You are here

function commerce_payment_transaction_order_access in Commerce Core 7

Determines access for a variety of operations for payment transactions on a given order.

Parameters

$op: The payment transaction operation being performed, one of view, update, create, or delete.

$order: The order to check against (optional if $op == 'create').

$account: The user account attempting the operation; defaults to the current user.

Return value

TRUE or FALSE indicating access for the operation.

2 calls to commerce_payment_transaction_order_access()
commerce_payment_order_transaction_add_form in modules/payment/includes/commerce_payment.forms.inc
Allows an administrator to choose a payment method type and add a transaction for a specific order.
commerce_payment_transaction_access in modules/payment/commerce_payment.module
Determines access for a variety of operations on payment transactions.
1 string reference to 'commerce_payment_transaction_order_access'
commerce_payment_ui_menu in modules/payment/commerce_payment_ui.module
Implements hook_menu().

File

modules/payment/commerce_payment.module, line 986
Defines the payment system and checkout integration.

Code

function commerce_payment_transaction_order_access($op, $order, $account = NULL) {
  global $user;
  if (empty($account)) {
    $account = clone $user;
  }

  // Grant administrators access to do anything.
  if (user_access('administer payments', $account)) {
    return TRUE;
  }
  switch ($op) {

    // Creating new payment transactions.
    case 'create':
      if (user_access('create payments', $account)) {

        // We currently allow any user to create any payment transaction,
        // regardless of the order, because entity_access() doesn't give us a
        // way to discriminate on the order.
        // @todo: find a way to prevent creating a payment transaction if the
        // user doesn't have access to the order.
        if (!isset($order) || commerce_order_access('update', $order, $account)) {
          return TRUE;
        }
      }
      break;

    // Viewing payment transactions.
    case 'view':
      if (user_access('view payments', $account)) {
        if (commerce_order_access('view', $order, $account)) {
          return TRUE;
        }
      }
      break;
    case 'update':
      if (user_access('update payments', $account)) {
        if (commerce_order_access('view', $order, $account)) {
          return TRUE;
        }
      }
      break;
    case 'delete':
      if (user_access('delete payments', $account)) {
        if (commerce_order_access('update', $order, $account)) {
          return TRUE;
        }
      }
      break;
  }
  return FALSE;
}