TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check customer order

Browse Source
This commit is contained in:
Manuel Raynaud
2014-04-18 12:20:51 +02:00
parent 5c5f982593
commit 681d5503ac
1 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
local/modules/Front/Controller/OrderController.php
View File

@@ -23,6 +23,7 @@
namespace Front\Controller; namespace Front\Controller;
use Propel\Runtime\Exception\PropelException; use Propel\Runtime\Exception\PropelException;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Thelia\Cart\CartTrait; use Thelia\Cart\CartTrait;
use Thelia\Controller\Front\BaseFrontController; use Thelia\Controller\Front\BaseFrontController;
use Thelia\Core\Translation\Translator; use Thelia\Core\Translation\Translator;
@@ -36,7 +37,7 @@ use Thelia\Form\OrderPayment;
use Thelia\Log\Tlog; use Thelia\Log\Tlog;
use Thelia\Model\AddressQuery; use Thelia\Model\AddressQuery;
use Thelia\Model\AreaDeliveryModuleQuery; use Thelia\Model\AreaDeliveryModuleQuery;
use Thelia\Model\Base\OrderQuery; use Thelia\Model\OrderQuery;
use Thelia\Model\ConfigQuery; use Thelia\Model\ConfigQuery;
use Thelia\Model\ModuleQuery; use Thelia\Model\ModuleQuery;
use Thelia\Model\Order; use Thelia\Model\Order;
@@ -281,20 +282,41 @@ class OrderController extends BaseFrontController
public function generateInvoicePdf($order_id) public function generateInvoicePdf($order_id)
{ {
/* check customer */ $this->checkOrderCustomer($order_id);
$this->checkAuth();
return $this->generateOrderPdf($order_id, ConfigQuery::read('pdf_invoice_file', 'invoice')); return $this->generateOrderPdf($order_id, ConfigQuery::read('pdf_invoice_file', 'invoice'));
} }
public function generateDeliveryPdf($order_id) public function generateDeliveryPdf($order_id)
{ {
/* check customer */ $this->checkOrderCustomer($order_id);
$this->checkAuth();
return $this->generateOrderPdf($order_id, ConfigQuery::read('pdf_delivery_file', 'delivery')); return $this->generateOrderPdf($order_id, ConfigQuery::read('pdf_delivery_file', 'delivery'));
} }
private function checkOrderCustomer($order_id)
{
$this->checkAuth();
$order = OrderQuery::create()->findPk($order_id);
$valid = true;
if ($order) {
$customerOrder = $order->getCustomer();
$customer = $this->getSecurityContext()->getCustomerUser();
if ($customerOrder->getId() != $customer->getId()) {
$valid = false;
}
} else {
$valid = false;
}
if (false === $valid) {
throw new AccessDeniedHttpException();
}
}
public function getDeliveryModuleListAjaxAction() public function getDeliveryModuleListAjaxAction()
{ {
$country = $this->getRequest()->get( $country = $this->getRequest()->get(