X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fedit%2Fcust_main_attach.cgi;h=a00731050b0b107b9d1f2f0592605fee37808146;hp=5e9b16c9956ae3ff02a3a28af23dbbd00949139b;hb=d84fbd3987192e9bece5fc074dd7507dd1e2c7b7;hpb=3fa2bc364fc6810b7ce8a02d27e7062ff850ee9d

diff --git a/httemplate/edit/cust_main_attach.cgi b/httemplate/edit/cust_main_attach.cgi
index 5e9b16c99..a00731050 100755
--- a/httemplate/edit/cust_main_attach.cgi
+++ b/httemplate/edit/cust_main_attach.cgi
@@ -44,6 +44,7 @@ onclick="return(confirm('Delete this file?'));">
 <%init>
 
 my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" if !$curuser->access_right('View attachments');
 my $attachnum = '';
 my $attach;
 if ( $cgi->param('error') ) {