From: ivan <ivan>
Date: Tue, 30 Jan 2007 20:59:14 +0000 (+0000)
Subject: its all about control
X-Git-Tag: TRIXBOX_2_6~707
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=15777da47bab33e8f0021e6dd9aa6b434fa9be30

its all about control
---

diff --git a/httemplate/browse/access_group.html b/httemplate/browse/access_group.html
index d1c3aea4c..ca162a094 100644
--- a/httemplate/browse/access_group.html
+++ b/httemplate/browse/access_group.html
@@ -1,53 +1,3 @@
-%
-%
-%my $html_init = 
-%  "Internal access groups control access to the back-office interface.<BR><BR>".
-%  qq!<A HREF="${p}edit/access_group.html"><I>Add an internal access group</I></A><BR><BR>!;
-%
-%#false laziness w/access_user.html & agent_type.cgi
-%my $agents_sub = sub {
-%  my $access_group = shift;
-%
-%  [ map {
-%          my $access_groupagent = $_;
-%          my $agent = $access_groupagent->agent;
-%          [
-%            {
-%              'data'  => $agent->agent,
-%              'align' => 'left',
-%              'link'  => $p. 'edit/agent.cgi?'. $agent->agentnum,
-%            },
-%          ];
-%        }
-%    grep { $_->agent } #?
-%    $access_group->access_groupagent,
-%
-%  ];
-%  
-%};
-%
-%my $rights_sub = sub {
-%  my $access_group = shift;
-%
-%  [ map { my $access_right = $_;
-%          [
-%            { 
-%              'data'  => $access_right->rightname,
-%              'align' => 'left',
-%            },
-%          ];
-%        }
-%    $access_group->access_rights,
-%
-%  ];
-%
-%};
-%
-%my $count_query = 'SELECT COUNT(*) FROM access_group';
-%
-%my $link = [ $p.'edit/access_group.html?', 'groupnum' ];
-%
-%
 <% include( 'elements/browse.html',
                  'title'       => 'Internal Access Groups',
                  'menubar'     => [ # 'Main menu' => $p,
@@ -77,3 +27,56 @@
                                   ],
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $html_init = 
+  "Internal access groups control access to the back-office interface.<BR><BR>".
+  qq!<A HREF="${p}edit/access_group.html"><I>Add an internal access group</I></A><BR><BR>!;
+
+#false laziness w/access_user.html & agent_type.cgi
+my $agents_sub = sub {
+  my $access_group = shift;
+
+  [ map {
+          my $access_groupagent = $_;
+          my $agent = $access_groupagent->agent;
+          [
+            {
+              'data'  => $agent->agent,
+              'align' => 'left',
+              'link'  => $p. 'edit/agent.cgi?'. $agent->agentnum,
+            },
+          ];
+        }
+    grep { $_->agent } #?
+    $access_group->access_groupagent,
+
+  ];
+  
+};
+
+my $rights_sub = sub {
+  my $access_group = shift;
+
+  [ map { my $access_right = $_;
+          [
+            { 
+              'data'  => $access_right->rightname,
+              'align' => 'left',
+            },
+          ];
+        }
+    $access_group->access_rights,
+
+  ];
+
+};
+
+my $count_query = 'SELECT COUNT(*) FROM access_group';
+
+my $link = [ $p.'edit/access_group.html?', 'groupnum' ];
+
+</%init>
diff --git a/httemplate/browse/access_user.html b/httemplate/browse/access_user.html
index 05384289a..8eb3e330a 100644
--- a/httemplate/browse/access_user.html
+++ b/httemplate/browse/access_user.html
@@ -1,83 +1,3 @@
-%
-%
-%my $html_init = 
-%  "Internal users have access to the back-office interface.  Typically, this is your employees and contractors, but in a VISP setup, you can also add accounts for your reseller's employees.  It is <B>highly recommended</B> to add a <B>separate account for each person</B> rather than using role accounts.<BR><BR>".
-%  qq!<A HREF="${p}edit/access_user.html"><I>Add an internal user</I></A><BR><BR>!;
-%
-%#false laziness w/part_pkg.cgi
-%my %search = ();
-%my $search = '';
-%unless ( $cgi->param('showdisabled') ) {
-%  %search = ( 'disabled' => '' );
-%  $search = "( disabled = '' OR disabled IS NULL )";
-%}
-%
-%#false laziness w/access_group.html & agent_type.cgi
-%my $groups_sub = sub {
-%  my $access_user = shift;
-%
-%  [ map {
-%          my $access_usergroup = $_;
-%          my $access_group = $access_usergroup->access_group;
-%          [
-%            {
-%              'data'  => $access_group->groupname,
-%              'align' => 'left',
-%              'link'  =>
-%                $p. 'edit/access_group.html?'. $access_usergroup->groupnum,
-%            },
-%          ];
-%        }
-%    grep { $_->access_group # and ! $_->access_group->disabled
-%         }
-%    $access_user->access_usergroup,
-%
-%  ];
-%
-%};
-%
-%my $posttotal;
-%if ( $cgi->param('showdisabled') ) {
-%  $cgi->param('showdisabled', 0);
-%  $posttotal = '( <a href="'. $cgi->self_url. '">hide disabled users</a> )';
-%  $cgi->param('showdisabled', 1);
-%} else {
-%  $cgi->param('showdisabled', 1);
-%  $posttotal = '( <a href="'. $cgi->self_url. '">show disabled users</a> )';
-%  $cgi->param('showdisabled', 0);
-%}
-%
-%my $count_query = 'SELECT COUNT(*) FROM access_user';
-%$count_query .= " WHERE $search"
-%  if $search;
-%
-%my $link = [ $p.'edit/access_user.html?', 'usernum' ];
-%
-%my @header = ( '#', 'Username' );
-%my @fields = ( 'usernum', 'username' );
-%my $align = 'rl';
-%my @links = ( $link, $link );
-%my @style = ( '', '' );
-%
-%#false laziness w/part_pkg.cgi
-%#unless ( $cgi->param('showdisabled') ) { #its been reversed already
-%if ( $cgi->param('showdisabled') ) { #its been reversed already
-%  push @header, 'Status';
-%  push @fields, sub { shift->disabled
-%                        ? '<FONT COLOR="#FF0000">DISABLED</FONT>'
-%                        : '<FONT COLOR="#00CC00">Active</FONT>'
-%                    };
-%  push @links, '';
-%  $align .= 'c';
-%  push @style, 'b';
-%}
-%
-%push @header, 'Full name', 'Groups';
-%push @fields, 'name',      $groups_sub;
-%push @links,  $link,       '';
-%$align .= 'll';
-%
-%
 <% include( 'elements/browse.html',
                  'title'          => 'Internal Users',
                  'menubar'        => [ #'Main menu' => $p,
@@ -97,3 +17,86 @@
                  'style'          => \@style,
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $html_init = 
+  "Internal users have access to the back-office interface.  Typically, this is your employees and contractors, but in a VISP setup, you can also add accounts for your reseller's employees.  It is <B>highly recommended</B> to add a <B>separate account for each person</B> rather than using role accounts.<BR><BR>".
