From: ivan Date: Wed, 3 Nov 2010 23:44:48 +0000 (+0000) Subject: more granular ACLs for posting check vs. cash payments, processing credit card vs... X-Git-Tag: TORRUS_1_0_9~151 X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=f099e0dfa8f438a84d8f1bce36f5e5bda60481e5 more granular ACLs for posting check vs. cash payments, processing credit card vs echecks, RT#7887 --- diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm index 6c06ec2f3..e7d77b57b 100644 --- a/FS/FS/AccessRight.pm +++ b/FS/FS/AccessRight.pm @@ -183,15 +183,16 @@ tie my %rights, 'Tie::IxHash', # customer payment rights ### 'Customer payment rights' => [ - 'Post payment', + { rightname=>'Post payment', desc=>'Make check or cash payments.' }, + 'Post check payment', + 'Post cash payment', 'Post payment batch', 'Apply payment', #NEWNEW { rightname=>'Unapply payment', desc=>'Enable "unapplication" of unclosed payments from specific invoices.' }, #aka. unapplypayments - 'Process payment', - { rightname=>'Refund payment', desc=>'Enable refund of existing customer payments.' }, - + { rightname=>'Process payment', desc=>'Process credit card or e-check payments' }, + 'Process credit card payment', + 'Process Echeck payment', { rightname=>'Delete payment', desc=>'Enable deletion of unclosed payments. Be very careful! Only delete payments that were data-entry errors, not adjustments.' }, #aka. deletepayments Optionally specify one or more comma-separated email addresses to be notified when a payment is deleted. - ], ### @@ -203,7 +204,12 @@ tie my %rights, 'Tie::IxHash', { rightname=>'Unapply credit', desc=>'Enable "unapplication" of unclosed credits.' }, #aka unapplycredits { rightname=>'Delete credit', desc=>'Enable deletion of unclosed credits. Be very careful! Only delete credits that were data-entry errors, not adjustments.' }, #aka. deletecredits Optionally specify one or more comma-separated email addresses to be notified when a credit is deleted. { rightname=>'Post refund', desc=>'Enable posting of check and cash refunds.' }, + 'Post check refund', + 'Post cash refund', # { rightname=>'Process refund', desc=>'Enable processing of generic credit card/ACH refunds (i.e. not associated with a specific prior payment).' }, + { rightname=>'Refund payment', desc=>'Enable refund of existing customer credit card or e-check payments.' }, + 'Refund credit card payment', + 'Refund Echeck payment', 'Delete refund', #NEW 'Add on-the-fly credit reason', #NEW ], @@ -348,6 +354,7 @@ sub default_superuser_rights { 'Raw SQL', 'Configuration download', 'View customers of all agents', + 'View/link unlinked services', ); no warnings 'uninitialized'; diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm index bc6dd5d84..ef8cc6cd8 100644 --- a/FS/FS/access_right.pm +++ b/FS/FS/access_right.pm @@ -145,6 +145,41 @@ sub _upgrade_data { # class method if $error; } + my %migrate = ( + 'Post payment' => [ 'Post check payment', 'Post cash payment' ], + 'Process payment' => [ 'Process credit card payment', 'Process Echeck payment' ], + 'Post refund' => [ 'Post check refund', 'Post cash refund' ], + 'Refund payment' => [ 'Refund credit card payment', 'Refund Echeck payment' ], + ); + + foreach my $oldright (keys %migrate) { + my @old = qsearch('access_right', { 'righttype'=>'FS::access_group', + 'rightname'=>$oldright, + } + ); + + foreach my $old ( @old ) { + + foreach my $newright ( @{ $migrate{$oldright} } ) { + my %hash = ( + 'righttype' => 'FS::access_group', + 'rightobjnum' => $old->rightobjnum, + 'rightname' => $newright, + ); + next if qsearchs('access_right', \%hash); + my $access_right = new FS::access_right \%hash; + my $error = $access_right->insert; + die $error if $error; + } + + #after the WEST stuff is sorted, etc. + #my $error = $old->delete; + #die $error if $error; + + } + + } + ''; } diff --git a/httemplate/edit/cust_pay.cgi b/httemplate/edit/cust_pay.cgi index 7c4e6620e..8e1c779dd 100755 --- a/httemplate/edit/cust_pay.cgi +++ b/httemplate/edit/cust_pay.cgi @@ -109,9 +109,6 @@ my $conf = new FS::Conf; my $money_char = $conf->config('money_char') || '$'; my $date_format = $conf->config('date_format') || '%m/%d/%Y'; -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); - my($link, $linknum, $paid, $payby, $payinfo, $_date); if ( $cgi->param('error') ) { $link = $cgi->param('link'); @@ -138,6 +135,13 @@ if ( $cgi->param('error') ) { die "illegal query ". $cgi->keywords; } +my @rights = ('Post payment'); +push @rights, 'Post check payment' if $payby eq 'BILL'; +push @rights, 'Post cash payment' if $payby eq 'CASH'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my $paybatch = "webui-$_date-$$-". rand() * 2**32; my $title = 'Post '. FS::payby->payname($payby). ' payment'; diff --git a/httemplate/edit/cust_refund.cgi b/httemplate/edit/cust_refund.cgi index 59417b4c4..612e337f7 100755 --- a/httemplate/edit/cust_refund.cgi +++ b/httemplate/edit/cust_refund.cgi @@ -130,9 +130,6 @@ <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Refund payment'); - my $conf = new FS::Conf; my $date_format = $conf->config('date_format') || '%m/%d/%Y'; @@ -143,6 +140,17 @@ my $payinfo = $cgi->param('payinfo'); my $reason = $cgi->param('reason'); my $link = $cgi->param('popup') ? 'popup' : ''; +my @rights = (); +push @rights, 'Post refund' if $payby /^(BILL|CASH)$/; +push @rights, 'Post check refund' if $payby eq 'BILL'; +push @rights, 'Post cash refund ' if $payby eq 'CASH'; +push @rights, 'Refund payment' if $payby /^(CARD|CHEK)$/; +push @rights, 'Refund credit card payment' if $payby eq 'CARD'; +push @rights, 'Refund Echeck payment' if $payby eq 'CHEK'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my( $paynum, $cust_pay ) = ( '', '' ); if ( $cgi->param('paynum') =~ /^(\d+)$/ ) { $paynum = $1; diff --git a/httemplate/edit/process/cust_pay.cgi b/httemplate/edit/process/cust_pay.cgi index c8b0aa7df..0cd408958 100755 --- a/httemplate/edit/process/cust_pay.cgi +++ b/httemplate/edit/process/cust_pay.cgi @@ -27,9 +27,6 @@ %} <%init> -die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Post payment'); - $cgi->param('linknum') =~ /^(\d+)$/ or die "Illegal linknum: ". $cgi->param('linknum'); my $linknum = $1; @@ -52,6 +49,13 @@ my $new = new FS::cust_pay ( { #} fields('cust_pay') } ); +my @rights = ('Post payment'); +push @rights, 'Post check payment' if $cust_pay->payby eq 'BILL'; +push @rights, 'Post cash payment' if $cust_pay->payby eq 'CASH'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my $error = $new->insert( 'manual' => 1 ); diff --git a/httemplate/edit/process/cust_refund.cgi b/httemplate/edit/process/cust_refund.cgi index 5749e5346..389bc990c 100755 --- a/httemplate/edit/process/cust_refund.cgi +++ b/httemplate/edit/process/cust_refund.cgi @@ -28,8 +28,21 @@ my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } ) my $link = $cgi->param('popup') ? 'popup' : ''; +my $payby = $cgi->param('payby'); + +my @rights = (); +push @rights, 'Post refund' if $payby /^(BILL|CASH)$/; +push @rights, 'Post check refund' if $payby eq 'BILL'; +push @rights, 'Post cash refund ' if $payby eq 'CASH'; +push @rights, 'Refund payment' if $payby /^(CARD|CHEK)$/; +push @rights, 'Refund credit card payment' if $payby eq 'CARD'; +push @rights, 'Refund Echeck payment' if $payby eq 'CHEK'; + +die "access denied" + unless $FS::CurrentUser::CurrentUser->access_right(\@rights); + my $error = ''; -if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { +if ( $payby =~ /^(CARD|CHEK)$/ ) { my %options = (); my $bop = $FS::payby::payby2bop{$1}; $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/ diff --git a/httemplate/view/cust_bill.cgi b/httemplate/view/cust_bill.cgi