : undef, },
+        order_by  => "ORDER BY $orderby",
+        addl_from => 'JOIN cust_main USING (custnum)',
+        extra_sql
+          => 'AND agentnum IN (' . join( ',', @agentnums, 'NULL', ) . ')',
+    },
+    'SELECT COUNT(*) FROM cust_attachment'
+      . ' JOIN cust_main USING (custnum)'
+      . ' WHERE agentnum in (' . join( ',', @agentnums, 'NULL', ) . ')'
+      . ( $disabled ? 'and disabled > 0' : '' );
+};
+
 my $sub_cust = sub {
   my $c = qsearchs('cust_main', { custnum => shift->custnum } );
-  return $c ? $c->name : '<FONT COLOR="red"><B>(not found)</B></FONT>';
+  return $c ? encode_entities($c->name) : '<FONT COLOR="red"><B>(not found)</B></FONT>';
 };
 
 my $sub_date = sub {