+  qq!<A HREF="${p}edit/access_user.html"><I>Add an internal user</I></A><BR><BR>!;
+
+#false laziness w/part_pkg.cgi
+my %search = ();
+my $search = '';
+unless ( $cgi->param('showdisabled') ) {
+  %search = ( 'disabled' => '' );
+  $search = "( disabled = '' OR disabled IS NULL )";
+}
+
+#false laziness w/access_group.html & agent_type.cgi
+my $groups_sub = sub {
+  my $access_user = shift;
+
+  [ map {
+          my $access_usergroup = $_;
+          my $access_group = $access_usergroup->access_group;
+          [
+            {
+              'data'  => $access_group->groupname,
+              'align' => 'left',
+              'link'  =>
+                $p. 'edit/access_group.html?'. $access_usergroup->groupnum,
+            },
+          ];
+        }
+    grep { $_->access_group # and ! $_->access_group->disabled
+         }
+    $access_user->access_usergroup,
+
+  ];
+
+};
+
+my $posttotal;
+if ( $cgi->param('showdisabled') ) {
+  $cgi->param('showdisabled', 0);
+  $posttotal = '( <a href="'. $cgi->self_url. '">hide disabled users</a> )';
+  $cgi->param('showdisabled', 1);
+} else {
+  $cgi->param('showdisabled', 1);
+  $posttotal = '( <a href="'. $cgi->self_url. '">show disabled users</a> )';
+  $cgi->param('showdisabled', 0);
+}
+
+my $count_query = 'SELECT COUNT(*) FROM access_user';
+$count_query .= " WHERE $search"
+  if $search;
+
+my $link = [ $p.'edit/access_user.html?', 'usernum' ];
+
+my @header = ( '#', 'Username' );
+my @fields = ( 'usernum', 'username' );
+my $align = 'rl';
+my @links = ( $link, $link );
+my @style = ( '', '' );
+
+#false laziness w/part_pkg.cgi
+#unless ( $cgi->param('showdisabled') ) { #its been reversed already
+if ( $cgi->param('showdisabled') ) { #its been reversed already
+  push @header, 'Status';
+  push @fields, sub { shift->disabled
+                        ? '<FONT COLOR="#FF0000">DISABLED</FONT>'
+                        : '<FONT COLOR="#00CC00">Active</FONT>'
+                    };
+  push @links, '';
+  $align .= 'c';
+  push @style, 'b';
+}
+
+push @header, 'Full name', 'Groups';
+push @fields, 'name',      $groups_sub;
+push @links,  $link,       '';
+$align .= 'll';
+
+</%init>
diff --git a/httemplate/browse/addr_block.cgi b/httemplate/browse/addr_block.cgi
index 87f46c0e7..408d57298 100644
--- a/httemplate/browse/addr_block.cgi
+++ b/httemplate/browse/addr_block.cgi
@@ -80,4 +80,7 @@
 </TABLE>
 </BODY>
 </HTML>
-
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>
diff --git a/httemplate/browse/agent.cgi b/httemplate/browse/agent.cgi
index e9969b02a..063f259de 100755
--- a/httemplate/browse/agent.cgi
+++ b/httemplate/browse/agent.cgi
@@ -1,17 +1,3 @@
-%
-%
-%  my %search;
-%  if ( $cgi->param('showdisabled')
-%       || !dbdef->table('agent')->column('disabled') ) {
-%    %search = ();
-%  } else {
-%    %search = ( 'disabled' => '' );
-%  }
-%
-%  my $conf = new FS::Conf;
-%
-%
-
 <% include("/elements/header.html",'Agent Listing', menubar(
   'Main Menu'   => $p,
   'Agent Types' => $p. 'browse/agent_type.cgi',
@@ -370,3 +356,19 @@ Unused
     </TABLE>
   </BODY>
 </HTML>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my %search;
+if ( $cgi->param('showdisabled')
+     || !dbdef->table('agent')->column('disabled') ) {
+  %search = ();
+} else {
+  %search = ( 'disabled' => '' );
+}
+
+my $conf = new FS::Conf;
+
+</%init>
diff --git a/httemplate/browse/agent_type.cgi b/httemplate/browse/agent_type.cgi
index 318d0b6ea..b4e4fcf99 100755
--- a/httemplate/browse/agent_type.cgi
+++ b/httemplate/browse/agent_type.cgi
@@ -1,37 +1,3 @@
-%
-%
-%my $html_init = 
-%  'Agent types define groups of packages that you can then assign to'.
-%  ' particular agents.<BR><BR>'.
-%  qq!<A HREF="${p}edit/agent_type.cgi"><I>Add a new agent type</I></A><BR><BR>!;
-%
-%my $count_query = 'SELECT COUNT(*) FROM agent_type';
-%
-%#false laziness w/access_user.html
-%my $packages_sub = sub {
-%  my $agent_type = shift;
-%
-%  [ map  {
-%           my $type_pkgs = $_;
-%           #my $part_pkg = $type_pkgs->part_pkg;
-%           [
-%             {
-%               #'data'  => $part_pkg->pkg. ' - '. $part_pkg->comment,
-%               'data'  => $type_pkgs->pkg. ' - '. $type_pkgs->comment,
-%               'align' => 'left',
-%               'link'  => $p. 'edit/part_pkg.cgi?'. $type_pkgs->pkgpart,
-%             },
-%           ];
-%         }
-%
-%    $agent_type->type_pkgs_enabled
-%  ];
-%
-%};
-%
-%my $link = [ $p.'edit/agent_type.cgi?', 'typenum' ];
-%
-%
 <% include( 'elements/browse.html',
                  'title'   => 'Agent Types',
                  'menubar'     => [ #'Main menu' => $p,
@@ -58,3 +24,40 @@
                                   ],
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $html_init = 
+'Agent types define groups of packages that you can then assign to'.
+' particular agents.<BR><BR>'.
+qq!<A HREF="${p}edit/agent_type.cgi"><I>Add a new agent type</I></A><BR><BR>!;
+
+my $count_query = 'SELECT COUNT(*) FROM agent_type';
+
+#false laziness w/access_user.html
+my $packages_sub = sub {
+my $agent_type = shift;
+
+[ map  {
+         my $type_pkgs = $_;
+         #my $part_pkg = $type_pkgs->part_pkg;
+         [
+           {
+             #'data'  => $part_pkg->pkg. ' - '. $part_pkg->comment,
+             'data'  => $type_pkgs->pkg. ' - '. $type_pkgs->comment,
+             'align' => 'left',
+             'link'  => $p. 'edit/part_pkg.cgi?'. $type_pkgs->pkgpart,
+           },
+         ];
+       }
+
+  $agent_type->type_pkgs_enabled
+];
+
+};
+
+my $link = [ $p.'edit/agent_type.cgi?', 'typenum' ];
+
+</%init>
diff --git a/httemplate/browse/cust_main_county.cgi b/httemplate/browse/cust_main_county.cgi
index 69a7eb9a0..3bbbb4b47 100755
--- a/httemplate/browse/cust_main_county.cgi
+++ b/httemplate/browse/cust_main_county.cgi
@@ -164,3 +164,7 @@
 </TABLE>
 
 <% include('/elements/footer.html') %>
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>
diff --git a/httemplate/browse/inventory_class.html b/httemplate/browse/inventory_class.html
index 6d9424e14..8ce131ac2 100644
--- a/httemplate/browse/inventory_class.html
+++ b/httemplate/browse/inventory_class.html
@@ -1,27 +1,3 @@
-%
-%
-%tie my %labels, 'Tie::IxHash',
-%  'num_avail' => 'Available', #  <FONT SIZE="-1"><A HREF="eventually">(upload batch)</A></FONT>',
-%  'num_used'  => 'In use', #'Used', #'Allocated',
-%  'num_total' => 'Total',
-%;
-%
-%my %link = (
-%  'num_avail' => ';avail=1',
-%  'num_used'  => ';used=1',
-%  'num_total' => '',
-%);
-%
-%my %inv_action_link = (
-%  'num_avail' => [ 'upload batch',
-%                   $p.'misc/inventory_item-import.html?classnum=',
-%                   'classnum'
-%                 ],
-%);
-%
-%my $link = [ "${p}edit/inventory_class.html?", 'classnum' ];
-%
-%
 <% include( 'elements/browse.html',
                  'title'       => 'Inventory Classes',
                  'name'        => 'inventory classes',
@@ -88,3 +64,30 @@
                                   ],
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+tie my %labels, 'Tie::IxHash',
+  'num_avail' => 'Available', #  <FONT SIZE="-1"><A HREF="eventually">(upload batch)</A></FONT>',
+  'num_used'  => 'In use', #'Used', #'Allocated',
+  'num_total' => 'Total',
+;
+
+my %link = (
+  'num_avail' => ';avail=1',
+  'num_used'  => ';used=1',
+  'num_total' => '',
+);
+
+my %inv_action_link = (
+  'num_avail' => [ 'upload batch',
+                   $p.'misc/inventory_item-import.html?classnum=',
+                   'classnum'
+                 ],
+);
+
+my $link = [ "${p}edit/inventory_class.html?", 'classnum' ];
+
+</%init>
diff --git a/httemplate/browse/msgcat.cgi b/httemplate/browse/msgcat.cgi
index 35ea06957..2c916dc9f 100755
--- a/httemplate/browse/msgcat.cgi
+++ b/httemplate/browse/msgcat.cgi
@@ -1,42 +1,44 @@
 <% include('/elements/header.html', "View Message catalog", menubar(
   'Edit message catalog' => $p. "edit/msgcat.cgi",
 )) %>
-%
-%
-%my $widget = new HTML::Widgets::SelectLayers(
-%  'selected_layer' => 'en_US',
-%  'options'        => { 'en_US'=>'en_US' },
-%  'layer_callback' => sub {
-%    my $layer = shift;
-%    my $html = "<BR>Messages for locale $layer<BR>". table().
