From 17856ff5c299e4db21da28116f2666655c03f2c7 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Mon, 5 Feb 2007 12:51:05 +0000
Subject: [PATCH] C is for Cookie^WControl

---
 FS/FS/AccessRight.pm                     |  25 +++--
 httemplate/view/cust_bill-logo.cgi       |  34 ++++---
 httemplate/view/cust_bill-pdf.cgi        |  44 ++++----
 httemplate/view/cust_bill-ps.cgi         |  36 ++++---
 httemplate/view/cust_bill.cgi            |  68 +++++++------
 httemplate/view/cust_main.cgi            |  46 +++++----
 httemplate/view/cust_main/contacts.html  |   2 +-
 httemplate/view/cust_pkg.cgi             | 166 -------------------------------
 httemplate/view/elements/svc_Common.html |  84 +++++++++-------
 httemplate/view/svc_Common.html          |  12 +--
 httemplate/view/svc_acct.cgi             |  94 +++++++++--------
 httemplate/view/svc_broadband.cgi        | 134 +++++++++++++------------
 httemplate/view/svc_domain.cgi           |  82 ++++++++-------
 httemplate/view/svc_external.cgi         |  65 ++++++------
 httemplate/view/svc_forward.cgi          |  15 ++-
 httemplate/view/svc_www.cgi              |  16 ++-
 16 files changed, 433 insertions(+), 490 deletions(-)
 delete mode 100755 httemplate/view/cust_pkg.cgi

diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm
index cc0bf7ff6..5194bd4d9 100644
--- a/FS/FS/AccessRight.pm
+++ b/FS/FS/AccessRight.pm
@@ -92,12 +92,13 @@ assigned to users and/or groups.
   'Cancel customer',
   'Complimentary customer', #aka users-allow_comp 
   'Delete customer', #aka. deletecustomers #Enable customer deletions. Be very careful! Deleting a customer will remove all traces that this customer ever existed! It should probably only be used when auditing a legacy database. Normally, you cancel all of a customers' packages if they cancel service.
-  'Add customer note',
-  'Edit customer note',
+  'Add customer note', #NEW
+  'Edit customer note', #NEW
 
 ###
 # customer package rights
 ###
+  'View customer packages', #NEW
   'Order customer package',
   'One-time charge',
   'Change customer package',
@@ -108,15 +109,16 @@ assigned to users and/or groups.
   'Unsuspend customer package',
   'Cancel customer package immediately',
   'Cancel customer package later',
-  'Add on-the-fly cancel reason',
-  'Add on-the-fly suspend reason',
+  'Add on-the-fly cancel reason', #NEW
+  'Add on-the-fly suspend reason', #NEW
 
 ###
 # customer service rights
 ###
-  'Edit usage',
+  'Edit usage', #NEW
+  'View customer services', #NEW
   'Provision customer service',
-  'Recharge customer service',
+  'Recharge customer service', #NEW
   'Unprovision customer service',
 
   'View/link unlinked services', #not agent-virtualizable without more work
@@ -126,6 +128,7 @@ assigned to users and/or groups.
 ###
   'View invoices',
   'View customer tax exemptions', #yow
+  'View customer batched payments', #NEW
 
 ###
 # customer payment rights
@@ -138,7 +141,7 @@ assigned to users and/or groups.
 
   'Delete payment', #aka. deletepayments - Enable deletion of unclosed payments. Be very careful! Only delete payments that were data-entry errors, not adjustments. Optionally specify one or more comma-separated email addresses to be notified when a payment is deleted.
 
-  'Delete refund',
+  'Delete refund', #NEW
 
 ###
 # customer credit rights
@@ -160,7 +163,7 @@ assigned to users and/or groups.
 # report/listing rights...
 ###
   'List customers',
-  'List zip codes',
+  'List zip codes', #NEW
   'List invoices',
   'List packages',
   'List services',
@@ -173,15 +176,15 @@ assigned to users and/or groups.
 # misc rights
 ###
   'Job queue',         # these are not currently agent-virtualized
-  'Process batches',   #
-  'Reprocess batches', #
+  'Process batches',   # NEW
+  'Reprocess batches', # NEW
   'Import',            #
   'Export',            #
 
