[freeside-commits] freeside/httemplate/edit cust_pay.cgi, 1.32, 1.33 cust_refund.cgi, 1.10, 1.11

Ivan,,, ivan at wavetail.420.am
Wed Nov 3 16:44:49 PDT 2010 

Update of /home/cvs/cvsroot/freeside/httemplate/edit
In directory wavetail.420.am:/tmp/cvs-serv32653/httemplate/edit

Modified Files:
	cust_pay.cgi cust_refund.cgi 
Log Message:
more granular ACLs for posting check vs. cash payments, processing credit card vs echecks, RT#7887

Index: cust_pay.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/cust_pay.cgi,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -w -d -r1.32 -r1.33
--- cust_pay.cgi	22 Sep 2010 19:16:19 -0000	1.32
+++ cust_pay.cgi	3 Nov 2010 23:44:47 -0000	1.33
@@ -109,9 +109,6 @@
 my $money_char  = $conf->config('money_char')  || '$';
 my $date_format = $conf->config('date_format') || '%m/%d/%Y';
 
-die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
-
 my($link, $linknum, $paid, $payby, $payinfo, $_date);
 if ( $cgi->param('error') ) {
   $link     = $cgi->param('link');
@@ -138,6 +135,13 @@
   die "illegal query ". $cgi->keywords;
 }
 
+my @rights = ('Post payment');
+push @rights, 'Post check payment' if $payby eq 'BILL';
+push @rights, 'Post cash payment'  if $payby eq 'CASH';
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
 my $paybatch = "webui-$_date-$$-". rand() * 2**32;
 
 my $title = 'Post '. FS::payby->payname($payby). ' payment';

Index: cust_refund.cgi
===================================================================
RCS file: /home/cvs/cvsroot/freeside/httemplate/edit/cust_refund.cgi,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -w -d -r1.10 -r1.11
--- cust_refund.cgi	8 Mar 2010 10:57:06 -0000	1.10
+++ cust_refund.cgi	3 Nov 2010 23:44:47 -0000	1.11
@@ -130,9 +130,6 @@
 
 <%init>
 
-die "access denied"
-  unless $FS::CurrentUser::CurrentUser->access_right('Refund payment');
-
 my $conf = new FS::Conf;
 my $date_format = $conf->config('date_format') || '%m/%d/%Y';
 
@@ -143,6 +140,17 @@
 my $reason  = $cgi->param('reason');
 my $link    = $cgi->param('popup') ? 'popup' : '';
 
+my @rights = ();
+push @rights, 'Post refund'                if $payby /^(BILL|CASH)$/;
+push @rights, 'Post check refund'          if $payby eq 'BILL';
+push @rights, 'Post cash refund '          if $payby eq 'CASH';
+push @rights, 'Refund payment'             if $payby /^(CARD|CHEK)$/;
+push @rights, 'Refund credit card payment' if $payby eq 'CARD';
+push @rights, 'Refund Echeck payment'      if $payby eq 'CHEK';
+
+die "access denied"
+  unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
 my( $paynum, $cust_pay ) = ( '', '' );
 if ( $cgi->param('paynum') =~ /^(\d+)$/ ) {
   $paynum = $1;

More information about the freeside-commits mailing list