From 50b6d674f27647f8bd97f5e2c03877f2c32d43c1 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Fri, 25 Aug 2017 15:31:58 -0700 Subject: [PATCH] separate access control for payment reports, RT#77007 --- FS/FS/AccessRight.pm | 1 + FS/FS/access_right.pm | 1 + httemplate/elements/menu.html | 25 +++++++++++++--------- httemplate/search/elements/cust_pay_or_refund.html | 2 +- .../search/elements/report_cust_pay_or_refund.html | 2 +- 5 files changed, 19 insertions(+), 12 deletions(-) diff --git a/FS/FS/AccessRight.pm b/FS/FS/AccessRight.pm index aba5be200..2dbdec90e 100644 --- a/FS/FS/AccessRight.pm +++ b/FS/FS/AccessRight.pm @@ -293,6 +293,7 @@ tie my %rights, 'Tie::IxHash', { rightname=> 'List rating data', desc=>'Usage reports', global=>1 }, 'Billing event reports', 'Receivables report', + 'Basic payment and refund reports', 'Financial reports', { rightname=>'Send reports to customers', global=>1 }, { rightname=> 'List inventory', global=>1 }, diff --git a/FS/FS/access_right.pm b/FS/FS/access_right.pm index 0bcd84f43..955817c80 100644 --- a/FS/FS/access_right.pm +++ b/FS/FS/access_right.pm @@ -257,6 +257,7 @@ sub _upgrade_data { # class method 'Resend invoices' => 'Print and mail invoices', 'List customers' => 'Customers: Customer churn report', 'Edit customer' => 'Edit customer invoice terms', + 'Financial reports' => 'Basic payment and refund reports', ); # foreach my $old_acl ( keys %onetime ) { diff --git a/httemplate/elements/menu.html b/httemplate/elements/menu.html index 33867770d..c3f3dbfd6 100644 --- a/httemplate/elements/menu.html +++ b/httemplate/elements/menu.html @@ -345,20 +345,25 @@ $report_employees{'Employee Audit Report'} = [ $fsurl.'search/report_employee_au if $curuser->access_right('Employees: Audit Report'); ; -tie my %report_payments, 'Tie::IxHash', - 'Payments' => [ $fsurl.'search/report_cust_pay.html', 'Payment report (by type and/or date range)' ], - 'Payment application detail' => [ $fsurl.'search/report_cust_bill_pay_pkg.html', 'Line item application detail' ], -; +tie my %report_payments, 'Tie::IxHash'; +$report_payments{'Payments'} = [ $fsurl.'search/report_cust_pay.html', 'Payment report (by type and/or date range)' ] + if $curuser->access_right('Basic payment and refund reports'); +$report_payments{'Payment application detail'} = [ $fsurl.'search/report_cust_bill_pay_pkg.html', 'Line item application detail' ] + if $curuser->access_right('Financial reports'); $report_payments{'Pending Payments'} = [ $fsurl.'search/cust_pay_pending.html?magic=_date;statusNOT=done', 'Pending real-time payments' ] if $curuser->access_right('View customer pending payments'); -$report_payments{'Unapplied Payments'} = [ $fsurl.'search/report_cust_pay.html?unapplied=1', 'Unapplied payment report (by type and/or date range)' ]; +$report_payments{'Unapplied Payments'} = [ $fsurl.'search/report_cust_pay.html?unapplied=1', 'Unapplied payment report (by type and/or date range)' ] + if $curuser->access_right('Financial reports'); #not enforced $report_payments{'Voided Payments'} = [ $fsurl.'search/report_cust_pay.html?void=1', 'Voided payment report (by type and/or date range)' ] - if $curuser->access_right('View customer pending payments'); + if $curuser->access_right('Financial reports'); #not enforced $report_payments{'Payment Batches'} = [ $fsurl.'search/pay_batch.html', 'Payment batches (by status and/or date range)' ] - if $conf->exists('batch-enable') || $conf->config('batch-enable_payby'); -$report_payments{'Unapplied Payment Aging'} = [ $fsurl.'search/report_unapplied_cust_pay.html', 'Unapplied payment aging report' ]; + if ( $conf->exists('batch-enable') || $conf->config('batch-enable_payby') ) + && $curuser->access_right('Financial reports'); +$report_payments{'Unapplied Payment Aging'} = [ $fsurl.'search/report_unapplied_cust_pay.html', 'Unapplied payment aging report' ] + if $curuser->access_right('Financial reports'); $report_payments{'Deleted Payments / Payment history table'} = [ $fsurl.'search/report_h_cust_pay.html', 'Deleted payments / payment history table' ] - if $conf->exists('payment-history-report'); + if $conf->exists('payment-history-report') + && $curuser->access_right('Financial reports'); tie my %report_credits, 'Tie::IxHash', 'Credit Report' => [ $fsurl.'search/report_cust_credit.html', 'Credit report (by employee and/or date range)' ], @@ -450,7 +455,7 @@ $report_menu{'Invoices'} = [ \%report_invoices, 'Invoice reports' ] $report_menu{'Discounts'} = [ \%report_discounts, 'Discount reports' ] if $curuser->access_right('Financial reports'); $report_menu{'Payments'} = [ \%report_payments, 'Payment reports' ] - if $curuser->access_right('Financial reports'); + if keys %report_payments; $report_menu{'Packages'} = [ \%report_packages, 'Package reports' ] if $curuser->access_right('List packages'); $report_menu{'Services'} = [ \%report_services, 'Services reports' ] diff --git a/httemplate/search/elements/cust_pay_or_refund.html b/httemplate/search/elements/cust_pay_or_refund.html index 82b786e57..943e7284b 100755 --- a/httemplate/search/elements/cust_pay_or_refund.html +++ b/httemplate/search/elements/cust_pay_or_refund.html @@ -77,7 +77,7 @@ my $conf = FS::Conf->new; my $money = ($conf->config('money_char') || '$') . '%.2f'; die "access denied" - unless $curuser->access_right('Financial reports'); + unless $curuser->access_right('Basic payment and refund reports'); my $table = $opt{'table'} || 'cust_'.$opt{'thing'}; diff --git a/httemplate/search/elements/report_cust_pay_or_refund.html b/httemplate/search/elements/report_cust_pay_or_refund.html index fc0db63b4..214e3ca98 100644 --- a/httemplate/search/elements/report_cust_pay_or_refund.html +++ b/httemplate/search/elements/report_cust_pay_or_refund.html @@ -188,7 +188,7 @@ my $table = 'cust_'.$opt{'thing'}; my $name_singular = $opt{'name_singular'}; die "access denied" - unless $FS::CurrentUser::CurrentUser->access_right('Financial reports'); + unless $FS::CurrentUser::CurrentUser->access_right('Basic payment and refund reports'); my $conf = new FS::Conf; -- 2.11.0