X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fedit%2Fcust_refund.cgi;h=27c4b193759b8548c65c42a481cf5106e99f748a;hp=59417b4c4806f3cef7c153808072b5dc1f2dbbb3;hb=360f89789c45e1fd7cb84b1442d2f0c8353066d9;hpb=06a85a88bfdb0d3fc79ee055eb8327658dfe63ab diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi index 59417b4c4..27c4b1937 100755 --- a/httemplate/edit/cust_refund.cgi +++ b/httemplate/edit/cust_refund.cgi @@ -10,7 +10,7 @@ <% small_custview($custnum, $conf->config('countrydefault')) %> % } -
@@ -130,9 +185,6 @@ <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); - my $conf = new FS::Conf; my $date_format = $conf->config('date_format') || '%m/%d/%Y'; @@ -143,6 +195,9 @@ my $payinfo = $cgi->param('payinfo'); my $reason = $cgi->param('reason'); my $link = $cgi->param('popup') ? 'popup' : ''; +die "access denied" + unless $FS::CurrentUser::CurrentUser->refund_access_right($payby); + my( $paynum, $cust_pay ) = ( '', '' ); if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { $paynum = $1; @@ -158,6 +213,9 @@ if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { } die "no custnum or paynum specified!" unless $custnum; +my $cust_main = qsearchs( 'cust_main', { 'custnum'=>$custnum } ); +die "unknown custnum $custnum" unless $cust_main; + my $_date = time; my $p1 = popurl(1);