-# annoyingly specific to view/svc_acct.cgi, for now...
-$cgi->delete('password');
+my $error;
+
+if ($svcnum) {
+ my $svc_acct = FS::svc_acct->by_key($svcnum)
+ or die "svc_acct $svcnum not found";
+ my $part_svc = $svc_acct->part_svc;
+ die "access denied" unless (
+ $curuser->access_right('Provision customer service') or
+ ( $curuser->access_right('Edit password') and
+ ! $part_svc->restrict_edit_password )
+ );
+
+ my $error = $svc_acct->is_password_allowed($newpass)
+ || $svc_acct->set_password($newpass)
+ || $svc_acct->replace;
+
+ # annoyingly specific to view/svc_acct.cgi, for now...
+ $cgi->delete('password');
+}
+elsif ($contactnum) {
+ my $contact = qsearchs('contact', { 'contactnum' => $contactnum } )
+ or return { 'error' => "Contact not found" . $contactnum };
+
+ my $error = $contact->is_password_allowed($newpass)
+ || $contact->change_password($newpass);
+
+ # annoyingly specific to view/svc_acct.cgi, for now...
+ #$cgi->delete('password');
+}
+