# customer payment rights
###
'Customer payment rights' => [
- 'Post payment',
+ { rightname=>'Post payment', desc=>'Make check or cash payments.' },
+ 'Post check payment',
+ 'Post cash payment',
'Post payment batch',
'Apply payment', #NEWNEW
{ rightname=>'Unapply payment', desc=>'Enable "unapplication" of unclosed payments from specific invoices.' }, #aka. unapplypayments
- 'Process payment',
- { rightname=>'Refund payment', desc=>'Enable refund of existing customer payments.' },
-
+ { rightname=>'Process payment', desc=>'Process credit card or e-check payments' },
+ 'Process credit card payment',
+ 'Process Echeck payment',
{ rightname=>'Delete payment', desc=>'Enable deletion of unclosed payments. Be very careful! Only delete payments that were data-entry errors, not adjustments.' }, #aka. deletepayments Optionally specify one or more comma-separated email addresses to be notified when a payment is deleted.
-
],
###
{ rightname=>'Unapply credit', desc=>'Enable "unapplication" of unclosed credits.' }, #aka unapplycredits
{ rightname=>'Delete credit', desc=>'Enable deletion of unclosed credits. Be very careful! Only delete credits that were data-entry errors, not adjustments.' }, #aka. deletecredits Optionally specify one or more comma-separated email addresses to be notified when a credit is deleted.
{ rightname=>'Post refund', desc=>'Enable posting of check and cash refunds.' },
+ 'Post check refund',
+ 'Post cash refund',
# { rightname=>'Process refund', desc=>'Enable processing of generic credit card/ACH refunds (i.e. not associated with a specific prior payment).' },
+ { rightname=>'Refund payment', desc=>'Enable refund of existing customer credit card or e-check payments.' },
+ 'Refund credit card payment',
+ 'Refund Echeck payment',
'Delete refund', #NEW
'Add on-the-fly credit reason', #NEW
],
'Raw SQL',
'Configuration download',
'View customers of all agents',
+ 'View/link unlinked services',
);
no warnings 'uninitialized';
if $error;
}
+ my %migrate = (
+ 'Post payment' => [ 'Post check payment', 'Post cash payment' ],
+ 'Process payment' => [ 'Process credit card payment', 'Process Echeck payment' ],
+ 'Post refund' => [ 'Post check refund', 'Post cash refund' ],
+ 'Refund payment' => [ 'Refund credit card payment', 'Refund Echeck payment' ],
+ );
+
+ foreach my $oldright (keys %migrate) {
+ my @old = qsearch('access_right', { 'righttype'=>'FS::access_group',
+ 'rightname'=>$oldright,
+ }
+ );
+
+ foreach my $old ( @old ) {
+
+ foreach my $newright ( @{ $migrate{$oldright} } ) {
+ my %hash = (
+ 'righttype' => 'FS::access_group',
+ 'rightobjnum' => $old->rightobjnum,
+ 'rightname' => $newright,
+ );
+ next if qsearchs('access_right', \%hash);
+ my $access_right = new FS::access_right \%hash;
+ my $error = $access_right->insert;
+ die $error if $error;
+ }
+
+ #after the WEST stuff is sorted, etc.
+ #my $error = $old->delete;
+ #die $error if $error;
+
+ }
+
+ }
+
'';
}
my $money_char = $conf->config('money_char') || '$';
my $date_format = $conf->config('date_format') || '%m/%d/%Y';
-die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
-
my($link, $linknum, $paid, $payby, $payinfo, $_date);
if ( $cgi->param('error') ) {
$link = $cgi->param('link');
die "illegal query ". $cgi->keywords;
}
+my @rights = ('Post payment');
+push @rights, 'Post check payment' if $payby eq 'BILL';
+push @rights, 'Post cash payment' if $payby eq 'CASH';
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
my $paybatch = "webui-$_date-$$-". rand() * 2**32;
my $title = 'Post '. FS::payby->payname($payby). ' payment';
<%init>
-die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('Refund payment');
-
my $conf = new FS::Conf;
my $date_format = $conf->config('date_format') || '%m/%d/%Y';
my $reason = $cgi->param('reason');
my $link = $cgi->param('popup') ? 'popup' : '';
+my @rights = ();
+push @rights, 'Post refund' if $payby /^(BILL|CASH)$/;
+push @rights, 'Post check refund' if $payby eq 'BILL';
+push @rights, 'Post cash refund ' if $payby eq 'CASH';
+push @rights, 'Refund payment' if $payby /^(CARD|CHEK)$/;
+push @rights, 'Refund credit card payment' if $payby eq 'CARD';
+push @rights, 'Refund Echeck payment' if $payby eq 'CHEK';
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
my( $paynum, $cust_pay ) = ( '', '' );
if ( $cgi->param('paynum') =~ /^(\d+)$/ ) {
$paynum = $1;
%}
<%init>
-die "access denied"
- unless $FS::CurrentUser::CurrentUser->access_right('Post payment');
-
$cgi->param('linknum') =~ /^(\d+)$/