 ###
 # misc misc rights
 ###
-  'Raw SQL',
+  'Raw SQL', #NEW
 
 ###
 # setup/config rights
diff --git a/httemplate/view/cust_bill-logo.cgi b/httemplate/view/cust_bill-logo.cgi
index fd6a81a75..e2f810c3f 100755
--- a/httemplate/view/cust_bill-logo.cgi
+++ b/httemplate/view/cust_bill-logo.cgi
@@ -1,16 +1,20 @@
-%
-%
-%my $conf = new FS::Conf;
-%
-%my($query) = $cgi->keywords;
-%$query =~ /^([^\.\/]*)$/;
-%my $templatename = $1;
-%if ( $templatename && $conf->exists("logo_$templatename.png") ) {
-%  $templatename = "_$templatename";
-%} else {
-%  $templatename = '';
-%}
-%
-%http_header('Content-Type' => 'image/png' );
-%
 <% $conf->config_binary("logo$templatename.png") %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
+
+my $conf = new FS::Conf;
+
+my($query) = $cgi->keywords;
+$query =~ /^([^\.\/]*)$/;
+my $templatename = $1;
+if ( $templatename && $conf->exists("logo_$templatename.png") ) {
+  $templatename = "_$templatename";
+} else {
+  $templatename = '';
+}
+
+http_header('Content-Type' => 'image/png' );
+
+</%init>
diff --git a/httemplate/view/cust_bill-pdf.cgi b/httemplate/view/cust_bill-pdf.cgi
index 06bb965eb..f09e1b74d 100755
--- a/httemplate/view/cust_bill-pdf.cgi
+++ b/httemplate/view/cust_bill-pdf.cgi
@@ -1,18 +1,28 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)(.pdf)?$/;
-%my $templatename = $2;
-%my $invnum = $3;
-%
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Invoice #$invnum not found!" unless $cust_bill;
-%
-%my $pdf = $cust_bill->print_pdf( '', $templatename);
-%
-%http_header('Content-Type' => 'application/pdf' );
-%http_header('Content-Length' => length($pdf) );
-%http_header('Cache-control' => 'max-age=60' );
-%
 <% $pdf %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)(.pdf)?$/;
+my $templatename = $2;
+my $invnum = $3;
+
+my $cust_bill = qsearchs({
+  'select'    => 'cust_bill.*',
+  'table'     => 'cust_bill',
+  'addl_from' => 'LEFT JOIN cust_main USING ( custnum )',
+  'hashref'   => { 'invnum' => $invnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die "Invoice #$invnum not found!" unless $cust_bill;
+
+my $pdf = $cust_bill->print_pdf( '', $templatename);
+
+http_header('Content-Type' => 'application/pdf' );
+http_header('Content-Length' => length($pdf) );
+http_header('Cache-control' => 'max-age=60' );
+
+</%init>
diff --git a/httemplate/view/cust_bill-ps.cgi b/httemplate/view/cust_bill-ps.cgi
index f838e1b17..5313dbf02 100755
--- a/httemplate/view/cust_bill-ps.cgi
+++ b/httemplate/view/cust_bill-ps.cgi
@@ -1,14 +1,24 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $templatename = $2;
-%my $invnum = $3;
-%
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Invoice #$invnum not found!" unless $cust_bill;
-%
-%http_header('Content-Type' => 'application/postscript' );
-%
 <% $cust_bill->print_ps( '', $templatename) %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $templatename = $2;
+my $invnum = $3;
+
+my $cust_bill = qsearchs({
+  'select'    => 'cust_bill.*',
+  'table'     => 'cust_bill',
+  'addl_from' => 'LEFT JOIN cust_main USING ( custnum )',
+  'hashref'   => { 'invnum' => $invnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die "Invoice #$invnum not found!" unless $cust_bill;
+
+http_header('Content-Type' => 'application/postscript' );
+
+</%init>
diff --git a/httemplate/view/cust_bill.cgi b/httemplate/view/cust_bill.cgi
index 3772e8dd0..42e1e6177 100755
--- a/httemplate/view/cust_bill.cgi
+++ b/httemplate/view/cust_bill.cgi
@@ -1,40 +1,14 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $templatename = $2;
-%my $invnum = $3;
-%
-%my $conf = new FS::Conf;
-%
-%my @payby =  grep /\w/, $conf->config('payby');
-%#@payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH WEST COMP ))
-%@payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH COMP ))
-%  unless @payby;
-%my %payby = map { $_=>1 } @payby;
-%
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Invoice #$invnum not found!" unless $cust_bill;
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%#my $printed = $cust_bill->printed;
-%
-%my $link = $templatename ? "$templatename-$invnum" : $invnum;
-%
-%
-
 <% include("/elements/header.html",'Invoice View', menubar(
   "Main Menu" => $p,
   "View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum",
 )) %>
+
+
 % if ( $cust_bill->owed > 0
 %        && ( $payby{'BILL'} || $payby{'CASH'} || $payby{'WEST'} || $payby{'MCRD'} )
 %      )
 %   {
 %     my $s = 0;
-%
-
 
   Post 
 % if ( $payby{'BILL'} ) { 
@@ -151,5 +125,41 @@
   <PRE><% join('', $cust_bill->print_text('', $templatename) ) %></PRE>
 % } 
 
+<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $templatename = $2;
+my $invnum = $3;
+
+my $conf = new FS::Conf;
+
+my @payby =  grep /\w/, $conf->config('payby');
+#@payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH WEST COMP ))
+@payby = (qw( CARD DCRD CHEK DCHK LECB BILL CASH COMP ))
+  unless @payby;
+my %payby = map { $_=>1 } @payby;
+
+my $cust_bill = qsearchs({
+  'select'    => 'cust_bill.*',
+  'table'     => 'cust_bill',
+  'addl_from' => 'LEFT JOIN cust_main USING ( custnum )',
+  'hashref'   => { 'invnum' => $invnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die "Invoice #$invnum not found!" unless $cust_bill;
+
+my $custnum = $cust_bill->custnum;
+
+#my $printed = $cust_bill->printed;
+
+my $link = $templatename ? "$templatename-$invnum" : $invnum;
+
+</%init>
+
 
-</BODY></HTML>
diff --git a/httemplate/view/cust_main.cgi b/httemplate/view/cust_main.cgi
index 20e8201e6..850b48b27 100755
--- a/httemplate/view/cust_main.cgi
+++ b/httemplate/view/cust_main.cgi
@@ -1,27 +1,9 @@
-%
-%
-%my $conf = new FS::Conf;
-%
-%my $curuser = $FS::CurrentUser::CurrentUser;
-%
-%die "No customer specified (bad URL)!" unless $cgi->keywords;
-%my($query) = $cgi->keywords; # needs parens with my, ->keywords returns array
-%$query =~ /^(\d+)$/;
-%my $custnum = $1;
-%my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum});
-%die "Customer not found!" unless $cust_main;
-%
-%
-
-
 <% include("/elements/header.html","Customer View: ". $cust_main->name ) %>
-% if ( $curuser->access_right('Edit customer') ) { 
 
