I guess this was committed by mistake

app/controllers/payments_controller.rb~aa3478fba... base authorization on the payment's order

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-class PaymentsController < BaseController
-  ssl_required :redirect_to_authorize
-
-  respond_to :html
-
-  prepend_before_action :require_logged_in, only: :redirect_to_authorize
-
-  def redirect_to_authorize
-    @payment = Spree::Payment.find(params[:id])
-    authorize! :show, @payment.order
-
-    if url = @payment.cvv_response_message
-      redirect_to url
-    else
-      redirect_to order_url(@payment.order)
-    end
-  end
-
-  private
-
-  def require_logged_in
-    return if session[:access_token] || params[:token] || spree_current_user
-
-    flash[:error] = I18n.t("spree.orders.edit.login_to_view_order")
-    redirect_to main_app.root_path(anchor: "login?after_login=#{request.env['PATH_INFO']}")
-  end
-end