[freeside-commits] freeside/httemplate/edit/process REAL_cust_pkg.cgi, 1.9, 1.10 access_user.html, 1.5, 1.6 agent.cgi, 1.5, 1.6 agent_payment_gateway.html, 1.2, 1.3 agent_type.cgi, 1.8, 1.9 bulk-cust_svc.cgi, 1.2, 1.3 cust_bill_pay.cgi, 1.6, 1.7 cust_credit.cgi, 1.11, 1.12 cust_credit_bill.cgi, 1.8, 1.9 cust_main.cgi, 1.35, 1.36 cust_main_county-collapse.cgi, 1.5, 1.6 cust_main_county-expand.cgi, 1.9, 1.10 cust_main_county.html, 1.1, 1.2 cust_main_note.cgi, 1.4, 1.5 cust_pay.cgi, 1.12, 1.13 cust_pkg.cgi, 1.7, 1.8 cust_refund.cgi, 1.7, 1.8 cust_svc.cgi, 1.3, 1.4 domain_record.cgi, 1.4, 1.5 generic.cgi, 1.4, 1.5 inventory_class.html, 1.3, 1.4 msgcat.cgi, 1.3, 1.4 part_bill_event.cgi, 1.10, 1.11 part_export.cgi, 1.8, 1.9 part_pkg.cgi, 1.24, 1.25 part_referral.html, 1.2, 1.3 part_svc.cgi, 1.14, 1.15 payment_gateway.html, 1.4, 1.5 pkg_class.html, 1.2, 1.3 prepay_credit.cgi, 1.6, 1.7 quick-charge.cgi, 1.11, 1.12 quick-cust_pkg.cgi, 1.10, 1.11 rate.cgi, 1.8, 1.9 reason.html, 1.1, 1.2 reason_type.html, 1.1, 1.2 reg_code.cgi, 1.5, 1.6 router.cgi, 1.5, 1.6 svc_Common.html, 1.1, 1.2 svc_acct.cgi, 1.10, 1.11 svc_acct_pop.cgi, 1.5, 1.6 svc_broadband.cgi, 1.6, 1.7 svc_domain.cgi, 1.5, 1.6 svc_external.cgi, 1.2, 1.3 svc_forward.cgi, 1.5, 1.6 svc_phone.html, 1.2, 1.3 svc_www.cgi, 1.3, 1.4
Ivan,,,
ivan at wavetail.420.am
Sun Jan 13 13:35:56 PST 2008
- Previous message: [freeside-commits] freeside/httemplate/edit REAL_cust_pkg.cgi, 1.15, 1.16 access_user.html, 1.5, 1.6 agent.cgi, 1.17, 1.18 agent_payment_gateway.html, 1.4, 1.5 agent_type.cgi, 1.17, 1.18 bulk-cust_svc.html, 1.3, 1.4 cust_bill_pay.cgi, 1.16, 1.17 cust_credit.cgi, 1.20, 1.21 cust_credit_bill.cgi, 1.15, 1.16 cust_main.cgi, 1.83, 1.84 cust_main_county-expand.cgi, 1.12, 1.13 cust_main_note.cgi, 1.3, 1.4 cust_pay.cgi, 1.25, 1.26 cust_pkg.cgi, 1.13, 1.14 cust_refund.cgi, 1.6, 1.7 inventory_class.html, 1.3, 1.4 part_bill_event.cgi, 1.40, 1.41 part_export.cgi, 1.28, 1.29 part_pkg.cgi, 1.78, 1.79 part_referral.html, 1.3, 1.4 part_svc.cgi, 1.58, 1.59 part_virtual_field.cgi, 1.8, 1.9 payment_gateway.html, 1.8, 1.9 pkg_class.html, 1.3, 1.4 prepay_credit.cgi, 1.6, 1.7 quick-charge.html, 1.4, 1.5 rate.cgi, 1.14, 1.15 rate_region.cgi, 1.6, 1.7 reason.html, 1.4, 1.5 reason_type.html, 1.2, 1.3 reg_code.cgi, 1.5, 1.6 router.cgi, 1.6, 1.7 svc_Common.html, 1.1, 1.2 svc_acct.cgi, 1.51, 1.52 svc_acct_pop.cgi, 1.9, 1.10 svc_broadband.cgi, 1.15, 1.16 svc_domain.cgi, 1.15, 1.16 svc_external.cgi, 1.4, 1.5 svc_forward.cgi, 1.20, 1.21 svc_phone.cgi, 1.2, 1.3 svc_www.cgi, 1.23, 1.24
- Next message: [freeside-commits] freeside/httemplate/edit/process REAL_cust_pkg.cgi, 1.7.2.2, 1.7.2.3 access_user.html, 1.5, 1.5.2.1 agent.cgi, 1.5, 1.5.2.1 agent_payment_gateway.html, 1.2, 1.2.2.1 agent_type.cgi, 1.8, 1.8.2.1 bulk-cust_svc.cgi, 1.2, 1.2.2.1 cust_bill_pay.cgi, 1.6, 1.6.2.1 cust_credit.cgi, 1.10.2.1, 1.10.2.2 cust_credit_bill.cgi, 1.8, 1.8.2.1 cust_main.cgi, 1.32.2.2, 1.32.2.3 cust_main_county-collapse.cgi, 1.5, 1.5.2.1 cust_main_county-expand.cgi, 1.8.2.1, 1.8.2.2 cust_main_county.html, 1.1.2.2, 1.1.2.3 cust_main_note.cgi, 1.4, 1.4.2.1 cust_pay.cgi, 1.12, 1.12.2.1 cust_pkg.cgi, 1.6.2.1, 1.6.2.2 cust_refund.cgi, 1.6.2.1, 1.6.2.2 cust_svc.cgi, 1.2.2.1, 1.2.2.2 domain_record.cgi, 1.3.2.1, 1.3.2.2 generic.cgi, 1.4, 1.4.2.1 inventory_class.html, 1.3, 1.3.2.1 msgcat.cgi, 1.3, 1.3.2.1 part_bill_event.cgi, 1.10, 1.10.2.1 part_export.cgi, 1.8, 1.8.2.1 part_pkg.cgi, 1.18.2.6, 1.18.2.7 part_referral.html, 1.2, 1.2.2.1 part_svc.cgi, 1.14, 1.14.2.1 payment_gateway.html, 1.4, 1.4.2.1 pkg_class.html, 1.2, 1.2.2.1 prepay_credit.cgi, 1.5.2.1, 1.5.2.2 quick-charge.cgi, 1.10.2.1, 1.10.2.2 quick-cust_pkg.cgi, 1.9.2.1, 1.9.2.2 rate.cgi, 1.8, 1.8.2.1 reason.html, 1.1, 1.1.2.1 reason_type.html, 1.1, 1.1.2.1 reg_code.cgi, 1.4.2.1, 1.4.2.2 router.cgi, 1.5, 1.5.2.1 svc_Common.html, 1.1, 1.1.2.1 svc_acct.cgi, 1.7.2.3, 1.7.2.4 svc_acct_pop.cgi, 1.5, 1.5.2.1 svc_broadband.cgi, 1.6, 1.6.2.1 svc_domain.cgi, 1.5, 1.5.2.1 svc_external.cgi, 1.2, 1.2.2.1 svc_forward.cgi, 1.5, 1.5.2.1 svc_phone.html, 1.2, 1.2.2.1 svc_www.cgi, 1.3, 1.3.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /home/cvs/cvsroot/freeside/httemplate/edit/process
In directory wavetail:/tmp/cvs-serv7082/process
Modified Files:
REAL_cust_pkg.cgi access_user.html agent.cgi
agent_payment_gateway.html agent_type.cgi bulk-cust_svc.cgi
cust_bill_pay.cgi cust_credit.cgi cust_credit_bill.cgi
cust_main.cgi cust_main_county-collapse.cgi
cust_main_county-expand.cgi cust_main_county.html
cust_main_note.cgi cust_pay.cgi cust_pkg.cgi cust_refund.cgi
cust_svc.cgi domain_record.cgi generic.cgi
inventory_class.html msgcat.cgi part_bill_event.cgi
part_export.cgi part_pkg.cgi part_referral.html part_svc.cgi
payment_gateway.html pkg_class.html prepay_credit.cgi
quick-charge.cgi quick-cust_pkg.cgi rate.cgi reason.html
reason_type.html reg_code.cgi router.cgi svc_Common.html
svc_acct.cgi svc_acct_pop.cgi svc_broadband.cgi svc_domain.cgi
svc_external.cgi svc_forward.cgi svc_phone.html svc_www.cgi
Log Message:
ACLs
Index: cust_bill_pay.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_bill_pay.cgi,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- cust_bill_pay.cgi 23 Aug 2006 22:25:37 -0000 1.6
+++ cust_bill_pay.cgi 13 Jan 2008 21:35:53 -0000 1.7
@@ -1,54 +1,50 @@
-%
-%
-%$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
-%my $paynum = $1;
-%
-%my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } )
-% or die "No such paynum";
-%
-%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } )
-% or die "Bogus credit: not attached to customer";
-%
-%my $custnum = $cust_main->custnum;
-%
-%my $new;
-%if ($cgi->param('invnum') =~ /^Refund$/) {
-% $new = new FS::cust_refund ( {
-% 'reason' => 'Refunding payment', #enter reason in UI
-% 'refund' => $cgi->param('amount'),
-% 'payby' => 'BILL',
-% #'_date' => $cgi->param('_date'),
-% 'payinfo' => 'Cash', #enter payinfo in UI
-% 'paynum' => $paynum,
-% } );
-%} else {
-% $new = new FS::cust_bill_pay ( {
-% map {
-% $_, scalar($cgi->param($_));
-% #} qw(custnum _date amount invnum)
-% } fields('cust_bill_pay')
-% } );
-%}
-%
-%my $error = $new->insert;
-%
%if ( $error ) {
-%
% $cgi->param('error', $error);
-%
<% $cgi->redirect(popurl(2). "cust_bill_pay.cgi?". $cgi->query_string ) %>
-%
-%
%} else {
-%
-% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-%
-%
<% header('Payment application sucessful') %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
-
- </BODY></HTML>
+ </BODY>
+ </HTML>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Apply payment') #;
+ || $FS::CurrentUser::CurrentUser->access_right('Post payment'): #remove after 1.7.3
+
+$cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
+my $paynum = $1;
+
+my $cust_pay = qsearchs('cust_pay', { 'paynum' => $paynum } )
+ or die "No such paynum";
+
+my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_pay->custnum } )
+ or die "Bogus credit: not attached to customer";
+
+my $custnum = $cust_main->custnum;
+
+my $new;
+if ($cgi->param('invnum') =~ /^Refund$/) {
+ $new = new FS::cust_refund ( {
+ 'reason' => 'Refunding payment', #enter reason in UI
+ 'refund' => $cgi->param('amount'),
+ 'payby' => 'BILL',
+ #'_date' => $cgi->param('_date'),
+ 'payinfo' => 'Cash', #enter payinfo in UI
+ 'paynum' => $paynum,
+ } );
+} else {
+ $new = new FS::cust_bill_pay ( {
+ map {
+ $_, scalar($cgi->param($_));
+ #} qw(custnum _date amount invnum)
+ } fields('cust_bill_pay')
+ } );
+}
+my $error = $new->insert;
+
+</%init>
Index: cust_main.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_main.cgi,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- cust_main.cgi 8 Jan 2008 02:22:05 -0000 1.35
+++ cust_main.cgi 13 Jan 2008 21:35:53 -0000 1.36
@@ -16,6 +16,9 @@
</%once>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer');
+
my $error = '';
#unmunge stuff
Index: agent.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/agent.cgi,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- agent.cgi 23 Aug 2006 22:25:37 -0000 1.5
+++ agent.cgi 13 Jan 2008 21:35:53 -0000 1.6
@@ -1,29 +1,30 @@
-%
-%
-%my $agentnum = $cgi->param('agentnum');
-%
-%my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum;
-%
-%my $new = new FS::agent ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('agent')
-%} );
-%
-%my $error;
-%if ( $agentnum ) {
-% $error=$new->replace($old);
-%} else {
-% $error=$new->insert;
-% $agentnum=$new->getfield('agentnum');
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/agent.cgi");
+<% $cgi->redirect(popurl(3). "browse/agent.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $agentnum = $cgi->param('agentnum');