+% if ( $curuser->access_right('Edit customer') ) { 
   <A HREF="<% $p %>edit/cust_main.cgi?<% $custnum %>">Edit this customer</A> | 
 % } 
 
-
-
 <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws.js"></SCRIPT>
 <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws_iframe.js"></SCRIPT>
 <SCRIPT TYPE="text/javascript" SRC="<%$fsurl%>elements/overlibmws_draggable.js"></SCRIPT>
@@ -155,11 +137,35 @@ Comments
 
 
 <BR><BR>
+
+% #XXX enable me# if ( $curuser->access_right('View customer packages') { 
 <% include('cust_main/packages.html', $cust_main ) %>
-% if ( $conf->config('payby-default') ne 'HIDE' ) { 
+% #}
 
+% if ( $conf->config('payby-default') ne 'HIDE' ) { 
   <% include('cust_main/payment_history.html', $cust_main ) %>
 % } 
 
 
 <% include('/elements/footer.html') %>
+<%init>
+
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+die "access denied"
+  unless $curuser->access_right('View customer');
+
+my $conf = new FS::Conf;
+
+die "No customer specified (bad URL)!" unless $cgi->keywords;
+my($query) = $cgi->keywords; # needs parens with my, ->keywords returns array
+$query =~ /^(\d+)$/;
+my $custnum = $1;
+my $cust_main = qsearchs({
+  'table'     => 'cust_main',
+  'hashref'   => {'custnum'=>$custnum},
+  'extra_sql' => ' AND '. $curuser->agentnums_sql,
+});
+die "Customer not found!" unless $cust_main;
+
+</%init>
diff --git a/httemplate/view/cust_main/contacts.html b/httemplate/view/cust_main/contacts.html
index 3b86533a6..d5788c9a4 100644
--- a/httemplate/view/cust_main/contacts.html
+++ b/httemplate/view/cust_main/contacts.html
@@ -36,7 +36,7 @@
 <TR>
   <TD ALIGN="right">City</TD>
   <TD BGCOLOR="#ffffff"><% $cust_main->get("${pre}city") %></TD>
-% if ( $cust_main->get("${pre}county" ) ) {
+% if ( $cust_main->get("${pre}county") ) {
     <TD ALIGN="right">County</TD>
     <TD BGCOLOR="#ffffff"><% $cust_main->get("${pre}county") %></TD>
 % }
diff --git a/httemplate/view/cust_pkg.cgi b/httemplate/view/cust_pkg.cgi
deleted file mode 100755
index 78b42f127..000000000
--- a/httemplate/view/cust_pkg.cgi
+++ /dev/null
@@ -1,166 +0,0 @@
-<!-- mason kludge -->
-%
-%
-%my $conf = new FS::Conf;
-%
-%my %uiview = ();
-%my %uiadd = ();
-%foreach my $part_svc ( qsearch('part_svc',{}) ) {
-%  $uiview{$part_svc->svcpart} = popurl(2). "view/". $part_svc->svcdb . ".cgi";
-%  $uiadd{$part_svc->svcpart}= popurl(2). "edit/". $part_svc->svcdb . ".cgi";
-%}
-%
-%my ($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $pkgnum = $1;
-%
-%#get package record
-%my $cust_pkg = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-%die "No package!" unless $cust_pkg;
-%my $part_pkg = qsearchs('part_pkg',{'pkgpart'=>$cust_pkg->getfield('pkgpart')});
-%
-%my $custnum = $cust_pkg->getfield('custnum');
-%print header('Package View', menubar(
-%  "View this customer (#$custnum)" => popurl(2). "view/cust_main.cgi?$custnum",
-%  'Main Menu' => popurl(2)
-%));
-%
-%#print info
-%my ($susp,$cancel,$expire)=(
-%  $cust_pkg->getfield('susp'),
-%  $cust_pkg->getfield('cancel'),
-%  $cust_pkg->getfield('expire'),
-%);
-%my($pkg,$comment)=($part_pkg->getfield('pkg'),$part_pkg->getfield('comment'));
-%my($setup,$bill)=($cust_pkg->getfield('setup'),$cust_pkg->getfield('bill'));
-%my $otaker = $cust_pkg->getfield('otaker');
-%
-%print <<END;
-%<SCRIPT>
-%function areyousure(href) {
-%    if (confirm("Permanently delete included services and cancel this package?") == true)
-%        window.location.href = href;
-%}
-%</SCRIPT>
-%END
-%
-%print "Package information";
-%print ' (<A HREF="'. popurl(2). 'misc/unsusp_pkg.cgi?'. $pkgnum.
-%      '">unsuspend</A>)'
-%  if ( $susp && ! $cancel );
-%
-%print ' (<A HREF="'. popurl(2). 'misc/susp_pkg.cgi?'. $pkgnum.
-%      '">suspend</A>)'
-%  unless ( $susp || $cancel );
-%
-%print ' (<A HREF="javascript:areyousure(\''. popurl(2). 'misc/cancel_pkg.cgi?'.
-%      $pkgnum.  '\')">cancel</A>)'
-%  unless $cancel;
-%
-%print ' (<A HREF="'. popurl(2). 'edit/REAL_cust_pkg.cgi?'. $pkgnum.
-%      '">edit dates</A>)';
-%
-%print &ntable("#cccccc"), '<TR><TD>', &ntable("#cccccc",2),
-%      '<TR><TD ALIGN="right">Package number</TD><TD BGCOLOR="#ffffff">',
-%      $pkgnum, '</TD></TR>',
-%      '<TR><TD ALIGN="right">Package</TD><TD BGCOLOR="#ffffff">',
-%      $pkg,  '</TD></TR>',
-%      '<TR><TD ALIGN="right">Comment</TD><TD BGCOLOR="#ffffff">',
-%      $comment,  '</TD></TR>',
-%      '<TR><TD ALIGN="right">Setup date</TD><TD BGCOLOR="#ffffff">',
-%      ( $setup ? time2str("%D",$setup) : "(Not setup)" ), '</TD></TR>';
-%
