[freeside-commits] freeside/httemplate/edit cust_main.cgi, 1.99, 1.100

[Ivan,,,]

Update of /home/cvs/cvsroot/freeside/httemplate/edit
In directory wavetail.420.am:/tmp/cvs-serv21326

Modified Files:
	cust_main.cgi 
Log Message:
ACL on customer edit

Index: cust_main.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/cust_main.cgi,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -d -r1.99 -r1.100
--- cust_main.cgi	12 Apr 2009 06:09:11 -0000	1.99
+++ cust_main.cgi	12 Jul 2009 23:25:13 -0000	1.100
@@ -199,8 +199,12 @@
 
 <%init>
 
+my $curuser = $FS::CurrentUser::CurrentUser;
+
+#probably redundant given the checks below...
 die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Edit customer');
+  unless $curuser->access_right('New customer')
+     ||  $curuser->access_right('Edit customer');
 
 my $conf = new FS::Conf;
 
@@ -219,6 +223,10 @@
   } );
 
   $custnum = $cust_main->custnum;
+
+  die "access denied"
+    unless $curuser->access_right($custnum ? 'Edit customer' : 'New customer');
+
   @invoicing_list = split( /\s*,\s*/, $cgi->param('invoicing_list') );
   $same = $cgi->param('same');
   $cust_main->setfield('paid' => $cgi->param('paid')) if $cgi->param('paid');
@@ -245,6 +253,9 @@
 
 } elsif ( $cgi->keywords ) { #editing
 
+  die "access denied"
+    unless $curuser->access_right('Edit customer');
+
   my( $query ) = $cgi->keywords;
   $query =~ /^(\d+)$/;
   $custnum=$1;
@@ -262,6 +273,9 @@
 
 } else { #new customer
 
+  die "access denied"
+    unless $curuser->access_right('New customer');
+
   $custnum='';
   $cust_main = new FS::cust_main ( {} );
   $cust_main->otaker( &getotaker );