+
+my $old = qsearchs('agent',{'agentnum'=>$agentnum}) if $agentnum;
+
+my $new = new FS::agent ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('agent')
+} );
+
+my $error;
+if ( $agentnum ) {
+ $error=$new->replace($old);
+} else {
+ $error=$new->insert;
+ $agentnum=$new->getfield('agentnum');
+}
+</%init>
Index: svc_www.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_www.cgi,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- svc_www.cgi 23 Aug 2006 22:25:37 -0000 1.3
+++ svc_www.cgi 13 Jan 2008 21:35:54 -0000 1.4
@@ -1,37 +1,38 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $old;
-%if ( $svcnum ) {
-% $old = qsearchs('svc_www', { 'svcnum' => $svcnum } )
-% or die "fatal: can't find website (svcnum $svcnum)!";
-%} else {
-% $old = '';
-%}
-%
-%my $new = new FS::svc_www ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% #} qw(svcnum pkgnum svcpart recnum usersvc)
-% } ( fields('svc_www'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error;
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->svcnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_www.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum );
+<% $cgi->redirect(popurl(3). "view/svc_www.cgi?" . $svcnum ) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+
+my $old;
+if ( $svcnum ) {
+ $old = qsearchs('svc_www', { 'svcnum' => $svcnum } )
+ or die "fatal: can't find website (svcnum $svcnum)!";
+} else {
+ $old = '';
+}
+my $new = new FS::svc_www ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ #} qw(svcnum pkgnum svcpart recnum usersvc)
+ } ( fields('svc_www'), qw( pkgnum svcpart ) )
+} );
+
+my $error;
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->svcnum;
+}
+
+</%init>
Index: rate.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/rate.cgi,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- rate.cgi 23 Aug 2006 22:25:37 -0000 1.8
+++ rate.cgi 13 Jan 2008 21:35:53 -0000 1.9
@@ -1,4 +1,9 @@
-%
-% my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $server = new FS::UI::Web::JSRPC 'FS::rate::process', $cgi;
+
+</%init>
Index: cust_credit_bill.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_credit_bill.cgi,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- cust_credit_bill.cgi 23 Aug 2006 22:25:37 -0000 1.8
+++ cust_credit_bill.cgi 13 Jan 2008 21:35:53 -0000 1.9
@@ -1,55 +1,51 @@
-%
-%
-%$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!";
-%my $crednum = $1;
-%
-%my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } )
-% or die "No such crednum";
-%
-%my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } )
-% or die "Bogus credit: not attached to customer";
-%
-%my $custnum = $cust_main->custnum;
-%
-%my $new;
-%if ($cgi->param('invnum') =~ /^Refund$/) {
-% $new = new FS::cust_refund ( {
-% 'reason' => ( $cust_credit->reason || 'refund from credit' ),
-% 'refund' => $cgi->param('amount'),
-% 'payby' => 'BILL',
-% #'_date' => $cgi->param('_date'),
-% #'payinfo' => 'Cash',
-% 'payinfo' => 'Refund',
-% 'crednum' => $crednum,
-% } );
-%} else {
-% $new = new FS::cust_credit_bill ( {
-% map {
-% $_, scalar($cgi->param($_));
-% #} qw(custnum _date amount invnum)
-% } fields('cust_credit_bill')
-% } );
-%}
-%
-%my $error = $new->insert;
-%
%if ( $error ) {
-%
% $cgi->param('error', $error);
-%
<% $cgi->redirect(popurl(2). "cust_credit_bill.cgi?". $cgi->query_string ) %>
-%
-%
%} else {
-%
-% #print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
-%
-%
<% header('Credit application sucessful') %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
-
- </BODY></HTML>
+ </BODY>
+ </HTML>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Apply credit') #;
+ || $FS::CurrentUser::CurrentUser->access_right('Post credit'): #remove after 1.7.3
+
+$cgi->param('crednum') =~ /^(\d*)$/ or die "Illegal crednum!";
+my $crednum = $1;
+
+my $cust_credit = qsearchs('cust_credit', { 'crednum' => $crednum } )
+ or die "No such crednum";
+my $cust_main = qsearchs('cust_main', { 'custnum' => $cust_credit->custnum } )
+ or die "Bogus credit: not attached to customer";
+
+my $custnum = $cust_main->custnum;
+
+my $new;
+if ($cgi->param('invnum') =~ /^Refund$/) {
+ $new = new FS::cust_refund ( {
+ 'reason' => ( $cust_credit->reason || 'refund from credit' ),
+ 'refund' => $cgi->param('amount'),
+ 'payby' => 'BILL',
+ #'_date' => $cgi->param('_date'),
+ #'payinfo' => 'Cash',
+ 'payinfo' => 'Refund',
+ 'crednum' => $crednum,
+ } );
+} else {
+ $new = new FS::cust_credit_bill ( {
+ map {
+ $_, scalar($cgi->param($_));
+ #} qw(custnum _date amount invnum)
+ } fields('cust_credit_bill')
+ } );
+}
+
+my $error = $new->insert;
+
+</%init>
Index: cust_credit.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_credit.cgi,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- cust_credit.cgi 4 Dec 2007 18:20:58 -0000 1.11
+++ cust_credit.cgi 13 Jan 2008 21:35:53 -0000 1.12
@@ -1,46 +1,10 @@
-%
-%
-%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
-%my $custnum = $1;
-%
-%$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum";
-%my $reasonnum = $1;
-%
-%my $oldAutoCommit = $FS::UID::AutoCommit;
-%local $FS::UID::AutoCommit = 0;
-%my $dbh = dbh;
-%
-%my $error = '';
-%if ($reasonnum == -1) {
-%
-% $error = 'Enter a new reason (or select an existing one)'
-% unless $cgi->param('newreasonnum') !~ /^\s*$/;
-% my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'),
-% 'reason' => $cgi->param('newreasonnum'),
-% });
-% $error ||= $reason->insert;
-% $cgi->param('reasonnum', $reason->reasonnum)
-% unless $error;
-%}
-%
-%unless ($error) {
-% my $new = new FS::cust_credit ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('cust_credit')
-% } );
-% $error = $new->insert;
-%}
-%
%if ( $error ) {
% $cgi->param('reasonnum', $reasonnum);
% $cgi->param('error', $error);
% $dbh->rollback if $oldAutoCommit;
-%
%
<% $cgi->redirect(popurl(2). "cust_credit.cgi?". $cgi->query_string ) %>
%
-%
%} else {
%
% if ( $cgi->param('apply') eq 'yes' ) {
@@ -59,4 +23,41 @@
</BODY></HTML>
% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post credit');
+
+$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
+my $custnum = $1;
+
+$cgi->param('reasonnum') =~ /^(-?\d+)$/ or die "Illegal reasonnum";
+my $reasonnum = $1;
+
+my $oldAutoCommit = $FS::UID::AutoCommit;
+local $FS::UID::AutoCommit = 0;
+my $dbh = dbh;
+
+my $error = '';
+if ($reasonnum == -1) {
+
+ $error = 'Enter a new reason (or select an existing one)'
+ unless $cgi->param('newreasonnum') !~ /^\s*$/;
+ my $reason = new FS::reason({ 'reason_type' => $cgi->param('newreasonnumT'),
+ 'reason' => $cgi->param('newreasonnum'),
+ });
+ $error ||= $reason->insert;
+ $cgi->param('reasonnum', $reason->reasonnum)
+ unless $error;
+}
+
+unless ($error) {
+ my $new = new FS::cust_credit ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('cust_credit')
+ } );
+ $error = $new->insert;
+}
+
+</%init>
Index: reason.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/reason.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- reason.html 19 Oct 2006 14:25:26 -0000 1.1
+++ reason.html 13 Jan 2008 21:35:53 -0000 1.2
@@ -4,3 +4,9 @@
$cgi->param('class') . '&',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: quick-cust_pkg.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/quick-cust_pkg.cgi,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- quick-cust_pkg.cgi 1 Aug 2007 22:25:05 -0000 1.10
+++ quick-cust_pkg.cgi 13 Jan 2008 21:35:53 -0000 1.11
@@ -1,17 +1,6 @@
-%#untaint custnum
-%$cgi->param('custnum') =~ /^(\d+)$/
-% or die 'illegal custnum '. $cgi->param('custnum');
-%my $custnum = $1;
-%$cgi->param('pkgpart') =~ /^(\d+)$/
-% or die 'illegal pkgpart '. $cgi->param('pkgpart');
-%my $pkgpart = $1;
-%
-%my @cust_pkg = ();
-%my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] );
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string );
+<% $cgi->redirect(popurl(2). 'misc/order_pkg.html?'. $cgi->query_string ) %>
%} else {
% my $frag = "cust_pkg". $cust_pkg[0]->pkgnum;
<% header('Package ordered') %>
@@ -25,3 +14,20 @@
</BODY></HTML>
%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Order customer package');
+
+#untaint custnum
+$cgi->param('custnum') =~ /^(\d+)$/
+ or die 'illegal custnum '. $cgi->param('custnum');
+my $custnum = $1;
+$cgi->param('pkgpart') =~ /^(\d+)$/
+ or die 'illegal pkgpart '. $cgi->param('pkgpart');
+my $pkgpart = $1;
+
+my @cust_pkg = ();
+my $error = FS::cust_pkg::order($custnum, [ $pkgpart ], [], \@cust_pkg, [ $cgi->param('refnum') ] );
+
+</%init>
