projects
/
freeside.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
3fa2bc3
)
Add access right to view attachments
author
mark
<mark>
Mon, 14 Dec 2009 01:41:29 +0000
(
01:41
+0000)
committer
mark
<mark>
Mon, 14 Dec 2009 01:41:29 +0000
(
01:41
+0000)
FS/FS/AccessRight.pm
patch
|
blob
|
history
httemplate/browse/cust_attachment.html
patch
|
blob
|
history
httemplate/edit/cust_main_attach.cgi
patch
|
blob
|
history
httemplate/elements/menu.html
patch
|
blob
|
history
httemplate/view/cust_main.cgi
patch
|
blob
|
history
httemplate/view/cust_main/attachments.html
patch
|
blob
|
history
diff --git
a/FS/FS/AccessRight.pm
b/FS/FS/AccessRight.pm
index
a54d270
..
44235b1
100644
(file)
--- a/
FS/FS/AccessRight.pm
+++ b/
FS/FS/AccessRight.pm
@@
-206,6
+206,7
@@
tie my %rights, 'Tie::IxHash',
'Customer note and attachment rights' => [
'Add customer note', #NEW
'Edit customer note', #NEW
'Customer note and attachment rights' => [
'Add customer note', #NEW
'Edit customer note', #NEW
+ 'View attachments',
'Download attachment', #NEW
'Add attachment', #NEW
'Edit attachment', #NEW
'Download attachment', #NEW
'Add attachment', #NEW
'Edit attachment', #NEW
diff --git
a/httemplate/browse/cust_attachment.html
b/httemplate/browse/cust_attachment.html
index
0fdc745
..
d95f2b1
100755
(executable)
--- a/
httemplate/browse/cust_attachment.html
+++ b/
httemplate/browse/cust_attachment.html
@@
-62,6
+62,7
@@
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" if !$curuser->access-right('View attachments');
my $conf = new FS::Conf;
my $conf = new FS::Conf;
diff --git
a/httemplate/edit/cust_main_attach.cgi
b/httemplate/edit/cust_main_attach.cgi
index
5e9b16c
..
a007310
100755
(executable)
--- a/
httemplate/edit/cust_main_attach.cgi
+++ b/
httemplate/edit/cust_main_attach.cgi
@@
-44,6
+44,7
@@
onclick="return(confirm('Delete this file?'));">
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" if !$curuser->access_right('View attachments');
my $attachnum = '';
my $attach;
if ( $cgi->param('error') ) {
my $attachnum = '';
my $attach;
if ( $cgi->param('error') ) {
diff --git
a/httemplate/elements/menu.html
b/httemplate/elements/menu.html
index
b039e78
..
caf2274
100644
(file)
--- a/
httemplate/elements/menu.html
+++ b/
httemplate/elements/menu.html
@@
-323,7
+323,7
@@
$tools_menu{'Ticketing'} = [ \%tools_ticketing, 'Ticketing tools' ]
$tools_menu{'Time Queue'} = [ $fsurl.'search/report_timeworked.html', 'View pending support time' ]
if $curuser->access_right('Time queue');
$tools_menu{'Attachments'} = [ $fsurl.'browse/cust_attachment.html', 'View customer attachments' ]
$tools_menu{'Time Queue'} = [ $fsurl.'search/report_timeworked.html', 'View pending support time' ]
if $curuser->access_right('Time queue');
$tools_menu{'Attachments'} = [ $fsurl.'browse/cust_attachment.html', 'View customer attachments' ]
- if !$conf->config('disable_cust_attachment');
+ if !$conf->config('disable_cust_attachment')
and $curuser->access_right('View attachments')
;
$tools_menu{'Importing'} = [ \%tools_importing, 'Import tools' ]
if $curuser->access_right('Import');
$tools_menu{'Exporting'} = [ \%tools_exporting, 'Export tools' ]
$tools_menu{'Importing'} = [ \%tools_importing, 'Import tools' ]
if $curuser->access_right('Import');
$tools_menu{'Exporting'} = [ \%tools_exporting, 'Export tools' ]
diff --git
a/httemplate/view/cust_main.cgi
b/httemplate/view/cust_main.cgi
index
08d99d8
..
76f5a51
100755
(executable)
--- a/
httemplate/view/cust_main.cgi
+++ b/
httemplate/view/cust_main.cgi
@@
-153,16
+153,18
@@
Comments
)
%>
% }
)
%>
% }
+% if( $curuser->access_right('View attachments') ) {
<% include('cust_main/attachments.html', 'custnum' => $cust_main->custnum ) %>
<% include('cust_main/attachments.html', 'custnum' => $cust_main->custnum ) %>
-%
if
($cgi->param('show_deleted')) {
+%
if
($cgi->param('show_deleted')) {
<A HREF="<% $p.'view/cust_main.cgi?custnum=' . $cust_main->custnum .
($view ? ";show=$view" : '') . '#notes'
%>"><I>(Show active attachments)</I></A>
<A HREF="<% $p.'view/cust_main.cgi?custnum=' . $cust_main->custnum .
($view ? ";show=$view" : '') . '#notes'
%>"><I>(Show active attachments)</I></A>
-% }
+%
}
% elsif($curuser->access_right('View deleted attachments')) {
<A HREF="<% $p.'view/cust_main.cgi?custnum=' . $cust_main->custnum .
($view ? ";show=$view" : '') . ';show_deleted=1#notes'
%>"><I>(Show deleted attachments)</I></A>
% elsif($curuser->access_right('View deleted attachments')) {
<A HREF="<% $p.'view/cust_main.cgi?custnum=' . $cust_main->custnum .
($view ? ";show=$view" : '') . ';show_deleted=1#notes'
%>"><I>(Show deleted attachments)</I></A>
+% }
% }
<BR>
% }
<BR>
diff --git
a/httemplate/view/cust_main/attachments.html
b/httemplate/view/cust_main/attachments.html
index
dbb29a7
..
b16a81e
100755
(executable)
--- a/
httemplate/view/cust_main/attachments.html
+++ b/
httemplate/view/cust_main/attachments.html
@@
-109,7
+109,7
@@
my $conf = new FS::Conf;
my $curuser = $FS::CurrentUser::CurrentUser;
my $conf = new FS::Conf;
my $curuser = $FS::CurrentUser::CurrentUser;
-
+die "access denied" if !$curuser->access_right('View attachments');
my(%opt) = @_;
my $custnum = $opt{'custnum'};
my(%opt) = @_;
my $custnum = $opt{'custnum'};