-%print '<TR><TD ALIGN="right">Last bill date</TD><TD BGCOLOR="#ffffff">',
-%      ( $cust_pkg->get('last_bill') ? time2str("%D",$cust_pkg->get('last_bill')) : "&nbsp;" ),
-%      '</TD></TR>'
-%  if $cust_pkg->dbdef_table->column('last_bill');
-%
-%print '<TR><TD ALIGN="right">Next bill date</TD><TD BGCOLOR="#ffffff">',
-%      ( $bill ? time2str("%D",$bill) : "&nbsp;" ), '</TD></TR>';
-%      
-%print '<TR><TD ALIGN="right">Suspension date</TD><TD BGCOLOR="#ffffff">',
-%       time2str("%D",$susp), '</TD></TR>' if $susp;
-%print '<TR><TD ALIGN="right">Expiration date</TD><TD BGCOLOR="#ffffff">',
-%       time2str("%D",$expire), '</TD></TR>' if $expire;
-%print '<TR><TD ALIGN="right">Cancellation date</TD><TD BGCOLOR="#ffffff">',
-%       time2str("%D",$cancel), '</TD></TR>' if $cancel;
-%print  '<TR><TD ALIGN="right">Order taker</TD><TD BGCOLOR="#ffffff">',
-%      $otaker,  '</TD></TR>',
-%      '</TABLE></TD></TR></TABLE>';
-%
-%unless ($expire) {
-%  print <<END;
-%<FORM ACTION="../misc/expire_pkg.cgi" METHOD="post">
-%<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">
-%Expire (date): <INPUT TYPE="text" NAME="date" VALUE="" >
-%<INPUT TYPE="submit" VALUE="Cancel later">
-%END
-%}
-%
-%unless ($cancel) {
-%
-%  #services
-%  print '<BR>Service Information', &table();
-%
-%  #list of services this pkgpart includes
-%  my $pkg_svc;
-%  my %pkg_svc;
-%  #foreach $pkg_svc ( qsearch('pkg_svc',{'pkgpart'=> $cust_pkg->pkgpart }) ) {
-%  foreach $pkg_svc ( $cust_pkg->part_pkg->pkg_svc ) {
-%    $pkg_svc{$pkg_svc->svcpart} = $pkg_svc->quantity if $pkg_svc->quantity;
-%  }
-%
-%  #list of records from cust_svc
-%  my $svcpart;
-%  foreach $svcpart (sort {$a <=> $b} keys %pkg_svc) {
-%
-%    my($svc)=qsearchs('part_svc',{'svcpart'=>$svcpart})->getfield('svc');
-%
-%    my(@cust_svc)=qsearch('cust_svc',{'pkgnum'=>$pkgnum, 
-%                                      'svcpart'=>$svcpart,
-%                                     });
-%
-%    my($enum);
-%    for $enum ( 1 .. $pkg_svc{$svcpart} ) {
-%
-%      my($cust_svc);
-%      if ( $cust_svc=shift @cust_svc ) {
-%        my($svcnum)=$cust_svc->svcnum;
-%        my($label, $value, $svcdb) = $cust_svc->label;
-%        print <<END;
-%<TR><TD><A HREF="$uiview{$svcpart}?$svcnum">(View/Edit) $svc: $value<A></TD></TR>
-%END
-%      } else {
-%        print qq!<TR><TD>!.
-%              qq!<A HREF="$uiadd{$svcpart}?pkgnum$pkgnum-svcpart$svcpart">!.
-%              qq!(Provision) $svc</A>!;
-%
-%        print qq! or <A HREF="../misc/link.cgi?pkgnum$pkgnum-svcpart$svcpart">!.
-%              qq!(Link to legacy) $svc</A>!
-%          if $conf->exists('legacy_link');
-%
-%        print '</TD></TR>';
-%      }
-%
-%    }
-%    warn "WARNING: Leftover services pkgnum $pkgnum!" if @cust_svc;; 
-%  }
-%
-%  print "</TABLE><FONT SIZE=-1>",
-%        "Choose (View/Edit) to view or edit an existing service<BR>",
-%        "Choose (Provision) to setup a new service<BR>";
-%
-%  print "Choose (Link to legacy) to link to a legacy (pre-Freeside) service"
-%    if $conf->exists('legacy_link');
-%
-%  print "</FONT>";
-%}
-%
-%#formatting
-%print <<END;
-%  </BODY>
-%</HTML>
-%END
-%
-%
-
diff --git a/httemplate/view/elements/svc_Common.html b/httemplate/view/elements/svc_Common.html
index 92eef2dad..f5b65ac49 100644
--- a/httemplate/view/elements/svc_Common.html
+++ b/httemplate/view/elements/svc_Common.html
@@ -1,5 +1,3 @@
-%
-%
 %  # options example...
 %  #
 %  # 'table' => 'svc_something'
@@ -16,40 +14,6 @@
 %  # # defaults to "edit/$table.cgi?", will have svcnum appended
 %  # 'edit_url' => 
 %
-%  my(%opt) = @_;
-%
-%  my $table = $opt{'table'};
-%
-%  my $fields = $opt{'fields'}
-%               #|| [ grep { $_ ne 'svcnum' } dbdef->table($table)->columns ];
-%               || [ grep { $_ ne 'svcnum' } fields($table) ];
-%
-%  my $svcnum;
-%  if ( $cgi->param('svcnum') ) {
-%    $cgi->param('svcnum') =~ /^(\d+)$/ or die "unparsable svcnum";
-%    $svcnum = $1;
-%  } else {
-%    my($query) = $cgi->keywords;
-%    $query =~ /^(\d+)$/ or die "no svcnum";
-%    $svcnum = $1;
-%  }
-%  my $svc_x = qsearchs( $opt{'table'}, { 'svcnum' => $svcnum } )
-%    or die "Unknown svcnum $svcnum in ". $opt{'table'}. " table\n";
-%
-%  my $cust_svc = $svc_x->cust_svc;
-%  my($label, $value, $svcdb) = $cust_svc->label;
-%
-%  my $pkgnum = $cust_svc->pkgnum;
-%
-%  my($cust_pkg, $custnum);
-%  if ($pkgnum) {
-%    $cust_pkg = $cust_svc->cust_pkg;
-%    $custnum = $cust_pkg->custnum;
-%  } else {
-%    $cust_pkg = '';
-%    $custnum = '';
-%  }
-%
 %
 % if ( $custnum ) { 
 
