RT# 74537 - added checks in MyAccount.pm for config option ach read only

diff --git a/FS/FS/ClientAPI/MyAccount.pm b/FS/FS/ClientAPI/MyAccount.pm
index 49e61ab..2b4d52d 100644 (file)
--- a/FS/FS/ClientAPI/MyAccount.pm
+++ b/FS/FS/ClientAPI/MyAccount.pm
@@ -742,6 +742,11 @@ sub edit_info {
   my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
     or return { 'error' => "unknown custnum $custnum" };
 
   my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
     or return { 'error' => "unknown custnum $custnum" };
 

+  my $conf = new FS::Conf;
+  if (($p->{payby} eq "CHEK" || $p->{payby} eq "DCHEK") && $conf->exists('selfservice-ACH_info_readonly')) {
+    return { 'error' => "You do not have authority to add a bank account" };
+  }
+

   my $new = new FS::cust_main { $cust_main->hash };
 
   $new->set( $_ => $p->{$_} )
   my $new = new FS::cust_main { $cust_main->hash };
 
   $new->set( $_ => $p->{$_} )


@@ -769,8 +774,6 @@ sub edit_info {
   # but if it hasn't been passed in at all, leave ship_location alone--
   # DON'T change it to match bill_location.
 
   # but if it hasn't been passed in at all, leave ship_location alone--
   # DON'T change it to match bill_location.
 

-  my $conf = new FS::Conf;
-

   my @invoicing_list;
   if ( exists $p->{'invoicing_list'} || exists $p->{'postal_invoicing'} ) {
     #false laziness with httemplate/edit/process/cust_main.cgi
   my @invoicing_list;
   if ( exists $p->{'invoicing_list'} || exists $p->{'postal_invoicing'} ) {
     #false laziness with httemplate/edit/process/cust_main.cgi


@@ -987,12 +990,18 @@ sub validate_payment {
     my $payinfo2 = $1;
     $payinfo = $payinfo1. '@'. $payinfo2;
 
     my $payinfo2 = $1;
     $payinfo = $payinfo1. '@'. $payinfo2;
 

+    my $achonfile = 0;

     foreach my $cust_payby ($cust_main->cust_payby('CHEK','DCHK')) {
       if ( $cust_payby->paymask eq $payinfo ) {
         $payinfo = $cust_payby->payinfo;
     foreach my $cust_payby ($cust_main->cust_payby('CHEK','DCHK')) {
       if ( $cust_payby->paymask eq $payinfo ) {
         $payinfo = $cust_payby->payinfo;

+        $achonfile = 1;

         last;
       }
     }
         last;
       }
     }

+
+    if ($conf->exists('selfservice-ACH_info_readonly') && !$achonfile) {
+      return { 'error' => "You are not allowed to change your payment information." };
+    }

    
   } elsif ( $payby eq 'CARD' || $payby eq 'DCRD' ) {
    
    
   } elsif ( $payby eq 'CARD' || $payby eq 'DCRD' ) {
    

diff --git a/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html b/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html
index 37fd464..1183b2b 100644 (file)
--- a/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html
+++ b/fs_selfservice/FS-SelfService/cgi/make_ach_payment.html
@@ -31,7 +31,7 @@ EOF
 <%=
   $OUT = '';
   if ($ach_read_only) {
 <%=
   $OUT = '';
   if ($ach_read_only) {

-    if ($payby == 'CHEK') {
+    if ($payby eq 'CHEK') {

       $OUT .= '<TR><TD COLSPAN=2><INPUT TYPE="hidden" NAME="auto" VALUE="1"></TD></TR>';
     }
   } else {
       $OUT .= '<TR><TD COLSPAN=2><INPUT TYPE="hidden" NAME="auto" VALUE="1"></TD></TR>';
     }
   } else {