bcgov · seeker25 · Dec 23, 2024 · Dec 20, 2024 · Dec 23, 2024 · Dec 23, 2024
@@ -26,7 +26,7 @@
 from pay_api.utils.auth import jwt as _jwt
 from pay_api.utils.constants import EDIT_ROLE, VIEW_ROLE
 from pay_api.utils.endpoints_enums import EndpointEnum
-from pay_api.utils.enums import CfsAccountStatus, ContentType, Role
+from pay_api.utils.enums import CfsAccountStatus, ContentType, PaymentMethod, Role
 from pay_api.utils.errors import Error
 
 bp = Blueprint("ACCOUNTS", __name__, url_prefix=f"{EndpointEnum.API_V1.value}/accounts")
@@ -47,6 +47,13 @@ def post_account():
     if is_sandbox and not _jwt.validate_roles([Role.CREATE_SANDBOX_ACCOUNT.value]):
         abort(HTTPStatus.FORBIDDEN)
 
+    if is_sandbox and request_json.get("paymentInfo", {}).get("methodOfPayment", []) in [
+        PaymentMethod.ONLINE_BANKING.value,
+        PaymentMethod.DIRECT_PAY.value,
+    ]:
+        current_app.logger.info('Overriding methodOfPayment to "PAD" for sandbox request')
+        request_json["paymentInfo"]["methodOfPayment"] = PaymentMethod.PAD.value
+
     # Validate the input request
     valid_format, errors = schema_utils.validate(request_json, "account_info")
 
@@ -269,11 +276,17 @@ def post_search_purchase_history(account_number: str):
 
     any_org_transactions = request.args.get("viewAll", None) == "true"
     if any_org_transactions:
-        check_auth(business_identifier=None, account_id=account_number,
-                   all_of_roles=[Role.EDITOR.value, Role.VIEW_ALL_TRANSACTIONS.value])
+        check_auth(
+            business_identifier=None,
+            account_id=account_number,
+            all_of_roles=[Role.EDITOR.value, Role.VIEW_ALL_TRANSACTIONS.value],
+        )
     else:
-        check_auth(business_identifier=None, account_id=account_number,
-                   one_of_roles=[Role.EDITOR.value, Role.VIEW_ACCOUNT_TRANSACTIONS.value])
+        check_auth(
+            business_identifier=None,
+            account_id=account_number,
+            one_of_roles=[Role.EDITOR.value, Role.VIEW_ACCOUNT_TRANSACTIONS.value],
+        )
 
     account_to_search = None if any_org_transactions else account_number
     page: int = int(request.args.get("page", "1"))
@@ -308,8 +321,11 @@ def post_account_purchase_report(account_number: str):
         report_name = f"{report_name}.csv"
 
     # Check if user is authorized to perform this action
-    check_auth(business_identifier=None, account_id=account_number,
-               one_of_roles=[EDIT_ROLE, Role.VIEW_ACCOUNT_TRANSACTIONS.value])
+    check_auth(
+        business_identifier=None,
+        account_id=account_number,
+        one_of_roles=[EDIT_ROLE, Role.VIEW_ACCOUNT_TRANSACTIONS.value],
+    )
     try:
         report = Payment.create_payment_report(account_number, request_json, response_content_type, report_name)
         response = Response(report, 201)

@@ -63,8 +63,9 @@ def get_account_statement(account_id: str, statement_id: str):
     response_content_type = request.headers.get("Accept", ContentType.PDF.value)
 
     # Check if user is authorized to perform this action
-    auth = check_auth(business_identifier=None, account_id=account_id, one_of_roles=[EDIT_ROLE,
-                                                                                     Role.VIEW_STATEMENTS.value])
+    auth = check_auth(
+        business_identifier=None, account_id=account_id, one_of_roles=[EDIT_ROLE, Role.VIEW_STATEMENTS.value]
+    )
 
     report, report_name = StatementService.get_statement_report(
         statement_id=statement_id, content_type=response_content_type, auth=auth

@@ -26,6 +26,7 @@
 from pay_api.utils.constants import EDIT_ROLE
 from pay_api.utils.enums import InvoiceReferenceStatus, InvoiceStatus, LineItemStatus, PaymentMethod, PaymentStatus
 from pay_api.utils.errors import Error
+from pay_api.utils.user_context import UserContext, user_context
 from pay_api.utils.util import generate_transaction_number, get_str_by_path
 
 from .base_payment_system import PaymentSystemService
@@ -43,10 +44,9 @@ class PaymentService:  # pylint: disable=too-few-public-methods
     """Service to manage Payment related operations."""
 
     @classmethod
+    @user_context
     def create_invoice(
-        cls,
-        payment_request: Tuple[Dict[str, Any]],
-        authorization: Tuple[Dict[str, Any]],
+        cls, payment_request: Tuple[Dict[str, Any]], authorization: Tuple[Dict[str, Any]], **kwargs
     ) -> Dict:
         # pylint: disable=too-many-locals, too-many-statements
         """Create payment related records.
@@ -77,6 +77,11 @@ def create_invoice(
         if payment_method == PaymentMethod.EFT.value and not flags.is_on("enable-eft-payment-method", default=False):
             raise BusinessException(Error.INVALID_PAYMENT_METHOD)
 
+        user: UserContext = kwargs["user"]
+        if user.is_api_user() and not user.is_sandbox():
+            if payment_method in [PaymentMethod.DIRECT_PAY.value, PaymentMethod.ONLINE_BANKING.value]:
+                raise BusinessException(Error.INVALID_PAYMENT_METHOD)
+
         current_app.logger.info(
             f"Creating Payment Request : "
             f"{payment_method}, {corp_type}, {business_identifier}, "

@@ -144,6 +144,7 @@ class Role(Enum):
     VIEW_STATEMENTS = "view_statements"
     VIEW_STATEMENT_SETTINGS = "view_statement_settings"
     VIEW_ACCOUNT_TRANSACTIONS = "view_account_transactions"
+    API_USER = "api_user"
 
 
 class Code(Enum):

@@ -118,6 +118,10 @@ def is_sandbox(self) -> bool:
         """Return True if the user token has sandbox role."""
         return Role.SANDBOX.value in self._roles if self._roles else False
 
+    def is_api_user(self) -> bool:
+        """Return True if the user is an api_user."""
+        return Role.API_USER.value in self._roles if self._roles else False
+
     @property
     def name(self) -> str:
         """Return the name."""