or die "Illegal linknum: ". $cgi->param('linknum');
my $linknum = $1;
#} fields('cust_pay')
} );
+my @rights = ('Post payment');
+push @rights, 'Post check payment' if $cust_pay->payby eq 'BILL';
+push @rights, 'Post cash payment' if $cust_pay->payby eq 'CASH';
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
my $error = $new->insert( 'manual' => 1 );
</%init>
my $link = $cgi->param('popup') ? 'popup' : '';
+my $payby = $cgi->param('payby');
+
+my @rights = ();
+push @rights, 'Post refund' if $payby /^(BILL|CASH)$/;
+push @rights, 'Post check refund' if $payby eq 'BILL';
+push @rights, 'Post cash refund ' if $payby eq 'CASH';
+push @rights, 'Refund payment' if $payby /^(CARD|CHEK)$/;
+push @rights, 'Refund credit card payment' if $payby eq 'CARD';
+push @rights, 'Refund Echeck payment' if $payby eq 'CHEK';
+
+die "access denied"
+ unless $FS::CurrentUser::CurrentUser->access_right(\@rights);
+
my $error = '';
-if ( $cgi->param('payby') =~ /^(CARD|CHEK)$/ ) {
+if ( $payby =~ /^(CARD|CHEK)$/ ) {
my %options = ();
my $bop = $FS::payby::payby2bop{$1};
$cgi->param('refund') =~ /^(\d*)(\.\d{2})?$/
% if ( $cust_bill->owed > 0
% && scalar( grep $payby{$_}, qw(BILL CASH WEST MCRD) )
-% && $curuser->access_right('Post payment')
+% && $curuser->access_right(['Post payment', 'Post check payment', 'Post cash payment'])
% && ! $conf->exists('pkg-balances')
% )
% {
Post
-% if ( $payby{'BILL'} ) {
+% if ( $payby{'BILL'} && $curuser->access_right(['Post payment', 'Post check payment']) ) {
<% $s++ ? ' | ' : '' %>
<A HREF="<% $p %>edit/cust_pay.cgi?payby=BILL;invnum=<% $invnum %>">check</A>
% }
-% if ( $payby{'CASH'} ) {
+% if ( $payby{'CASH'} && $curuser->access_right(['Post payment', 'Post cash payment']) ) {
<% $s++ ? ' | ' : '' %>
<A HREF="<% $p %>edit/cust_pay.cgi?payby=CASH;invnum=<% $invnum %>">cash</A>
% }
-% if ( $payby{'WEST'} ) {
+% if ( $payby{'WEST'} && $curuser->access_right(['Post payment']) ) {
<% $s++ ? ' | ' : '' %>
<A HREF="<% $p %>edit/cust_pay.cgi?payby=WEST;invnum=<% $invnum %>">Western Union</A>
% }
-% if ( $payby{'MCRD'} ) {
+% if ( $payby{'MCRD'} && $curuser->access_right(['Post payment']) ) {
<% $s++ ? ' | ' : '' %>
<A HREF="<% $p %>edit/cust_pay.cgi?payby=MCRD;invnum=<% $invnum %>">manual credit card</A>
% }
%# payment links
% my $s = 0;
-% if ( $payby{'BILL'} && $curuser->access_right('Post payment') ) {
+% if ( $payby{'BILL'} && $curuser->access_right(['Post payment', 'Post check payment' ]) ) {
<% $s++ ? ' | ' : '' %>
<% include('/elements/popup_link-cust_main.html',
'label' => 'Enter check payment',
%>
% }
-% if ( $payby{'CASH'} && $curuser->access_right('Post payment') ) {
+% if ( $payby{'CASH'} && $curuser->access_right(['Post payment', 'Post cash payment']) ) {
<% $s++ ? ' | ' : '' %>
<% include('/elements/popup_link-cust_main.html',
'label' => 'Enter cash payment',
% }
% if ( ( $payby{'CARD'} || $payby{'DCRD'} )
-% && $curuser->access_right('Process payment')
+% && $curuser->access_right(['Process payment', 'Process credit card payment'])
% && ! $cust_main->is_encrypted($cust_main->payinfo)
% ) {
<% $s++ ? ' | ' : '' %>
% }
% if ( ( $payby{'CHEK'} || $payby{'DCHK'} )
-% && $curuser->access_right('Process payment')
+% && $curuser->access_right(['Process payment', 'Process Echeck payment'])
% && ! $cust_main->is_encrypted($cust_main->payinfo)
% ) {
<% $s++ ? ' | ' : '' %>
%# refund links
% $s = 0;
-% if ( $payby{'BILL'} && $curuser->access_right('Post refund') ) {
+% if ( $payby{'BILL'} && $curuser->access_right(['Post refund', 'Post check refund']) ) {
<% $s++ ? ' | ' : '' %>
<% include('/elements/popup_link-cust_main.html',
'label' => 'Enter check refund',
%>
% }
-% if ( $payby{'CASH'} && $curuser->access_right('Post refund') ) {
+% if ( $payby{'CASH'} && $curuser->access_right(['Post refund', 'Post cash refund']) ) {
<% $s++ ? ' | ' : '' %>
<% include('/elements/popup_link-cust_main.html',
'label' => 'Enter cash refund',
my $refund = '';
my $refund_days = $opt{'card_refund-days'} || 120;
+my @rights = ('Refund payment');
+push @rights, 'Refund credit card payment' if $payby eq 'CARD';
+push @rights, 'Refund Echeck payment' if $payby eq 'CHEK';
if ( $cust_pay->closed !~ /^Y/i
&& $cust_pay->payby =~ /^(CARD|CHEK)$/
&& time-$cust_pay->_date < $refund_days*86400
&& $cust_pay->unrefunded > 0
- && $curuser->access_right('Refund payment')
+ && $curuser->access_right(\@rights)
) {
$refund = qq! (<A HREF="${p}edit/cust_refund.cgi?payby=$1;!.
qq!paynum=!. $cust_pay->paynum. '"'.