[freeside-commits] freeside/httemplate/misc batch-cust_pay.html, 1.7.2.1, 1.7.2.2 bill.cgi, 1.12.2.2, 1.12.2.3 cancel-unaudited.cgi, 1.11.2.1, 1.11.2.2 cancel_cust.html, 1.1.2.3, 1.1.2.4 cancel_pkg.html, 1.2.2.2, 1.2.2.3 catchall.cgi, 1.9, 1.9.2.1 cdr-import.html, 1.3, 1.3.2.1 cust_main-cancel.cgi, 1.4.2.2, 1.4.2.3 cust_main-import.cgi, 1.5.2.2, 1.5.2.3 cust_main-import_charges.cgi, 1.3, 1.3.2.1 delete-cust_credit.cgi, 1.2.2.1, 1.2.2.2 delete-cust_pay.cgi, 1.3.2.1, 1.3.2.2 delete-cust_refund.cgi, 1.1.2.2, 1.1.2.3 delete-customer.cgi, 1.11, 1.11.2.1 delete-domain_record.cgi, 1.2.2.1, 1.2.2.2 delete-part_export.cgi, 1.4.2.1, 1.4.2.2 dump.cgi, 1.3.2.1, 1.3.2.2 email-invoice.cgi, 1.6, 1.6.2.1 email_invoice_events.cgi, 1.4, 1.4.2.1 email_invoices.cgi, 1.5, 1.5.2.1 fax-invoice.cgi, 1.4, 1.4.2.1 fax_invoice_events.cgi, 1.4, 1.4.2.1 fax_invoices.cgi, 1.5, 1.5.2.1 inventory_item-import.html, 1.2.2.1, 1.2.2.2 link.cgi, 1.12, 1.12.2.1 meta-import.cgi, 1.4, 1.4.2.1 payment.cgi, 1.12.2.4, 1.12.2.5 print-invoice.cgi, 1.10, 1.10.2.1 print_invoice_events.cgi, 1.4, 1.4.2.1 print_invoices.cgi, 1.5, 1.5.2.1 queue.cgi, 1.5, 1.5.2.1 recharge_svc.html, 1.1.2.3, 1.1.2.4 svc_acct-domains.cgi, 1.2.2.1, 1.2.2.2 unapply-cust_credit.cgi, 1.2.2.1, 1.2.2.2 unapply-cust_pay.cgi, 1.3.2.1, 1.3.2.2 unprovision.cgi, 1.3.2.1, 1.3.2.2 unsusp_pkg.cgi, 1.5.2.1, 1.5.2.2 unvoid-cust_pay_void.cgi, 1.2.2.1, 1.2.2.2 upload-batch.cgi, 1.11.2.1, 1.11.2.2 void-cust_pay.cgi, 1.2.2.1, 1.2.2.2 whois.cgi, 1.3, 1.3.2.1
Ivan,,,
ivan at wavetail.420.am
Sun Jan 13 13:14:33 PST 2008
- Previous message: [freeside-commits] freeside/httemplate/misc/process batch-cust_pay.cgi, 1.3, 1.4 cancel_pkg.html, 1.7, 1.8 catchall.cgi, 1.5, 1.6 cdr-import.html, 1.4, 1.5 cust_main-import.cgi, 1.6, 1.7 cust_main-import_charges.cgi, 1.5, 1.6 delete-customer.cgi, 1.5, 1.6 inventory_item-import.html, 1.4, 1.5 link.cgi, 1.17, 1.18 meta-import.cgi, 1.8, 1.9 payment.cgi, 1.15, 1.16 recharge_svc.html, 1.6, 1.7
- Next message: [freeside-commits] freeside/httemplate/misc/process batch-cust_pay.cgi, 1.3, 1.3.2.1 cancel_pkg.html, 1.4.2.1, 1.4.2.2 catchall.cgi, 1.5, 1.5.2.1 cdr-import.html, 1.3.2.1, 1.3.2.2 cust_main-import.cgi, 1.5.2.1, 1.5.2.2 cust_main-import_charges.cgi, 1.4.2.1, 1.4.2.2 delete-customer.cgi, 1.5, 1.5.2.1 inventory_item-import.html, 1.3.2.1, 1.3.2.2 link.cgi, 1.15.2.2, 1.15.2.3 meta-import.cgi, 1.7.2.1, 1.7.2.2 payment.cgi, 1.9.2.6, 1.9.2.7 recharge_svc.html, 1.2.2.4, 1.2.2.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/cvsroot/freeside/httemplate/misc
In directory wavetail:/tmp/cvs-serv6719
Modified Files:
Tag: FREESIDE_1_7_BRANCH
batch-cust_pay.html bill.cgi cancel-unaudited.cgi
cancel_cust.html cancel_pkg.html catchall.cgi cdr-import.html
cust_main-cancel.cgi cust_main-import.cgi
cust_main-import_charges.cgi delete-cust_credit.cgi
delete-cust_pay.cgi delete-cust_refund.cgi delete-customer.cgi
delete-domain_record.cgi delete-part_export.cgi dump.cgi
email-invoice.cgi email_invoice_events.cgi email_invoices.cgi
fax-invoice.cgi fax_invoice_events.cgi fax_invoices.cgi
inventory_item-import.html link.cgi meta-import.cgi
payment.cgi print-invoice.cgi print_invoice_events.cgi
print_invoices.cgi queue.cgi recharge_svc.html
svc_acct-domains.cgi unapply-cust_credit.cgi
unapply-cust_pay.cgi unprovision.cgi unsusp_pkg.cgi
unvoid-cust_pay_void.cgi upload-batch.cgi void-cust_pay.cgi
whois.cgi
Log Message:
ACLs
Index: catchall.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/catchall.cgi,v
retrieving revision 1.9
retrieving revision 1.9.2.1
diff -u -d -r1.9 -r1.9.2.1
--- catchall.cgi 23 Aug 2006 22:25:38 -0000 1.9
+++ catchall.cgi 13 Jan 2008 21:14:29 -0000 1.9.2.1
@@ -1,134 +1,120 @@
-<!-- mason kludge -->
-%
-%
-%my $conf = new FS::Conf;
-%
-%my($svc_domain, $svcnum, $pkgnum, $svcpart, $part_svc);
-%if ( $cgi->param('error') ) {
-% $svc_domain = new FS::svc_domain ( {
-% map { $_, scalar($cgi->param($_)) } fields('svc_domain')
-% } );
-% $svcnum = $svc_domain->svcnum;
-% $pkgnum = $cgi->param('pkgnum');
-% $svcpart = $cgi->param('svcpart');
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%} else {
-% my($query) = $cgi->keywords;
-% if ( $query =~ /^(\d+)$/ ) { #editing
-% $svcnum=$1;
-% $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum})
-% or die "Unknown (svc_domain) svcnum!";
-%
-% my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
-% or die "Unknown (cust_svc) svcnum!";
-%
-% $pkgnum=$cust_svc->pkgnum;
-% $svcpart=$cust_svc->svcpart;
-%
-% $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
-% die "No part_svc entry!" unless $part_svc;
-%
-% } else {
-%
-% die "Invalid (svc_domain) svcnum!";
-%
-% }
-%}
-%
-%my %email;
-%if ($pkgnum) {
-%
-% #find all possible user svcnums (and emails)
-%
-% #starting with that currently attached
-% if ($svc_domain->catchall) {
-% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
-% $email{$svc_domain->catchall} = $svc_acct->email;
-% }
-%
-% #and including the rest for this customer
-% my($u_part_svc, at u_acct_svcparts);
-% foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) {
-% push @u_acct_svcparts,$u_part_svc->getfield('svcpart');
-% }
-%
-% my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-% my($custnum)=$cust_pkg->getfield('custnum');
-% my($i_cust_pkg);
-% foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
-% my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
-% my($acct_svcpart);
-% foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
-% #record(s) in cust_svc ( for this
-% #pkgnum ! )
-% my($i_cust_svc);
-% foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) {
-% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')});
-% $email{$svc_acct->getfield('svcnum')}=$svc_acct->email;
-% }
-% }
-% }
-%
-%} else {
-%
-% my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
-% $email{$svc_domain->catchall} = $svc_acct->email;
-%}
-%
-%# add an absence of a catchall
-%$email{''} = "(none)";
-%
-%my $p1 = popurl(1);
-%print header("Domain Catchall Edit", '');
-%
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-% "</FONT>"
-% if $cgi->param('error');
-%
-%print qq!<FORM ACTION="${p1}process/catchall.cgi" METHOD=POST>!;
-%
-%#display
-%
-% #formatting
-% print "<PRE>";
-%
-%#svcnum
-%print qq!<INPUT TYPE="hidden" NAME="svcnum" VALUE="$svcnum">!;
-%print qq!Service #<FONT SIZE=+1><B>!, $svcnum ? $svcnum : " (NEW)", "</B></FONT>";
-%
-%#pkgnum
-%print qq!<INPUT TYPE="hidden" NAME="pkgnum" VALUE="$pkgnum">!;
-%
-%#svcpart
-%print qq!<INPUT TYPE="hidden" NAME="svcpart" VALUE="$svcpart">!;
-%
-%my($domain,$catchall)=(
-% $svc_domain->domain,
-% $svc_domain->catchall,
-%);
-%
-%print qq!<INPUT TYPE="hidden" NAME="domain" VALUE="$domain">!;
-%
-%#catchall
