[freeside-commits] freeside/httemplate/edit/process cust_pay.cgi, 1.17, 1.18 cust_refund.cgi, 1.9, 1.10

Wed Nov 3 16:44:49 PDT 2010

Update of /home/cvs/cvsroot/freeside/httemplate/edit/process
In directory wavetail.420.am:/tmp/cvs-serv32653/httemplate/edit/process

Modified Files:
	cust_pay.cgi cust_refund.cgi 
Log Message:
more granular ACLs for posting check vs. cash payments, processing credit card vs echecks, RT#7887

Index: cust_pay.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_pay.cgi,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -w -d -r1.17 -r1.18

--- cust_pay.cgi	22 Sep 2010 19:16:20 -0000	1.17
+++ cust_pay.cgi	3 Nov 2010 23:44:47 -0000	1.18
@@ -27,9 +27,6 @@
 %}
 <%init>
 
-die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
-
 $cgi->param('linknum') =~ /^(\d+)$/
   or die "Illegal linknum: ". $cgi->param('linknum');
 my $linknum = $1;
@@ -52,6 +49,13 @@
   #} fields('cust_pay')
 } );
 
+my @rights = ('Post payment');
+push @rights, 'Post check payment' if $cust_pay->payby eq 'BILL';
+push @rights, 'Post cash payment'  if $cust_pay->payby eq 'CASH';
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
 my $error = $new->insert( 'manual' => 1 );
 
 </%init>

Index: cust_refund.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/process/cust_refund.cgi,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -w -d -r1.9 -r1.10
--- cust_refund.cgi	3 Sep 2008 01:46:14 -0000	1.9
+++ cust_refund.cgi	3 Nov 2010 23:44:47 -0000	1.10
@@ -28,8 +28,21 @@
 
 my $link    = $cgi->param('popup') ? 'popup' : '';
 
+my $payby = $cgi->param('payby');
+
+my @rights = ();
+push @rights, 'Post refund'                if $payby /^(BILL|CASH)$/;
+push @rights, 'Post check refund'          if $payby eq 'BILL';
+push @rights, 'Post cash refund '          if $payby eq 'CASH';
+push @rights, 'Refund payment'             if $payby /^(CARD|CHEK)$/;
+push @rights, 'Refund credit card payment' if $payby eq 'CARD';
+push @rights, 'Refund Echeck payment'      if $payby eq 'CHEK';
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
 my $error = '';
-if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) { 
+if ( $payby =~ /^(CARD|CHEK)$/ ) { 
   my %options = ();
   my $bop = $FS::payby::payby2bop{$1};
   $cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/

