From f5881f03875aa1460e76947cb5a45f96bf0144e4 Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Wed, 20 Jun 2012 16:37:46 -0700
Subject: [PATCH] ACLs for advanced customer and service searching, RT#18157

---
 FS/FS/AccessRight.pm                        |  4 ++++
 FS/FS/access_right.pm                       | 11 +++++++++--
 httemplate/elements/menu.html               | 13 ++++++-------
 httemplate/search/cust_main.html            |  4 +---
 httemplate/search/report_cust_main.html     |  4 +---
 httemplate/search/report_svc_acct.html      |  2 +-
 httemplate/search/report_svc_broadband.html |  2 +-
 httemplate/search/report_svc_hardware.html  |  2 +-
 8 files changed, 24 insertions(+), 18 deletions(-)

diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm
index 4aa777b46..eb9974adf 100644
--- a/FS/FS/AccessRight.pm
+++ b/FS/FS/AccessRight.pm
@@ -258,6 +258,7 @@ tie my %rights, 'Tie::IxHash',
   'Reporting/listing rights' => [
     'List customers',
     'List all customers',
+    'Advanced customer search',
     'List zip codes', #NEW
     'List invoices',
     'List packages',
@@ -274,14 +275,17 @@ tie my %rights, 'Tie::IxHash',
 
     'Download report data',
     'Services: Accounts',
+    'Services: Accounts: Advanced search',
     'Services: Domains',
     'Services: Certificates',
     'Services: Mail forwards',
     'Services: Virtual hosting services',
     'Services: Wireless broadband services',
+    'Services: Wireless broadband services: Advanced search',
     'Services: DSLs',
     'Services: Dish services',
     'Services: Hardware',
+    'Services: Hardware: Advanced search',
     'Services: Phone numbers',
     'Services: PBXs',
     'Services: Ports',
diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm
index 52cae3484..1e65ca354 100644
--- a/FS/FS/access_right.pm
+++ b/FS/FS/access_right.pm
@@ -2,6 +2,7 @@ package FS::access_right;
 
 use strict;
 use vars qw( @ISA );
+use Tie::IxHash;
 use FS::Record qw( qsearch qsearchs );
 use FS::upgrade_journal;
 
@@ -183,8 +184,9 @@ sub _upgrade_data { # class method
 
   my @all_groups = qsearch('access_group', {});
 
-  my %onetime = (
+  tie my %onetime, 'Tie::IxHash',
     'List customers'                      => 'List all customers',
+    'List all customers'                  => 'Advanced customer search',
     'List packages'                       => 'Summarize packages',
     'Post payment'                        => 'Backdate payment',
     'Cancel customer package immediately' => 'Un-cancel customer package',
@@ -206,11 +208,16 @@ sub _upgrade_data { # class method
                             'Services: Mailing lists',
                             'Services: External services',
                           ],
+
+    'Services: Accounts' => 'Services: Accounts: Advanced search',
+    'Services: Wireless broadband services' => 'Services: Wireless broadband services: Advanced search',
+    'Services: Hardware' => 'Services: Hardware: Advanced search',
+
     'List rating data' => [ 'Usage: RADIUS sessions',
                             'Usage: Call Detail Records (CDRs)',
                             'Usage: Unrateable CDRs',
                           ],
-  );
+  ;
 
   foreach my $old_acl ( keys %onetime ) {
 
diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html
index 14f8cd2f7..892345133 100644
--- a/httemplate/elements/menu.html
+++ b/httemplate/elements/menu.html
@@ -110,8 +110,7 @@ $report_customers{'List customers'} = [ \%report_customers_lists, 'List customer
 $report_customers{'Zip code distribution'}     = [ $fsurl. 'search/report_cust_main-zip.html', 'Zip codes by number of customers' ];
 $report_customers{'Customer signup report'}       = [ $fsurl. 'graph/report_cust_signup.html', 'New customer signups by date' ],
 $report_customers{'Advanced customer reports'} = [ $fsurl. 'search/report_cust_main.html', 'by status, signup date, agent, etc.' ]
-  if    $curuser->access_right('List customers')
-     && $curuser->access_right('List packages');
+  if $curuser->access_right('Advanced customer search');
 
 tie my %report_invoices_open, 'Tie::IxHash',
   'All open invoices' => [ $fsurl.'search/cust_bill.html?OPEN_date', 'All invoices with an unpaid balance' ],
@@ -201,10 +200,10 @@ foreach my $svcdb ( FS::part_svc->svc_tables() ) {
       ];
   }
 