Index: part_referral.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/part_referral.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- part_referral.html 23 Aug 2006 22:25:37 -0000 1.2
+++ part_referral.html 13 Jan 2008 21:35:53 -0000 1.3
@@ -3,3 +3,10 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit advertising sources')
+ || $FS::CurrentUser::CurrentUser->access_right('Edit global advertising sources');
+
+</%init>
Index: cust_main_note.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_main_note.cgi,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- cust_main_note.cgi 26 Nov 2006 23:06:36 -0000 1.4
+++ cust_main_note.cgi 13 Jan 2008 21:35:53 -0000 1.5
@@ -1,42 +1,7 @@
-%
-%
-%$cgi->param('custnum') =~ /^(\d+)$/
-% or die "Illegal custnum: ". $cgi->param('custnum');
-%my $custnum = $1;
-%
-%$cgi->param('notenum') =~ /^(\d*)$/
-% or die "Illegal notenum: ". $cgi->param('notenum');
-%my $notenum = $1;
-%
-%my $otaker = $FS::CurrentUser::CurrentUser->name;
-%$otaker = $FS::CurrentUser::CurrentUser->username
-% if ($otaker eq "User, Legacy");
-%
-%my $new = new FS::cust_main_note ( {
-% notenum => $notenum,
-% custnum => $custnum,
-% _date => time,
-% otaker => $otaker,
-% comments => $cgi->param('comment'),
-%} );
-%
-%my $error;
-%if ($notenum){
-% my $old = qsearchs('cust_main_note', { 'notenum' => $notenum });
-% $error = "No such note: $notenum" unless $old;
-% unless($error){
-% map { $new->$_($old->$_) } ('_date', 'otaker');
-% $error = $new->replace($old);
-% }
-%}else{
-% $error = $new->insert;
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string );
-%}
-%
+<% $cgi->redirect(popurl(2). 'cust_main_note.cgi?'. $cgi->query_string ) %>
+%} else {
%
<% header('Note ' . ($notenum ? 'updated' : 'added') ) %>
<SCRIPT TYPE="text/javascript">
@@ -48,5 +13,48 @@
</SCRIPT>
</BODY></HTML>
%
-%
+% }
+<%init>
+$cgi->param('custnum') =~ /^(\d+)$/
+ or die "Illegal custnum: ". $cgi->param('custnum');
+my $custnum = $1;
+
+$cgi->param('notenum') =~ /^(\d*)$/
+ or die "Illegal notenum: ". $cgi->param('notenum');
+my $notenum = $1;
+
+my $otaker = $FS::CurrentUser::CurrentUser->name;
+$otaker = $FS::CurrentUser::CurrentUser->username
+ if ($otaker eq "User, Legacy");
+
+my $new = new FS::cust_main_note ( {
+ notenum => $notenum,
+ custnum => $custnum,
+ _date => time,
+ otaker => $otaker,
+ comments => $cgi->param('comment'),
+} );
+
+my $error;
+if ($notenum) {
+
+ die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer note');
+
+ my $old = qsearchs('cust_main_note', { 'notenum' => $notenum });
+ $error = "No such note: $notenum" unless $old;
+ unless ($error) {
+ map { $new->$_($old->$_) } ('_date', 'otaker');
+ $error = $new->replace($old);
+ }
+
+} else {
+
+ die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Add customer note');
+
+ $error = $new->insert;
+}
+
+</%init>
Index: svc_phone.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_phone.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- svc_phone.html 23 Aug 2006 22:25:37 -0000 1.2
+++ svc_phone.html 13 Jan 2008 21:35:54 -0000 1.3
@@ -2,3 +2,9 @@
'table' => 'svc_phone',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+</%init>
Index: cust_refund.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_refund.cgi,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- cust_refund.cgi 15 Jun 2007 18:44:17 -0000 1.7
+++ cust_refund.cgi 13 Jan 2008 21:35:53 -0000 1.8
@@ -1,38 +1,43 @@
-%$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
-%my $custnum = $1;
-%my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-% or die "unknown custnum $custnum";
-%
-%my $error = '';
-%if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) {
-% my %options = ();
-% my $bop = $FS::payby::payby2bop{$1};
-% $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
-% or die "illegal refund amount ". $cgi->param('refund');
-% my $refund = "$1$2";
-% $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
-% my $paynum = $1;
-% my $reason = $cgi->param('reason');
-% my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01';
-% $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/;
-% $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund,
-% 'paynum' => $paynum,
-% 'reason' => $reason,
-% %options );
-%} else {
-% die 'unimplemented';
-% #my $new = new FS::cust_refund ( {
-% # map {
-% # $_, scalar($cgi->param($_));
-% # } ( fields('cust_refund'), 'paynum' )
-% #} );
-% #$error = $new->insert;
-%}
-%
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "cust_refund.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Refund payment');
+
+$cgi->param('custnum') =~ /^(\d*)$/ or die "Illegal custnum!";
+my $custnum = $1;
+my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+ or die "unknown custnum $custnum";
+
+my $error = '';
+if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) {
+ my %options = ();
+ my $bop = $FS::payby::payby2bop{$1};
+ $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
+ or die "illegal refund amount ". $cgi->param('refund');
+ my $refund = "$1$2";
+ $cgi->param('paynum') =~ /^(\d*)$/ or die "Illegal paynum!";
+ my $paynum = $1;
+ my $reason = $cgi->param('reason');
+ my $paydate = $cgi->param('exp_year'). '-'. $cgi->param('exp_month'). '-01';
+ $options{'paydate'} = $paydate if $paydate =~ /^\d{2,4}-\d{1,2}-01$/;
+ $error = $cust_main->realtime_refund_bop( $bop, 'amount' => $refund,
+ 'paynum' => $paynum,
+ 'reason' => $reason,
+ %options );
+} else {
+ die 'unimplemented';
+ #my $new = new FS::cust_refund ( {
+ # map {
+ # $_, scalar($cgi->param($_));
+ # } ( fields('cust_refund'), 'paynum' )
+ #} );
+ #$error = $new->insert;
+}
+
+</%init>
Index: part_bill_event.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/part_bill_event.cgi,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- part_bill_event.cgi 16 Nov 2006 15:37:42 -0000 1.10
+++ part_bill_event.cgi 13 Jan 2008 21:35:53 -0000 1.11
@@ -1,89 +1,92 @@
-%
-%my $eventpart = $cgi->param('eventpart');
-%
-%my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart;
-%
-%#s/days/seconds/
-%$cgi->param('seconds', int( $cgi->param('days') * 86400 ) );
-%
-%my $error;
-%if ( ! $cgi->param('plan_weight_eventcode') ) {
-% $error = "Must select an action";
-%} else {
-%
-% $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s
-% or die "illegal plan_weight_eventcode:".
-% $cgi->param('plan_weight_eventcode');
-% $cgi->param('plan', $1);
-% $cgi->param('weight', $2);
-% my $eventcode = $3;
-% my $plandata = '';
-%
-% my $rnum;
-% my $rtype;
-% my $reasonm;
-% my $class = '';
-% $class='c' if ($eventcode =~ /cancel/);
-% $class='s' if ($eventcode =~ /suspend/);
-% if ($class) {
-% $cgi->param("${class}reason") =~ /^(-?\d+)$/
-% or $error = "Invalid ${class}reason";
-% $rnum = $1;
-% if ($rnum == -1) {
-% $cgi->param("new${class}reasonT") =~ /^(\d+)$/
-% or $error = "Invalid new${class}reasonT";
-% $rtype = $1;
-% $cgi->param("new${class}reason") =~ /^([\s\w]+)$/
-% or $error = "Invalid new${class}reason";
-% $reasonm = $1;
-% }
-% }
-%
-% if ($rnum == -1 && !$error) {
-% my $reason = new FS::reason ({ 'reason' => $reasonm,
-% 'reason_type' => $rtype,
-% });
-% $error = $reason->insert;
-% unless ($error) {
-% $rnum = $reason->reasonnum;
-% $cgi->param("${class}reason", $rnum);
-% $cgi->param("new${class}reason", '');
-% $cgi->param("new${class}reasonT", '');
-% }
-% }
-%
-% while ( $eventcode =~ /%%%(\w+)%%%/ ) {
-% my $field = $1;
-% my $value = join(', ', $cgi->param($field) );
-% $cgi->param($field, $value); #in case it errors out
-% $eventcode =~ s/%%%$field%%%/$value/;
-% $plandata .= "$field $value\n";
-% }
-% $cgi->param('eventcode', $eventcode);
-% $cgi->param('plandata', $plandata);
-%
-% unless($error){
-% my $new = new FS::part_bill_event ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('part_bill_event'),
-% } );
-% $new->setfield('reason', $rnum);
-%
-% if ( $eventpart ) {
-% $error = $new->replace($old);
-% } else {
-% $error = $new->insert;
-% $eventpart = $new->getfield('eventpart');
-% }
-% }
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "part_bill_event.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3)."browse/part_bill_event.cgi");
+<% $cgi->redirect(popurl(3)."browse/part_bill_event.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $eventpart = $cgi->param('eventpart');
+
+my $old = qsearchs('part_bill_event',{'eventpart'=>$eventpart}) if $eventpart;
+
+#s/days/seconds/
+$cgi->param('seconds', int( $cgi->param('days') * 86400 ) );
+
+my $error;
+if ( ! $cgi->param('plan_weight_eventcode') ) {
+ $error = "Must select an action";
+} else {
+
+ $cgi->param('plan_weight_eventcode') =~ /^([\w\-]+):(\d+):(.*)$/s
+ or die "illegal plan_weight_eventcode:".