-%               "<TR><TH COLSPAN=2>Code</TH>".
-%               "<TH>Message</TH>";
-%    $html .= "<TH>en_US Message</TH>" unless $layer eq 'en_US';
-%    $html .= '</TR>';
-%
-%    #foreach my $msgcat ( sort { $a->msgcode cmp $b->msgcode }
-%    #                       qsearch('msgcat', { 'locale' => $layer } ) ) {
-%    foreach my $msgcat ( qsearch('msgcat', { 'locale' => $layer } ) ) {
-%      $html .= '<TR><TD>'. $msgcat->msgnum. '</TD>'.
-%               '<TD>'. $msgcat->msgcode. '</TD>'.
-%               '<TD>'. $msgcat->msg. '</TD>';
-%      unless ( $layer eq 'en_US' ) {
-%        my $en_msgcat = qsearchs('msgcat', {
-%          'locale'  => 'en_US',
-%          'msgcode' => $msgcat->msgcode,
-%        } );
-%        $html .= '<TD>'. $en_msgcat->msg. '</TD>';
-%      }
-%      $html .= '</TR>';
-%    }
-%
-%    $html .= '</TABLE>';
-%    $html;
-%  },
-%
-%);
-%
-
-
 <%  $widget->html %>
 <% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $widget = new HTML::Widgets::SelectLayers(
+  'selected_layer' => 'en_US',
+  'options'        => { 'en_US'=>'en_US' },
+  'layer_callback' => sub {
+    my $layer = shift;
+    my $html = "<BR>Messages for locale $layer<BR>". table().
+               "<TR><TH COLSPAN=2>Code</TH>".
+               "<TH>Message</TH>";
+    $html .= "<TH>en_US Message</TH>" unless $layer eq 'en_US';
+    $html .= '</TR>';
+
+    #foreach my $msgcat ( sort { $a->msgcode cmp $b->msgcode }
+    #                       qsearch('msgcat', { 'locale' => $layer } ) ) {
+    foreach my $msgcat ( qsearch('msgcat', { 'locale' => $layer } ) ) {
+      $html .= '<TR><TD>'. $msgcat->msgnum. '</TD>'.
+               '<TD>'. $msgcat->msgcode. '</TD>'.
+               '<TD>'. $msgcat->msg. '</TD>';
+      unless ( $layer eq 'en_US' ) {
+        my $en_msgcat = qsearchs('msgcat', {
+          'locale'  => 'en_US',
+          'msgcode' => $msgcat->msgcode,
+        } );
+        $html .= '<TD>'. $en_msgcat->msg. '</TD>';
+      }
+      $html .= '</TR>';
+    }
+
+    $html .= '</TABLE>';
+    $html;
+  },
+
+);
+
+</%init>
diff --git a/httemplate/browse/part_bill_event.cgi b/httemplate/browse/part_bill_event.cgi
index f7c3e03d9..682058b1d 100755
--- a/httemplate/browse/part_bill_event.cgi
+++ b/httemplate/browse/part_bill_event.cgi
@@ -1,16 +1,3 @@
-% 
-%my %search;
-%if ( $cgi->param('showdisabled') ) {
-%  %search = ();
-%} else {
-%  %search = ( 'disabled' => '' );
-%}
-%
-%my @part_bill_event = qsearch('part_bill_event', \%search );
-%my $total = scalar(@part_bill_event);
-%
-
-
 <% include("/elements/header.html",'Invoice Event Listing', menubar( 'Main Menu' => $p) ) %>
 
     Invoice events are actions taken on open invoices.<BR><BR>
@@ -118,3 +105,19 @@
 
 </BODY>
 </HTML>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my %search;
+if ( $cgi->param('showdisabled') ) {
+%search = ();
+} else {
+%search = ( 'disabled' => '' );
+}
+
+my @part_bill_event = qsearch('part_bill_event', \%search );
+my $total = scalar(@part_bill_event);
+
+</%init>
diff --git a/httemplate/browse/part_export.cgi b/httemplate/browse/part_export.cgi
index 0f6731739..7b8ac8c20 100755
--- a/httemplate/browse/part_export.cgi
+++ b/httemplate/browse/part_export.cgi
@@ -1,4 +1,3 @@
-<!-- mason kludge -->
 <% include("/elements/header.html","Export Listing", menubar( 'Main Menu' => "$p#sysadmin" )) %>
 Provisioning services to external machines, databases and APIs.<BR><BR>
 <A HREF="<% $p %>edit/part_export.cgi"><I>Add a new export</I></A><BR><BR>
@@ -39,3 +38,7 @@ function part_export_areyousure(href) {
 </TABLE>
 </BODY>
 </HTML>
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>
diff --git a/httemplate/browse/part_pkg.cgi b/httemplate/browse/part_pkg.cgi
index b572f8ab5..6b62ec67b 100755
--- a/httemplate/browse/part_pkg.cgi
+++ b/httemplate/browse/part_pkg.cgi
@@ -1,242 +1,3 @@
-%
-%
-%#false laziness w/access_user.html
-%my %search = ();
-%my $search = '';
-%unless ( $cgi->param('showdisabled') ) {
-%  %search = ( 'disabled' => '' );
-%  $search = "( disabled = '' OR disabled IS NULL )";
-%}
-%
-%my $select = '*';
-%my $orderby = 'pkgpart';
-%if ( $cgi->param('active') ) {
-%
-%  $orderby = 'num_active DESC';
-%}
-%  $select = "
-%
-%    *,
-%
-%    ( SELECT COUNT(*) FROM cust_pkg WHERE cust_pkg.pkgpart = part_pkg.pkgpart
-%       AND ( cancel IS NULL OR cancel = 0 )
-%       AND ( susp IS NULL OR susp = 0 )
-%    ) AS num_active,
-%
-%    ( SELECT COUNT(*) FROM cust_pkg WHERE cust_pkg.pkgpart = part_pkg.pkgpart
-%        AND ( cancel IS NULL OR cancel = 0 )
-%        AND susp IS NOT NULL AND susp != 0
-%    ) AS num_suspended,
-%
-%    ( SELECT COUNT(*) FROM cust_pkg WHERE cust_pkg.pkgpart = part_pkg.pkgpart
-%        AND cancel IS NOT NULL AND cancel != 0
-%    ) AS num_cancelled
-%
-%  ";
-%
-%#}
-%
-%my $conf = new FS::Conf;
-%my $taxclasses = $conf->exists('enable_taxclasses');
-%
-%my $html_init;
-%#unless ( $cgi->param('active') ) {
-%  $html_init = qq!