-%print qq!\n\nMail to <I>(anything)</I>@<B>$domain</B> forwards to <SELECT NAME="catchall" SIZE=1>!;
-%foreach $_ (keys %email) {
-% print "<OPTION", $_ eq $catchall ? " SELECTED" : "",
-% qq! VALUE="$_">$email{$_}!;
-%}
-%print "</SELECT>";
-%
-% #formatting
-% print "</PRE>\n";
-%
-%print qq!<CENTER><INPUT TYPE="submit" VALUE="Submit"></CENTER>!;
-%
-%print <<END;
-%
-% </FORM>
-% </BODY>
-%</HTML>
-%END
-%
-%
+<% include('/elements/header.html', 'Domain Catchall Edit') %>
+
+<% include('/elements/error.html') %>
+
+<FORM ACTION="<%$p1%>process/catchall.cgi" METHOD=POST>
+
+<PRE>
+
+<INPUT TYPE="hidden" NAME="svcnum" VALUE="<% $svcnum |h %>">
+Service #<FONT SIZE=+1><B><% $svcnum ? $svcnum : ' (NEW)' |h %></B></FONT>
+
+<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum |h %>">
+
+<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>">
+
+% my $domain = $svc_domain->domain;
+% my $catchall = $svc_domain->catchall;
+
+<INPUT TYPE="hidden" NAME="domain" VALUE="<% $domain |h %>">
+
+Mail to <I>(anything)</I>@<B><% $domain |h %></B> forwards to <SELECT NAME="catchall" SIZE=1>
+% foreach $_ (keys %email) {
+ <OPTION<% $_ eq $catchall ? ' SELECTED' : '' %> VALUE="<% $_ %>"><% $email{$_} %>
+% }
+</SELECT>
+
+</PRE>
+
+<INPUT TYPE="submit" VALUE="Submit">
+
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit domain catchall');
+
+my $conf = new FS::Conf;
+
+my($svc_domain, $svcnum, $pkgnum, $svcpart, $part_svc);
+if ( $cgi->param('error') ) {
+ $svc_domain = new FS::svc_domain ( {
+ map { $_, scalar($cgi->param($_)) } fields('svc_domain')
+ } );
+ $svcnum = $svc_domain->svcnum;
+ $pkgnum = $cgi->param('pkgnum');
+ $svcpart = $cgi->param('svcpart');
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+} else {
+ my($query) = $cgi->keywords;
+ if ( $query =~ /^(\d+)$/ ) { #editing
+ $svcnum=$1;
+ $svc_domain=qsearchs('svc_domain',{'svcnum'=>$svcnum})
+ or die "Unknown (svc_domain) svcnum!";
+
+ my($cust_svc)=qsearchs('cust_svc',{'svcnum'=>$svcnum})
+ or die "Unknown (cust_svc) svcnum!";
+
+ $pkgnum=$cust_svc->pkgnum;
+ $svcpart=$cust_svc->svcpart;
+
+ $part_svc=qsearchs('part_svc',{'svcpart'=>$svcpart});
+ die "No part_svc entry!" unless $part_svc;
+
+ } else {
+
+ die "Invalid (svc_domain) svcnum!";
+
+ }
+}
+
+my %email;
+if ($pkgnum) {
+
+ #find all possible user svcnums (and emails)
+
+ #starting with that currently attached
+ if ($svc_domain->catchall) {
+ my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
+ $email{$svc_domain->catchall} = $svc_acct->email;
+ }
+ #and including the rest for this customer
+ my($u_part_svc, at u_acct_svcparts);
+ foreach $u_part_svc ( qsearch('part_svc',{'svcdb'=>'svc_acct'}) ) {
+ push @u_acct_svcparts,$u_part_svc->getfield('svcpart');
+ }
+
+ my($cust_pkg)=qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+ my($custnum)=$cust_pkg->getfield('custnum');
+ my($i_cust_pkg);
+ foreach $i_cust_pkg ( qsearch('cust_pkg',{'custnum'=>$custnum}) ) {
+ my($cust_pkgnum)=$i_cust_pkg->getfield('pkgnum');
+ my($acct_svcpart);
+ foreach $acct_svcpart (@u_acct_svcparts) { #now find the corresponding
+ #record(s) in cust_svc ( for this
+ #pkgnum ! )
+ my($i_cust_svc);
+ foreach $i_cust_svc ( qsearch('cust_svc',{'pkgnum'=>$cust_pkgnum,'svcpart'=>$acct_svcpart}) ) {
+ my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$i_cust_svc->getfield('svcnum')});
+ $email{$svc_acct->getfield('svcnum')}=$svc_acct->email;
+ }
+ }
+ }
+
+} else {
+
+ my($svc_acct)=qsearchs('svc_acct',{'svcnum'=>$svc_domain->catchall});
+ $email{$svc_domain->catchall} = $svc_acct->email;
+}
+
+# add an absence of a catchall
+$email{''} = "(none)";
+
+my $p1 = popurl(1);
+
+</%init>
Index: unapply-cust_pay.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/unapply-cust_pay.cgi,v
retrieving revision 1.3.2.1
retrieving revision 1.3.2.2
diff -u -d -r1.3.2.1 -r1.3.2.2
--- unapply-cust_pay.cgi 8 Oct 2007 19:04:49 -0000 1.3.2.1
+++ unapply-cust_pay.cgi 13 Jan 2008 21:14:30 -0000 1.3.2.2
@@ -1,19 +1,20 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } );
-%my $custnum = $cust_pay->custnum;
-%
-%foreach my $cust_bill_pay ( $cust_pay->cust_bill_pay ) {
-% my $error = $cust_bill_pay->delete;
-% errorpage($error) if $error;
-%}
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unapply payment');
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } );
+my $custnum = $cust_pay->custnum;
+
+foreach my $cust_bill_pay ( $cust_pay->cust_bill_pay ) {
+ my $error = $cust_bill_pay->delete;
+ errorpage($error) if $error;
+}
+
+</%init>
Index: link.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/link.cgi,v
retrieving revision 1.12
retrieving revision 1.12.2.1
diff -u -d -r1.12 -r1.12.2.1
--- link.cgi 29 Dec 2006 08:51:33 -0000 1.12
+++ link.cgi 13 Jan 2008 21:14:29 -0000 1.12.2.1
@@ -1,31 +1,5 @@
-%my %link_field = (
-% 'svc_acct' => 'username',
-% 'svc_domain' => 'domain',
-%);
-%
-%my %link_field2 = (
-% 'svc_acct' => { label => 'Domain',
-% field => 'domsvc',
-% type => 'select',
-% select_table => 'svc_domain',
-% select_key => 'svcnum',
-% select_label => 'domain'
-% },
-%);
-%
-%$cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
-%my $pkgnum = $1;
-%$cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
-%my $svcpart = $1;
-%
-%my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart});
-%my $svc = $part_svc->getfield('svc');
-%my $svcdb = $part_svc->getfield('svcdb');
-%my $link_field = $link_field{$svcdb};
-%my $link_field2 = $link_field2{$svcdb};
-%
-
<% include("/elements/header.html","Link to existing $svc") %>
+
<FORM ACTION="<% popurl(1) %>process/link.cgi" METHOD=POST>
% if ( $link_field ) {
@@ -72,6 +46,39 @@
<INPUT TYPE="hidden" NAME="pkgnum" VALUE="<% $pkgnum %>">
<INPUT TYPE="hidden" NAME="svcpart" VALUE="<% $svcpart %>">
<BR><INPUT TYPE="submit" VALUE="Link">
- </FORM>
- </BODY>
-</HTML>
+</FORM>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services');
+
+my %link_field = (
+ 'svc_acct' => 'username',
+ 'svc_domain' => 'domain',
+);
+
+my %link_field2 = (
+ 'svc_acct' => { label => 'Domain',
+ field => 'domsvc',
+ type => 'select',
+ select_table => 'svc_domain',
+ select_key => 'svcnum',
+ select_label => 'domain'
+ },
+);
+
+$cgi->param('pkgnum') =~ /^(\d+)$/ or die 'unparsable pkgnum';
+my $pkgnum = $1;
+$cgi->param('svcpart') =~ /^(\d+)$/ or die 'unparsable svcpart';
+my $svcpart = $1;
+
+my $part_svc = qsearchs('part_svc',{'svcpart'=>$svcpart});
+my $svc = $part_svc->getfield('svc');
+my $svcdb = $part_svc->getfield('svcdb');
+my $link_field = $link_field{$svcdb};
+my $link_field2 = $link_field2{$svcdb};
+
+</%init>
Index: email_invoice_events.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/email_invoice_events.cgi,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -d -r1.4 -r1.4.2.1
