From 1d94d421c28cb157e6cb2f8ff30d1ac85b399b57 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 27 Apr 2017 13:07:21 -0700
Subject: [PATCH] access control for List all customers, RT#75012

---
 httemplate/search/cust_main.cgi | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/httemplate/search/cust_main.cgi b/httemplate/search/cust_main.cgi
index 74cc5f32c..cce4f0d7d 100755
--- a/httemplate/search/cust_main.cgi
+++ b/httemplate/search/cust_main.cgi
@@ -352,9 +352,11 @@ my(@cust_main, $sortby, $orderby);
 my @select = ();
 my @addl_headers = ();
 my @addl_cols = ();
-if ( $cgi->param('browse')
-     || $cgi->param('otaker_on')
-     || $cgi->param('agentnum_on')
+if ( (    $cgi->param('browse')
+       || $cgi->param('otaker_on')
+       || $cgi->param('agentnum_on')
+     )
+     and $curuser->access_right('List all customers')
 ) {
 
   my %search = ();
-- 
2.11.0