function commerce_payment_transaction_order_access in Commerce Core 7
Determines access for a variety of operations for payment transactions on a given order.
Parameters
$op: The payment transaction operation being performed, one of view, update, create, or delete.
$order: The order to check against (optional if $op == 'create').
$account: The user account attempting the operation; defaults to the current user.
Return value
TRUE or FALSE indicating access for the operation.
2 calls to commerce_payment_transaction_order_access()
- commerce_payment_order_transaction_add_form in modules/
payment/ includes/ commerce_payment.forms.inc - Allows an administrator to choose a payment method type and add a transaction for a specific order.
- commerce_payment_transaction_access in modules/
payment/ commerce_payment.module - Determines access for a variety of operations on payment transactions.
1 string reference to 'commerce_payment_transaction_order_access'
- commerce_payment_ui_menu in modules/
payment/ commerce_payment_ui.module - Implements hook_menu().
File
- modules/
payment/ commerce_payment.module, line 986 - Defines the payment system and checkout integration.
Code
function commerce_payment_transaction_order_access($op, $order, $account = NULL) {
global $user;
if (empty($account)) {
$account = clone $user;
}
// Grant administrators access to do anything.
if (user_access('administer payments', $account)) {
return TRUE;
}
switch ($op) {
// Creating new payment transactions.
case 'create':
if (user_access('create payments', $account)) {
// We currently allow any user to create any payment transaction,
// regardless of the order, because entity_access() doesn't give us a
// way to discriminate on the order.
// @todo: find a way to prevent creating a payment transaction if the
// user doesn't have access to the order.
if (!isset($order) || commerce_order_access('update', $order, $account)) {
return TRUE;
}
}
break;
// Viewing payment transactions.
case 'view':
if (user_access('view payments', $account)) {
if (commerce_order_access('view', $order, $account)) {
return TRUE;
}
}
break;
case 'update':
if (user_access('update payments', $account)) {
if (commerce_order_access('view', $order, $account)) {
return TRUE;
}
}
break;
case 'delete':
if (user_access('delete payments', $account)) {
if (commerce_order_access('update', $order, $account)) {
return TRUE;
}
}
break;
}
return FALSE;
}