--- email_invoice_events.cgi 23 Aug 2006 22:25:38 -0000 1.4
+++ email_invoice_events.cgi 13 Jan 2008 21:14:29 -0000 1.4.2.1
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reemail', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reemail', $cgi;
+
+</%init>
Index: bill.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/bill.cgi,v
retrieving revision 1.12.2.2
retrieving revision 1.12.2.3
diff -u -d -r1.12.2.2 -r1.12.2.3
--- bill.cgi 8 Oct 2007 19:04:48 -0000 1.12.2.2
+++ bill.cgi 13 Jan 2008 21:14:27 -0000 1.12.2.3
@@ -1,45 +1,45 @@
-%
-%#untaint custnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d*)$/;
-%my $custnum = $1;
-%my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum});
-%die "Can't find customer!\n" unless $cust_main;
-%
-%my $conf = new FS::Conf;
-%
-%my $error = $cust_main->bill(
-%# 'time'=>$time
-% );
-%
-%unless ( $error ) {
-% $error = $cust_main->apply_payments_and_credits
-% || $cust_main->collect(
-% #'invoice-time'=>$time,
-% #'batch_card'=> 'yes',
-% #'batch_card'=> 'no',
-% #'report_badcard'=> 'yes',
-% #'retry_card' => 'yes',
-%
-% 'retry' => 'yes',
-%
-% #this is used only by cust_main::batch_card
-% #need to pick & create an actual config
-% #value if we're going to turn this on
-% #("realtime-backend" doesn't exist,
-% # "backend-realtime" is for something
-% # entirely different)
-% #'realtime' => $conf->exists('realtime-backend'),
-% );
-%}
-%
%if ( $error ) {
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
-% print $cgi->redirect(popurl(2). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(2). "view/cust_main.cgi?$custnum") %>
%}
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Bill customer now');
+
+#untaint custnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d*)$/;
+my $custnum = $1;
+my $cust_main = qsearchs('cust_main',{'custnum'=>$custnum});
+die "Can't find customer!\n" unless $cust_main;
+
+my $conf = new FS::Conf;
+
+my $error = $cust_main->bill(
+# 'time'=>$time
+ );
+
+unless ( $error ) {
+ $error = $cust_main->apply_payments_and_credits
+ || $cust_main->collect(
+ #'invoice-time'=>$time,
+ #'batch_card'=> 'yes',
+ #'batch_card'=> 'no',
+ #'report_badcard'=> 'yes',
+ #'retry_card' => 'yes',
+
+ 'retry' => 'yes',
+
+ #this is used only by cust_main::batch_card
+ #need to pick & create an actual config
+ #value if we're going to turn this on
+ #("realtime-backend" doesn't exist,
+ # "backend-realtime" is for something
+ # entirely different)
+ #'realtime' => $conf->exists('realtime-backend'),
+ );
+}
+
+</%init>
Index: unapply-cust_credit.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/unapply-cust_credit.cgi,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- unapply-cust_credit.cgi 8 Oct 2007 19:04:49 -0000 1.2.2.1
+++ unapply-cust_credit.cgi 13 Jan 2008 21:14:30 -0000 1.2.2.2
@@ -1,19 +1,20 @@
-%
-%
-%#untaint crednum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal crednum";
-%my $crednum = $1;
-%
-%my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } );
-%my $custnum = $cust_credit->custnum;
-%
-%foreach my $cust_credit_bill ( $cust_credit->cust_credit_bill ) {
-% my $error = $cust_credit_bill->delete;
-% errorpage($error) if $error;
-%}
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unapply credit');
+
+#untaint crednum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal crednum";
+my $crednum = $1;
+my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } );
+my $custnum = $cust_credit->custnum;
+
+foreach my $cust_credit_bill ( $cust_credit->cust_credit_bill ) {
+ my $error = $cust_credit_bill->delete;
+ errorpage($error) if $error;
+}
+
+</%init>
Index: print_invoice_events.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/print_invoice_events.cgi,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -d -r1.4 -r1.4.2.1
--- print_invoice_events.cgi 23 Aug 2006 22:25:38 -0000 1.4
+++ print_invoice_events.cgi 13 Jan 2008 21:14:29 -0000 1.4.2.1
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reprint', $cgi;
-
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_reprint', $cgi;
+
+</%init>
Index: dump.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/dump.cgi,v
retrieving revision 1.3.2.1
retrieving revision 1.3.2.2
diff -u -d -r1.3.2.1 -r1.3.2.2
--- dump.cgi 8 Oct 2007 19:04:49 -0000 1.3.2.1
+++ dump.cgi 13 Jan 2008 21:14:29 -0000 1.3.2.2
@@ -1,3 +1,5 @@
+% die "access denied"
+% unless $FS::CurrentUser::CurrentUser->access_right('Export');
%
% if ( driver_name =~ /^Pg$/ ) {
% my $dbname = (split(':', datasrc))[2];
@@ -16,5 +18,3 @@
% print $_;
% }
% close DUMP;
-%
-
Index: email_invoices.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/email_invoices.cgi,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -d -r1.5 -r1.5.2.1
--- email_invoices.cgi 23 Aug 2006 22:25:38 -0000 1.5
+++ email_invoices.cgi 13 Jan 2008 21:14:29 -0000 1.5.2.1
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reemail', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reemail', $cgi;
+
+</%init>
Index: cancel-unaudited.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/cancel-unaudited.cgi,v
retrieving revision 1.11.2.1
retrieving revision 1.11.2.2
diff -u -d -r1.11.2.1 -r1.11.2.2
--- cancel-unaudited.cgi 8 Oct 2007 19:04:48 -0000 1.11.2.1
+++ cancel-unaudited.cgi 13 Jan 2008 21:14:28 -0000 1.11.2.2
@@ -1,36 +1,33 @@
-%
-%
-%my $dbh = dbh;
-%
-%#untaint svcnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%
-%#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
-%#die "Unknown svcnum!" unless $svc_acct;
-%
-%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
-%die "Unknown svcnum!" unless $cust_svc;
-%my $cust_pkg = $cust_svc->cust_pkg;
-%if ( $cust_pkg ) {
-% errorpage( 'This account has already been audited. Cancel the '.
-% qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum.
-% '#cust_pkg'. $cust_pkg->pkgnum. '">'.
-% 'package</A> instead.');
-%}
-%
-%my $error = $cust_svc->cancel;
-%
%if ( $error ) {
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
-% print $cgi->redirect(popurl(2));
+<% $cgi->redirect(popurl(2)) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unprovision customer service')
+ && $FS::CurrentUser::CurrentUser->access_right('View/link unlinked services');
+
+#untaint svcnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+
+#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
+#die "Unknown svcnum!" unless $svc_acct;
+
+my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
+die "Unknown svcnum!" unless $cust_svc;
+my $cust_pkg = $cust_svc->cust_pkg;
+if ( $cust_pkg ) {
+ errorpage( 'This account has already been audited. Cancel the '.
+ qq!<A HREF="${p}view/cust_main.cgi?!. $cust_pkg->custnum.
+ '#cust_pkg'. $cust_pkg->pkgnum. '">'.
