git#651-Return BA status in the GET billing account endpoint

Vikas Agarwal · Vikas Agarwal · commit 9767428e8d20 · 2021-05-25T19:32:18.000+05:30
— Allowing non m2m users to call the GET billing account details endpoint with sanitized fields
diff --git a/src/permissions/constants.js b/src/permissions/constants.js
@@ -293,6 +293,13 @@ export const PERMISSION = { // eslint-disable-line import/prefer-default-export
       group: 'Project Billing Accounts',
       description: 'Who can view the details of the Billing Account attached to the project',
     },
+    projectRoles: [
+      ...PROJECT_ROLES_MANAGEMENT,
+      PROJECT_MEMBER_ROLE.COPILOT,
+    ],
+    topcoderRoles: [
+      USER_ROLE.TOPCODER_ADMIN,
+    ],
     scopes: SCOPES_PROJECTS_READ_BILLING_ACCOUNT_DETAILS,
   },
 
diff --git a/src/routes/billingAccounts/get.js b/src/routes/billingAccounts/get.js
@@ -45,6 +45,12 @@ module.exports = [
       const sql = `SELECT  TopCoder_Billing_Account_Id__c, Mark_Up__c, Active__c from Topcoder_Billing_Account__c tba where TopCoder_Billing_Account_Id__c='${billingAccountId}'`;
       req.log.debug(sql);
       const billingAccount = await SalesforceService.queryBillingAccount(sql, accessToken, instanceUrl, req.log);
+      const isMachineToken = _.get(req, 'authUser.isMachine', false);
+      if (!isMachineToken) {
+        // delete sensitive information for non machine access
+        // does not revalidate the scope as it assumes that is already taken care
+        delete billingAccount.markup;
+      }
       res.json(billingAccount);
     } catch (error) {
       req.log.error(error);
