Details
-
Type:
Sub-task
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 4.7
-
Fix Version/s: Unscheduled
-
Component/s: None
-
Labels:
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
Description
We propose that back office users would be able to use a card on file (per related tickets.)
We have confirmed with IATS that there is not IATS position on this.There is no PCI standard - it is a business position.
The intention is to add a permission 'Process token payment for Other Contact'.
Add hook setTokenUsePermission($is_permitted, $tokenID, $tokenContactID, $params);
$permissions would be a bool & would be passed by reference.
(We thought about passing the form but it makes it hard if we want to use this in an api call - which the api doesn't currently do a lot of - but it should do more).
We should ensure things like profile fields, billing name fields, & eventID, membershipID, contributionID are in the parameters.
If the selected contact has a token/ tokens for a processor in the current domain which has not expired and the logged in person has permission on a back-office form then below the payment processor select box it would say 'this contact has a stored payment token. Click here to select paying by token ' - If that happens the payment processor select will be replaced by a token select box showing masked account detail and expiry date. Billing block and processor select would be hidden with the option to switch back to select regular credit card with 'enter new card;
In the postProcess function the doPayment function would contain a token field rather than credit card.