@@ -123,3 +87,51 @@ Service #<B><% $svcnum %></B>
 <% joblisting({'svcnum'=>$svcnum}, 1) %>
 
 <% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
+      || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+
+my(%opt) = @_;
+
+my $table = $opt{'table'};
+
+my $fields = $opt{'fields'}
+             #|| [ grep { $_ ne 'svcnum' } dbdef->table($table)->columns ];
+             || [ grep { $_ ne 'svcnum' } fields($table) ];
+
+my $svcnum;
+if ( $cgi->param('svcnum') ) {
+  $cgi->param('svcnum') =~ /^(\d+)$/ or die "unparsable svcnum";
+  $svcnum = $1;
+} else {
+  my($query) = $cgi->keywords;
+  $query =~ /^(\d+)$/ or die "no svcnum";
+  $svcnum = $1;
+}
+my $svc_x = qsearchs({
+  'select'    => $opt{'table'}.'.*',
+  'table'     => $opt{'table'},
+  'addl_from' => ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
+                 ' LEFT JOIN cust_pkg  USING ( pkgnum  ) '.
+                 ' LEFT JOIN cust_main USING ( custnum ) ',
+  'hashref'   => { 'svcnum' => $svcnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+}) or die "Unknown svcnum $svcnum in ". $opt{'table'}. " table\n";
+
+my $cust_svc = $svc_x->cust_svc;
+my($label, $value, $svcdb) = $cust_svc->label;
+
+my $pkgnum = $cust_svc->pkgnum;
+
+my($cust_pkg, $custnum);
+if ($pkgnum) {
+  $cust_pkg = $cust_svc->cust_pkg;
+  $custnum = $cust_pkg->custnum;
+} else {
+  $cust_pkg = '';
+  $custnum = '';
+}
+
+</%init>
diff --git a/httemplate/view/svc_Common.html b/httemplate/view/svc_Common.html
index bb3a6dd33..defbee974 100644
--- a/httemplate/view/svc_Common.html
+++ b/httemplate/view/svc_Common.html
@@ -1,3 +1,9 @@
+<% include('elements/svc_Common.html',
+             'table'    => $table,
+	     'edit_url' => $p."edit/svc_Common.html?svcdb=$table;svcnum=",
+	     %opt,
+          )
+%>
 <%init>
 
 # false laziness w/edit/svc_Common.html
@@ -21,9 +27,3 @@ if ( UNIVERSAL::can("FS::$table", 'table_info') ) {
 }
 
 </%init>
-<% include('elements/svc_Common.html',
-             'table'    => $table,
-	     'edit_url' => $p."edit/svc_Common.html?svcdb=$table;svcnum=",
-	     %opt,
-          )
-%>
diff --git a/httemplate/view/svc_acct.cgi b/httemplate/view/svc_acct.cgi
index 2bacbcaff..86478681c 100755
--- a/httemplate/view/svc_acct.cgi
+++ b/httemplate/view/svc_acct.cgi
@@ -1,49 +1,11 @@
-%
-%
-%my $conf = new FS::Conf;
-%
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
-%die "Unknown svcnum" unless $svc_acct;
-%
-%#false laziness w/all svc_*.cgi
-%my $cust_svc = qsearchs( 'cust_svc' , { 'svcnum' => $svcnum } );
-%my $pkgnum = $cust_svc->getfield('pkgnum');
-%my($cust_pkg, $custnum);
-%if ($pkgnum) {
-%  $cust_pkg = qsearchs( 'cust_pkg', { 'pkgnum' => $pkgnum } );
-%  $custnum = $cust_pkg->custnum;
-%} else {
-%  $cust_pkg = '';
-%  $custnum = '';
-%}
-%#eofalse
-%
-%my $part_svc = qsearchs('part_svc',{'svcpart'=> $cust_svc->svcpart } );
-%die "Unknown svcpart" unless $part_svc;
-%my $svc = $part_svc->svc;
-%
-%die 'Empty domsvc for svc_acct.svcnum '. $svc_acct->svcnum
-%  unless $svc_acct->domsvc;
-%my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $svc_acct->domsvc } );
-%die 'Unknown domain (domsvc '. $svc_acct->domsvc.
-%    ' for svc_acct.svcnum '. $svc_acct->svcnum. ')'
-%  unless $svc_domain;
-%my $domain = $svc_domain->domain;
-%
-%
 % if ( $custnum ) { 
 
