Fix Unauthorized API exception causing Failed to retrieve Stripe Customer

Review changes
Download
Patches
Plain diff

Merged Fix Unauthorized API exception causing Failed to retrieve Stripe Customer

artfulrobot/stripe:fixUnauthDelete into master

Overview 3
Commits 1
Pipelines 0
Changes 1

Merged Rich requested to merge artfulrobot/stripe:fixUnauthDelete into master 1 year ago

Overview 3
Commits 1
Pipelines 0
Changes 1

There's code that deletes a customer from the CRM using Api4, but does not tell it NOT to check permissions.

This fails in the case that the logged in user is not some sort of admin.

My use case was that InlayPay was failing to find customer in situations where this codepath is hit.

Since the function that wraps this has no means for passing checkPermissions in, I assume this is just a slip up and that any testing done to date was done as the admin user, so it's slipped through. It seems sensible that checkPErmissions = FALSE; this is done for the create() method, for example.

Merge request reports

Activity

Filter activity

Approvals
Assignees & reviewers
Comments (from bots)
Comments (from users)
Commits & branches
Edits
Labels
Lock status
Mentions
Merge request status
Tracking

Please register or sign in to reply

0 Assignees

0 Reviewers

Request review from

Labels

None

Select labels

Manage project labels

Milestone

None

Time tracking

No estimate or time spent

0 Participants

There are currently no pipelines.

To run a merge request pipeline, the jobs in the CI/CD configuration file must be configured to run in merge request pipelines and you must have sufficient permissions in the source project.