-%    One or more service definitions are grouped together into a package 
-%    definition and given pricing information.  Customers purchase packages
-%    rather than purchase services directly.<BR><BR>
-%    <A HREF="${p}edit/part_pkg.cgi"><I>Add a new package definition</I></A>
-%    <BR><BR>
-%  !;
-%#}
-%
-%my $posttotal;
-%if ( $cgi->param('showdisabled') ) {
-%  $cgi->param('showdisabled', 0);
-%  $posttotal = '( <a href="'. $cgi->self_url. '">hide disabled packages</a> )';
-%  $cgi->param('showdisabled', 1);
-%} else {
-%  $cgi->param('showdisabled', 1);
-%  $posttotal = '( <a href="'. $cgi->self_url. '">show disabled packages</a> )';
-%  $cgi->param('showdisabled', 0);
-%}
-%
-%
-%# ------
-%
-%my $link = [ $p.'edit/part_pkg.cgi?', 'pkgpart' ];
-%
-%my @header = ( '#', 'Package', 'Comment' );
-%my @fields = ( 'pkgpart', 'pkg', 'comment' );
-%my $align = 'rll';
-%my @links = ( $link, $link, '' );
-%my @style = ( '', '', '' );
-%
-%#false laziness w/access_user.html
-%#unless ( $cgi->param('showdisabled') ) { #its been reversed already
-%if ( $cgi->param('showdisabled') ) { #its been reversed already
-%  push @header, 'Status';
-%  push @fields, sub { shift->disabled
-%                        ? '<FONT COLOR="#FF0000">DISABLED</FONT>'
-%                        : '<FONT COLOR="#00CC00">Active</FONT>'
-%                    };
-%  push @links, '';
-%  $align .= 'c';
-%  push @style, 'b';
-%}
-%
-%unless ( 0 ) { #already showing only one class or something?
-%  push @header, 'Class';
-%  push @fields, sub { shift->classname || '(none)'; };
-%  $align .= 'l';
-%}
-%
-%#if ( $cgi->param('active') ) {
-%  push @header, 'Customer<BR>packages';
-%  my %col = (
-%    'active'          => '00CC00',
-%    'suspended'       => 'FF9900',
-%    'cancelled'       => 'FF0000',
-%    #'one-time charge' => '000000',
-%    'charge'          => '000000',
-%  );
-%  my $cust_pkg_link = $p. 'search/cust_pkg.cgi?pkgpart=';
-%  push @fields, sub { my $part_pkg = shift;
-%                      [
-%                        map {
-%                              my $magic = $_;
-%                              my $label = $_;
-%                              if ( $magic eq 'active' && $part_pkg->freq == 0 ) {
-%                                $magic = 'inactive';
-%                                #$label = 'one-time charge',
-%                                $label = 'charge',
-%                              }
-%                          
-%                              [
-%                                {
-%                                 'data'  => '<B><FONT COLOR="#'. $col{$label}. '">'.
-%                                            $part_pkg->get("num_$_").
-%                                            '</FONT></B>',
-%                                 'align' => 'right',
-%                                },
-%                                {
-%                                 'data'  => $label.
-%                                              ( $part_pkg->get("num_$_") != 1
-%                                                && $label =~ /charge$/
-%                                                  ? 's'
-%                                                  : ''
-%                                              ),
-%                                 'align' => 'left',
-%                                 'link'  => ( $part_pkg->get("num_$_")
-%                                                ? $cust_pkg_link.
-%                                                  $part_pkg->pkgpart.
-%                                                  ";magic=$magic"
-%                                                : ''
-%                                            ),
-%                                },
-%                              ],
-%                            } (qw( active suspended cancelled ))
-%                      ]; };
-%  $align .= 'r';
-%#}
-%
-%push @header, 'Frequency';
-%push @fields, sub { shift->freq_pretty; };
-%$align .= 'l';
-%
-%if ( $taxclasses ) {
-%  push @header, 'Taxclass';
-%  push @fields, sub { shift->taxclass() || '&nbsp;'; };
-%  $align .= 'l';
-%}
-%
-%push @header, 'Plan',
-%              'Data',
-%              'Services';
-%              #'Service', 'Quan', 'Primary';
-%
-%push @fields, sub { shift->plan || '(legacy)' }, 
-%
-%              sub {
-%                    my $part_pkg = shift;
-%                    if ( $part_pkg->plan ) {
-%
-%                      [ map { 
-%                              /^(\w+)=(.*)$/; #or something;
-%                              [
-%                                { 'data'  => $1,
-%                                  'align' => 'right',
-%                                },
-%                                { 'data'  => $2,
-%                                  'align' => 'left',
-%                                },
-%                              ];
-%                            }
-%                        split(/\n/, $part_pkg->plandata)
-%                      ];
-%
-%                    } else {
-%
-%                      [ map { [
-%                                { 'data'  => uc($_),
-%                                  'align' => 'right',
-%                                },
-%                                {
-%                                  'data'  => $part_pkg->$_(),
-%                                  'align' => 'left',
-%                                },
-%                              ];
-%                            }
-%                        (qw(setup recur))
-%                      ];
-%
-%                    }
-%
-%                  },
-%
-%              sub {
-%                    my $part_pkg = shift;
-%
-%                    [ map  {
-%                             my $pkg_svc = $_;
-%                             my $part_svc = $pkg_svc->part_svc;
-%                             my $svc = $part_svc->svc;
-%                             if ( $pkg_svc->primary_svc =~ /^Y/i ) {
-%                               $svc = "<B>$svc (PRIMARY)</B>";
-%                             }
-%                             $svc =~ s/ +/&nbsp;/g;
-%
-%                             [
-%                               {
-%                                 'data'  => '<B>'. $pkg_svc->quantity. '</B>',
-%                                 'align' => 'right'
-%                               },
-%                               {
-%                                 'data'  => $svc,
-%                                 'align' => 'left',
-%                                 'link'  => $p. 'edit/part_svc.cgi?'.