+ $cgi->param('plan_weight_eventcode');
+ $cgi->param('plan', $1);
+ $cgi->param('weight', $2);
+ my $eventcode = $3;
+ my $plandata = '';
+
+ my $rnum;
+ my $rtype;
+ my $reasonm;
+ my $class = '';
+ $class='c' if ($eventcode =~ /cancel/);
+ $class='s' if ($eventcode =~ /suspend/);
+ if ($class) {
+ $cgi->param("${class}reason") =~ /^(-?\d+)$/
+ or $error = "Invalid ${class}reason";
+ $rnum = $1;
+ if ($rnum == -1) {
+ $cgi->param("new${class}reasonT") =~ /^(\d+)$/
+ or $error = "Invalid new${class}reasonT";
+ $rtype = $1;
+ $cgi->param("new${class}reason") =~ /^([\s\w]+)$/
+ or $error = "Invalid new${class}reason";
+ $reasonm = $1;
+ }
+ }
+
+ if ($rnum == -1 && !$error) {
+ my $reason = new FS::reason ({ 'reason' => $reasonm,
+ 'reason_type' => $rtype,
+ });
+ $error = $reason->insert;
+ unless ($error) {
+ $rnum = $reason->reasonnum;
+ $cgi->param("${class}reason", $rnum);
+ $cgi->param("new${class}reason", '');
+ $cgi->param("new${class}reasonT", '');
+ }
+ }
+
+ while ( $eventcode =~ /%%%(\w+)%%%/ ) {
+ my $field = $1;
+ my $value = join(', ', $cgi->param($field) );
+ $cgi->param($field, $value); #in case it errors out
+ $eventcode =~ s/%%%$field%%%/$value/;
+ $plandata .= "$field $value\n";
+ }
+ $cgi->param('eventcode', $eventcode);
+ $cgi->param('plandata', $plandata);
+
+ unless($error){
+ my $new = new FS::part_bill_event ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('part_bill_event'),
+ } );
+ $new->setfield('reason', $rnum);
+
+ if ( $eventpart ) {
+ $error = $new->replace($old);
+ } else {
+ $error = $new->insert;
+ $eventpart = $new->getfield('eventpart');
+ }
+ }
+}
+
+</%init>
Index: quick-charge.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/quick-charge.cgi,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- quick-charge.cgi 14 Sep 2007 03:45:39 -0000 1.11
+++ quick-charge.cgi 13 Jan 2008 21:35:53 -0000 1.12
@@ -1,46 +1,49 @@
-%
-% my $error = '';
-% my $param = $cgi->Vars;
-%
-% my @description = ();
-% for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
-% push @description, $param->{"description$row"}
-% if ($param->{"description$row"} =~ /\S/);
-% }
-%
-% $param->{"custnum"} =~ /^(\d+)$/
-% or $error .= "Illegal customer number " . $param->{"custnum"} . " ";
-% my $custnum = $1;
-%
-% $param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
-% or $error .= "Illegal amount " . $param->{"amount"} . " ";
-% my $amount = $1;
-%
-% if ( $param->{'taxclass'} eq '(select)' ) {
-% $error .= "Must select a tax class. ";
-% }
-%
-% unless ( $error ) {
-% my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
-% or $error .= "Unknown customer number $custnum. ";
-%
-% $error ||= $cust_main->charge( {
-% 'amount' => $amount,
-% 'pkg' => scalar($cgi->param('pkg')),
-% 'taxclass' => scalar($cgi->param('taxclass')),
-% 'additional' => \@description,
-% } );
-% }
-%
-% if ( $error ) {
-%
-% $cgi->param('error', $error );
-%
+% if ( $error ) {
+% $cgi->param('error', $error );
<% $cgi->redirect($p.'quick-charge.html?'. $cgi->query_string) %>
-%
-% }
+% } else {
<% header("One-time charge added") %>
<SCRIPT TYPE="text/javascript">
window.top.location.reload();
</SCRIPT>
</BODY></HTML>
+% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('One-time charge');
+
+my $error = '';
+my $param = $cgi->Vars;
+
+my @description = ();
+for ( my $row = 0; exists($param->{"description$row"}); $row++ ) {
+ push @description, $param->{"description$row"}
+ if ($param->{"description$row"} =~ /\S/);
+}
+
+$param->{"custnum"} =~ /^(\d+)$/
+ or $error .= "Illegal customer number " . $param->{"custnum"} . " ";
+my $custnum = $1;
+
+$param->{"amount"} =~ /^\s*(\d+(\.\d{1,2})?)\s*$/
+ or $error .= "Illegal amount " . $param->{"amount"} . " ";
+my $amount = $1;
+
+if ( $param->{'taxclass'} eq '(select)' ) {
+ $error .= "Must select a tax class. ";
+}
+
+unless ( $error ) {
+ my $cust_main = qsearchs('cust_main', { 'custnum' => $custnum } )
+ or $error .= "Unknown customer number $custnum. ";
+
+ $error ||= $cust_main->charge( {
+ 'amount' => $amount,
+ 'pkg' => scalar($cgi->param('pkg')),
+ 'taxclass' => scalar($cgi->param('taxclass')),
+ 'additional' => \@description,
+ } );
+}
+
+</%init>
Index: svc_domain.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_domain.cgi,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- svc_domain.cgi 23 Aug 2006 22:25:37 -0000 1.5
+++ svc_domain.cgi 13 Jan 2008 21:35:53 -0000 1.6
@@ -1,32 +1,33 @@
-%
-%
-%#remove this to actually test the domains!
-%$FS::svc_domain::whois_hack = 1;
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $new = new FS::svc_domain ( {
-% map {
-% $_, scalar($cgi->param($_));
-% #} qw(svcnum pkgnum svcpart domain action purpose)
-% } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) )
-%} );
-%
-%my $error = '';
-%if ($cgi->param('svcnum')) {
-% $error="Can't modify a domain!";
-%} else {
-% $error=$new->insert;
-% $svcnum=$new->svcnum;
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_domain.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+#remove this to actually test the domains!
+$FS::svc_domain::whois_hack = 1;
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+my $new = new FS::svc_domain ( {
+ map {
+ $_, scalar($cgi->param($_));
+ #} qw(svcnum pkgnum svcpart domain action purpose)
+ } ( fields('svc_domain'), qw( pkgnum svcpart action purpose ) )
+} );
+
+my $error = '';
+if ($cgi->param('svcnum')) {
+ $error="Can't modify a domain!";
+} else {
+ $error=$new->insert;
+ $svcnum=$new->svcnum;
+}
+
+</%init>
Index: part_pkg.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/part_pkg.cgi,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- part_pkg.cgi 5 Dec 2007 04:57:27 -0000 1.24
+++ part_pkg.cgi 13 Jan 2008 21:35:53 -0000 1.25
@@ -1,103 +1,111 @@
-%
-%
-%my $dbh = dbh;
-%my $conf = new FS::Conf;
-%
-%my $pkgpart = $cgi->param('pkgpart');
-%
-%my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart;
-%
-%tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() };
-%my $href = $plans{$cgi->param('plan')}->{'fields'};
-%
-%#fixup plandata
-%my $error;
-%my $plandata = $cgi->param('plandata');
-%my @plandata = split(',', $plandata);
-%$cgi->param('plandata',
-% join('', map { my $parser = sub { shift };
-% $parser = $href->{$_}{parse} if exists($href->{$_}{parse});
-% my $value = join(', ', &$parser($cgi->param($_)));
-% my $check = $href->{$_}{check};
-% if ( $check && ! &$check($value) ) {
-% $value = join(', ', $cgi->param($_));
-% $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value";
-% }
-% "$_=$value\n";
-% } @plandata )
-%);
-%
-%foreach (qw( setuptax recurtax disabled )) {
-% $cgi->param($_, '') unless defined $cgi->param($_);
-%}
-%
-%my @agents;
-%foreach ($cgi->param('agent_type')) {
-% /^(\d+)$/;
-% push @agents, $1 if $1;
-%}
-%$error = "At least one agent type must be specified."
-% unless( scalar(@agents) ||
-% $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ ||
-% !$pkgpart && $conf->exists('agent-defaultpkg')
-% );
-%
-%my $new = new FS::part_pkg ( {
-% map {
-% $_ => scalar($cgi->param($_));
-% } fields('part_pkg')
-%} );
-%
-%my $oldAutoCommit = $FS::UID::AutoCommit;
-%local $FS::UID::AutoCommit = 0;
-%
-%my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) }
-% map { $_->svcpart }
-% qsearch('part_svc', {} );
-%
-%my $custnum = '';
-%if ( $error ) {
-%
-% # fall through
-%
-%} elsif ( $cgi->param('taxclass') eq '(select)' ) {
-%
-% $error = 'Must select a tax class';
-%
-%} elsif ( $pkgpart ) {
-%
-% $error = $new->replace( $old,
-% pkg_svc => \%pkg_svc,
-% primary_svc => scalar($cgi->param('pkg_svc_primary')),
-% );
-%} else {
-%
-% $error = $new->insert( pkg_svc => \%pkg_svc,
-% primary_svc => scalar($cgi->param('pkg_svc_primary')),
-% cust_pkg => $cgi->param('pkgnum'),
-% custnum_ref => \$custnum,
-% );
-% $pkgpart = $new->pkgpart;
-%}
-%
-%unless ( $error || $conf->exists('agent_defaultpkg') ) {
-% my $error = $new->process_m2m(
-% 'link_table' => 'type_pkgs',
-% 'target_table' => 'agent_type',
-% 'params' => \@agents,
-% );
-%}
%if ( $error ) {
% $dbh->rollback if $oldAutoCommit;
% $cgi->param('error', $error );
-% print $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "part_pkg.cgi?". $cgi->query_string ) %>
%} elsif ( $custnum ) {
% $dbh->commit or die $dbh->errstr if $oldAutoCommit;
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
%} else {
% $dbh->commit or die $dbh->errstr if $oldAutoCommit;
-% print $cgi->redirect(popurl(3). "browse/part_pkg.cgi");
+<% $cgi->redirect(popurl(3). "browse/part_pkg.cgi") %>
%}
-%
-%
+<%init>
+
+#1.7
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+#1.9
+#die "access denied"
+# unless $FS::CurrentUser::CurrentUser->access_right('Edit package definitions')
+# || $FS::CurrentUser::CurrentUser->access_right('Edit global package definitions');
+
+my $dbh = dbh;
+my $conf = new FS::Conf;
+
+my $pkgpart = $cgi->param('pkgpart');
+
+my $old = qsearchs('part_pkg',{'pkgpart'=>$pkgpart}) if $pkgpart;
+
+tie my %plans, 'Tie::IxHash', %{ FS::part_pkg::plan_info() };
+my $href = $plans{$cgi->param('plan')}->{'fields'};
+
+#fixup plandata
+my $error;
+my $plandata = $cgi->param('plandata');
+my @plandata = split(',', $plandata);
+$cgi->param('plandata',
+ join('', map { my $parser = sub { shift };
+ $parser = $href->{$_}{parse} if exists($href->{$_}{parse});
+ my $value = join(', ', &$parser($cgi->param($_)));
+ my $check = $href->{$_}{check};
+ if ( $check && ! &$check($value) ) {
+ $value = join(', ', $cgi->param($_));
+ $error ||= "Illegal ". ($href->{$_}{name}||$_). ": $value";
+ }
+ "$_=$value\n";
+ } @plandata )
+);
+
+foreach (qw( setuptax recurtax disabled )) {
+ $cgi->param($_, '') unless defined $cgi->param($_);
+}
+
+my @agents;
+foreach ($cgi->param('agent_type')) {
+ /^(\d+)$/;
+ push @agents, $1 if $1;
+}
+$error = "At least one agent type must be specified."