+ 'package</A> instead.');
+}
+
+my $error = $cust_svc->cancel;
+
+</%init>
Index: print_invoices.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/print_invoices.cgi,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -d -r1.5 -r1.5.2.1
--- print_invoices.cgi 23 Aug 2006 22:25:38 -0000 1.5
+++ print_invoices.cgi 13 Jan 2008 21:14:29 -0000 1.5.2.1
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reprint', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_reprint', $cgi;
+
+</%init>
Index: fax_invoice_events.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/fax_invoice_events.cgi,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -d -r1.4 -r1.4.2.1
--- fax_invoice_events.cgi 23 Aug 2006 22:25:38 -0000 1.4
+++ fax_invoice_events.cgi 13 Jan 2008 21:14:29 -0000 1.4.2.1
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_refax', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill_event::process_refax', $cgi;
+
+</%init>
Index: meta-import.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/meta-import.cgi,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -d -r1.4 -r1.4.2.1
--- meta-import.cgi 23 Aug 2006 22:25:38 -0000 1.4
+++ meta-import.cgi 13 Jan 2008 21:14:29 -0000 1.4.2.1
@@ -1,5 +1,5 @@
-<!-- mason kludge -->
-<% include("/elements/header.html",'Import') %>
+<% include('/elements/header.html', 'Import') %>
+
<FORM ACTION="process/meta-import.cgi" METHOD="post" ENCTYPE="multipart/form-data">
Import data from a DBI data source<BR><BR>
%
@@ -68,6 +68,12 @@
<INPUT TYPE="submit" VALUE="Import">
</FORM>
- </BODY>
-<HTML>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+#there's no ACL for this... haven't used in ages
+die 'meta-import not enabled; remove this if you want to use it';
+
+</%init>
Index: upload-batch.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/upload-batch.cgi,v
retrieving revision 1.11.2.1
retrieving revision 1.11.2.2
diff -u -d -r1.11.2.1 -r1.11.2.2
--- upload-batch.cgi 8 Oct 2007 19:04:49 -0000 1.11.2.1
+++ upload-batch.cgi 13 Jan 2008 21:14:30 -0000 1.11.2.2
@@ -1,17 +1,14 @@
-% if ( $error ) {
-
- <!-- mason kludge -->
-
-% errorpage($error);
-%# $cgi->param('error', $error);
-%# print $cgi->redirect( "${p}cust_main-import.cgi
-% } else {
-
- <% include("/elements/header.html",'Batch results upload successful') %>
-
-% }
+% if ( $error ) {
+% errorpage($error);
+% } else {
+ <% include('/elements/header.html','Batch results upload successful') %>
+ <% include('/elements/footer.html') %>
+% }
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Process batches');
+
my $error;
my $fh = $cgi->upload('batch_results');
Index: cdr-import.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/cdr-import.html,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -d -r1.3 -r1.3.2.1
--- cdr-import.html 23 Aug 2006 22:25:38 -0000 1.3
+++ cdr-import.html 13 Jan 2008 21:14:29 -0000 1.3.2.1
@@ -14,3 +14,9 @@
<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+</%init>
Index: cust_main-import_charges.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/cust_main-import_charges.cgi,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -d -r1.3 -r1.3.2.1
--- cust_main-import_charges.cgi 23 Aug 2006 22:25:38 -0000 1.3
+++ cust_main-import_charges.cgi 13 Jan 2008 21:14:29 -0000 1.3.2.1
@@ -1,14 +1,22 @@
-<!-- mason kludge -->
-<% include("/elements/header.html",'Batch Customer Charge') %>
+<% include('/elements/header.html', 'Batch Customer Charge') %>
+
<FORM ACTION="process/cust_main-import_charges.cgi" METHOD="post" ENCTYPE="multipart/form-data">
+
Import a CSV file containing customer charges.<BR><BR>
Default file format is CSV, with the following field order: <i>custnum, amount, description</i><BR><BR>
If <i>amount</i> is negative, a credit will be applied instead.<BR><BR>
<BR><BR>
- CSV Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR>
- <INPUT TYPE="submit" VALUE="Import">
- </FORM>
- </BODY>
-<HTML>
+CSV Filename: <INPUT TYPE="file" NAME="csvfile"><BR><BR>
+<INPUT TYPE="submit" VALUE="Import">
+
+</FORM>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+</%init>
Index: delete-cust_credit.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/delete-cust_credit.cgi,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- delete-cust_credit.cgi 8 Oct 2007 19:04:48 -0000 1.2.2.1
+++ delete-cust_credit.cgi 13 Jan 2008 21:14:29 -0000 1.2.2.2
@@ -1,17 +1,21 @@
-%
-%
-%#untaint crednum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal crednum";
-%my $crednum = $1;
-%
-%my $cust_credit = qsearchs('cust_credit',{'crednum'=>$crednum});
-%my $custnum = $cust_credit->custnum;
-%
-%my $error = $cust_credit->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete credit');
+
+#untaint crednum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal crednum";
+my $crednum = $1;
+my $cust_credit = qsearchs('cust_credit',{'crednum'=>$crednum});
+my $custnum = $cust_credit->custnum;
+
+my $error = $cust_credit->delete;
+
+</%init>
Index: delete-cust_refund.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/delete-cust_refund.cgi,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -d -r1.1.2.2 -r1.1.2.3
--- delete-cust_refund.cgi 8 Oct 2007 19:04:48 -0000 1.1.2.2
+++ delete-cust_refund.cgi 13 Jan 2008 21:14:29 -0000 1.1.2.3
@@ -1,17 +1,21 @@
-%
-%
-%#untaint refundnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal refundnum";
-%my $refundnum = $1;
-%
-%my $cust_refund = qsearchs('cust_refund',{'refundnum'=>$refundnum});
-%my $custnum = $cust_refund->custnum;
-%
-%my $error = $cust_refund->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete refund');
+
+#untaint refundnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal refundnum";
+my $refundnum = $1;
+my $cust_refund = qsearchs('cust_refund',{'refundnum'=>$refundnum});
+my $custnum = $cust_refund->custnum;
+
+my $error = $cust_refund->delete;
+
+</%init>
Index: fax_invoices.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/fax_invoices.cgi,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -d -r1.5 -r1.5.2.1
--- fax_invoices.cgi 23 Aug 2006 22:25:38 -0000 1.5
+++ fax_invoices.cgi 13 Jan 2008 21:14:29 -0000 1.5.2.1
@@ -1,4 +1,9 @@
-%
-%my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_refax', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+my $server = new FS::UI::Web::JSRPC 'FS::cust_bill::process_refax', $cgi;
+
+</%init>
Index: cust_main-cancel.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/cust_main-cancel.cgi,v
retrieving revision 1.4.2.2
retrieving revision 1.4.2.3
diff -u -d -r1.4.2.2 -r1.4.2.3
--- cust_main-cancel.cgi 19 Dec 2007 22:31:38 -0000 1.4.2.2
+++ cust_main-cancel.cgi 13 Jan 2008 21:14:29 -0000 1.4.2.3
@@ -6,6 +6,9 @@
</HTML>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Cancel customer');
+
my $custnum;
my $ban = '';
if ( $cgi->param('custnum') =~ /^(\d+)$/ ) {
Index: svc_acct-domains.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/svc_acct-domains.cgi,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- svc_acct-domains.cgi 28 Feb 2007 19:41:30 -0000 1.2.2.1
+++ svc_acct-domains.cgi 13 Jan 2008 21:14:30 -0000 1.2.2.2
@@ -1,31 +1,31 @@
-%
-%
-% my $pkgpart_svcpart = $cgi->param('arg');
-% $pkgpart_svcpart =~ /^\d+_(\d+)$/;
-% my $part_svc = qsearchs('part_svc', { 'svcpart' => $1 }) if $1;
-% my $part_svc_column = $part_svc->part_svc_column('domsvc') if $part_svc;
-%
-% my @output = split /,/, $part_svc_column->columnvalue if $part_svc_column;
-% my $columnflag = $part_svc_column->columnflag if $part_svc_column;
-% my @svc_domain = ();
-% my %seen = ();
-%
-% foreach (@output) {
-% my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $_ })
-% or warn "unknown svc_domain.svcnum $_ for part_svc_column domsvc; ".
