'Customer note and attachment rights' => [
'Add customer note', #NEW
'Edit customer note', #NEW
+ 'View attachments',
'Download attachment', #NEW
'Add attachment', #NEW
'Edit attachment', #NEW
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" if !$curuser->access-right('View attachments');
my $conf = new FS::Conf;
<%init>
my $curuser = $FS::CurrentUser::CurrentUser;
+die "access denied" if !$curuser->access_right('View attachments');
my $attachnum = '';
my $attach;
if ( $cgi->param('error') ) {
$tools_menu{'Time Queue'} = [ $fsurl.'search/report_timeworked.html', 'View pending support time' ]
if $curuser->access_right('Time queue');
$tools_menu{'Attachments'} = [ $fsurl.'browse/cust_attachment.html', 'View customer attachments' ]
- if !$conf->config('disable_cust_attachment');
+ if !$conf->config('disable_cust_attachment') and $curuser->access_right('View attachments');
$tools_menu{'Importing'} = [ \%tools_importing, 'Import tools' ]
if $curuser->access_right('Import');
$tools_menu{'Exporting'} = [ \%tools_exporting, 'Export tools' ]
)
%>
% }
+% if( $curuser->access_right('View attachments') ) {
<% include('cust_main/attachments.html', 'custnum' => $cust_main->custnum ) %>
-% if($cgi->param('show_deleted')) {
+% if ($cgi->param('show_deleted')) {
<A HREF="<% $p.'view/cust_main.cgi?custnum=' . $cust_main->custnum .
($view ? ";show=$view" : '') . '#notes'
%>"><I>(Show active attachments)</I></A>
-% }
+% }
% elsif($curuser->access_right('View deleted attachments')) {
<A HREF="<% $p.'view/cust_main.cgi?custnum=' . $cust_main->custnum .
($view ? ";show=$view" : '') . ';show_deleted=1#notes'
%>"><I>(Show deleted attachments)</I></A>
+% }
% }
<BR>
my $conf = new FS::Conf;
my $curuser = $FS::CurrentUser::CurrentUser;
-
+die "access denied" if !$curuser->access_right('View attachments');
my(%opt) = @_;
my $custnum = $opt{'custnum'};