Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/old/vendor/magento/module-sales/Model/ResourceModel/Order/Plugin/ |
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Sales\Model\ResourceModel\Order\Plugin;
use Magento\Authorization\Model\UserContextInterface;
use Magento\Framework\Exception\NoSuchEntityException;
use Magento\Sales\Model\Order;
use Magento\Sales\Model\ResourceModel\Order as ResourceOrder;
class Authorization
{
/**
* @var UserContextInterface
*/
protected $userContext;
/**
* @param UserContextInterface $userContext
*/
public function __construct(
UserContextInterface $userContext
) {
$this->userContext = $userContext;
}
/**
* @param ResourceOrder $subject
* @param ResourceOrder $result
* @param \Magento\Framework\Model\AbstractModel $order
* @return ResourceOrder
* @throws NoSuchEntityException
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function afterLoad(
ResourceOrder $subject,
ResourceOrder $result,
\Magento\Framework\Model\AbstractModel $order
) {
if ($order instanceof Order) {
if (!$this->isAllowed($order)) {
throw NoSuchEntityException::singleField('orderId', $order->getId());
}
}
return $result;
}
/**
* Checks if order is allowed for current customer
*
* @param \Magento\Sales\Model\Order $order
* @return bool
*/
protected function isAllowed(Order $order)
{
return $this->userContext->getUserType() == UserContextInterface::USER_TYPE_CUSTOMER
? $order->getCustomerId() == $this->userContext->getUserId()
: true;
}
}