Handle access to order delivery process page

2018-12-03 01:59:24 +01:00
parent 5d5ab87595
commit 2c0e217a49
2 changed files with 19 additions and 0 deletions
--- a/backend/app/plugins/wiaas/includes/admin/delivery-process/class-wiaas-admin-delivery-process-flow.php
+++ b/backend/app/plugins/wiaas/includes/admin/delivery-process/class-wiaas-admin-delivery-process-flow.php
@@ -23,6 +23,15 @@ class Wiaas_Admin_Order_Process_Flow {
    public static function output_delivery_process() {
 	    $order_id = absint( $_GET['id'] );

+	    $has_access = Wiaas_Access_Management::can_current_user_read_order($order_id);
+
+	    if (! $has_access) {
+
+		    echo "<h2>You don't have permission to view this order.</h2>";
+
+		    return;
+	    }
+
 	    $order = wc_get_order($order_id);

 	    if ( !$order ) {
--- a/backend/app/plugins/wiaas/includes/class-wiaas-access-management.php
+++ b/backend/app/plugins/wiaas/includes/class-wiaas-access-management.php
@@ -22,6 +22,16 @@ class Wiaas_Access_Management {
        add_action('wiaas_order_item_installation_assigned', array(__CLASS__, 'assign_order_to_installation_organization'), 10, 3);
 	}

+	/**
+	 * @param int $order_id
+	 *
+	 * @return bool
+	 */
+	public static function can_current_user_read_order($order_id) {
+
+		return Groups_Post_Access::user_can_read_post($order_id);
+	}
+
 	/**
 	 * Automatize access control for product and packages
 	 *