-%                                            $part_svc->svcpart,
-%                               },
-%                             ];
-%                           }
-%                      sort {     $b->primary_svc =~ /^Y/i
-%                             <=> $a->primary_svc =~ /^Y/i
-%                           }
-%                           $part_pkg->pkg_svc
-%
-%                    ];
-%
-%                  };
-%
-%$align .= 'lrl'; #rr';
-%
-%# --------
-%
-%my $count_query = 'SELECT COUNT(*) FROM part_pkg';
-%$count_query .= " WHERE $search"
-%  if $search;
-%
-%
 <% include( 'elements/browse.html',
                  'title'          => 'Package Definitions',
                  'menubar'        => [ 'Main Menu' => $p ],
@@ -256,3 +17,245 @@
                  'style'          => \@style,
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+#false laziness w/access_user.html
+my %search = ();
+my $search = '';
+unless ( $cgi->param('showdisabled') ) {
+  %search = ( 'disabled' => '' );
+  $search = "( disabled = '' OR disabled IS NULL )";
+}
+
+my $select = '*';
+my $orderby = 'pkgpart';
+if ( $cgi->param('active') ) {
+
+  $orderby = 'num_active DESC';
+}
+  $select = "
+
+    *,
+
+    ( SELECT COUNT(*) FROM cust_pkg WHERE cust_pkg.pkgpart = part_pkg.pkgpart
+       AND ( cancel IS NULL OR cancel = 0 )
+       AND ( susp IS NULL OR susp = 0 )
+    ) AS num_active,
+
+    ( SELECT COUNT(*) FROM cust_pkg WHERE cust_pkg.pkgpart = part_pkg.pkgpart
+        AND ( cancel IS NULL OR cancel = 0 )
+        AND susp IS NOT NULL AND susp != 0
+    ) AS num_suspended,
+
+    ( SELECT COUNT(*) FROM cust_pkg WHERE cust_pkg.pkgpart = part_pkg.pkgpart
+        AND cancel IS NOT NULL AND cancel != 0
+    ) AS num_cancelled
+
+  ";
+
+#}
+
+my $conf = new FS::Conf;
+my $taxclasses = $conf->exists('enable_taxclasses');
+
+my $html_init;
+#unless ( $cgi->param('active') ) {
+  $html_init = qq!
+    One or more service definitions are grouped together into a package 
+    definition and given pricing information.  Customers purchase packages
+    rather than purchase services directly.<BR><BR>
+    <A HREF="${p}edit/part_pkg.cgi"><I>Add a new package definition</I></A>
+    <BR><BR>
+  !;
+#}
+
+my $posttotal;
+if ( $cgi->param('showdisabled') ) {
+  $cgi->param('showdisabled', 0);
+  $posttotal = '( <a href="'. $cgi->self_url. '">hide disabled packages</a> )';
+  $cgi->param('showdisabled', 1);
+} else {
+  $cgi->param('showdisabled', 1);
+  $posttotal = '( <a href="'. $cgi->self_url. '">show disabled packages</a> )';
+  $cgi->param('showdisabled', 0);
+}
+
+
+# ------
+
+my $link = [ $p.'edit/part_pkg.cgi?', 'pkgpart' ];
+
+my @header = ( '#', 'Package', 'Comment' );
+my @fields = ( 'pkgpart', 'pkg', 'comment' );
+my $align = 'rll';
+my @links = ( $link, $link, '' );
+my @style = ( '', '', '' );
+
+#false laziness w/access_user.html
+#unless ( $cgi->param('showdisabled') ) { #its been reversed already
+if ( $cgi->param('showdisabled') ) { #its been reversed already
+  push @header, 'Status';
+  push @fields, sub { shift->disabled
+                        ? '<FONT COLOR="#FF0000">DISABLED</FONT>'
+                        : '<FONT COLOR="#00CC00">Active</FONT>'
+                    };
+  push @links, '';
+  $align .= 'c';
+  push @style, 'b';
+}
+
+unless ( 0 ) { #already showing only one class or something?
+  push @header, 'Class';
+  push @fields, sub { shift->classname || '(none)'; };
+  $align .= 'l';
+}
+
+#if ( $cgi->param('active') ) {
+  push @header, 'Customer<BR>packages';
+  my %col = (
+    'active'          => '00CC00',
+    'suspended'       => 'FF9900',
+    'cancelled'       => 'FF0000',
+    #'one-time charge' => '000000',
+    'charge'          => '000000',
+  );
+  my $cust_pkg_link = $p. 'search/cust_pkg.cgi?pkgpart=';
+  push @fields, sub { my $part_pkg = shift;
+                      [
+                        map {
+                              my $magic = $_;
+                              my $label = $_;
+                              if ( $magic eq 'active' && $part_pkg->freq == 0 ) {
+                                $magic = 'inactive';
+                                #$label = 'one-time charge',
+                                $label = 'charge',
+                              }
+                          
+                              [
+                                {
+                                 'data'  => '<B><FONT COLOR="#'. $col{$label}. '">'.
+                                            $part_pkg->get("num_$_").
+                                            '</FONT></B>',
+                                 'align' => 'right',
+                                },
+                                {
+                                 'data'  => $label.
+                                              ( $part_pkg->get("num_$_") != 1
+                                                && $label =~ /charge$/
+                                                  ? 's'
+                                                  : ''
+                                              ),
+                                 'align' => 'left',
+                                 'link'  => ( $part_pkg->get("num_$_")
+                                                ? $cust_pkg_link.
+                                                  $part_pkg->pkgpart.
+                                                  ";magic=$magic"
+                                                : ''
+                                            ),
+                                },
+                              ],
+                            } (qw( active suspended cancelled ))
+                      ]; };
+  $align .= 'r';
+#}
+
+push @header, 'Frequency';
+push @fields, sub { shift->freq_pretty; };
+$align .= 'l';
+
+if ( $taxclasses ) {
+  push @header, 'Taxclass';
+  push @fields, sub { shift->taxclass() || '&nbsp;'; };
+  $align .= 'l';
+}
+
+push @header, 'Plan',
+              'Data',
+              'Services';
+              #'Service', 'Quan', 'Primary';
+
+push @fields, sub { shift->plan || '(legacy)' }, 
+
+              sub {
+                    my $part_pkg = shift;
+                    if ( $part_pkg->plan ) {
+
+                      [ map { 
+                              /^(\w+)=(.*)$/; #or something;
+                              [
+                                { 'data'  => $1,
+                                  'align' => 'right',
+                                },
+                                { 'data'  => $2,
+                                  'align' => 'left',
+                                },
+                              ];
+                            }
+                        split(/\n/, $part_pkg->plandata)
+                      ];
+
+                    } else {
+
+                      [ map { [
+                                { 'data'  => uc($_),
+                                  'align' => 'right',
+                                },
+                                {
+                                  'data'  => $part_pkg->$_(),
+                                  'align' => 'left',
+                                },
+                              ];
+                            }
+                        (qw(setup recur))
+                      ];
+
+                    }
+
+                  },
+
+              sub {
+                    my $part_pkg = shift;
+
+                    [ map  {
+                             my $pkg_svc = $_;
+                             my $part_svc = $pkg_svc->part_svc;
+                             my $svc = $part_svc->svc;
+                             if ( $pkg_svc->primary_svc =~ /^Y/i ) {
+                               $svc = "<B>$svc (PRIMARY)</B>";
+                             }
+                             $svc =~ s/ +/&nbsp;/g;
+
+                             [
+                               {
+                                 'data'  => '<B>'. $pkg_svc->quantity. '</B>',
+                                 'align' => 'right'
+                               },
+                               {
+                                 'data'  => $svc,
+                                 'align' => 'left',
+                                 'link'  => $p. 'edit/part_svc.cgi?'.
+                                            $part_svc->svcpart,
+                               },
+                             ];
+                           }
+                      sort {     $b->primary_svc =~ /^Y/i
+                             <=> $a->primary_svc =~ /^Y/i
+                           }
+                           $part_pkg->pkg_svc
+
+                    ];
+
+                  };
+
+$align .= 'lrl'; #rr';
+
+# --------
+
+my $count_query = 'SELECT COUNT(*) FROM part_pkg';
+$count_query .= " WHERE $search"
+  if $search;
+
+</%init>
diff --git a/httemplate/browse/part_referral.html b/httemplate/browse/part_referral.html
index 0e61a908e..065d8c1c1 100755
--- a/httemplate/browse/part_referral.html
+++ b/httemplate/browse/part_referral.html
@@ -139,3 +139,9 @@ Where a customer heard about your service. Tracked for informational purposes.