-% "svcpart = " . $part_svc->svcpart;
-% push @svc_domain, [ $_ => $svc_domain->domain ];
-% $seen{$_}++;
-% }
-% if ($conf->exists('svc_acct-alldomains')
-% && ( $columnflag eq 'D' || $columnflag eq '' )
-% ) {
-% foreach (grep { $_->svcnum ne $output[0] } qsearch('svc_domain', {}) ){
-% push @svc_domain, [ $_->svcnum => $_->domain ];
-% }
-% }
-%
[ <% join(', ', map { qq("$_->[0]", "$_->[1]") } @svc_domain) %> ]
<%init>
+
my $conf = new FS::Conf;
+
+my $pkgpart_svcpart = $cgi->param('arg');
+$pkgpart_svcpart =~ /^\d+_(\d+)$/;
+my $part_svc = qsearchs('part_svc', { 'svcpart' => $1 }) if $1;
+my $part_svc_column = $part_svc->part_svc_column('domsvc') if $part_svc;
+
+my @output = split /,/, $part_svc_column->columnvalue if $part_svc_column;
+my $columnflag = $part_svc_column->columnflag if $part_svc_column;
+my @svc_domain = ();
+my %seen = ();
+
+foreach (@output) {
+ my $svc_domain = qsearchs('svc_domain', { 'svcnum' => $_ })
+ or warn "unknown svc_domain.svcnum $_ for part_svc_column domsvc; ".
+ "svcpart = " . $part_svc->svcpart;
+ push @svc_domain, [ $_ => $svc_domain->domain ];
+ $seen{$_}++;
+}
+if ($conf->exists('svc_acct-alldomains')
+ && ( $columnflag eq 'D' || $columnflag eq '' )
+ ) {
+ foreach (grep { $_->svcnum ne $output[0] } qsearch('svc_domain', {}) ){
+ push @svc_domain, [ $_->svcnum => $_->domain ];
+ }
+}
+
</%init>
Index: batch-cust_pay.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/batch-cust_pay.html,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -d -r1.7.2.1 -r1.7.2.2
--- batch-cust_pay.html 25 Dec 2007 23:50:04 -0000 1.7.2.1
+++ batch-cust_pay.html 13 Jan 2008 21:14:27 -0000 1.7.2.2
@@ -1,8 +1,5 @@
-<% include("/elements/header.html", 'Quick payment entry',
- menubar(
- 'Main Menu' => $p, #popurl(1),
- ),
- ( $cgi->param('error') ? '' : 'onload="addRow()"' ),
+<% include('/elements/header.html', 'Quick payment entry', ''
+ ( $cgi->param('error') ? '' : 'onload="addRow()"' ),
)
%>
@@ -387,5 +384,11 @@
</SCRIPT>
-</BODY>
-</HTML>
+<% include('/elements/footer.html') %>
+
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post payment batch');
+
+</%init>
Index: queue.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/queue.cgi,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -d -r1.5 -r1.5.2.1
--- queue.cgi 23 Aug 2006 22:25:38 -0000 1.5
+++ queue.cgi 13 Jan 2008 21:14:30 -0000 1.5.2.1
@@ -1,48 +1,49 @@
-%
-%
-%$cgi->param('action') =~ /^(new|del|(retry|remove) selected)$/
-% or die "Illegal action";
-%my $action = $1;
-%
-%my $job;
-%if ( $action eq 'new' || $action eq 'del' ) {
-% $cgi->param('jobnum') =~ /^(\d+)$/ or die "Illegal jobnum";
-% my $jobnum = $1;
-% $job = qsearchs('queue', { 'jobnum' => $1 })
-% or die "unknown jobnum $jobnum - ".
-% "it probably completed normally or was removed by another user";
-%}
-%
-%if ( $action eq 'new' ) {
-% my %hash = $job->hash;
-% $hash{'status'} = 'new';
-% $hash{'statustext'} = '';
-% my $new = new FS::queue \%hash;
-% my $error = $new->replace($job);
-% die $error if $error;
-%} elsif ( $action eq 'del' ) {
-% my $error = $job->delete;
-% die $error if $error;
-%} elsif ( $action =~ /^(retry|remove) selected$/ ) {
-% foreach my $jobnum (
-% map { /^jobnum(\d+)$/; $1; } grep /^jobnum\d+$/, $cgi->param
-% ) {
-% my $job = qsearchs('queue', { 'jobnum' => $jobnum });
-% if ( $action eq 'retry selected' && $job ) { #new
-% my %hash = $job->hash;
-% $hash{'status'} = 'new';
-% $hash{'statustext'} = '';
-% my $new = new FS::queue \%hash;
-% my $error = $new->replace($job);
-% die $error if $error;
-% } elsif ( $action eq 'remove selected' && $job ) { #del
-% my $error = $job->delete;
-% die $error if $error;
-% }
-% }
-%}
-%
-%print $cgi->redirect(popurl(2). "search/queue.html");
-%
-%
+<% $cgi->redirect(popurl(2). "search/queue.html") %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Job queue');
+
+$cgi->param('action') =~ /^(new|del|(retry|remove) selected)$/
+ or die "Illegal action";
+my $action = $1;
+
+my $job;
+if ( $action eq 'new' || $action eq 'del' ) {
+ $cgi->param('jobnum') =~ /^(\d+)$/ or die "Illegal jobnum";
+ my $jobnum = $1;
+ $job = qsearchs('queue', { 'jobnum' => $1 })
+ or die "unknown jobnum $jobnum - ".
+ "it probably completed normally or was removed by another user";
+}
+if ( $action eq 'new' ) {
+ my %hash = $job->hash;
+ $hash{'status'} = 'new';
+ $hash{'statustext'} = '';
+ my $new = new FS::queue \%hash;
+ my $error = $new->replace($job);
+ die $error if $error;
+} elsif ( $action eq 'del' ) {
+ my $error = $job->delete;
+ die $error if $error;
+} elsif ( $action =~ /^(retry|remove) selected$/ ) {
+ foreach my $jobnum (
+ map { /^jobnum(\d+)$/; $1; } grep /^jobnum\d+$/, $cgi->param
+ ) {
+ my $job = qsearchs('queue', { 'jobnum' => $jobnum });
+ if ( $action eq 'retry selected' && $job ) { #new
+ my %hash = $job->hash;
+ $hash{'status'} = 'new';
+ $hash{'statustext'} = '';
+ my $new = new FS::queue \%hash;
+ my $error = $new->replace($job);
+ die $error if $error;
+ } elsif ( $action eq 'remove selected' && $job ) { #del
+ my $error = $job->delete;
+ die $error if $error;
+ }
+ }
+}
+
+</%init>
Index: unvoid-cust_pay_void.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/unvoid-cust_pay_void.cgi,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- unvoid-cust_pay_void.cgi 8 Oct 2007 19:04:49 -0000 1.2.2.1
+++ unvoid-cust_pay_void.cgi 13 Jan 2008 21:14:30 -0000 1.2.2.2
@@ -1,17 +1,21 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay_void = qsearchs('cust_pay_void', { 'paynum' => $paynum } );
-%my $custnum = $cust_pay_void->custnum;
-%
-%my $error = $cust_pay_void->unvoid;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+%if ( $error ) {
+% errorpage($error);
+%} else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unvoid');
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+my $cust_pay_void = qsearchs('cust_pay_void', { 'paynum' => $paynum } );
+my $custnum = $cust_pay_void->custnum;
+
+my $error = $cust_pay_void->unvoid;
+
+</%init>
Index: recharge_svc.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/recharge_svc.html,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -d -r1.1.2.3 -r1.1.2.4
--- recharge_svc.html 25 Dec 2007 23:50:15 -0000 1.1.2.3
+++ recharge_svc.html 13 Jan 2008 21:14:30 -0000 1.1.2.4
@@ -28,7 +28,7 @@
</TR>
<TR>
<TD>Enter prepaid card: </TD>
- <TD><INPUT TYPE="text" NAME="prepaid" VALUE="<% $prepaid %>" <% $payby eq "PREP" ? '' : 'disabled' %>></TD>
+ <TD><INPUT TYPE="text" NAME="prepaid" VALUE="<% $prepaid |h %>" <% $payby eq "PREP" ? '' : 'disabled' %>></TD>
</TR>
</TABLE>
@@ -37,35 +37,42 @@
<INPUT TYPE="submit" NAME="submit" VALUE="Recharge">
</FORM>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html');
<%once>
+
my $conf = new FS::Conf;
my $money_char = $conf->config('money_char') || '$';
+
</%once>
<%init>
-my($svcnum, $cust_svc, $part_pkg, $label, $value, $prepaid, $amount, $payby);
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Recharge customer service');
+
+my($svcnum, $prepaid, $payby);
if ( $cgi->param('error') ) {
$svcnum = $cgi->param('svcnum');
$prepaid = $cgi->param('prepaid');
$payby = $cgi->param('payby');
} elsif ( $cgi->param('svcnum') =~ /^(\d+)$/ ) {
$svcnum = $1;
+ $prepaid = '';
} else {
die "illegal query ". $cgi->keywords;
}
my $title = 'Recharge Service';
-$cust_svc = qsearchs('cust_svc', {'svcnum' => $svcnum});
+my $cust_svc = qsearchs('cust_svc', {'svcnum' => $svcnum});
die "No such service: $svcnum" unless $cust_svc;
-($label, $value) = $cust_svc->label;
+my($label, $value) = $cust_svc->label;
$payby = $cust_svc->cust_pkg->cust_main->payby unless $payby;
-$part_pkg = $cust_svc->cust_pkg->part_pkg;
-$amount = $part_pkg->option('recharge_amount', 1) || 0;
+my $part_pkg = $cust_svc->cust_pkg->part_pkg;
+my $amount = $part_pkg->option('recharge_amount', 1) || 0;
my $recharge_label = "Charge $money_char$amount for ";