+ unless( scalar(@agents) ||
+ $cgi->param('clone') && $cgi->param('clone') =~ /^\d+$/ ||
+ !$pkgpart && $conf->exists('agent-defaultpkg')
+ );
+
+my $new = new FS::part_pkg ( {
+ map {
+ $_ => scalar($cgi->param($_));
+ } fields('part_pkg')
+} );
+
+my $oldAutoCommit = $FS::UID::AutoCommit;
+local $FS::UID::AutoCommit = 0;
+
+my %pkg_svc = map { $_ => scalar($cgi->param("pkg_svc$_")) }
+ map { $_->svcpart }
+ qsearch('part_svc', {} );
+
+my $custnum = '';
+if ( $error ) {
+
+ # fall through
+
+} elsif ( $cgi->param('taxclass') eq '(select)' ) {
+
+ $error = 'Must select a tax class';
+
+} elsif ( $pkgpart ) {
+
+ $error = $new->replace( $old,
+ pkg_svc => \%pkg_svc,
+ primary_svc => scalar($cgi->param('pkg_svc_primary')),
+ );
+} else {
+
+ $error = $new->insert( pkg_svc => \%pkg_svc,
+ primary_svc => scalar($cgi->param('pkg_svc_primary')),
+ cust_pkg => $cgi->param('pkgnum'),
+ custnum_ref => \$custnum,
+ );
+ $pkgpart = $new->pkgpart;
+}
+
+unless ( $error || $conf->exists('agent_defaultpkg') ) {
+ my $error = $new->process_m2m(
+ 'link_table' => 'type_pkgs',
+ 'target_table' => 'agent_type',
+ 'params' => \@agents,
+ );
+}
+
+</%init>
Index: svc_acct_pop.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_acct_pop.cgi,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- svc_acct_pop.cgi 23 Aug 2006 22:25:37 -0000 1.5
+++ svc_acct_pop.cgi 13 Jan 2008 21:35:53 -0000 1.6
@@ -1,29 +1,30 @@
-%
-%
-%my $popnum = $cgi->param('popnum');
-%
-%my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum;
-%
-%my $new = new FS::svc_acct_pop ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('svc_acct_pop')
-%} );
-%
-%my $error = '';
-%if ( $popnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $popnum=$new->getfield('popnum');
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_acct_pop.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi");
+<% $cgi->redirect(popurl(3). "browse/svc_acct_pop.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $popnum = $cgi->param('popnum');
+
+my $old = qsearchs('svc_acct_pop',{'popnum'=>$popnum}) if $popnum;
+
+my $new = new FS::svc_acct_pop ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('svc_acct_pop')
+} );
+
+my $error = '';
+if ( $popnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $popnum=$new->getfield('popnum');
+}
+</%init>
Index: agent_payment_gateway.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/agent_payment_gateway.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- agent_payment_gateway.html 23 Aug 2006 22:25:37 -0000 1.2
+++ agent_payment_gateway.html 13 Jan 2008 21:35:53 -0000 1.3
@@ -1,26 +1,29 @@
-%
-%
-%$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum";
-%my $agent = qsearchs('agent', { 'agentnum' => $1 } );
-%die "agentnum $1 not found" unless $agent;
-%
-%#my $old
-%
-%my @new = map {
-% my $cardtype = $_;
-% new FS::agent_payment_gateway {
-% ( map { $_ => scalar($cgi->param($_)) }
-% fields('agent_payment_gateway')
-% ),
-% 'cardtype' => $cardtype,
-% };
-% }
-% $cgi->param('cardtype');
-%
-%foreach my $new (@new) {
-% my $error = $new->insert;
-% die $error if $error;
-%}
-%
-%
<% $cgi->redirect(popurl(3). "browse/agent.cgi") %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('agentnum') =~ /(\d+)$/ or die "illegal agentnum";
+my $agent = qsearchs('agent', { 'agentnum' => $1 } );
+die "agentnum $1 not found" unless $agent;
+
+#my $old
+
+my @new = map {
+ my $cardtype = $_;
+ new FS::agent_payment_gateway {
+ ( map { $_ => scalar($cgi->param($_)) }
+ fields('agent_payment_gateway')
+ ),
+ 'cardtype' => $cardtype,
+ };
+ }
+ $cgi->param('cardtype');
+
+foreach my $new (@new) {
+ my $error = $new->insert;
+ die $error if $error;
+}
+
+</%init>
Index: agent_type.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/agent_type.cgi,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- agent_type.cgi 23 Aug 2006 22:25:37 -0000 1.8
+++ agent_type.cgi 13 Jan 2008 21:35:53 -0000 1.9
@@ -1,37 +1,35 @@
-%
-%
-%my $typenum = $cgi->param('typenum');
-%my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum;
-%
-%my $new = new FS::agent_type ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('agent_type')
-%} );
-%
-%my $error;
-%if ( $typenum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $typenum = $new->getfield('typenum');
-%}
-%#$error ||= $new->process_m2m( );
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "agent_type.cgi?". $cgi->query_string ) %>
%} else {
-%
-% my $error = $new->process_m2m(
-% 'link_table' => 'type_pkgs',
-% 'target_table' => 'part_pkg',
-% 'params' => scalar($cgi->Vars)
-% );
-% die $error if $error;
-%
-% print $cgi->redirect(popurl(3). "browse/agent_type.cgi");
+<% $cgi->redirect(popurl(3). "browse/agent_type.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $typenum = $cgi->param('typenum');
+my $old = qsearchs('agent_type',{'typenum'=>$typenum}) if $typenum;
+
+my $new = new FS::agent_type ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('agent_type')
+} );
+my $error;
+if ( $typenum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $typenum = $new->getfield('typenum');
+}
+
+ $error ||= $new->process_m2m(
+ 'link_table' => 'type_pkgs',
+ 'target_table' => 'part_pkg',
+ 'params' => scalar($cgi->Vars)
+ );
+
+<%/init>
Index: svc_external.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_external.cgi,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- svc_external.cgi 23 Aug 2006 22:25:37 -0000 1.2
+++ svc_external.cgi 13 Jan 2008 21:35:53 -0000 1.3
@@ -1,30 +1,31 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum =$1;
-%
-%my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum;
-%
-%my $new = new FS::svc_external ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% } ( fields('svc_external'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error = '';
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->getfield('svcnum');
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_external.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_external.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum =$1;
+
+my $old = qsearchs('svc_external',{'svcnum'=>$svcnum}) if $svcnum;
+
+my $new = new FS::svc_external ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ } ( fields('svc_external'), qw( pkgnum svcpart ) )
+} );
+
+my $error = '';
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->getfield('svcnum');
+}
+
+</%init>
Index: payment_gateway.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/payment_gateway.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- payment_gateway.html 23 Aug 2006 22:25:37 -0000 1.4
+++ payment_gateway.html 13 Jan 2008 21:35:53 -0000 1.5
@@ -1,34 +1,35 @@
-%
-%
-%my $gatewaynum = $cgi->param('gatewaynum');
-%
-%my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum;
-%
-%my $new = new FS::payment_gateway ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('payment_gateway')
-%} );
-%
-%my @options = split(/\r?\n/, $cgi->param('gateway_options') );
-%pop @options
-% if scalar(@options) % 2 && $options[-1] =~ /^\s*$/;
-%my %options = @options;
-%
-%my $error;
-%if ( $gatewaynum ) {
-% $error=$new->replace($old, \%options);
-%} else {
-% $error=$new->insert(\%options);
-% $gatewaynum=$new->getfield('gatewaynum');
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "payment_gateway.html?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/payment_gateway.html");
+<% $cgi->redirect(popurl(3). "browse/payment_gateway.html") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $gatewaynum = $cgi->param('gatewaynum');
+
+my $old = qsearchs('payment_gateway',{'gatewaynum'=>$gatewaynum}) if $gatewaynum;
+
+my $new = new FS::payment_gateway ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('payment_gateway')
+} );
+my @options = split(/\r?\n/, $cgi->param('gateway_options') );
+pop @options
+ if scalar(@options) % 2 && $options[-1] =~ /^\s*$/;
+my %options = @options;
+
+my $error;
+if ( $gatewaynum ) {
+ $error=$new->replace($old, \%options);
+} else {
+ $error=$new->insert(\%options);
+ $gatewaynum=$new->getfield('gatewaynum');
+}
+
+</%init>
Index: pkg_class.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/pkg_class.html,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- pkg_class.html 23 Aug 2006 22:25:37 -0000 1.2
+++ pkg_class.html 13 Jan 2008 21:35:53 -0000 1.3
@@ -3,3 +3,9 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: cust_svc.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_svc.cgi,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- cust_svc.cgi 8 Oct 2007 19:14:26 -0000 1.3
+++ cust_svc.cgi 13 Jan 2008 21:35:53 -0000 1.4
@@ -1,30 +1,30 @@
-%
-%
-%my $svcnum = $cgi->param('svcnum');
-%
-%my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum;
-%
-%my $new = new FS::cust_svc ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('cust_svc')
-%} );
-%
-%my $error;
-%if ( $svcnum ) {
-% $error=$new->replace($old);
-%} else {
-% $error=$new->insert;
-% $svcnum=$new->getfield('svcnum');
-%}
-%
%if ( $error ) {
-% #$cgi->param('error', $error);
-% #print $cgi->redirect(popurl(2). "cust_svc.cgi?". $cgi->query_string );
% errorpage($error);
%} else {
% my $svcdb = $new->part_svc->svcdb;
-% print $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/$svcdb.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die 'access deined'
+ unless $FS::CurrentUser::CurrentUser->access_right('Change customer service');
+
+my $svcnum = $cgi->param('svcnum');
+
+my $old = qsearchs('cust_svc',{'svcnum'=>$svcnum}) if $svcnum;
+
+my $new = new FS::cust_svc ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('cust_svc')
+} );
+
+my $error;
+if ( $svcnum ) {
+ $error=$new->replace($old);
+} else {
+ $error=$new->insert;
+ $svcnum=$new->getfield('svcnum');
+}
+
+</%init>
Index: svc_Common.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_Common.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- svc_Common.html 29 Dec 2006 08:51:33 -0000 1.1
+++ svc_Common.html 13 Jan 2008 21:35:53 -0000 1.2
@@ -1,13 +1,16 @@
+<% include( 'elements/svc_Common.html',
+ 'table' => $table,
+ 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=",
+ 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;",
+ )
+%>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
$cgi->param('svcdb') =~ /^(svc_\w+)$/ or die "unparsable svcdb";
my $table = $1;
require "FS/$table.pm";
</%init>
-<% include( 'elements/svc_Common.html',
- 'table' => $table,
- 'redirect' => popurl(3)."view/svc_Common.html?svcdb=$table;svcnum=",
- 'error_redirect' => popurl(3)."edit/svc_Common.html?svcdb=$table;",
- )
-%>
Index: domain_record.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/domain_record.cgi,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- domain_record.cgi 8 Oct 2007 19:14:26 -0000 1.4
+++ domain_record.cgi 13 Jan 2008 21:35:53 -0000 1.5
@@ -1,36 +1,30 @@
-%
-%
-%my $recnum = $cgi->param('recnum');
-%
-%my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum;
-%
-%my $new = new FS::domain_record ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('domain_record')
-%} );
-%
-%my $error;
-%if ( $recnum ) {
-% $error=$new->replace($old);
-%} else {
-% $error=$new->insert;
-% $recnum=$new->getfield('recnum');
-%}
-%
%if ( $error ) {
-%# $cgi->param('error', $error);
-%# print $cgi->redirect(popurl(2). "agent.cgi?". $cgi->query_string );
-% #no edit screen to send them back to
-%
-
-<!-- mason kludge -->
-%
% errorpage($error);
%} else {
% my $svcnum = $new->svcnum;
-% print $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_domain.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit domain nameservice');
+
+my $recnum = $cgi->param('recnum');
+my $old = qsearchs('agent',{'recnum'=>$recnum}) if $recnum;
+
+my $new = new FS::domain_record ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('domain_record')
+} );
+
+my $error;
+if ( $recnum ) {
+ $error=$new->replace($old);
+} else {
+ $error=$new->insert;
+ $recnum=$new->getfield('recnum');
+}
+
+</%init>
Index: generic.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/generic.cgi,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- generic.cgi 14 Sep 2006 19:30:28 -0000 1.4
+++ generic.cgi 13 Jan 2008 21:35:53 -0000 1.5
@@ -1,73 +1,77 @@
-%# Welcome to generic.cgi.