     </TABLE>
   </BODY>
 </HTML>
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration')
+      || $FS::CurrentUser::CurrentUser->access_right('Edit advertising sources')
+      || $FS::CurrentUser::CurrentUser->access_right('Edit global advertising sources');
+</%init>
diff --git a/httemplate/browse/part_svc.cgi b/httemplate/browse/part_svc.cgi
index 6198a1aec..369495571 100755
--- a/httemplate/browse/part_svc.cgi
+++ b/httemplate/browse/part_svc.cgi
@@ -1,43 +1,3 @@
-% 
-%
-%#code duplication w/ edit/part_svc.cgi, should move this hash to part_svc.pm
-%my %flag = (
-%  ''  => '',
-%  'D' => 'Default',
-%  'F' => 'Fixed (unchangeable)',
-%  'S' => 'Selectable choice',
-%  #'M' => 'Manual selection from inventory',
-%  'M' => 'Manual selected from inventory',
-%  #'A' => 'Automatically fill in from inventory',
-%  'A' => 'Automatically filled in from inventory',
-%  'X' => 'Excluded',
-%);
-%
-%my %search;
-%if ( $cgi->param('showdisabled') ) {
-%  %search = ();
-%} else {
-%  %search = ( 'disabled' => '' );
-%}
-%
-%my @part_svc =
-%  sort { $a->getfield('svcpart') <=> $b->getfield('svcpart') }
-%    qsearch('part_svc', \%search );
-%my $total = scalar(@part_svc);
-%
-%my %num_active_cust_svc = map { $_->svcpart => $_->num_cust_svc } @part_svc;
-%
-%if ( $cgi->param('orderby') eq 'active' ) {
-%  @part_svc = sort { $num_active_cust_svc{$b->svcpart} <=>
-%                     $num_active_cust_svc{$a->svcpart}     } @part_svc;
-%} elsif ( $cgi->param('orderby') eq 'svc' ) { 
-%  @part_svc = sort { lc($a->svc) cmp lc($b->svc) } @part_svc;
-%}
-%
-%my %inventory_class = ();
-%
-%
-
 <% include("/elements/header.html",'Service Definition Listing', menubar( 'Main Menu' => $p) ) %>
 
 <SCRIPT>
@@ -208,3 +168,45 @@ function part_export_areyousure(href) {
 </TABLE>
 </BODY>
 </HTML>
+<%init>
+ 
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+#code duplication w/ edit/part_svc.cgi, should move this hash to part_svc.pm
+my %flag = (
+  ''  => '',
+  'D' => 'Default',
+  'F' => 'Fixed (unchangeable)',
+  'S' => 'Selectable choice',
+  #'M' => 'Manual selection from inventory',
+  'M' => 'Manual selected from inventory',
+  #'A' => 'Automatically fill in from inventory',
+  'A' => 'Automatically filled in from inventory',
+  'X' => 'Excluded',
+);
+
+my %search;
+if ( $cgi->param('showdisabled') ) {
+  %search = ();
+} else {
+  %search = ( 'disabled' => '' );
+}
+
+my @part_svc =
+  sort { $a->getfield('svcpart') <=> $b->getfield('svcpart') }
+    qsearch('part_svc', \%search );
+my $total = scalar(@part_svc);
+
+my %num_active_cust_svc = map { $_->svcpart => $_->num_cust_svc } @part_svc;
+
+if ( $cgi->param('orderby') eq 'active' ) {
+  @part_svc = sort { $num_active_cust_svc{$b->svcpart} <=>
+                     $num_active_cust_svc{$a->svcpart}     } @part_svc;
+} elsif ( $cgi->param('orderby') eq 'svc' ) { 
+  @part_svc = sort { lc($a->svc) cmp lc($b->svc) } @part_svc;
+}
+
+my %inventory_class = ();
+
+</%init>
diff --git a/httemplate/browse/part_virtual_field.cgi b/httemplate/browse/part_virtual_field.cgi
index 7dcb58a53..2e12603a0 100644
--- a/httemplate/browse/part_virtual_field.cgi
+++ b/httemplate/browse/part_virtual_field.cgi
@@ -40,4 +40,7 @@
 
 </BODY>
 </HTML>
-
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>
diff --git a/httemplate/browse/payment_gateway.html b/httemplate/browse/payment_gateway.html
index 6c14a1006..720858e9b 100644
--- a/httemplate/browse/payment_gateway.html
+++ b/httemplate/browse/payment_gateway.html
@@ -1,14 +1,3 @@
-%
-%
-%  my %search;
-%  if ( $cgi->param('showdisabled') ) {
-%    %search = ();
-%  } else {
-%    %search = ( 'disabled' => '' );
-%  }
-%
-%
-
 <% include("/elements/header.html",'Payment gateways', menubar(
   'Main Menu' => $p,
   'Agents'    => $p. 'browse/agent.cgi',
@@ -75,4 +64,16 @@
 </TABLE>
 </BODY>
 </HTML>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my %search;
+if ( $cgi->param('showdisabled') ) {
+  %search = ();
+} else {
+  %search = ( 'disabled' => '' );
+}
 
+</%init>
diff --git a/httemplate/browse/pkg_class.html b/httemplate/browse/pkg_class.html
index 68cf49275..886029df5 100644
--- a/httemplate/browse/pkg_class.html
+++ b/httemplate/browse/pkg_class.html
@@ -1,15 +1,3 @@
-%
-%
-%my $html_init = 
-%  'Package classes define groups of packages, for reporting and '.
-%  'convenience purposes.<BR><BR>'.
-%  qq!<A HREF="${p}edit/pkg_class.html"><I>Add a package class</I></A><BR><BR>!;
-%
-%my $count_query = 'SELECT COUNT(*) FROM pkg_class';
-%
-%my $link = [ $p.'edit/pkg_class.html?', 'classnum' ];
-%
-%
 <% include( 'elements/browse.html',
                  'title'       => 'Package classes',
                  'html_init'   => $html_init,
@@ -25,3 +13,18 @@
                  'links'       => [ $link, $link ],
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $html_init = 
+  'Package classes define groups of packages, for reporting and '.
+  'convenience purposes.<BR><BR>'.
+  qq!<A HREF="${p}edit/pkg_class.html"><I>Add a package class</I></A><BR><BR>!;
+
+my $count_query = 'SELECT COUNT(*) FROM pkg_class';
+
+my $link = [ $p.'edit/pkg_class.html?', 'classnum' ];
+
+</%init>
diff --git a/httemplate/browse/rate.cgi b/httemplate/browse/rate.cgi
index 9bdbe2d0c..584891aea 100644
--- a/httemplate/browse/rate.cgi
+++ b/httemplate/browse/rate.cgi
@@ -1,22 +1,3 @@
-%
-%
-%my $html_init = 
-%  'Rate plans, regions and prefixes for VoIP and call billing.<BR><BR>'.
-%  qq!<A HREF="${p}edit/rate.cgi"><I>Add a rate plan</I></A>!.
-%  qq! | <A HREF="${p}edit/rate_region.cgi"><I>Add a region</I></A>!.
