From 1cd83e5112019111a8f6c16eacd5264a95abcfb2 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Mon, 15 May 2017 10:49:38 -0700 Subject: [PATCH] separate edit and delete rights for customer notes, RT#76001 --- FS/FS/AccessRight.pm | 1 + FS/FS/access_right.pm | 1 + httemplate/misc/delete-note.html | 4 ++-- httemplate/view/cust_main/menu.html | 2 +- httemplate/view/cust_main/notes/notes.html | 16 +++++++++------- 5 files changed, 14 insertions(+), 10 deletions(-) diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm index 285a770fc..2d959532b 100644 --- a/FS/FS/AccessRight.pm +++ b/FS/FS/AccessRight.pm @@ -258,6 +258,7 @@ tie my %rights, 'Tie::IxHash', 'Customer note and attachment rights' => [ 'Add customer note', #NEW 'Edit customer note', #NEW + 'Delete customer note', #NEWEST 'View attachments', #NEW 'Browse attachments', #NEW 'Download attachment', #NEW diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm index 1a0a1cb30..f1614ff30 100644 --- a/FS/FS/access_right.pm +++ b/FS/FS/access_right.pm @@ -258,6 +258,7 @@ sub _upgrade_data { # class method ], 'Resend invoices' => 'Print and mail invoices', 'List customers' => 'Customers: Customer churn report', + 'Edit customer note' => 'Delete customer note', ); # foreach my $old_acl ( keys %onetime ) { diff --git a/httemplate/misc/delete-note.html b/httemplate/misc/delete-note.html index 436326ff1..e6d21271e 100644 --- a/httemplate/misc/delete-note.html +++ b/httemplate/misc/delete-note.html @@ -1,6 +1,6 @@ <%init> die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Edit customer note'); + unless $FS::CurrentUser::CurrentUser->access_right('Delete customer note'); my ($notenum) = $cgi->keywords; $notenum =~ /^\d+$/ or die "bad notenum '$notenum'"; @@ -8,4 +8,4 @@ my $note = FS::cust_main_note->by_key($notenum) or die "notenum '$notenum' not found"; $note->delete; -<% $cgi->redirect($p.'view/cust_main.cgi?'.$note->custnum) %> +<% $cgi->redirect($p.'view/cust_main.cgi?custnum='.$note->custnum. ';show=notes') %> diff --git a/httemplate/view/cust_main/menu.html b/httemplate/view/cust_main/menu.html index 9e910f861..dcba1fb00 100644 --- a/httemplate/view/cust_main/menu.html +++ b/httemplate/view/cust_main/menu.html @@ -206,7 +206,7 @@ my @menu = ( confexists => '!cust_main-disable_notes', acl => 'Add customer note', width => 875, - height => 538, + height => 548, }, { label => 'Attach file', diff --git a/httemplate/view/cust_main/notes/notes.html b/httemplate/view/cust_main/notes/notes.html index f998ba4c0..c64300384 100644 --- a/httemplate/view/cust_main/notes/notes.html +++ b/httemplate/view/cust_main/notes/notes.html @@ -69,19 +69,21 @@ function display_notes_classnum (classnum) { % "?custnum=$custnum". % ";notenum=$notenum", % 'actionlabel' => emt('Edit customer note'), -% 'width' => 616, -% 'height' => 575, +% 'width' => 875, +% 'height' => 548, % 'frame' => 'top', % ); % my $clickjs = qq!onclick="$onclick"!; % % my $edit = ''; -% if ($curuser->access_right('Edit customer note') ) { +% if ( $curuser->access_right('Edit customer note') ) { +% $edit = qq! (!.emt('edit').')'; +% } +% if ( $curuser->access_right('Delete customer note') ) { % my $delete_url = $fsurl.'misc/delete-note.html?'.$notenum; -% $edit = qq! (!.emt('edit').')'. -% qq! !. -% '('.emt('delete').')'; +% $edit .= qq! !. +% '('.emt('delete').')'; % } %