-
   <% include("/elements/header.html","View $svc account") %>
-
   <% include( '/elements/small_custview.html', $custnum, '', 1,
      "${p}view/cust_main.cgi") %>
   <BR>
-% } else { 
 
+% } else { 
 
   <SCRIPT>
   function areyousure(href) {
@@ -55,9 +17,10 @@
   <% include("/elements/header.html",'Account View', menubar(
     "Cancel this (unaudited) account" =>
             "javascript:areyousure(\'${p}misc/cancel-unaudited.cgi?$svcnum\')",
-    "Main menu" => $p,
   )) %>
+
 % } 
+
 % if ( $part_svc->part_export_usage ) {
 %
 %  my $last_bill;
@@ -350,5 +313,52 @@ Service #<B><% $svcnum %></B>
 
 <% joblisting({'svcnum'=>$svcnum}, 1) %>
 
-</BODY>
-</HTML>
+<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
+      || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+
+my $conf = new FS::Conf;
+
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+my $svc_acct = qsearchs({
+  'select'    => 'svc_acct.*',
+  'table'     => 'svc_acct',
+  'addl_from' => ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
+                 ' LEFT JOIN cust_pkg  USING ( pkgnum  ) '.
+                 ' LEFT JOIN cust_main USING ( custnum ) ',
+  'hashref'   => {'svcnum'=>$svcnum},
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die "Unknown svcnum" unless $svc_acct;
+
+#false laziness w/all svc_*.cgi
+my $cust_svc = qsearchs( 'cust_svc' , { 'svcnum' => $svcnum } );
+my $pkgnum = $cust_svc->getfield('pkgnum');
+my($cust_pkg, $custnum);
+if ($pkgnum) {
+  $cust_pkg = qsearchs( 'cust_pkg', { 'pkgnum' => $pkgnum } );
+  $custnum = $cust_pkg->custnum;
+} else {
+  $cust_pkg = '';
+  $custnum = '';
+}
+#eofalse
+
+my $part_svc = qsearchs('part_svc',{'svcpart'=> $cust_svc->svcpart } );
+die "Unknown svcpart" unless $part_svc;
+my $svc = $part_svc->svc;
+
+die 'Empty domsvc for svc_acct.svcnum '. $svc_acct->svcnum
+  unless $svc_acct->domsvc;
+my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $svc_acct->domsvc } );
+die 'Unknown domain (domsvc '. $svc_acct->domsvc.
+    ' for svc_acct.svcnum '. $svc_acct->svcnum. ')'
+  unless $svc_domain;
+my $domain = $svc_domain->domain;
+
+</%init>
diff --git a/httemplate/view/svc_broadband.cgi b/httemplate/view/svc_broadband.cgi
index cfece5cb4..a76e5a3d1 100644
--- a/httemplate/view/svc_broadband.cgi
+++ b/httemplate/view/svc_broadband.cgi
@@ -1,64 +1,3 @@
-<!-- mason kludge -->
-%
-%
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%my $svc_broadband = qsearchs( 'svc_broadband', { 'svcnum' => $svcnum } )
-%  or die "svc_broadband: Unknown svcnum $svcnum";
-%
-%#false laziness w/all svc_*.cgi
-%my $cust_svc = qsearchs( 'cust_svc', { 'svcnum' => $svcnum } );
-%my $pkgnum = $cust_svc->getfield('pkgnum');
-%my($cust_pkg, $custnum);
-%if ($pkgnum) {
-%  $cust_pkg = qsearchs( 'cust_pkg', { 'pkgnum' => $pkgnum } );
-%  $custnum = $cust_pkg->custnum;
-%} else {
-%  $cust_pkg = '';
-%  $custnum = '';
-%}
-%#eofalse
-%
-%my $addr_block = $svc_broadband->addr_block;
-%my $router = $addr_block->router;
-%
-%if (not $router) { die "Could not lookup router for svc_broadband (svcnum $svcnum)" };
-%
-%my (
-%     $routername,
-%     $routernum,
-%     $speed_down,
-%     $speed_up,
-%     $ip_addr,
-%     $ip_gateway,
-%     $ip_netmask,
-%     $mac_addr,
-%     $latitude,
-%     $longitude,
-%     $altitude,
-%     $vlan_profile,
-%     $auth_key,
-%     $description,
-%   ) = (
-%     $router->getfield('routername'),
-%     $router->getfield('routernum'),
-%     $svc_broadband->getfield('speed_down'),
-%     $svc_broadband->getfield('speed_up'),
-%     $svc_broadband->getfield('ip_addr'),
-%     $addr_block->ip_gateway,
-%     $addr_block->NetAddr->mask,
-%     $svc_broadband->mac_addr,
-%     $svc_broadband->latitude,
-%     $svc_broadband->longitude,
-%     $svc_broadband->altitude,
-%     $svc_broadband->vlan_profile,
-%     $svc_broadband->auth_key,
-%     $svc_broadband->description,
-%   );
-%
-
-
 <%include("/elements/header.html",'Broadband Service View', menubar(
   ( ( $custnum )
     ? ( "View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum",
@@ -200,6 +139,75 @@ Add router named
 
