From 8d029daaa89e10b9a3e320cccfaad14714e19581 Mon Sep 17 00:00:00 2001
From: ivan <ivan>
Date: Thu, 27 Mar 2008 20:19:52 +0000
Subject: [PATCH] resolve minor ACL glitch linking to payments

---
 httemplate/search/cust_pay.cgi | 5 ++++-
 httemplate/view/cust_pay.html  | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/httemplate/search/cust_pay.cgi b/httemplate/search/cust_pay.cgi
index e5465aee8..80a611d97 100755
--- a/httemplate/search/cust_pay.cgi
+++ b/httemplate/search/cust_pay.cgi
@@ -235,7 +235,10 @@ if ( $cgi->param('magic') ) {
 
 }
 
-my $link = [ "${p}view/cust_pay.html?paynum=", 'paynum' ];
+my $link = '';
+$link = [ "${p}view/cust_pay.html?paynum=", 'paynum' ]
+  if $FS::CurrentUser::CurrentUser->access_right('View invoices'); #XXX for now
+  #later# if $FS::CurrentUser::CurrentUser->access_right('View customer payments');
 
 my $cust_link = sub {
   my $cust_pay = shift;
diff --git a/httemplate/view/cust_pay.html b/httemplate/view/cust_pay.html
index 4037d3525..2e2344d40 100644
--- a/httemplate/view/cust_pay.html
+++ b/httemplate/view/cust_pay.html
@@ -101,7 +101,8 @@
 my $curuser = $FS::CurrentUser::CurrentUser;
 
 die "access denied"
-  unless $curuser->access_right('View customer payments');
+  unless $curuser->access_right('View invoices') #remove this in 1.9 EVENTUALLY
+  || $curuser->access_right('View customer payments');
 
 $cgi->param('paynum') =~ /^(\d+)$/ or die "no paynum";
 my $paynum = $1;
-- 
2.11.0