-%#
-%# This script provides a generic edit/process/ backend for simple table
-%# editing. All it knows how to do is take the values entered into
-%# the script and insert them into the table specified by $cgi->param('table').
-%# If there's an existing record with the same primary key, it will be
-%# replaced. (Deletion will be added in the future.)
-%#
-%# also see elements/process.html, newer and somewhat along the same lines,
-%# though it still makes you setup a process file for the table.
-%# perhaps safer, perhaps more of a pain in the ass.
-%#
-%# Special cgi params for this script:
-%# table: the name of the table to be edited. The script will die horribly
-%# if it can't find the table.
-%# redirect_ok: URL to be displayed after a successful edit. The value of
-%# the record's primary key will be passed as a keyword.
-%# Defaults to (freeside root)/view/$table.cgi.
-%# redirect_error: URL to be displayed if there's an error. The original
-%# query string, plus the error message, will be passed.
-%# Defaults to $cgi->referer() (i.e. go back where you
-%# came from).
-%
-%
-%use FS::Record qw(qsearchs dbdef);
-%use DBIx::DBSchema;
-%use DBIx::DBSchema::Table;
-%
-%
-%my $error;
-%my $p2 = popurl(2);
-%my $p3 = popurl(3);
-%my $table = $cgi->param('table');
-%my $dbdef = dbdef or die "Cannot fetch dbdef!";
-%
-%my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table";
-%
-%my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table";
-%my $pkey_val = $cgi->param($pkey);
-%
-%
-%#warn "new FS::Record ( $table, (hashref) )";
-%my $new = FS::Record::new ( "FS::$table", {
-% map { $_, scalar($cgi->param($_)) } fields($table)
-%} );
-%
-%#warn 'created $new of class '.ref($new);
-%
-%if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) {
-% # edit
-% $error = $new->replace($old);
-%} else {
-% #add
-% $error = $new->insert;
-% $pkey_val = $new->getfield($pkey);
-% # New records usually don't have their primary keys set until after
-% # they've been checked/inserted, so grab the new $pkey_val so we can
-% # redirect to it.
-%}
-%
-%my $redirect_ok = (($cgi->param('redirect_ok')) ?
-% $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table");
-%my $redirect_error = (($cgi->param('redirect_error')) ?
-% $cgi->param('redirect_error') : $cgi->referer());
-%
%if($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect($redirect_error . '?' . $cgi->query_string);
+<% $cgi->redirect($redirect_error . '?' . $cgi->query_string) %>
%} else {
-% print $cgi->redirect($redirect_ok);
+<% $cgi->redirect($redirect_ok) %>
%}
-%
+<%doc>
+
+See elements/process.html, newer and somewhat along the same lines,
+though it still makes you setup a process file for the table.
+Perhaps safer, perhaps more of a pain in the ass.
+
+In any case, this is probably pretty deprecated; it is only used by
+part_virtual_field.cgi, and so its ACL is hardcoded to 'Configuration'.
+
+Welcome to generic.cgi.
+
+This script provides a generic edit/process/ backend for simple table
+editing. All it knows how to do is take the values entered into
+the script and insert them into the table specified by $cgi->param('table').
+If there's an existing record with the same primary key, it will be
+replaced. (Deletion will be added in the future.)
+
+Special cgi params for this script:
+table: the name of the table to be edited. The script will die horribly
+ if it can't find the table.
+redirect_ok: URL to be displayed after a successful edit. The value of
+ the record's primary key will be passed as a keyword.
+ Defaults to (freeside root)/view/$table.cgi.
+redirect_error: URL to be displayed if there's an error. The original
+ query string, plus the error message, will be passed.
+ Defaults to $cgi->referer() (i.e. go back where you
+ came from).
+
+</%doc>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $error;
+my $p2 = popurl(2);
+my $p3 = popurl(3);
+my $table = $cgi->param('table');
+my $dbdef = dbdef or die "Cannot fetch dbdef!";
+
+my $dbdef_table = $dbdef->table($table) or die "Cannot fetch schema for $table";
+
+my $pkey = $dbdef_table->primary_key or die "Cannot fetch pkey for $table";
+my $pkey_val = $cgi->param($pkey);
+
+#warn "new FS::Record ( $table, (hashref) )";
+my $new = FS::Record::new ( "FS::$table", {
+ map { $_, scalar($cgi->param($_)) } fields($table)
+} );
+
+#warn 'created $new of class '.ref($new);
+
+if($pkey_val and (my $old = qsearchs($table, { $pkey, $pkey_val} ))) {
+ # edit
+ $error = $new->replace($old);
+} else {
+ #add
+ $error = $new->insert;
+ $pkey_val = $new->getfield($pkey);
+ # New records usually don't have their primary keys set until after
+ # they've been checked/inserted, so grab the new $pkey_val so we can
+ # redirect to it.
+}
+
+my $redirect_ok = (($cgi->param('redirect_ok')) ?
+ $cgi->param('redirect_ok') : $p3."browse/generic.cgi?$table");
+my $redirect_error = (($cgi->param('redirect_error')) ?
+ $cgi->param('redirect_error') : $cgi->referer());
+
+</%init>
Index: part_svc.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/part_svc.cgi,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- part_svc.cgi 23 Aug 2006 22:25:37 -0000 1.14
+++ part_svc.cgi 13 Jan 2008 21:35:53 -0000 1.15
@@ -1,4 +1,9 @@
-%
-% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process', $cgi;
+
+</%init>
Index: cust_main_county-collapse.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_main_county-collapse.cgi,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- cust_main_county-collapse.cgi 23 Aug 2006 22:25:37 -0000 1.5
+++ cust_main_county-collapse.cgi 13 Jan 2008 21:35:53 -0000 1.6
@@ -33,4 +33,12 @@
%print $cgi->redirect(popurl(3). "browse/cust_main_county.cgi");
%
%
+<%init>
+
+#this isn't actually linked from anywhere just now, but it will be again soon
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: router.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/router.cgi,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- router.cgi 23 Aug 2006 22:25:37 -0000 1.5
+++ router.cgi 13 Jan 2008 21:35:53 -0000 1.6
@@ -1,5 +1,3 @@
-%
-%
%local $FS::UID::AutoCommit=0;
%
%sub check {
@@ -64,5 +62,9 @@
%dbh->commit or die dbh->errstr;
%print $cgi->redirect(popurl(3). "browse/router.cgi");
%
-%
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: svc_broadband.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_broadband.cgi,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- svc_broadband.cgi 23 Aug 2006 22:25:37 -0000 1.6
+++ svc_broadband.cgi 13 Jan 2008 21:35:53 -0000 1.7
@@ -1,37 +1,38 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $old;
-%if ( $svcnum ) {
-% $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } )
-% or die "fatal: can't find broadband service (svcnum $svcnum)!";
-%} else {
-% $old = '';
-%}
-%
-%my $new = new FS::svc_broadband ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% } ( fields('svc_broadband'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error;
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->svcnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
% $cgi->param('ip_addr', $new->ip_addr);
-% print $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_broadband.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum );
+<% $cgi->redirect(popurl(3). "view/svc_broadband.cgi?" . $svcnum ) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+
+my $old;
+if ( $svcnum ) {
+ $old = qsearchs('svc_broadband', { 'svcnum' => $svcnum } )
+ or die "fatal: can't find broadband service (svcnum $svcnum)!";
+} else {
+ $old = '';
+}
+my $new = new FS::svc_broadband ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ } ( fields('svc_broadband'), qw( pkgnum svcpart ) )
+} );
+
+my $error;
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->svcnum;
+}
+
+</%init>
Index: cust_main_county.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_main_county.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- cust_main_county.html 4 Jan 2008 02:42:07 -0000 1.1
+++ cust_main_county.html 13 Jan 2008 21:35:53 -0000 1.2
@@ -4,3 +4,10 @@
#someday change the individual element and go away instead
)
%>
+<%init>
+
+my $conf = new FS::Conf;
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: access_user.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/access_user.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- access_user.html 19 Jan 2007 22:02:21 -0000 1.5
+++ access_user.html 13 Jan 2008 21:35:53 -0000 1.6
@@ -13,3 +13,9 @@
)
%>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: cust_main_county-expand.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_main_county-expand.cgi,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- cust_main_county-expand.cgi 4 Jan 2008 02:42:07 -0000 1.9
+++ cust_main_county-expand.cgi 13 Jan 2008 21:35:53 -0000 1.10
@@ -8,6 +8,9 @@
</HTML>
<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
$cgi->param('taxnum') =~ /^(\d+)$/ or die "Illegal taxnum!";
my $taxnum = $1;
my $cust_main_county = qsearchs('cust_main_county',{'taxnum'=>$taxnum})
Index: reason_type.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/reason_type.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- reason_type.html 19 Oct 2006 14:25:32 -0000 1.1
+++ reason_type.html 13 Jan 2008 21:35:53 -0000 1.2
@@ -4,3 +4,9 @@
$cgi->param('class') . '&',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: cust_pay.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_pay.cgi,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- cust_pay.cgi 31 Jan 2007 04:30:49 -0000 1.12
+++ cust_pay.cgi 13 Jan 2008 21:35:53 -0000 1.13
@@ -1,32 +1,8 @@
-%
-%
-%$cgi->param('linknum') =~ /^(\d+)$/
-% or die "Illegal linknum: ". $cgi->param('linknum');
-%my $linknum = $1;
-%
-%$cgi->param('link') =~ /^(custnum|invnum|popup)$/
-% or die "Illegal link: ". $cgi->param('link');
-%my $field = my $link = $1;
-%$field = 'custnum' if $field eq 'popup';
-%
-%my $_date = str2time($cgi->param('_date'));
-%
-%my $new = new FS::cust_pay ( {
-% $field => $linknum,
-% _date => $_date,
-% map {
-% $_, scalar($cgi->param($_));
-% } qw(paid payby payinfo paybatch)
-% #} fields('cust_pay')
-%} );
-%
-%my $error = $new->insert( 'manual' => 1 );
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string );
+<% $cgi->redirect(popurl(2). 'cust_pay.cgi?'. $cgi->query_string ) %>
%} elsif ( $field eq 'invnum' ) {
-% print $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum");
+<% $cgi->redirect(popurl(3). "view/cust_bill.cgi?$linknum") %>
%} elsif ( $field eq 'custnum' ) {
% if ( $cgi->param('apply') eq 'yes' ) {
% my $cust_main = qsearchs('cust_main', { 'custnum' => $linknum })
@@ -34,7 +10,6 @@
% $cust_main->apply_payments;
% }
% if ( $link eq 'popup' ) {
-%
%
<% header('Payment entered') %>
<SCRIPT TYPE="text/javascript">
@@ -43,14 +18,38 @@
</BODY></HTML>
%
-%
% } elsif ( $link eq 'custnum' ) {
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$linknum") %>
% } else {
% die "unknown link $link";
% }
%
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
+
+$cgi->param('linknum') =~ /^(\d+)$/
+ or die "Illegal linknum: ". $cgi->param('linknum');
+my $linknum = $1;
+
+$cgi->param('link') =~ /^(custnum|invnum|popup)$/
+ or die "Illegal link: ". $cgi->param('link');
+my $field = my $link = $1;
+$field = 'custnum' if $field eq 'popup';
+
+my $_date = str2time($cgi->param('_date'));
+my $new = new FS::cust_pay ( {
+ $field => $linknum,
+ _date => $_date,
+ map {
+ $_, scalar($cgi->param($_));
+ } qw(paid payby payinfo paybatch)
+ #} fields('cust_pay')
+} );
+
+my $error = $new->insert( 'manual' => 1 );
+
+</%init>
Index: inventory_class.html
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/inventory_class.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- inventory_class.html 23 Aug 2006 22:25:37 -0000 1.3
+++ inventory_class.html 13 Jan 2008 21:35:53 -0000 1.4
@@ -3,3 +3,9 @@
'viewall_dir' => 'browse',
)
%>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: svc_forward.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_forward.cgi,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- svc_forward.cgi 23 Aug 2006 22:25:37 -0000 1.5
+++ svc_forward.cgi 13 Jan 2008 21:35:54 -0000 1.6
@@ -1,30 +1,31 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum =$1;
-%
-%my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum;
-%
-%my $new = new FS::svc_forward ( {
-% map {
-% ($_, scalar($cgi->param($_)));
-% } ( fields('svc_forward'), qw( pkgnum svcpart ) )
-%} );
-%
-%my $error = '';
-%if ( $svcnum ) {
-% $error = $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->getfield('svcnum');
-%}
-%
%if ($error) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_forward.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum");
+<% $cgi->redirect(popurl(3). "view/svc_forward.cgi?$svcnum") %>
%}
-%
-%
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum =$1;
+
+my $old = qsearchs('svc_forward',{'svcnum'=>$svcnum}) if $svcnum;
+
+my $new = new FS::svc_forward ( {
+ map {
+ ($_, scalar($cgi->param($_)));
+ } ( fields('svc_forward'), qw( pkgnum svcpart ) )
+} );
+
+my $error = '';
+if ( $svcnum ) {
+ $error = $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->getfield('svcnum');
+}
+
+</%init>
Index: REAL_cust_pkg.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/REAL_cust_pkg.cgi,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- REAL_cust_pkg.cgi 29 Nov 2007 23:51:37 -0000 1.9
+++ REAL_cust_pkg.cgi 13 Jan 2008 21:35:53 -0000 1.10
@@ -1,31 +1,36 @@
-%my $pkgnum = $cgi->param('pkgnum') or die;
-%my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
-%my %hash = $old->hash;
-%$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : '';
-%$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : '';
-%$hash{'last_bill'} =
-% $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : '';
-%$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : '';
-%$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : '';
-%
-%my $new;
-%my $error;
-%if ( $hash{'bill'} != $old->bill # if the next bill date was changed
-% && $hash{'bill'} < time # to a date in the past
-% && ! $cgi->param('bill_areyousure') # and it wasn't confirmed
-% )
-%{
-% $error = '_bill_areyousure';
-%} else {
-% $new = new FS::cust_pkg \%hash;
-% $error = $new->replace($old);
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "REAL_cust_pkg.cgi?". $cgi->query_string ) %>
%} else {
% my $custnum = $new->custnum;
-% print $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum".
