Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /home/corals/job-board.corals.io/Corals/modules/Ecommerce/Policies/ |
<?php
namespace Corals\Modules\Ecommerce\Policies;
use Corals\Foundation\Policies\BasePolicy;
use Corals\Modules\Ecommerce\Models\Order;
use Corals\User\Models\User;
class OrderPolicy extends BasePolicy
{
protected $administrationPermission = 'Administrations::admin.ecommerce';
protected $skippedAbilities = [
'payOrder', 'update', 'refundOrder'
];
/**
* @param User $user
* @param null $order
* @return bool
*/
public function view(User $user, $order = null)
{
if ($user->can('Ecommerce::orders.access')) {
return true;
}
if ($user->can('Ecommerce::my_orders.access') && $order && $order->user->id == $user->id) {
return true;
}
return false;
}
/**
* @param User $user
* @return bool
*/
public function create(User $user)
{
return $user->can('Ecommerce::order.create');
}
/**
* @param User $user
* @param Order $order
* @return bool
*/
public function update(User $user, Order $order)
{
if (($user->can('Ecommerce::order.update') || isSuperUser())) {
return true;
}
return false;
}
public function update_payment(User $user, Order $order)
{
return $user->can('Ecommerce::order.update');
}
public function update_shipping(User $user, Order $order)
{
return $user->can('Ecommerce::order.update');
}
public function update_status(User $user, Order $order)
{
return $user->can('Ecommerce::order.update');
}
public function notify_buyer(User $user, Order $order)
{
return $user->can('Ecommerce::order.update') || isSuperUser();
}
/**
* @param User $user
* @param Order $order
* @return bool
*/
public function destroy(User $user, Order $order)
{
if ($user->can('Ecommerce::order.delete')) {
return true;
}
return false;
}
/**
* @param User $user
* @param Order $order
* @return bool
*/
public function refundOrder(User $user, Order $order)
{
$payment_status = $order->billing['payment_status'] ?? '';
if ($payment_status && $payment_status != 'refunded' && $order->status != 'canceled') {
if ($this->update($user, $order)) {
return true;
}
}
return false;
}
public function payOrder(User $user, Order $order)
{
$payment_status = $order->billing['payment_status'] ?? '';
return $user->hasPermissionTo('Ecommerce::my_orders.access') && $order->user
&& $order->user->id == $user->id
&& ($order->status == "pending")
&& $payment_status != 'paid';
}
}