LP#
16663435 - Stripe org settings lack view permissions.
Unprivileged users can retrieve organizational unit setting values
for setting types lacking a "view" permission. When the feature adding
Stripe credit card processing was added, the upgrade script neglected to
add the VIEW_CREDIT_CARD_PROCESSING permission to the organizational unit
setting type (which was included in 0396.data.org-setting-payflowpro.sql).
Fresh installs are not affected, but anyone who upgraded through 0863.data.stripe-payments.sql
(included in the 2.5.3-2.6.0-upgrade-db.sql version upgrade script) and is
using Stripe credit card processing should run this script.
Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Signed-off-by: Jason Stephenson <jason@sigio.com>
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
projects / Evergreen.git / commit