X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fedit%2Fprocess%2Fsvc_forward.cgi;h=fffad84d61282aec69e7b073ae4aac39cd79ef4f;hp=bb066d8a61aa73b43713fee03a9dbd98d27a08b2;hb=3f2a7b01b59902faed5767d81e2959e131bdbdfd;hpb=5fc8c5edf574ab024d4646914b6432d458e2ffbd

diff --git a/httemplate/edit/process/svc_forward.cgi b/httemplate/edit/process/svc_forward.cgi
index bb066d8a6..fffad84d6 100755
--- a/httemplate/edit/process/svc_forward.cgi
+++ b/httemplate/edit/process/svc_forward.cgi
@@ -1,4 +1,13 @@
-<%
+%if ($error) {
+%  $cgi->param('error', $error);
+<% $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string ) %>
+%} else {
+<% $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum") %>
+%}
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
 
 $cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
 my $svcnum =$1;
@@ -19,11 +28,4 @@ if ( $svcnum ) {
   $svcnum = $new->getfield('svcnum');
 } 
 
-if ($error) {
-  $cgi->param('error', $error);
-  print $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string );
-} else {
-  print $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum");
-}
-
-%>
+</%init>