 <BR>
 <%joblisting({'svcnum'=>$svcnum}, 1)%>
-  </BODY>
-</HTML>
 
+<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
+      || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+my $svc_broadband = qsearchs({
+  'select'    => 'svc_broadband.*',
+  'table'     => 'svc_broadband',
+  'addl_from' => ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
+                 ' LEFT JOIN cust_pkg  USING ( pkgnum  ) '.
+                 ' LEFT JOIN cust_main USING ( custnum ) ',
+  'hashref'   => { 'svcnum' => $svcnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+}) or die "svc_broadband: Unknown svcnum $svcnum";
+
+#false laziness w/all svc_*.cgi
+my $cust_svc = qsearchs( 'cust_svc', { 'svcnum' => $svcnum } );
+my $pkgnum = $cust_svc->getfield('pkgnum');
+my($cust_pkg, $custnum);
+if ($pkgnum) {
+  $cust_pkg = qsearchs( 'cust_pkg', { 'pkgnum' => $pkgnum } );
+  $custnum = $cust_pkg->custnum;
+} else {
+  $cust_pkg = '';
+  $custnum = '';
+}
+#eofalse
+
+my $addr_block = $svc_broadband->addr_block;
+my $router = $addr_block->router;
+
+if (not $router) { die "Could not lookup router for svc_broadband (svcnum $svcnum)" };
+
+my (
+     $routername,
+     $routernum,
+     $speed_down,
+     $speed_up,
+     $ip_addr,
+     $ip_gateway,
+     $ip_netmask,
+     $mac_addr,
+     $latitude,
+     $longitude,
+     $altitude,
+     $vlan_profile,
+     $auth_key,
+     $description,
+   ) = (
+     $router->getfield('routername'),
+     $router->getfield('routernum'),
+     $svc_broadband->getfield('speed_down'),
+     $svc_broadband->getfield('speed_up'),
+     $svc_broadband->getfield('ip_addr'),
+     $addr_block->ip_gateway,
+     $addr_block->NetAddr->mask,
+     $svc_broadband->mac_addr,
+     $svc_broadband->latitude,
+     $svc_broadband->longitude,
+     $svc_broadband->altitude,
+     $svc_broadband->vlan_profile,
+     $svc_broadband->auth_key,
+     $svc_broadband->description,
+   );
+
+</%init>
diff --git a/httemplate/view/svc_domain.cgi b/httemplate/view/svc_domain.cgi
index ff336f394..7fdce37df 100755
--- a/httemplate/view/svc_domain.cgi
+++ b/httemplate/view/svc_domain.cgi
@@ -1,38 +1,3 @@
-<!-- mason kludge -->
-%
-%
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%my $svc_domain = qsearchs('svc_domain',{'svcnum'=>$svcnum});
-%die "Unknown svcnum" unless $svc_domain;
-%
-%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
-%my $pkgnum = $cust_svc->getfield('pkgnum');
-%my($cust_pkg, $custnum);
-%if ($pkgnum) {
-%  $cust_pkg=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-%  $custnum=$cust_pkg->getfield('custnum');
-%} else {
-%  $cust_pkg = '';
-%  $custnum = '';
-%}
-%
-%my $part_svc = qsearchs('part_svc',{'svcpart'=> $cust_svc->svcpart } );
-%die "Unknown svcpart" unless $part_svc;
-%
-%my $email = '';
-%if ($svc_domain->catchall) {
-%  my $svc_acct = qsearchs('svc_acct',{'svcnum'=> $svc_domain->catchall } );
-%  die "Unknown svcpart" unless $svc_acct;
-%  $email = $svc_acct->email;
-%}
-%
-%my $domain = $svc_domain->domain;
-%
-%
-
-
 <% include("/elements/header.html",'Domain View', menubar(
   ( ( $pkgnum || $custnum )
     ? ( "View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum",
@@ -132,4 +97,49 @@ Slave from nameserver IP
 <INPUT TYPE="text" NAME="recdata"> <INPUT TYPE="submit" VALUE="Slave domain" onClick="return slave_areyousure()">
 </FORM>
 <BR><BR><% joblisting({'svcnum'=>$svcnum}, 1) %>
-</BODY></HTML>
+
+<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
+      || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+my $svc_domain = qsearchs({
+  'select'    => 'svc_domain.*',
+  'table'     => 'svc_domain',
+  'addl_from' => ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
+                 ' LEFT JOIN cust_pkg  USING ( pkgnum  ) '.
+                 ' LEFT JOIN cust_main USING ( custnum ) ',
+  'hashref'   => {'svcnum'=>$svcnum},
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+});
+die "Unknown svcnum" unless $svc_domain;
+
+my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
+my $pkgnum = $cust_svc->getfield('pkgnum');
+my($cust_pkg, $custnum);
+if ($pkgnum) {
+  $cust_pkg=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+  $custnum=$cust_pkg->getfield('custnum');
+} else {
+  $cust_pkg = '';
+  $custnum = '';
+}
+
+my $part_svc = qsearchs('part_svc',{'svcpart'=> $cust_svc->svcpart } );
+die "Unknown svcpart" unless $part_svc;
+
+my $email = '';
+if ($svc_domain->catchall) {
+  my $svc_acct = qsearchs('svc_acct',{'svcnum'=> $svc_domain->catchall } );
+  die "Unknown svcpart" unless $svc_acct;
+  $email = $svc_acct->email;
+}
+
+my $domain = $svc_domain->domain;
+
+</%init>
diff --git a/httemplate/view/svc_external.cgi b/httemplate/view/svc_external.cgi
index 06302bd8f..b87166a17 100644
--- a/httemplate/view/svc_external.cgi
+++ b/httemplate/view/svc_external.cgi
@@ -1,30 +1,3 @@
-%
-%
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%my $svc_external = qsearchs( 'svc_external', { 'svcnum' => $svcnum } )
-%  or die "svc_external: Unknown svcnum $svcnum";
-%
-%my $conf = new FS::Conf;
-%
-%#false laziness w/all svc_*.cgi
-%my $cust_svc = qsearchs( 'cust_svc', { 'svcnum' => $svcnum } );
-%my $pkgnum = $cust_svc->getfield('pkgnum');
-%my($cust_pkg, $custnum);
-%if ($pkgnum) {
-%  $cust_pkg = qsearchs( 'cust_pkg', { 'pkgnum' => $pkgnum } );
-%  $custnum = $cust_pkg->custnum;
-%} else {
-%  $cust_pkg = '';
-%  $custnum = '';
-%}
-%#eofalse
-%
-%
-%
-
-
 <% include("/elements/header.html",'External Service View', menubar(
   ( ( $custnum )
     ? ( "View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum",
@@ -52,4 +25,40 @@
 