-%  '<BR><BR>
-%   <SCRIPT>
-%   function rate_areyousure(href) {
-%    if (confirm("Are you sure you want to delete this rate plan?") == true)
-%      window.location.href = href;
-%   }
-%   </SCRIPT>';
-%
-%my $count_query = 'SELECT COUNT(*) FROM rate';
-%
-%my $link = [ $p.'edit/rate.cgi?', 'ratenum' ];
-%
-%
 <% include( 'elements/browse.html',
                  'title'       => 'Rate plans',
                  'menubar'     => [ 'Main menu' => $p, ],
@@ -32,3 +13,25 @@
                  'links'       => [ $link, $link ],
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $html_init = 
+'Rate plans, regions and prefixes for VoIP and call billing.<BR><BR>'.
+qq!<A HREF="${p}edit/rate.cgi"><I>Add a rate plan</I></A>!.
+qq! | <A HREF="${p}edit/rate_region.cgi"><I>Add a region</I></A>!.
+'<BR><BR>
+ <SCRIPT>
+ function rate_areyousure(href) {
+  if (confirm("Are you sure you want to delete this rate plan?") == true)
+    window.location.href = href;
+ }
+ </SCRIPT>';
+
+my $count_query = 'SELECT COUNT(*) FROM rate';
+
+my $link = [ $p.'edit/rate.cgi?', 'ratenum' ];
+
+</%init>
diff --git a/httemplate/browse/reason.html b/httemplate/browse/reason.html
index e6661423a..b017f8f58 100644
--- a/httemplate/browse/reason.html
+++ b/httemplate/browse/reason.html
@@ -1,37 +1,3 @@
-%
-%$cgi->param('class') =~ /^(\w)$/ or die "illegal class";
-%my $class = $1;
-%
-%my %classmap = ( 'C' => 'cancel',
-%                 'S' => 'suspend',
-%               );
-%
-%my $classname = $classmap{$class};
-%
-%my $html_init = ucfirst($classname) .
-%  " reasons explain why we $classname a package.<BR><BR>".
-%  qq!<A HREF="${p}edit/reason.html?class=$class">!.
-%  "<I>Add a $classname reason</I></A><BR><BR>";
-%
-%my $where_clause = "WHERE class='$class'";
-%$where_clause .= " AND (disabled = '' OR disabled IS NULL)"
-%  unless $cgi->param('showdisabled');
-
-%my $disabledurl = $cgi->param('showdisabled')
-%     ? do { $cgi->param('showdisabled', 0);
-%           '( <a href="'. $cgi->self_url. '">hide disabled reasons</a> )'; }
-%     : do { $cgi->param('showdisabled', 1);
-%           '( <a href="'. $cgi->self_url. '">show disabled reasons</a> )'; }
-%     ;
-%
-%$html_init .= $disabledurl;
-%
-%my $count_query = 'SELECT COUNT(*) FROM reason LEFT JOIN reason_type on ' .
-%                  'reason_type.typenum = reason.reason_type ' . $where_clause;
-%
-%my $link = [ $p."edit/reason.html?class=$class&reasonnum=", 'reasonnum' ];
-%
-%
 <% include( 'elements/browse.html',
                  'title'       => ucfirst($classname) . ' Reasons',
                  'menubar'     => [ # 'Main menu' => $p,
@@ -62,3 +28,41 @@
                                   ],
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('class') =~ /^(\w)$/ or die "illegal class";
+my $class = $1;
+
+my %classmap = ( 'C' => 'cancel',
+               'S' => 'suspend',
+             );
+
+my $classname = $classmap{$class};
+
+my $html_init = ucfirst($classname) .
+" reasons explain why we $classname a package.<BR><BR>".
+qq!<A HREF="${p}edit/reason.html?class=$class">!.
+"<I>Add a $classname reason</I></A><BR><BR>";
+
+my $where_clause = "WHERE class='$class'";
+$where_clause .= " AND (disabled = '' OR disabled IS NULL)"
+unless $cgi->param('showdisabled');
+
+my $disabledurl = $cgi->param('showdisabled')
+   ? do { $cgi->param('showdisabled', 0);
+         '( <a href="'. $cgi->self_url. '">hide disabled reasons</a> )'; }
+   : do { $cgi->param('showdisabled', 1);
+         '( <a href="'. $cgi->self_url. '">show disabled reasons</a> )'; }
+   ;
+
+$html_init .= $disabledurl;
+
+my $count_query = 'SELECT COUNT(*) FROM reason LEFT JOIN reason_type on ' .
+                'reason_type.typenum = reason.reason_type ' . $where_clause;
+
+my $link = [ $p."edit/reason.html?class=$class&reasonnum=", 'reasonnum' ];
+
+</%init>
diff --git a/httemplate/browse/reason_type.html b/httemplate/browse/reason_type.html
index a8ccbdc85..09f451c9f 100644
--- a/httemplate/browse/reason_type.html
+++ b/httemplate/browse/reason_type.html
@@ -1,44 +1,3 @@
-%
-%$cgi->param('class') =~ /^(\w)$/ or die "illegal class";
-%my $class=$1;
-%
-%my %classmap = ( 'C' => 'cancel',
-%                 'S' => 'suspend',
-%                );
-%
-%my $classname = $classmap{$class};
-%
-%my $html_init = ucfirst($classname) .
-%  " reason types allow groups of $classname reasons for reporting purposes." .
-%  qq!<BR><BR><A HREF="${p}edit/reason_type.html?class=$class"><I>Add a ! .
-%  $classname . " reason type</I></A><BR><BR>";
-%
-%my $reasons_sub = sub {
-%  my $reason_type = shift;
-%
-%  [ map {
-%          [
-%            {
-%              'data'  => $_->reason,
-%              'align' => 'left',
-%              'link'  => $p. "edit/reason.html?class=$class&reasonnum=".
-%                             $_->reasonnum,
-%            },
-%          ];
-%        }
-%    $reason_type->enabled_reasons,
-%
-%  ];
-%  
-%};
-%
-%my $where_clause = "WHERE class='$class'";
-%my $count_query = 'SELECT COUNT(*) FROM reason_type ';
-%$count_query .= $where_clause;
-%
-%my $link = [ $p.'edit/reason_type.html?class='.$class.'&typenum=', 'typenum' ];
-%
-%
 <% include( 'elements/browse.html',
                  'title'       => ucfirst($classname) . " Reason Types",
                  'menubar'     => [ ucfirst($classname) . " reasons" =>
@@ -66,3 +25,48 @@
                                   ],
              )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('class') =~ /^(\w)$/ or die "illegal class";
+my $class=$1;
+
+my %classmap = ( 'C' => 'cancel',
+                 'S' => 'suspend',
+                );
+
+my $classname = $classmap{$class};
+
+my $html_init = ucfirst($classname) .
+  " reason types allow groups of $classname reasons for reporting purposes." .
+  qq!<BR><BR><A HREF="${p}edit/reason_type.html?class=$class"><I>Add a ! .
+  $classname . " reason type</I></A><BR><BR>";
+
+my $reasons_sub = sub {
+  my $reason_type = shift;
+
+  [ map {
+          [
+            {
+              'data'  => $_->reason,
+              'align' => 'left',
+              'link'  => $p. "edit/reason.html?class=$class&reasonnum=".
