function commerce_line_item_query_commerce_line_item_access_alter in Commerce Core 7

Implements hook_query_TAG_alter().

Implement access control on line items. This is different from other entities because the access to a line item is totally delegated to its order.

File

modules/line_item/commerce_line_item.module, line 734: Defines the core Commerce line item entity and API functions interact with line items on orders.

Code

function commerce_line_item_query_commerce_line_item_access_alter(QueryAlterableInterface $query) {

  // Read the meta-data from the query.
  if (!($account = $query
    ->getMetaData('account'))) {
    global $user;
    $account = $user;
  }

  // If the user has the administration permission, nothing to do.
  if (user_access('administer line items', $account)) {
    return;
  }

  // Join the line items to their orders.
  if (module_exists('commerce_order')) {
    $tables =& $query
      ->getTables();

    // Look for an existing commerce_order table.
    foreach ($tables as $table) {
      if ($table['table'] === 'commerce_order') {
        $order_alias = $table['alias'];
        break;
      }
    }

    // If not found, attempt a join against the first table.
    if (!isset($order_alias)) {
      reset($tables);
      $base_table = key($tables);
      $order_alias = $query
        ->innerJoin('commerce_order', 'co', '%alias.order_id = ' . $base_table . '.order_id');
    }

    // Perform the access control on the order.
    commerce_entity_access_query_alter($query, 'commerce_order', $order_alias);
  }
  else {

    // The user has access to no line item.
    $query
      ->where('1 = 0');
  }
}

You are here

function commerce_line_item_query_commerce_line_item_access_alter in Commerce Core 7

File

Code

API Navigation