 </TABLE></TD></TR></TABLE>
 <BR><% joblisting({'svcnum'=>$svcnum}, 1) %>
-</BODY></HTML>
+
+<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
+      || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
+
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+my $svc_external = qsearchs({
+  'select'    => 'svc_external.*',
+  'table'     => 'svc_external',
+  'addl_from' => ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
+                 ' LEFT JOIN cust_pkg  USING ( pkgnum  ) '.
+                 ' LEFT JOIN cust_main USING ( custnum ) ',
+  'hashref'   => { 'svcnum' => $svcnum },
+  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+}) or die "svc_external: Unknown svcnum $svcnum";
+
+my $conf = new FS::Conf;
+
+#false laziness w/all svc_*.cgi
+my $cust_svc = qsearchs( 'cust_svc', { 'svcnum' => $svcnum } );
+my $pkgnum = $cust_svc->getfield('pkgnum');
+my($cust_pkg, $custnum);
+if ($pkgnum) {
+  $cust_pkg = qsearchs( 'cust_pkg', { 'pkgnum' => $pkgnum } );
+  $custnum = $cust_pkg->custnum;
+} else {
+  $cust_pkg = '';
+  $custnum = '';
+}
+#eofalse
+
+</%init>
diff --git a/httemplate/view/svc_forward.cgi b/httemplate/view/svc_forward.cgi
index fcc0bc96f..487ebb220 100755
--- a/httemplate/view/svc_forward.cgi
+++ b/httemplate/view/svc_forward.cgi
@@ -1,12 +1,21 @@
-<!-- mason kludge -->
-%
+% die "access denied"
+% unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
+%     || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
 %
 %my $conf = new FS::Conf;
 %
 %my($query) = $cgi->keywords;
 %$query =~ /^(\d+)$/;
 %my $svcnum = $1;
-%my $svc_forward = qsearchs('svc_forward',{'svcnum'=>$svcnum});
+%my $svc_forward = qsearchs({
+%  'select'    => 'svc_forward.*',
+%  'table'     => 'svc_forward',
+%  'addl_from' => ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
+%                 ' LEFT JOIN cust_pkg  USING ( pkgnum  ) '.
+%                 ' LEFT JOIN cust_main USING ( custnum ) ',
+%  'hashref'   => {'svcnum'=>$svcnum},
+%  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+%});
 %die "Unknown svcnum" unless $svc_forward;
 %
 %my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
diff --git a/httemplate/view/svc_www.cgi b/httemplate/view/svc_www.cgi
index f499a3fb5..0579a55b4 100644
--- a/httemplate/view/svc_www.cgi
+++ b/httemplate/view/svc_www.cgi
@@ -1,11 +1,19 @@
-<!-- mason kludge -->
-%
+% die "access denied"
+% unless $FS::CurrentUser::CurrentUser->access_right('View customer services')
+%     || $FS::CurrentUser::CurrentUser->access_right('View customer'); #XXX remove me
 %
 %my($query) = $cgi->keywords;
 %$query =~ /^(\d+)$/;
 %my $svcnum = $1;
-%my $svc_www = qsearchs( 'svc_www', { 'svcnum' => $svcnum } )
-%  or die "svc_www: Unknown svcnum $svcnum";
+%my $svc_www = qsearchs({
+%  'select'    => 'svc_www.*',
+%  'table'     => 'svc_www',
+%  'addl_from' => ' LEFT JOIN cust_svc  USING ( svcnum  ) '.
+%                 ' LEFT JOIN cust_pkg  USING ( pkgnum  ) '.
+%                 ' LEFT JOIN cust_main USING ( custnum ) ',
+%  'hashref'   => { 'svcnum' => $svcnum },
+%  'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+%}) or die "svc_www: Unknown svcnum $svcnum";
 %
 %#false laziness w/all svc_*.cgi
 %my $cust_svc = qsearchs( 'cust_svc', { 'svcnum' => $svcnum } );
-- 
2.11.0