-  if ( $svcdb =~ /^svc_(acct|broadband|hardware)$/ ) {
     $report_svc{"Advanced $lcsname reports"} = 
-      [ $fsurl."search/report_$svcdb.html", '' ];
-  }
+        [ $fsurl."search/report_$svcdb.html", '' ]
+      if $svcdb =~ /^svc_(acct|broadband|hardware)$/
+      && $curuser->access_right("Services: $name: Advanced search");
 
   if ( $svcdb eq 'svc_phone' ) {
 
@@ -221,8 +220,8 @@ foreach my $svcdb ( FS::part_svc->svc_tables() ) {
 
   }
 
-  $report_services{$name} = [ \%report_svc, $longname ] if
-    $curuser->access_right("Services: $name");
+  $report_services{$name} = [ \%report_svc, $longname ]
+    if $curuser->access_right("Services: $name");
 
 }
 
diff --git a/httemplate/search/cust_main.html b/httemplate/search/cust_main.html
index bb5eae7e3..cc71672d0 100755
--- a/httemplate/search/cust_main.html
+++ b/httemplate/search/cust_main.html
@@ -33,9 +33,7 @@
 <%init>
 
 die "access denied"
-  unless ( $FS::CurrentUser::CurrentUser->access_right('List customers') &&
-           $FS::CurrentUser::CurrentUser->access_right('List packages')
-         );
+  unless $FS::CurrentUser::CurrentUser->access_right('Advanced customer search');
 
 my %search_hash = ();
 
diff --git a/httemplate/search/report_cust_main.html b/httemplate/search/report_cust_main.html
index c7a3ad954..04e04ee82 100755
--- a/httemplate/search/report_cust_main.html
+++ b/httemplate/search/report_cust_main.html
@@ -171,9 +171,7 @@
 <%init>
 
 die "access denied"
-  unless ( $FS::CurrentUser::CurrentUser->access_right('List customers') &&
-           $FS::CurrentUser::CurrentUser->access_right('List packages')
-         );
+  unless $FS::CurrentUser::CurrentUser->access_right('Advanced customer search');
 
 my $conf = new FS::Conf;
 
diff --git a/httemplate/search/report_svc_acct.html b/httemplate/search/report_svc_acct.html
index 14c284fb7..74bf5538e 100755
--- a/httemplate/search/report_svc_acct.html
+++ b/httemplate/search/report_svc_acct.html
@@ -114,7 +114,7 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('List packages'); #?
+  unless $FS::CurrentUser::CurrentUser->access_right('Services: Accounts: Advanced search'); #?
 
 my $title = emt('Account Report');
 
diff --git a/httemplate/search/report_svc_broadband.html b/httemplate/search/report_svc_broadband.html
index 37f21b79f..d7422eeae 100755
--- a/httemplate/search/report_svc_broadband.html
+++ b/httemplate/search/report_svc_broadband.html
@@ -76,7 +76,7 @@
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('List packages'); #?
+  unless $FS::CurrentUser::CurrentUser->access_right('Services: Wireless broadband services: Advanced search');
 
 my $title = 'Broadband Service Report';
 my $routernum = [ $cgi->param('routernum') || '' ];
diff --git a/httemplate/search/report_svc_hardware.html b/httemplate/search/report_svc_hardware.html
index 61ba4ab8a..b0bfc08c7 100755
--- a/httemplate/search/report_svc_hardware.html
+++ b/httemplate/search/report_svc_hardware.html
@@ -61,7 +61,7 @@ OR (SELECT COUNT(*) FROM svc_hardware
 <%init>
 
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('List packages'); #?
+  unless $FS::CurrentUser::CurrentUser->access_right('Services: Hardware: Advanced search');
 
 my $title = 'Hardware Service Report';
 
-- 
2.11.0