function commerce_checkout_access in Commerce Core 7

Checks the current user's access to the specified checkout page and order.

Parameters

$order: The fully loaded order object represented on the checkout form.

$account: Alternately provide an account object whose access to check instead of the current user.

Return value

TRUE or FALSE indicating access.

1 call to commerce_checkout_access()

commerce_checkout_router in modules/checkout/includes/commerce_checkout.pages.inc

Redirects invalid checkout attempts or displays the checkout form if valid.

File

modules/checkout/commerce_checkout.module, line 738

Enable checkout as a multi-step form with customizable pages and a simple checkout pane API.

Code

function commerce_checkout_access($order, $account = NULL) {
  global $user;
  $access = TRUE;

  // Default to the current user as the account whose access we're checking.
  if (empty($account)) {
    $account = clone $user;
  }

  // First, deny access if this order doesn't belong to the account.
  if ($account->uid) {
    if ($account->uid != $order->uid) {
      $access = FALSE;
    }
  }
  else {

    // There's no choice but to check the current user's cart
    // using the commerce_cart module.
    if (module_exists('commerce_cart')) {
      $cart_order_ids = commerce_cart_order_session_order_ids();
      $completed_order_ids = commerce_cart_order_session_order_ids(TRUE);
      if (empty($completed_order_ids) || !in_array($order->order_id, $completed_order_ids)) {

        // And then deny access if the anonymous user's session doesn't specify
        // this order ID.
        if (empty($cart_order_ids) || !in_array($order->order_id, $cart_order_ids)) {
          $access = FALSE;
        }
      }
    }
  }

  // Allow other modules to alter the access value, such as to grant access on
  // return from third party services where redirects temporarily drop cookies.
  drupal_alter('commerce_checkout_access', $access, $order, $account);
  return $access;
}