From 9c68415a8081a95826c9adda158e66880790414f Mon Sep 17 00:00:00 2001 From: Dominic Belcher Date: Fri, 20 Dec 2024 11:00:05 +0000 Subject: [PATCH 1/2] PP-13313 Allow only Worldpay accounts to view Worldpay Details settings --- app/simplified-account-routes.js | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/app/simplified-account-routes.js b/app/simplified-account-routes.js index 967b40131..5370acb35 100644 --- a/app/simplified-account-routes.js +++ b/app/simplified-account-routes.js @@ -12,7 +12,7 @@ const userIsAuthorised = require('@middleware/user-is-authorised') const permission = require('@middleware/permission') const paths = require('./paths') const serviceSettingsController = require('@controllers/simplified-account/settings') -const { STRIPE } = require('@models/payment-providers') +const { STRIPE, WORLDPAY } = require('@models/payment-providers') const { GOV_ENTITY_DOC_FORM_FIELD_NAME } = require('@controllers/simplified-account/settings/stripe-details/government-entity-document/constants') const upload = multer({ storage: multer.memoryStorage() }) @@ -63,12 +63,11 @@ simplifiedAccount.get(paths.simplifiedAccount.settings.cardTypes.index, permissi simplifiedAccount.post(paths.simplifiedAccount.settings.cardTypes.index, permission('payment-types:update'), serviceSettingsController.cardTypes.post) // worldpay details -simplifiedAccount.get(paths.simplifiedAccount.settings.worldpayDetails.index, permission('gateway-credentials:read'), serviceSettingsController.worldpayDetails.get) - -// worldpay details -simplifiedAccount.get(paths.simplifiedAccount.settings.worldpayDetails.index, permission('gateway-credentials:read'), serviceSettingsController.worldpayDetails.get) -simplifiedAccount.get(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.get) -simplifiedAccount.post(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.post) +const worldpayDetailsRouter = new Router({ mergeParams: true }).use(enforcePaymentProviderType(WORLDPAY)) +worldpayDetailsRouter.get(paths.simplifiedAccount.settings.worldpayDetails.index, permission('gateway-credentials:read'), serviceSettingsController.worldpayDetails.get) +worldpayDetailsRouter.get(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.get) +worldpayDetailsRouter.post(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.post) +simplifiedAccount.use(worldpayDetailsRouter) // card types simplifiedAccount.get(paths.simplifiedAccount.settings.cardTypes.index, permission('transactions:read'), serviceSettingsController.cardTypes.get) From a4f3ff404457b083868a773eb380c58a37c8bc45 Mon Sep 17 00:00:00 2001 From: Dominic Belcher Date: Fri, 20 Dec 2024 11:23:42 +0000 Subject: [PATCH 2/2] [squash] remove worldpayDetailsRouter as this breaks everything --- app/simplified-account-routes.js | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/app/simplified-account-routes.js b/app/simplified-account-routes.js index 5370acb35..ab551b545 100644 --- a/app/simplified-account-routes.js +++ b/app/simplified-account-routes.js @@ -63,11 +63,9 @@ simplifiedAccount.get(paths.simplifiedAccount.settings.cardTypes.index, permissi simplifiedAccount.post(paths.simplifiedAccount.settings.cardTypes.index, permission('payment-types:update'), serviceSettingsController.cardTypes.post) // worldpay details -const worldpayDetailsRouter = new Router({ mergeParams: true }).use(enforcePaymentProviderType(WORLDPAY)) -worldpayDetailsRouter.get(paths.simplifiedAccount.settings.worldpayDetails.index, permission('gateway-credentials:read'), serviceSettingsController.worldpayDetails.get) -worldpayDetailsRouter.get(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.get) -worldpayDetailsRouter.post(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.post) -simplifiedAccount.use(worldpayDetailsRouter) +simplifiedAccount.get(paths.simplifiedAccount.settings.worldpayDetails.index, enforcePaymentProviderType(WORLDPAY), permission('gateway-credentials:read'), serviceSettingsController.worldpayDetails.get) +simplifiedAccount.get(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, enforcePaymentProviderType(WORLDPAY), permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.get) +simplifiedAccount.post(paths.simplifiedAccount.settings.worldpayDetails.oneOffCustomerInitiated, enforcePaymentProviderType(WORLDPAY), permission('gateway-credentials:update'), serviceSettingsController.worldpayDetails.worldpayCredentials.post) // card types simplifiedAccount.get(paths.simplifiedAccount.settings.cardTypes.index, permission('transactions:read'), serviceSettingsController.cardTypes.get)