1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 20:10:55 +01:00
No description
Find a file
epriestley fcd2025a85 Add Merchants to Phortune
Summary:
Ref T2787. Currently, you add payment providers (Stripe, Paypal, etc) in global configuration.

Generally, this approach is cumbersome, limiting, and often hard for users to figure out. It also doesn't provide a natural way to segment payment receivers or provide web access to administrative payment functions like issuing refunds, canceling orders, etc. I think that stuff definitely needs to be in the web UI, and the rule for access to it can't reasonably just be "all administrators" in a lot of reasonable cases.

The only real advantage is that it prevents an attacker from adjusting settings and pointing something at an account they control. But this attack can be mitigated through notifications, some sort of CLI-only merchant lock, payment accounts being relatively identifiable, etc.

So introduce "merchants", which are basically payable entities. An individual merchant will have attached Paypal, Stripe, etc., accounts, and access rules. When you buy something in an application, the merchant to pay is also specified. They also provide an umbrella for dealing with permissions down the line.

This may get a //little// cumbersome because if there are several merchants your saved card information is not shared across them. I think that will be fine in the normal case (most installs will have only one merchant). Even if it isn't and we leave providers global, I think introducing this is the right call from a web UI / permissions point of view. I'll play around with it in the next couple of diffs and figure out exactly where the line goes.

Test Plan: Listed, created, edited, viewed merchants.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T2787

Differential Revision: https://secure.phabricator.com/D10648
2014-10-07 10:55:16 -07:00
bin Implement storage of a host ID and a public key for authorizing Conduit between servers 2014-10-03 22:52:41 +10:00
conf Configuration - re-jigger how we handle bad configuration files 2014-10-06 13:20:56 -07:00
externals Update Stripe PHP API 2014-07-13 09:19:07 -07:00
resources Add Merchants to Phortune 2014-10-07 10:55:16 -07:00
scripts Implement storage of a host ID and a public key for authorizing Conduit between servers 2014-10-03 22:52:41 +10:00
src Add Merchants to Phortune 2014-10-07 10:55:16 -07:00
support Add an option to make it easier to debug page hangs 2014-09-11 06:28:21 -07:00
webroot Add new Payment Icons 2014-10-06 13:21:29 -07:00
.arcconfig Update .arclint in Phabricator for phutil-library lint 2014-05-12 06:01:30 -07:00
.arclint Rename Conduit classes 2014-07-25 10:54:15 +10:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Implement storage of a host ID and a public key for authorizing Conduit between servers 2014-10-03 22:52:41 +10:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Update Phabricator NOTICE file to reflect modern legal circumstances 2014-06-25 13:42:13 -07:00
README Reformat README as Remarkup 2014-07-16 22:10:36 +10:00

Phabricator is an open source collection of web applications which help
software companies build better software.

Phabricator includes applications for:

  - reviewing and auditing source code;
  - hosting and browsing repositories;
  - assembling a party to venture forth;
  - tracking bugs;
  - hiding stuff from coworkers; and
  - also some other things.

You can learn more about the project (and find links to documentation and
resources) [[http://phabricator.org/ | here]].

Phabricator is developed and maintained by [[http://phacility.com/ |
Phacility]]. The first version of Phabricator was originally built at Facebook.

= LICENSE =
Phabricator is released under the Apache 2.0 license except as otherwise noted.