Index: void-cust_pay.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/void-cust_pay.cgi,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- void-cust_pay.cgi 8 Oct 2007 19:04:49 -0000 1.2.2.1
+++ void-cust_pay.cgi 13 Jan 2008 21:14:30 -0000 1.2.2.2
@@ -1,17 +1,26 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
-%my $custnum = $cust_pay->custnum;
-%
-%my $error = $cust_pay->void;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+%if ( $error ) {
+% errorpage($error);
+%} else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+%}
+<%init>
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+
+my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
+
+my $right = 'Regular void';
+$right = 'Credit card void' if $cust_pay->payby eq 'CARD';
+$right = 'Echeck void' if $cust_pay->payby eq 'CHEK';
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right($right);
+my $custnum = $cust_pay->custnum;
+
+my $error = $cust_pay->void;
+
+</%init>
Index: unsusp_pkg.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/unsusp_pkg.cgi,v
retrieving revision 1.5.2.1
retrieving revision 1.5.2.2
diff -u -d -r1.5.2.1 -r1.5.2.2
--- unsusp_pkg.cgi 8 Oct 2007 19:04:49 -0000 1.5.2.1
+++ unsusp_pkg.cgi 13 Jan 2008 21:14:30 -0000 1.5.2.2
@@ -1,16 +1,20 @@
-%
-%
-%#untaint pkgnum
-%my ($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal pkgnum";
-%my $pkgnum = $1;
-%
-%my $cust_pkg = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-%
-%my $error = $cust_pkg->unsuspend;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect(popurl(2). "view/cust_main.cgi?".$cust_pkg->getfield('custnum'));
-%
-%
+%if ( $error ) {
+% errorpage($error);
+%} else {
+<% $cgi->redirect(popurl(2). "view/cust_main.cgi?".$cust_pkg->getfield('custnum')) %>
+%}
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unsuspend customer package');
+
+#untaint pkgnum
+my ($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal pkgnum";
+my $pkgnum = $1;
+
+my $cust_pkg = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+
+my $error = $cust_pkg->unsuspend;
+
+</%init>
Index: delete-cust_pay.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/delete-cust_pay.cgi,v
retrieving revision 1.3.2.1
retrieving revision 1.3.2.2
diff -u -d -r1.3.2.1 -r1.3.2.2
--- delete-cust_pay.cgi 8 Oct 2007 19:04:48 -0000 1.3.2.1
+++ delete-cust_pay.cgi 13 Jan 2008 21:14:29 -0000 1.3.2.2
@@ -1,17 +1,21 @@
-%
-%
-%#untaint paynum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal paynum";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
-%my $custnum = $cust_pay->custnum;
-%
-%my $error = $cust_pay->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/cust_main.cgi?". $custnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/cust_main.cgi?". $custnum) %>
+% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete payment');
+
+#untaint paynum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal paynum";
+my $paynum = $1;
+my $cust_pay = qsearchs('cust_pay',{'paynum'=>$paynum});
+my $custnum = $cust_pay->custnum;
+
+my $error = $cust_pay->delete;
+
+</%init>
Index: delete-part_export.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/delete-part_export.cgi,v
retrieving revision 1.4.2.1
retrieving revision 1.4.2.2
diff -u -d -r1.4.2.1 -r1.4.2.2
--- delete-part_export.cgi 8 Oct 2007 19:04:48 -0000 1.4.2.1
+++ delete-part_export.cgi 13 Jan 2008 21:14:29 -0000 1.4.2.2
@@ -1,16 +1,20 @@
-%
-%
-%#untaint exportnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal exportnum";
-%my $exportnum = $1;
-%
-%my $part_export = qsearchs('part_export',{'exportnum'=>$exportnum});
-%
-%my $error = $part_export->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "browse/part_export.cgi");
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "browse/part_export.cgi") %>
+% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+#untaint exportnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal exportnum";
+my $exportnum = $1;
+
+my $part_export = qsearchs('part_export',{'exportnum'=>$exportnum});
+
+my $error = $part_export->delete;
+
+</%init>
Index: fax-invoice.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/fax-invoice.cgi,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -d -r1.4 -r1.4.2.1
--- fax-invoice.cgi 23 Aug 2006 22:25:38 -0000 1.4
+++ fax-invoice.cgi 13 Jan 2008 21:14:29 -0000 1.4.2.1
@@ -1,18 +1,19 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $template = $2;
-%my $invnum = $3;
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Can't find invoice!\n" unless $cust_bill;
-%
-%$cust_bill->fax($template);
-%
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%print $cgi->redirect("${p}view/cust_main.cgi?$custnum");
-%
-%
+<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $template = $2;
+my $invnum = $3;
+my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+die "Can't find invoice!\n" unless $cust_bill;
+
+$cust_bill->fax($template);
+
+my $custnum = $cust_bill->getfield('custnum');
+
+</%init>
Index: inventory_item-import.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/inventory_item-import.html,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- inventory_item-import.html 8 Oct 2007 19:04:49 -0000 1.2.2.1
+++ inventory_item-import.html 13 Jan 2008 21:14:29 -0000 1.2.2.2
@@ -1,11 +1,3 @@
-%
-%
-%my $classnum = $cgi->param('classnum');
-%$classnum =~ /^(\d+)$/ or errorpage("illegal classnum $classnum");
-%$classnum = $1;
-%my $inventory_class = qsearchs('inventory_class', { 'classnum' => $classnum } );
-%
-%
<% include("/elements/header.html", $inventory_class->classname. 's') %>
<FORM ACTION="process/inventory_item-import.html" METHOD="POST" ENCTYPE="multipart/form-data">
@@ -19,3 +11,13 @@
<% include('/elements/footer.html') %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+$cgi->param =~ /^(\d+)$/ or errorpage("illegal classnum $classnum");
+my $classnum = $1;
+my $inventory_class = qsearchs('inventory_class', { 'classnum' => $classnum } );
+
+</%init>
Index: delete-customer.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/delete-customer.cgi,v
retrieving revision 1.11
retrieving revision 1.11.2.1
diff -u -d -r1.11 -r1.11.2.1
--- delete-customer.cgi 23 Aug 2006 22:25:38 -0000 1.11
+++ delete-customer.cgi 13 Jan 2008 21:14:29 -0000 1.11.2.1
@@ -1,48 +1,26 @@
-<!-- mason kludge -->
-%
-%
-%my $conf = new FS::Conf;
-%die "Customer deletions not enabled" unless $conf->exists('deletecustomers');
-%
-%my($custnum, $new_custnum);
-%if ( $cgi->param('error') ) {
-% $custnum = $cgi->param('custnum');
-% $new_custnum = $cgi->param('new_custnum');
-%} else {
-% my($query) = $cgi->keywords;
-% $query =~ /^(\d+)$/ or die "Illegal query: $query";
-% $custnum = $1;
-% $new_custnum = '';
-%}
-%my $cust_main = qsearchs( 'cust_main', { 'custnum' => $custnum } )
-% or die "Customer not found: $custnum";
-%
-%print header('Delete customer');
-%
-%print qq!<FONT SIZE="+1" COLOR="#ff0000">Error: !, $cgi->param('error'),
-% "</FONT>"
-% if $cgi->param('error');
-%
-%print
-% qq!<form action="!, popurl(1), qq!process/delete-customer.cgi" method=post>!,
-% qq!<input type="hidden" name="custnum" value="$custnum">!;
-%
+<% include('/elements/header.html', 'Delete customer') %>
+
+<% include('/elements/error.html') %>
+
+<FORM ACTION="<% popurl(1) %>process/delete-customer.cgi" METHOD=POST>
+<INPUT TYPE="hidden" NAME="custnum" VALUE="<% $custnum |h %>">
+
%if ( qsearch('cust_pkg', { 'custnum' => $custnum, 'cancel' => '' } ) ) {
-% print "Move uncancelled packages to customer number ",
-% qq!<input type="text" name="new_custnum" value="$new_custnum"><br><br>!;
+ Move uncancelled packages to customer number
+ <INPUT TYPE="text" NAME="new_custnum" VALUE="<% $new_custnum |h %>"><BR><BR>
%}
-%
-%print <<END;
-%This will <b>completely remove</b> all traces of this customer record. This
-%is <B>not</B> what you want if this is a real customer who has simply
-%canceled service with you. For that, cancel all of the customer's packages.
