We are using pretix with many users, with mollie payments on all events. Both supported methods for authenticating with mollie are:
Directly insert the mollie-API key in the payment settings of the event. Requires the API-key to be know by non-admin users, which gives everyone access on all payments done by the profile, even if they are done on other profiles.
Connect with mollie, which requires the user to know the password to the Mollie login. This gives the non-admin user even more permissions then sharing the API, as they can access other web-profiles as well.
I'd like to have a setting on organizer level, similar to the "Stripe Connect" organizer settings, where we can configure the API key. When this setting is not set, we could fall back to the current behaviour. This way not all my users can access the API and therefor access all payments in my Mollie account.
Let me know what you think on this issue, I'd be happy to create a PR.
We are using pretix with many users, with mollie payments on all events. Both supported methods for authenticating with mollie are:
I'd like to have a setting on organizer level, similar to the "Stripe Connect" organizer settings, where we can configure the API key. When this setting is not set, we could fall back to the current behaviour. This way not all my users can access the API and therefor access all payments in my Mollie account.
Let me know what you think on this issue, I'd be happy to create a PR.