[freeside-commits] freeside/httemplate/edit/process part_pkg.cgi, 1.18.2.8, 1.18.2.9
Ivan,,,
ivan at wavetail.420.am
Wed Jan 16 20:23:23 PST 2008
Update of /home/cvs/cvsroot/freeside/httemplate/edit/process
In directory wavetail:/tmp/cvs-serv15303/edit/process
Modified Files:
Tag: FREESIDE_1_7_BRANCH
part_pkg.cgi
Log Message:
fix ACLs to allow the limited "package editing" of customizing customer packages
Index: part_pkg.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/part_pkg.cgi,v
retrieving revision 1.18.2.8
retrieving revision 1.18.2.9
diff -u -d -r1.18.2.8 -r1.18.2.9
--- part_pkg.cgi 13 Jan 2008 21:39:05 -0000 1.18.2.8
+++ part_pkg.cgi 17 Jan 2008 04:23:21 -0000 1.18.2.9
@@ -11,9 +11,6 @@
%}
<%init>
-die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('Configuration');
-
my $dbh = dbh;
my $conf = new FS::Conf;
@@ -69,6 +66,8 @@
map { $_->svcpart }
qsearch('part_svc', {} );
+my $curuser = $FS::CurrentUser::CurrentUser;
+
my $custnum = '';
if ( $error ) {
@@ -80,12 +79,19 @@
} elsif ( $pkgpart ) {
+ die "access denied"
+ unless $curuser->access_right('Configuration')
+
$error = $new->replace( $old,
pkg_svc => \%pkg_svc,
primary_svc => scalar($cgi->param('pkg_svc_primary')),
);
} else {
+ die "access denied"
+ unless $curuser->access_right('Configuration')
+ || ( $cgi->param('pkgnum') && $curuser->access_right('Customize customer package') );
+
$error = $new->insert( pkg_svc => \%pkg_svc,
primary_svc => scalar($cgi->param('pkg_svc_primary')),
cust_pkg => $cgi->param('pkgnum'),
More information about the freeside-commits
mailing list