# customer payment rights
###
'Customer payment rights' => [
+ 'View payments',
{ rightname=>'Post payment', desc=>'Make check or cash payments.' },
'Post check payment',
'Post cash payment',
'Apply credit', #NEWNEW
{ rightname=>'Unapply credit', desc=>'Enable "unapplication" of unclosed credits.' }, #aka unapplycredits
{ rightname=>'Delete credit', desc=>'Enable deletion of unclosed credits. Be very careful! Only delete credits that were data-entry errors, not adjustments.' }, #aka. deletecredits Optionally specify one or more comma-separated email addresses to be notified when a credit is deleted.
+ 'View refunds',
{ rightname=>'Post refund', desc=>'Enable posting of check and cash refunds.' },
'Post check refund',
'Post cash refund',
<% include('/elements/footer.html') %>
-% } else {
+% #2.5/2.7?# } elsif ( $curuser->access_right('View payments') ) {
+% } elsif ( $curuser->access_right(['View invoices', 'View payments']) ) {
<% $cgi->redirect(popurl(3). "view/cust_pay.html?paynum=$paynum" ) %>
+% } else {
+<% $cgi->redirect(popurl(3). "view/cust_main.html?custnum=$custnum" ) %>
% }
<%init>
-die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('Process payment');
+my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" unless $curuser->access_right('Process payment');
#some false laziness w/MyAccount::process_payment
$title .= "\u$name_singular Search Results";
my $link = '';
-if ( ( $curuser->access_right('View invoices') #XXX for now
- || $curuser->access_right('View customer payments')
+if ( ( $curuser->access_right('View invoices') #remove in 2.5 (2.7?)
+ || ($curuser->access_right('View payments') && $table =~ /^cust_pay/)
+ || ($curuser->access_right('View refunds') && $table eq 'cust_refund')
)
&& ! $opt{'disable_link'}
)
my $curuser = $FS::CurrentUser::CurrentUser;
die "access denied"
- unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY
- || $curuser->access_right('View customer payments');
+ unless $curuser->access_right('View invoices') #remove this in 2.5 (2.7?)
+ || $curuser->access_right('View payments');
$cgi->param('paynum') =~ /^(\d+)$/ or die "no paynum";
my $paynum = $1;
my $curuser = $FS::CurrentUser::CurrentUser;
die "access denied"
- unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY
- || $curuser->access_right('View customer payments');
- #'View customer refunds' ???
-
+ unless $curuser->access_right('View invoices') #remove this in 2.5 (2.7?)
+ || $curuser->access_right('View refunds');
$cgi->param('refundnum') =~ /^(\d+)$/ or die "no refundnum";
my $refundnum = $1;