-%(you can optionally hide cancelled customers with the <a href="../config/config-view.cgi#hidecancelledcustomers">hidecancelledcustomers</a> configuration option)
-%<br>
-%<br>Are you <b>absolutely sure</b> you want to delete this customer?
-%<br><input type="submit" value="Yes">
-%</form></body></html>
-%END
-%
+
+This will <B>completely remove</B> all traces of this customer record. This
+is <B>not</B> what you want if this is a real customer who has simply
+canceled service with you. For that, cancel all of the customer's packages.
+(you can optionally hide cancelled customers with the <A HREF="../config/config-view.cgi#hidecancelledcustomers">hidecancelledcustomers</A> configuration option)
+<BR>
+<BR>Are you <B>absolutely sure</B> you want to delete this customer?
+<BR><INPUT TYPE="submit" VALUE="Yes">
+</FORM>
+
+<% include('/elements/footer.html') %>
+
%#Deleting a customer you have financial records on (i.e. credits) is
%#typically considered fraudulant bookkeeping. Remember, deleting
%#customers should ONLY be used for completely bogus records. You should
@@ -56,6 +34,31 @@
%#Also see the "hidecancelledcustomers" and "hidecancelledpackages"
%#configuration options, which will allow you to surpress the display of
%#cancelled customers and packages, respectively.
-%
-%
+<%init>
+
+my $conf = new FS::Conf;
+die "Customer deletions not enabled in configuration"
+ unless $conf->exists('deletecustomers');
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Delete customer');
+
+my($custnum, $new_custnum);
+if ( $cgi->param('error') ) {
+ $custnum = $cgi->param('custnum');
+ $new_custnum = $cgi->param('new_custnum');
+} else {
+ my($query) = $cgi->keywords;
+ $query =~ /^(\d+)$/ or die "Illegal query: $query";
+ $custnum = $1;
+ $new_custnum = '';
+}
+my $cust_main = qsearchs( {
+ 'table' => 'cust_main',
+ 'hashref' => { 'custnum' => $custnum },
+ 'extra_sql' => ' AND '. $FS::CurrentUser::CurrentUser->agentnums_sql,
+} )
+ or die 'Unknown custnum';
+
+<%/init>
Index: delete-domain_record.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/delete-domain_record.cgi,v
retrieving revision 1.2.2.1
retrieving revision 1.2.2.2
diff -u -d -r1.2.2.1 -r1.2.2.2
--- delete-domain_record.cgi 8 Oct 2007 19:04:48 -0000 1.2.2.1
+++ delete-domain_record.cgi 13 Jan 2008 21:14:29 -0000 1.2.2.2
@@ -1,16 +1,20 @@
-%
-%
-%#untaint recnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/ || die "Illegal recnum";
-%my $recnum = $1;
-%
-%my $domain_record = qsearchs('domain_record',{'recnum'=>$recnum});
-%
-%my $error = $domain_record->delete;
-%errorpage($error) if $error;
-%
-%print $cgi->redirect($p. "view/svc_domain.cgi?". $domain_record->svcnum);
-%
-%
+% if ( $error ) {
+% errorpage($error);
+% } else {
+<% $cgi->redirect($p. "view/svc_domain.cgi?". $domain_record->svcnum) %>
+% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice');
+
+#untaint recnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/ || die "Illegal recnum";
+my $recnum = $1;
+
+my $domain_record = qsearchs('domain_record',{'recnum'=>$recnum});
+
+my $error = $domain_record->delete;
+
+</%init>
Index: unprovision.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/unprovision.cgi,v
retrieving revision 1.3.2.1
retrieving revision 1.3.2.2
diff -u -d -r1.3.2.1 -r1.3.2.2
--- unprovision.cgi 8 Oct 2007 19:04:49 -0000 1.3.2.1
+++ unprovision.cgi 13 Jan 2008 21:14:30 -0000 1.3.2.2
@@ -1,31 +1,26 @@
-%
-%
-%my $dbh = dbh;
-%
-%#untaint svcnum
-%my($query) = $cgi->keywords;
-%$query =~ /^(\d+)$/;
-%my $svcnum = $1;
-%
-%#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
-%#die "Unknown svcnum!" unless $svc_acct;
-%
-%my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
-%die "Unknown svcnum!" unless $cust_svc;
-%
-%my $custnum = $cust_svc->cust_pkg->custnum;
-%
-%my $error = $cust_svc->cancel;
-%
%if ( $error ) {
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
-% print $cgi->redirect(popurl(2)."view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(2)."view/cust_main.cgi?$custnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Unprovision customer service');
+
+#untaint svcnum
+my($query) = $cgi->keywords;
+$query =~ /^(\d+)$/;
+my $svcnum = $1;
+#my $svc_acct = qsearchs('svc_acct',{'svcnum'=>$svcnum});
+#die "Unknown svcnum!" unless $svc_acct;
+
+my $cust_svc = qsearchs('cust_svc',{'svcnum'=>$svcnum});
+die "Unknown svcnum!" unless $cust_svc;
+
+my $custnum = $cust_svc->cust_pkg->custnum;
+
+my $error = $cust_svc->cancel;
+
+</%init>
Index: print-invoice.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/print-invoice.cgi,v
retrieving revision 1.10
retrieving revision 1.10.2.1
diff -u -d -r1.10 -r1.10.2.1
--- print-invoice.cgi 23 Aug 2006 22:25:38 -0000 1.10
+++ print-invoice.cgi 13 Jan 2008 21:14:29 -0000 1.10.2.1
@@ -1,18 +1,19 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $template = $2;
-%my $invnum = $3;
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Can't find invoice!\n" unless $cust_bill;
-%
-%$cust_bill->print($template);
-%
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%print $cgi->redirect("${p}view/cust_main.cgi?$custnum");
-%
-%
+<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $template = $2;
+my $invnum = $3;
+my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+die "Can't find invoice!\n" unless $cust_bill;
+
+$cust_bill->print($template);
+
+my $custnum = $cust_bill->getfield('custnum');
+
+</%init>
Index: email-invoice.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/email-invoice.cgi,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -d -r1.6 -r1.6.2.1
--- email-invoice.cgi 23 Aug 2006 22:25:38 -0000 1.6
+++ email-invoice.cgi 13 Jan 2008 21:14:29 -0000 1.6.2.1
@@ -1,18 +1,19 @@
-%
-%
-%#untaint invnum
-%my($query) = $cgi->keywords;
-%$query =~ /^((.+)-)?(\d+)$/;
-%my $template = $2;
-%my $invnum = $3;
-%my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
-%die "Can't find invoice!\n" unless $cust_bill;
-%
-%$cust_bill->email($template);
-%
-%my $custnum = $cust_bill->getfield('custnum');
-%
-%print $cgi->redirect("${p}view/cust_main.cgi?$custnum");
-%
-%
+<% $cgi->redirect("${p}view/cust_main.cgi?$custnum") %>
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Resend invoices');
+
+#untaint invnum
+my($query) = $cgi->keywords;
+$query =~ /^((.+)-)?(\d+)$/;
+my $template = $2;
+my $invnum = $3;
+my $cust_bill = qsearchs('cust_bill',{'invnum'=>$invnum});
+die "Can't find invoice!\n" unless $cust_bill;
+
+$cust_bill->email($template);
+
+my $custnum = $cust_bill->getfield('custnum');
+
+</%init>
Index: payment.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/payment.cgi,v
retrieving revision 1.12.2.4
retrieving revision 1.12.2.5