index f1618fa4b..0928d04bc 100755 --- a/httemplate/view/cust_bill.cgi +++ b/httemplate/view/cust_bill.cgi @@ -26,7 +26,7 @@ % if ( $cust_bill->owed > 0 % && scalar( grep $payby{$_}, qw(BILL CASH WEST MCRD) ) -% && $curuser->access_right('Post payment') +% && $curuser->access_right(['Post payment', 'Post check payment', 'Post cash payment']) % && ! $conf->exists('pkg-balances') % ) % { @@ -34,22 +34,22 @@ Post -% if ( $payby{'BILL'} ) { +% if ( $payby{'BILL'} && $curuser->access_right(['Post payment', 'Post check payment']) ) { <% $s++ ? ' | ' : '' %> check % } -% if ( $payby{'CASH'} ) { +% if ( $payby{'CASH'} && $curuser->access_right(['Post payment', 'Post cash payment']) ) { <% $s++ ? ' | ' : '' %> cash % } -% if ( $payby{'WEST'} ) { +% if ( $payby{'WEST'} && $curuser->access_right(['Post payment']) ) { <% $s++ ? ' | ' : '' %> Western Union % } -% if ( $payby{'MCRD'} ) { +% if ( $payby{'MCRD'} && $curuser->access_right(['Post payment']) ) { <% $s++ ? ' | ' : '' %> manual credit card % } diff --git a/httemplate/view/cust_main/payment_history.html b/httemplate/view/cust_main/payment_history.html index b84883a2f..111810e4f 100644 --- a/httemplate/view/cust_main/payment_history.html +++ b/httemplate/view/cust_main/payment_history.html @@ -1,7 +1,7 @@ %# payment links % my $s = 0; -% if ( $payby{'BILL'} && $curuser->access_right('Post payment') ) { +% if ( $payby{'BILL'} && $curuser->access_right(['Post payment', 'Post check payment' ]) ) { <% $s++ ? ' | ' : '' %> <% include('/elements/popup_link-cust_main.html', 'label' => 'Enter check payment', @@ -14,7 +14,7 @@ %> % } -% if ( $payby{'CASH'} && $curuser->access_right('Post payment') ) { +% if ( $payby{'CASH'} && $curuser->access_right(['Post payment', 'Post cash payment']) ) { <% $s++ ? ' | ' : '' %> <% include('/elements/popup_link-cust_main.html', 'label' => 'Enter cash payment', @@ -33,7 +33,7 @@ % } % if ( ( $payby{'CARD'} || $payby{'DCRD'} ) -% && $curuser->access_right('Process payment') +% && $curuser->access_right(['Process payment', 'Process credit card payment']) % && ! $cust_main->is_encrypted($cust_main->payinfo) % ) { <% $s++ ? ' | ' : '' %> @@ -41,7 +41,7 @@ % } % if ( ( $payby{'CHEK'} || $payby{'DCHK'} ) -% && $curuser->access_right('Process payment') +% && $curuser->access_right(['Process payment', 'Process Echeck payment']) % && ! $cust_main->is_encrypted($cust_main->payinfo) % ) { <% $s++ ? ' | ' : '' %> @@ -73,7 +73,7 @@ %# refund links % $s = 0; -% if ( $payby{'BILL'} && $curuser->access_right('Post refund') ) { +% if ( $payby{'BILL'} && $curuser->access_right(['Post refund', 'Post check refund']) ) { <% $s++ ? ' | ' : '' %> <% include('/elements/popup_link-cust_main.html', 'label' => 'Enter check refund', @@ -86,7 +86,7 @@ %> % } -% if ( $payby{'CASH'} && $curuser->access_right('Post refund') ) { +% if ( $payby{'CASH'} && $curuser->access_right(['Post refund', 'Post cash refund']) ) { <% $s++ ? ' | ' : '' %> <% include('/elements/popup_link-cust_main.html', 'label' => 'Enter cash refund', diff --git a/httemplate/view/cust_main/payment_history/payment.html b/httemplate/view/cust_main/payment_history/payment.html index 6ec9fdb96..e745864b7 100644 --- a/httemplate/view/cust_main/payment_history/payment.html +++ b/httemplate/view/cust_main/payment_history/payment.html @@ -155,11 +155,14 @@ my $view = my $refund = ''; my $refund_days = $opt{'card_refund-days'} || 120; +my @rights = ('Refund payment'); +push @rights, 'Refund credit card payment' if $payby eq 'CARD'; +push @rights, 'Refund Echeck payment' if $payby eq 'CHEK'; if ( $cust_pay->closed !~ /^Y/i && $cust_pay->payby =~ /^(CARD|CHEK)$/ && time-$cust_pay->_date < $refund_days*86400 && $cust_pay->unrefunded > 0 - && $curuser->access_right('Refund payment') + && $curuser->access_right(\@rights) ) { $refund = qq! (