function commerce_payment_query_commerce_payment_transaction_access_alter in Commerce Core 7
Implements hook_query_TAG_alter().
Implement access control on payment transaction. This is different from other entities because the access to a payment transaction is partially delegated to its order.
File
- modules/
payment/ commerce_payment.module, line 1049 - Defines the payment system and checkout integration.
Code
function commerce_payment_query_commerce_payment_transaction_access_alter(QueryAlterableInterface $query) {
// Read the meta-data from the query.
if (!($account = $query
->getMetaData('account'))) {
global $user;
$account = $user;
}
// If the user has the administration permission, nothing to do.
if (user_access('administer payments', $account)) {
return;
}
// Join the payment transaction to their orders.
if (user_access('view payments', $account)) {
$tables =& $query
->getTables();
// Look for an existing commerce_order table.
foreach ($tables as $table) {
if ($table['table'] === 'commerce_order') {
$order_alias = $table['alias'];
break;
}
}
// If not found, attempt a join against the first table.
if (!isset($order_alias)) {
reset($tables);
$base_table = key($tables);
$order_alias = $query
->innerJoin('commerce_order', 'co', '%alias.order_id = ' . $base_table . '.order_id');
}
// Perform the access control on the order.
commerce_entity_access_query_alter($query, 'commerce_order', $order_alias);
}
else {
// The user has access to no payment transaction.
$query
->where('1 = 0');
}
}