X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=httemplate%2Fmisc%2Fprocess%2Fcancel_pkg.html;h=e17872c066e03fd61eee1883d694e7ac564755e2;hp=805d1a711bbaa6bbab1519c08f1335369ae048d4;hb=2ab068f449eb97a10e18d20e9dab5ab9faa017e7;hpb=9509e5bfb7f9331303153cac24d7bfecbe2ea9f1

diff --git a/httemplate/misc/process/cancel_pkg.html b/httemplate/misc/process/cancel_pkg.html
index 805d1a711..e17872c06 100755
--- a/httemplate/misc/process/cancel_pkg.html
+++ b/httemplate/misc/process/cancel_pkg.html
@@ -12,30 +12,41 @@ my %past = ( 'cancel'  => 'cancelled',
              'adjourn' => 'adjourned',
            );
 
+#i'm sure this is false laziness with somewhere, at least w/misc/cancel_pkg.html
+my %right = ( 'cancel'  => 'Cancel customer package immediately',
+              'expire'  => 'Cancel customer package later',
+              'suspend' => 'Suspend customer package',
+              'adjourn' => 'Suspend customer package later',
+            );
+
 </%once>
 <%init>
 
 #untaint method
 my $method = $cgi->param('method');
-$method =~ /^(cancel|expire|suspend|adjourn)$/ || die "Illegal method";
+$method =~ /^(cancel|expire|suspend|adjourn)$/ or die "Illegal method";
 $method = $1;
 
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right($right{$method});
+
 #untaint pkgnum
 my $pkgnum = $cgi->param('pkgnum');
-$pkgnum =~ /^(\d+)$/ || die "Illegal pkgnum";
+$pkgnum =~ /^(\d+)$/ or die "Illegal pkgnum";
 $pkgnum = $1;
 
 #untaint reasonnum
 my $reasonnum = $cgi->param('reasonnum');
-$reasonnum =~ /^(-?\d+)$/ || die "Illegal reasonnum";
+$reasonnum =~ /^(-?\d+)$/ or die "Illegal reasonnum";
 $reasonnum = $1;
 
 my $date = time;
 if ($method eq 'expire' || $method eq 'adjourn'){
   #untaint date
   $date = $cgi->param('date');
-  str2time($cgi->param('date')) =~ /^(\d+)$/ || die "Illegal date";
+  parse_datetime($cgi->param('date')) =~ /^(\d+)$/ or die "Illegal date";
   $date = $1;
+  $method = ($method eq 'expire') ? 'cancel' : 'suspend';
 }
 
 my $cust_pkg = qsearchs( 'cust_pkg', {'pkgnum'=>$pkgnum} );
@@ -51,15 +62,7 @@ if ($reasonnum == -1) {
   };
 }
 
-my $error;
-if ($method eq 'expire' || $method eq 'adjourn'){
-  my %hash = $cust_pkg->hash;
-  $hash{$method} = $date;
-  my $new = new FS::cust_pkg \%hash;
-  $error = $new->replace($cust_pkg, 'reason' => $reasonnum);
-} else {
-  $error = $cust_pkg->$method( 'reason' => $reasonnum );
-}
+my $error = $cust_pkg->$method( 'reason' => $reasonnum, 'date' => $date );
 
 if ($error) {
   $cgi->param('error', $error);