diff -u -d -r1.12.2.4 -r1.12.2.5
--- payment.cgi 29 Nov 2007 02:55:10 -0000 1.12.2.4
+++ payment.cgi 13 Jan 2008 21:14:29 -0000 1.12.2.5
@@ -217,6 +217,9 @@
<% include('/elements/footer.html') %>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Process payment');
+
my %type = ( 'CARD' => 'credit card',
'CHEK' => 'electronic check (ACH)',
);
Index: cust_main-import.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/cust_main-import.cgi,v
retrieving revision 1.5.2.2
retrieving revision 1.5.2.3
diff -u -d -r1.5.2.2 -r1.5.2.3
--- cust_main-import.cgi 30 Nov 2007 03:24:46 -0000 1.5.2.2
+++ cust_main-import.cgi 13 Jan 2008 21:14:29 -0000 1.5.2.3
@@ -96,5 +96,13 @@
<% include('/elements/footer.html') %>
<%once>
+
my $req = qq!<font color="#ff0000">*</font>!;
+
</%once>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Import');
+
+</%init>
Index: cancel_pkg.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/cancel_pkg.html,v
retrieving revision 1.2.2.2
retrieving revision 1.2.2.3
diff -u -d -r1.2.2.2 -r1.2.2.3
--- cancel_pkg.html 25 Dec 2007 23:50:15 -0000 1.2.2.2
+++ cancel_pkg.html 13 Jan 2008 21:14:29 -0000 1.2.2.3
@@ -23,7 +23,7 @@
% if ($method eq 'expire' || $method eq 'adjourn') {
<TR>
<TD><% $submit =~ /^(\w*)\s/ %> package on </TD>
- <TD><INPUT TYPE="text" NAME="date" ID="expire_date" VALUE="<% $date %>">
+ <TD><INPUT TYPE="text" NAME="date" ID="expire_date" VALUE="<% $date |h %>">
<IMG SRC="<% $p %>images/calendar.png" ID="expire_button" STYLE="cursor:pointer" TITLE="Select date">
<BR><I>m/d/y</I>
</TD>
@@ -39,7 +39,7 @@
%}
%
-<% include('/elements/tr-select-reason.html', 'reasonnum', $class, '', '', '', 'document.sc_popup.submit' ) %>
+<% include('/elements/tr-select-reason.html', 'reasonnum', $class, $reasonnum, '', '', 'document.sc_popup.submit' ) %>
</TABLE>
@@ -51,45 +51,53 @@
</HTML>
<%init>
-my($method, $pkgnum, $reasonnum, $submit, $cust_pkg, $part_pkg,
- $date, $curuser, $class);
-$date = time2str("%m/%d/%Y", time);
+
+my $date = time2str("%m/%d/%Y", time);
+
+my($pkgnum, $reasonnum);
if ( $cgi->param('error') ) {
- $method = $cgi->param('method');
- $pkgnum = $cgi->param('pkgnum');
- $reasonnum = $cgi->param('reasonnum');
- $date = $cgi->param('date');
+ $pkgnum = $cgi->param('pkgnum');
+ $reasonnum = $cgi->param('reasonnum');
+ $date = $cgi->param('date');
} elsif ( $cgi->param('pkgnum') =~ /^(\d+)$/ ) {
- $pkgnum = $1;
+ $pkgnum = $1;
+ $reasonnum = '';
} else {
die "illegal query ". $cgi->keywords;
}
-$method = $cgi->param('method');
+$cgi->param('method') =~ /^(\w+)$/ or die 'illegal method';
+my $method = $1;
+
+my($class, $submit, $right);
if ($method eq 'cancel') {
- $class = 'C';
- $submit = "Cancel Now";
-}elsif ($method eq 'expire') {
- $class = 'C';
- $submit = "Cancel Later";
-}elsif ($method eq 'suspend') {
- $class = 'S';
- $submit = "Suspend Now";
-}elsif ($method eq 'adjourn') {
- $class = 'S';
- $submit = "Suspend Later";
-}else{
- die "illegal query ". $cgi->keywords;
+ $class = 'C';
+ $submit = 'Cancel Now';
+ $right = 'Cancel customer package immediately';
+} elsif ($method eq 'expire') {
+ $class = 'C';
+ $submit = 'Cancel Later';
+ $right = 'Cancel customer package later';
+} elsif ($method eq 'suspend') {
+ $class = 'S';
+ $submit = 'Suspend Now';
+ $right = 'Suspend customer package';
+} elsif ($method eq 'adjourn') {
+ $class = 'S';
+ $submit = "Suspend Later";
+ $right = 'Suspend customer package later';
+} else {
+ die 'illegal query (unknown method param)';
}
-my $title = ucfirst($method) . ' Package';
+my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" unless $curuser->access_right($right);
-$cust_pkg = qsearchs('cust_pkg', {'pkgnum' => $pkgnum});
-die "No such package: $pkgnum" unless $cust_pkg;
+my $title = ucfirst($method) . ' Package';
-$part_pkg = $cust_pkg->part_pkg;
+my $cust_pkg = qsearchs('cust_pkg', {'pkgnum' => $pkgnum})
+ or die "Unknown pkgnum: $pkgnum";
-$curuser = $FS::CurrentUser::CurrentUser;
+my $part_pkg = $cust_pkg->part_pkg;
</%init>
-
Index: whois.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/whois.cgi,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -d -r1.3 -r1.3.2.1
--- whois.cgi 23 Aug 2006 22:25:38 -0000 1.3
+++ whois.cgi 13 Jan 2008 21:14:30 -0000 1.3.2.1
@@ -1,10 +1,3 @@
-%
-% my $svcnum = $cgi->param('svcnum');
-% my $custnum = $cgi->param('custnum');
-% my $domain = $cgi->param('domain');
-%
-%
-
<% include("/elements/header.html","Whois $domain", menubar(
( $custnum
? ( "View this customer (#$custnum)" => "${p}view/cust_main.cgi?$custnum",
@@ -12,16 +5,23 @@
: ()
),
"View this domain (#$svcnum)" => "${p}view/svc_domain.cgi?$svcnum",
- "Main menu" => $p,
)) %>
-% my $whois = eval { whois($domain) };
-% if ( $@ ) {
-% ( $whois = $@ ) =~ s/ at \/.*Net\/Whois\/Raw\.pm line \d+.*$//s;
-% } else {
-% $whois =~ s/^\n+//;
-% }
-%
<PRE><% $whois %></PRE>
-</BODY>
-</HTML>
+
+<% include('/elements/footer.html') %>
+
+<%init>
+
+my $svcnum = $cgi->param('svcnum');
+my $custnum = $cgi->param('custnum');
+my $domain = $cgi->param('domain');
+
+my $whois = eval { whois($domain) };
+ if ( $@ ) {
+ ( $whois = $@ ) =~ s/ at \/.*Net\/Whois\/Raw\.pm line \d+.*$//s;
+ } else {
+ $whois =~ s/^\n+//;
+ }
+
+</%init>
Index: cancel_cust.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/misc/cancel_cust.html,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -d -r1.1.2.3 -r1.1.2.4
--- cancel_cust.html 25 Dec 2007 23:50:09 -0000 1.1.2.3
+++ cancel_cust.html 13 Jan 2008 21:14:29 -0000 1.1.2.4
@@ -45,6 +45,8 @@
$curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" unless $curuser->access_right('Cancel customer');
+
$cust_main = qsearchs( {
'table' => 'cust_main',
'hashref' => { 'custnum' => $custnum },
- Previous message: [freeside-commits] freeside/httemplate/misc/process batch-cust_pay.cgi, 1.3, 1.4 cancel_pkg.html, 1.7, 1.8 catchall.cgi, 1.5, 1.6 cdr-import.html, 1.4, 1.5 cust_main-import.cgi, 1.6, 1.7 cust_main-import_charges.cgi, 1.5, 1.6 delete-customer.cgi, 1.5, 1.6 inventory_item-import.html, 1.4, 1.5 link.cgi, 1.17, 1.18 meta-import.cgi, 1.8, 1.9 payment.cgi, 1.15, 1.16 recharge_svc.html, 1.6, 1.7
- Next message: [freeside-commits] freeside/httemplate/misc/process batch-cust_pay.cgi, 1.3, 1.3.2.1 cancel_pkg.html, 1.4.2.1, 1.4.2.2 catchall.cgi, 1.5, 1.5.2.1 cdr-import.html, 1.3.2.1, 1.3.2.2 cust_main-import.cgi, 1.5.2.1, 1.5.2.2 cust_main-import_charges.cgi, 1.4.2.1, 1.4.2.2 delete-customer.cgi, 1.5, 1.5.2.1 inventory_item-import.html, 1.3.2.1, 1.3.2.2 link.cgi, 1.15.2.2, 1.15.2.3 meta-import.cgi, 1.7.2.1, 1.7.2.2 payment.cgi, 1.9.2.6, 1.9.2.7 recharge_svc.html, 1.2.2.4, 1.2.2.5
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the freeside-commits
mailing list