+                             $_->reasonnum,
+            },
+          ];
+        }
+    $reason_type->enabled_reasons,
+
+  ];
+  
+};
+
+my $where_clause = "WHERE class='$class'";
+my $count_query = 'SELECT COUNT(*) FROM reason_type ';
+$count_query .= $where_clause;
+
+my $link = [ $p.'edit/reason_type.html?class='.$class.'&typenum=', 'typenum' ];
+
+</%init>
diff --git a/httemplate/browse/router.cgi b/httemplate/browse/router.cgi
index 7309388c6..6dcd93a71 100644
--- a/httemplate/browse/router.cgi
+++ b/httemplate/browse/router.cgi
@@ -58,4 +58,7 @@
 </TABLE>
 </BODY>
 </HTML>
-
+<%init>
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+</%init>
diff --git a/httemplate/browse/svc_acct_pop.cgi b/httemplate/browse/svc_acct_pop.cgi
index 949bfa790..306d02afb 100755
--- a/httemplate/browse/svc_acct_pop.cgi
+++ b/httemplate/browse/svc_acct_pop.cgi
@@ -1,10 +1,3 @@
-<!-- mason kludge -->
-%
-%  my $accounts_sth = dbh->prepare("SELECT COUNT(*) FROM svc_acct
-%                                     WHERE popnum = ?           ")
-%    or die dbh->errstr;
-%
-
 <% include("/elements/header.html",'Access Number Listing', menubar( 'Main Menu' => $p )) %>
 Points of Presence<BR><BR>
 <A HREF="<% $p %>edit/svc_acct_pop.cgi"><I>Add new Access Number</I></A><BR><BR>
@@ -68,4 +61,13 @@ Points of Presence<BR><BR>
     </TABLE>
   </BODY>
 </HTML>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $accounts_sth = dbh->prepare("SELECT COUNT(*) FROM svc_acct
+                                   WHERE popnum = ?           ")
+  or die dbh->errstr;
 
+</%init>
diff --git a/httemplate/edit/msgcat.cgi b/httemplate/edit/msgcat.cgi
index 54a340d83..b46cdfd46 100755
--- a/httemplate/edit/msgcat.cgi
+++ b/httemplate/edit/msgcat.cgi
@@ -1,59 +1,57 @@
-<!-- mason kludge -->
-%
-%
-%print header("Edit Message catalog", menubar(
-%#  'Main Menu' => $p,
-%)), '<BR>';
-%
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !. $cgi->param('error').
-%      '</FONT><BR><BR>'
-%  if $cgi->param('error');
-%
-%my $widget = new HTML::Widgets::SelectLayers(
-%  'selected_layer' => 'en_US',
-%  'options'        => { 'en_US'=>'en_US' },
-%  'form_action'    => 'process/msgcat.cgi',
-%  'layer_callback' => sub {
-%    my $layer = shift;
-%    my $html = qq!<INPUT TYPE="hidden" NAME="locale" VALUE="$layer">!.
-%               "<BR>Messages for locale $layer<BR>". table().
-%               "<TR><TH COLSPAN=2>Code</TH>".
-%               "<TH>Message</TH>";
-%    $html .= "<TH>en_US Message</TH>" unless $layer eq 'en_US';
-%    $html .= '</TR>';
-%
-%    #foreach my $msgcat ( sort { $a->msgcode cmp $b->msgcode }
-%    #                       qsearch('msgcat', { 'locale' => $layer } ) ) {
-%    foreach my $msgcat ( qsearch('msgcat', { 'locale' => $layer } ) ) {
-%      $html .=
-%        '<TR><TD>'. $msgcat->msgnum. '</TD><TD>'. $msgcat->msgcode. '</TD>'.
-%        '<TD><INPUT TYPE="text" SIZE=32 '.
-%        qq! NAME="!. $msgcat->msgnum. '" '.
-%        qq!VALUE="!. ($cgi->param($msgcat->msgnum)||$msgcat->msg). qq!"></TD>!;
-%      unless ( $layer eq 'en_US' ) {
-%        my $en_msgcat = qsearchs('msgcat', {
-%          'locale'  => 'en_US',
-%          'msgcode' => $msgcat->msgcode,
-%        } );
-%        $html .= '<TD>'. $en_msgcat->msg. '</TD>';
-%      }
-%      $html .= '</TR>';
-%    }
-%
-%    $html .= '</TABLE><BR><INPUT TYPE="submit" VALUE="Apply changes">';
-%
-%    $html;
-%  },
-%
-%);
-%
-%print $widget->html;
-%
-%print <<END;
-%    </TABLE>
-%  </BODY>
-%</HTML>
-%END
-%
-%
+<% header("Edit Message catalog" ) %>
+<BR>
 
+% if ( $cgi->param('error') ) {
+  <FONT SIZE="+1" COLOR="#ff0000">Error: <% $cgi->param('error') %></FONT>
+  <BR><BR>
+% }
+
+<% $widget->html %>
+
+    </TABLE>
+  </BODY>
+</HTML>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $widget = new HTML::Widgets::SelectLayers(
+  'selected_layer' => 'en_US',
+  'options'        => { 'en_US'=>'en_US' },
+  'form_action'    => 'process/msgcat.cgi',
+  'layer_callback' => sub {
+    my $layer = shift;
+    my $html = qq!<INPUT TYPE="hidden" NAME="locale" VALUE="$layer">!.
+               "<BR>Messages for locale $layer<BR>". table().
+               "<TR><TH COLSPAN=2>Code</TH>".
+               "<TH>Message</TH>";
+    $html .= "<TH>en_US Message</TH>" unless $layer eq 'en_US';
+    $html .= '</TR>';
+
+    #foreach my $msgcat ( sort { $a->msgcode cmp $b->msgcode }
+    #                       qsearch('msgcat', { 'locale' => $layer } ) ) {
+    foreach my $msgcat ( qsearch('msgcat', { 'locale' => $layer } ) ) {
+      $html .=
+        '<TR><TD>'. $msgcat->msgnum. '</TD><TD>'. $msgcat->msgcode. '</TD>'.
+        '<TD><INPUT TYPE="text" SIZE=32 '.
+        qq! NAME="!. $msgcat->msgnum. '" '.
+        qq!VALUE="!. ($cgi->param($msgcat->msgnum)||$msgcat->msg). qq!"></TD>!;
+      unless ( $layer eq 'en_US' ) {
+        my $en_msgcat = qsearchs('msgcat', {
+          'locale'  => 'en_US',
+          'msgcode' => $msgcat->msgcode,
+        } );
+        $html .= '<TD>'. $en_msgcat->msg. '</TD>';
+      }
+      $html .= '</TR>';
+    }
+
+    $html .= '</TABLE><BR><INPUT TYPE="submit" VALUE="Apply changes">';
+
+    $html;
+  },
+
+);
+
+</%init>
diff --git a/httemplate/search/prepay_credit.html b/httemplate/search/prepay_credit.html
index c79acb005..ab6490d33 100644
--- a/httemplate/search/prepay_credit.html
+++ b/httemplate/search/prepay_credit.html
@@ -1,14 +1,3 @@
-%
-%my $agent = '';
-%my $hashref = {};
-%if ( $cgi->param('agentnum') =~ /^(\d+)$/ ) {
-%  $hashref->{agentnum} = $1;
-%  $agent = qsearchs('agent', { 'agentnum' => $1 } );
-%}
-%
-%my $count_query = 'SELECT COUNT(*) FROM prepay_credit';
-%$count_query .= ' WHERE agentnum = '. $agent->agentnum if $agent;
-%
 <% include( 'elements/search.html',
                  'title'       => 'Unused Prepaid Cards'.
                                   ($agent ? ' for '. $agent->agent : ''),
@@ -61,3 +50,19 @@
                  ],
       )
 %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $agent = '';
+my $hashref = {};
+if ( $cgi->param('agentnum') =~ /^(\d+)$/ ) {
+$hashref->{agentnum} = $1;
+$agent = qsearchs('agent', { 'agentnum' => $1 } );
+}
+
+my $count_query = 'SELECT COUNT(*) FROM prepay_credit';
+$count_query .= ' WHERE agentnum = '. $agent->agentnum if $agent;
+
+</%init>