-% "#cust_pkg$pkgnum" );
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum#cust_pkg$pkgnum" ) %>
%}
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Edit customer package dates');
+
+my $pkgnum = $cgi->param('pkgnum') or die;
+my $old = qsearchs('cust_pkg',{'pkgnum'=>$pkgnum});
+my %hash = $old->hash;
+$hash{'setup'} = $cgi->param('setup') ? str2time($cgi->param('setup')) : '';
+$hash{'bill'} = $cgi->param('bill') ? str2time($cgi->param('bill')) : '';
+$hash{'last_bill'} =
+ $cgi->param('last_bill') ? str2time($cgi->param('last_bill')) : '';
+$hash{'adjourn'} = $cgi->param('adjourn') ? str2time($cgi->param('adjourn')) : '';
+$hash{'expire'} = $cgi->param('expire') ? str2time($cgi->param('expire')) : '';
+
+my $new;
+my $error;
+if ( $hash{'bill'} != $old->bill # if the next bill date was changed
+ && $hash{'bill'} < time # to a date in the past
+ && ! $cgi->param('bill_areyousure') # and it wasn't confirmed
+ )
+{
+ $error = '_bill_areyousure';
+} else {
+ $new = new FS::cust_pkg \%hash;
+ $error = $new->replace($old);
+}
+
+</%init>
Index: msgcat.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/msgcat.cgi,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- msgcat.cgi 23 Aug 2006 22:25:37 -0000 1.3
+++ msgcat.cgi 13 Jan 2008 21:35:53 -0000 1.4
@@ -1,21 +1,22 @@
-%
-%
-%my $error;
-%foreach my $param ( grep { /^\d+$/ } $cgi->param ) {
-% my $old = qsearchs('msgcat', { msgnum=>$param } );
-% next if $old->msg eq $cgi->param($param); #no need to update identical records
-% my $new = new FS::msgcat { $old->hash };
-% $new->msg($cgi->param($param));
-% $error = $new->replace($old);
-% last if $error;
-%}
-%
%if ( $error ) {
% $cgi->param('error',$error);
-% print $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string );
+<% $cgi->redirect($p. "msgcat.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/msgcat.cgi");
+<% $cgi->redirect(popurl(3). "browse/msgcat.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $error;
+foreach my $param ( grep { /^\d+$/ } $cgi->param ) {
+ my $old = qsearchs('msgcat', { msgnum=>$param } );
+ next if $old->msg eq $cgi->param($param); #no need to update identical records
+ my $new = new FS::msgcat { $old->hash };
+ $new->msg($cgi->param($param));
+ $error = $new->replace($old);
+ last if $error;
+}
+</%init>
Index: svc_acct.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/svc_acct.cgi,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- svc_acct.cgi 6 Jul 2007 23:55:26 -0000 1.10
+++ svc_acct.cgi 13 Jan 2008 21:35:53 -0000 1.11
@@ -1,63 +1,64 @@
-%
-%
-%$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
-%my $svcnum = $1;
-%
-%my $old;
-%if ( $svcnum ) {
-% $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } )
-% or die "fatal: can't find account (svcnum $svcnum)!";
-%} else {
-% $old = '';
-%}
-%
-%#unmunge popnum
-%$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] );
-%
-%#unmunge passwd
-%if ( $cgi->param('_password') eq '*HIDDEN*' ) {
-% die "fatal: no previous account to recall hidden password from!" unless $old;
-% $cgi->param('_password',$old->getfield('_password'));
-%}
-%
-%#unmunge usergroup
-%$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] );
-%
-%#unmunge bytecounts
-%foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) {
-% $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) );
-%}
-%
-%my %hash = $svcnum ? $old->hash : ();
-%map {
-% $hash{$_} = scalar($cgi->param($_));
-% #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir
-% # shell quota slipip)
-% } (fields('svc_acct'), qw ( pkgnum svcpart usergroup ));
-%my $new = new FS::svc_acct ( \%hash );
-%
-%my $error;
-%if ( $svcnum ) {
-% foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) {
-% my %hash = map { $_ => $new->$_ }
-% grep { $new->$_ }
-% qw( seconds upbytes downbytes totalbytes );
-%
-% $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes
-% last; #once is enough
-% }
-% $error ||= $new->replace($old);
-%} else {
-% $error = $new->insert;
-% $svcnum = $new->svcnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error);
-% print $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "svc_acct.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum );
+<% $cgi->redirect(popurl(3). "view/svc_acct.cgi?" . $svcnum ) %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Provision customer service'); #something else more specific?
+
+$cgi->param('svcnum') =~ /^(\d*)$/ or die "Illegal svcnum!";
+my $svcnum = $1;
+
+my $old;
+if ( $svcnum ) {
+ $old = qsearchs('svc_acct', { 'svcnum' => $svcnum } )
+ or die "fatal: can't find account (svcnum $svcnum)!";
+} else {
+ $old = '';
+}
+
+#unmunge popnum
+$cgi->param('popnum', (split(/:/, $cgi->param('popnum') ))[0] );
+
+#unmunge passwd
+if ( $cgi->param('_password') eq '*HIDDEN*' ) {
+ die "fatal: no previous account to recall hidden password from!" unless $old;
+ $cgi->param('_password',$old->getfield('_password'));
+}
+
+#unmunge usergroup
+$cgi->param('usergroup', [ $cgi->param('radius_usergroup') ] );
+
+#unmunge bytecounts
+foreach (map { $_,$_."_threshold" } qw( upbytes downbytes totalbytes )) {
+ $cgi->param($_, FS::UI::bytecount::parse_bytecount($cgi->param($_)) );
+}
+my %hash = $svcnum ? $old->hash : ();
+map {
+ $hash{$_} = scalar($cgi->param($_));
+ #} qw(svcnum pkgnum svcpart username _password popnum uid gid finger dir
+ # shell quota slipip)
+ } (fields('svc_acct'), qw ( pkgnum svcpart usergroup ));
+my $new = new FS::svc_acct ( \%hash );
+
+my $error;
+if ( $svcnum ) {
+ foreach (grep { $old->$_ != $new->$_ } qw( seconds upbytes downbytes totalbytes )) {
+ my %hash = map { $_ => $new->$_ }
+ grep { $new->$_ }
+ qw( seconds upbytes downbytes totalbytes );
+
+ $error = $new->set_usage(\%hash); #unoverlimit and trigger radius changes
+ last; #once is enough
+ }
+ $error ||= $new->replace($old);
+} else {
+ $error = $new->insert;
+ $svcnum = $new->svcnum;
+}
+
+</%init>
Index: part_export.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/part_export.cgi,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- part_export.cgi 23 Aug 2006 22:25:37 -0000 1.8
+++ part_export.cgi 13 Jan 2008 21:35:53 -0000 1.9
@@ -1,40 +1,41 @@
-%
-%
-%my $exportnum = $cgi->param('exportnum');
-%
-%my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum;
-%
-%#fixup options
-%#warn join('-', split(',',$cgi->param('options')));
-%my %options = map {
-% my $value = $cgi->param($_);
-% $value =~ s/\r\n/\n/g; #browsers? (textarea)
-% $_ => $value;
-%} split(',', $cgi->param('options'));
-%
-%my $new = new FS::part_export ( {
-% map {
-% $_, scalar($cgi->param($_));
-% } fields('part_export')
-%} );
-%
-%my $error;
-%if ( $exportnum ) {
-% #warn $old;
-% #warn $exportnum;
-% #warn $new->machine;
-% $error = $new->replace($old,\%options);
-%} else {
-% $error = $new->insert(\%options);
-%# $exportnum = $new->exportnum;
-%}
-%
%if ( $error ) {
% $cgi->param('error', $error );
-% print $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string );
+<% $cgi->redirect(popurl(2). "part_export.cgi?". $cgi->query_string ) %>
%} else {
-% print $cgi->redirect(popurl(3). "browse/part_export.cgi");
+<% $cgi->redirect(popurl(3). "browse/part_export.cgi") %>
%}
-%
-%
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $exportnum = $cgi->param('exportnum');
+
+my $old = qsearchs('part_export', { 'exportnum'=>$exportnum } ) if $exportnum;
+#fixup options
+#warn join('-', split(',',$cgi->param('options')));
+my %options = map {
+ my $value = $cgi->param($_);
+ $value =~ s/\r\n/\n/g; #browsers? (textarea)
+ $_ => $value;
+} split(',', $cgi->param('options'));
+
+my $new = new FS::part_export ( {
+ map {
+ $_, scalar($cgi->param($_));
+ } fields('part_export')
+} );
+
+my $error;
+if ( $exportnum ) {
+ #warn $old;
+ #warn $exportnum;
+ #warn $new->machine;
+ $error = $new->replace($old,\%options);
+} else {
+ $error = $new->insert(\%options);
+# $exportnum = $new->exportnum;
+}
+
+</%init>
Index: cust_pkg.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_pkg.cgi,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -d -r1.7 -r1.8
--- cust_pkg.cgi 2 Aug 2007 23:09:43 -0000 1.7
+++ cust_pkg.cgi 13 Jan 2008 21:35:53 -0000 1.8
@@ -11,7 +11,7 @@
</HTML>
% } elsif ( $action eq 'bulk' ) {
-% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum");
+<% $cgi->redirect(popurl(3). "view/cust_main.cgi?$custnum") %>
% } else {
% die "guru exception #5: action is neither change nor bulk!";
% }
@@ -28,15 +28,27 @@
$1;
} $cgi->param('remove_pkg');
+my $curuser = $FS::CurrentUser::CurrentUser;
+
my( $action, $error_redirect );
my @pkgparts = ();
if ( $cgi->param('new_pkgpart') =~ /^(\d+)$/ ) { #came from misc/change_pkg.cgi
+
$action = 'change';
$error_redirect = "misc/change_pkg.cgi";
@pkgparts = ($1);
+
+ die "access denied"
+ unless $curuser->access_right('Change customer package');
+
} else { #came from edit/cust_pkg.cgi
+
$action = 'bulk';
$error_redirect = "edit/cust_pkg.cgi";
+
+ die "access denied"
+ unless $curuser->access_right('Bulk change customer packages');
+
foreach my $pkgpart ( map /^pkg(\d+)$/ ? $1 : (), $cgi->param ) {
if ( $cgi->param("pkg$pkgpart") =~ /^(\d+)$/ ) {
my $num_pkgs = $1;
@@ -48,6 +60,7 @@
last;
}
}
+
}
$error ||= FS::cust_pkg::order($custnum,\@pkgparts,\@remove_pkgnums);
Index: prepay_credit.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/prepay_credit.cgi,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- prepay_credit.cgi 19 Apr 2007 23:30:40 -0000 1.6
+++ prepay_credit.cgi 13 Jan 2008 21:35:53 -0000 1.7
@@ -36,8 +36,7 @@
<% include("/elements/header.html", "$num prepaid cards generated".
