access control for List all customers, RT#75012

diff --git a/httemplate/search/cust_main.cgi b/httemplate/search/cust_main.cgi
index 74cc5f3..cce4f0d 100755 (executable)
--- a/httemplate/search/cust_main.cgi
+++ b/httemplate/search/cust_main.cgi
@@ -352,9 +352,11 @@ my(@cust_main, $sortby, $orderby);
 my @select = ();
 my @addl_headers = ();
 my @addl_cols = ();
-if ( $cgi->param('browse')
-     || $cgi->param('otaker_on')
-     || $cgi->param('agentnum_on')
+if ( (    $cgi->param('browse')
+       || $cgi->param('otaker_on')
+       || $cgi->param('agentnum_on')
+     )
+     and $curuser->access_right('List all customers')
 ) {
 
   my %search = ();