- ( $agent ? ' for '.$agent->agent : '' ),
- menubar( 'Main menu' => popurl(3) )
+ ( $agent ? ' for '.$agent->agent : '' )
)
%>
@@ -60,4 +59,9 @@
</BODY></HTML>
% }
+<%init>
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+</%init>
Index: bulk-cust_svc.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/bulk-cust_svc.cgi,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- bulk-cust_svc.cgi 23 Aug 2006 22:25:37 -0000 1.2
+++ bulk-cust_svc.cgi 13 Jan 2008 21:35:53 -0000 1.3
@@ -1,4 +1,9 @@
-%
-% my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi;
-%
<% $server->process %>
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+my $server = new FS::UI::Web::JSRPC 'FS::part_svc::process_bulk_cust_svc', $cgi;
+
+</%init>
Index: reg_code.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/reg_code.cgi,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- reg_code.cgi 8 Oct 2007 19:14:26 -0000 1.5
+++ reg_code.cgi 13 Jan 2008 21:35:53 -0000 1.6
@@ -1,50 +1,46 @@
-%
-%
-%$cgi->param('agentnum') =~ /^(\d+)$/
-% or errorpage('illegal agentnum '. $cgi->param('agentnum'));
-%my $agentnum = $1;
-%my $agent = qsearchs('agent', { 'agentnum' => $agentnum } );
-%
-%my $error = '';
-%
-%my $num = 0;
-%if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) {
-% $num = $1;
-%} else {
-% $error = 'Illegal number of codes: '. $cgi->param('num');
-%}
-%
-%my @pkgparts =
-% map { /^pkgpart(.*)$/; $1 }
-% grep { $cgi->param($_) }
-% grep { /^pkgpart/ }
-% $cgi->param;
-%
-%$error ||= $agent->generate_reg_codes($num, \@pkgparts);
-%
%unless ( ref($error) ) {
% $cgi->param('error'. $error );
-%
-<%
- $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string )
-%>
+<% $cgi->redirect(popurl(3). "edit/reg_code.cgi?". $cgi->query_string ) %>
% } else {
-
<% include("/elements/header.html","$num registration codes generated for ". $agent->agent, menubar(
- 'Main menu' => popurl(3),
'View all agents' => popurl(3). 'browse/agent.cgi',
) ) %>
<PRE><FONT SIZE="+1">
% foreach my $code ( @$error ) {
-
<% $code %>
% }
-
-
</FONT></PRE>
-</BODY></HTML>
+<% include('/elements/footer.html') %>
% }
+<%init>
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
+
+$cgi->param('agentnum') =~ /^(\d+)$/
+ or errorpage('illegal agentnum '. $cgi->param('agentnum'));
+my $agentnum = $1;
+my $agent = qsearchs('agent', { 'agentnum' => $agentnum } );
+
+my $error = '';
+
+my $num = 0;
+if ( $cgi->param('num') =~ /^\s*(\d+)\s*$/ ) {
+ $num = $1;
+} else {
+ $error = 'Illegal number of codes: '. $cgi->param('num');
+}
+
+my @pkgparts =
+ map { /^pkgpart(.*)$/; $1 }
+ grep { $cgi->param($_) }
+ grep { /^pkgpart/ }
+ $cgi->param;
+
+$error ||= $agent->generate_reg_codes($num, \@pkgparts);
+
+</%init>
- Previous message: [freeside-commits] freeside/httemplate/edit REAL_cust_pkg.cgi, 1.15, 1.16 access_user.html, 1.5, 1.6 agent.cgi, 1.17, 1.18 agent_payment_gateway.html, 1.4, 1.5 agent_type.cgi, 1.17, 1.18 bulk-cust_svc.html, 1.3, 1.4 cust_bill_pay.cgi, 1.16, 1.17 cust_credit.cgi, 1.20, 1.21 cust_credit_bill.cgi, 1.15, 1.16 cust_main.cgi, 1.83, 1.84 cust_main_county-expand.cgi, 1.12, 1.13 cust_main_note.cgi, 1.3, 1.4 cust_pay.cgi, 1.25, 1.26 cust_pkg.cgi, 1.13, 1.14 cust_refund.cgi, 1.6, 1.7 inventory_class.html, 1.3, 1.4 part_bill_event.cgi, 1.40, 1.41 part_export.cgi, 1.28, 1.29 part_pkg.cgi, 1.78, 1.79 part_referral.html, 1.3, 1.4 part_svc.cgi, 1.58, 1.59 part_virtual_field.cgi, 1.8, 1.9 payment_gateway.html, 1.8, 1.9 pkg_class.html, 1.3, 1.4 prepay_credit.cgi, 1.6, 1.7 quick-charge.html, 1.4, 1.5 rate.cgi, 1.14, 1.15 rate_region.cgi, 1.6, 1.7 reason.html, 1.4, 1.5 reason_type.html, 1.2, 1.3 reg_code.cgi, 1.5, 1.6 router.cgi, 1.6, 1.7 svc_Common.html, 1.1, 1.2 svc_acct.cgi, 1.51, 1.52 svc_acct_pop.cgi, 1.9, 1.10 svc_broadband.cgi, 1.15, 1.16 svc_domain.cgi, 1.15, 1.16 svc_external.cgi, 1.4, 1.5 svc_forward.cgi, 1.20, 1.21 svc_phone.cgi, 1.2, 1.3 svc_www.cgi, 1.23, 1.24
- Next message: [freeside-commits] freeside/httemplate/edit/process REAL_cust_pkg.cgi, 1.7.2.2, 1.7.2.3 access_user.html, 1.5, 1.5.2.1 agent.cgi, 1.5, 1.5.2.1 agent_payment_gateway.html, 1.2, 1.2.2.1 agent_type.cgi, 1.8, 1.8.2.1 bulk-cust_svc.cgi, 1.2, 1.2.2.1 cust_bill_pay.cgi, 1.6, 1.6.2.1 cust_credit.cgi, 1.10.2.1, 1.10.2.2 cust_credit_bill.cgi, 1.8, 1.8.2.1 cust_main.cgi, 1.32.2.2, 1.32.2.3 cust_main_county-collapse.cgi, 1.5, 1.5.2.1 cust_main_county-expand.cgi, 1.8.2.1, 1.8.2.2 cust_main_county.html, 1.1.2.2, 1.1.2.3 cust_main_note.cgi, 1.4, 1.4.2.1 cust_pay.cgi, 1.12, 1.12.2.1 cust_pkg.cgi, 1.6.2.1, 1.6.2.2 cust_refund.cgi, 1.6.2.1, 1.6.2.2 cust_svc.cgi, 1.2.2.1, 1.2.2.2 domain_record.cgi, 1.3.2.1, 1.3.2.2 generic.cgi, 1.4, 1.4.2.1 inventory_class.html, 1.3, 1.3.2.1 msgcat.cgi, 1.3, 1.3.2.1 part_bill_event.cgi, 1.10, 1.10.2.1 part_export.cgi, 1.8, 1.8.2.1 part_pkg.cgi, 1.18.2.6, 1.18.2.7 part_referral.html, 1.2, 1.2.2.1 part_svc.cgi, 1.14, 1.14.2.1 payment_gateway.html, 1.4, 1.4.2.1 pkg_class.html, 1.2, 1.2.2.1 prepay_credit.cgi, 1.5.2.1, 1.5.2.2 quick-charge.cgi, 1.10.2.1, 1.10.2.2 quick-cust_pkg.cgi, 1.9.2.1, 1.9.2.2 rate.cgi, 1.8, 1.8.2.1 reason.html, 1.1, 1.1.2.1 reason_type.html, 1.1, 1.1.2.1 reg_code.cgi, 1.4.2.1, 1.4.2.2 router.cgi, 1.5, 1.5.2.1 svc_Common.html, 1.1, 1.1.2.1 svc_acct.cgi, 1.7.2.3, 1.7.2.4 svc_acct_pop.cgi, 1.5, 1.5.2.1 svc_broadband.cgi, 1.6, 1.6.2.1 svc_domain.cgi, 1.5, 1.5.2.1 svc_external.cgi, 1.2, 1.2.2.1 svc_forward.cgi, 1.5, 1.5.2.1 svc_phone.html, 1.2, 1.2.2.1 svc_www.cgi, 1.3, 1.3.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the freeside-commits
mailing list