?HAMA

Edit File Size: 3.29 KB

/home/nshryvcy/radiantskinclinics.org/wp-content/plugins/woocommerce/src/StoreApi/Utilities/OrderAuthorizationTrait.php

Text Base64

<?php
namespace Automattic\WooCommerce\StoreApi\Utilities;

use Automattic\WooCommerce\StoreApi\Exceptions\RouteException;

/**
 * OrderAuthorizationTrait
 *
 * Shared functionality for getting order authorization.
 */
trait OrderAuthorizationTrait {
	/**
	 * Check if authorized to get the order.
	 *
	 * @throws RouteException If the order is not found or the order key is invalid.
	 *
	 * @param \WP_REST_Request $request Request object.
	 * @return boolean|\WP_Error
	 */
	public function is_authorized( \WP_REST_Request $request ) {
		$order_id      = absint( $request['id'] );
		$order_key     = sanitize_text_field( wp_unslash( $request->get_param( 'key' ) ) );
		$billing_email = sanitize_text_field( wp_unslash( $request->get_param( 'billing_email' ) ) );

try {
			$order = wc_get_order( $order_id );

if ( ! $order ) {
				throw new RouteException( 'woocommerce_rest_invalid_order', esc_html__( 'Invalid order ID.', 'woocommerce' ), 404 );
			}

$order_customer_id = $order->get_customer_id();

// If the order belongs to a registered customer, check if the current user is the owner.
			if ( $order_customer_id ) {
				// If current user is the order owner, allow access, otherwise reject with an error.
				if ( get_current_user_id() === $order_customer_id ) {
					return true;
				} else {
					throw new RouteException( 'woocommerce_rest_invalid_user', esc_html__( 'This order belongs to a different customer.', 'woocommerce' ), 403 );
				}
			}

// Guest order: require order key and billing email validation for all visitors (logged-in or not).
			$this->order_controller->validate_order_key( $order_id, $order_key );
			$this->validate_billing_email_matches_order( $order_id, $billing_email );
		} catch ( RouteException $error ) {
			return new \WP_Error(
				$error->getErrorCode(),
				$error->getMessage(),
				array( 'status' => $error->getCode() )
			);
		}

return true;
	}

/**
	 * Validate a given billing email against an existing order.
	 *
	 * @throws RouteException Exception if invalid data is detected.
	 * @param integer $order_id Order ID.
	 * @param string  $billing_email Billing email.
	 */
	public function validate_billing_email_matches_order( $order_id, $billing_email ) {
		$order = wc_get_order( $order_id );

if ( ! $order ) {
			throw new RouteException( 'woocommerce_rest_invalid_order', esc_html__( 'Invalid order ID.', 'woocommerce' ), 404 );
		}

$order_billing_email = $order->get_billing_email();

// If the order doesn't have an email, then allowing an empty billing_email param is acceptable. It will still be compared to order email below.
		if ( ! $billing_email && ! empty( $order_billing_email ) ) {
			throw new RouteException( 'woocommerce_rest_invalid_billing_email', esc_html__( 'No billing email provided.', 'woocommerce' ), 401 );
		}

// For Store API authorization, the provided billing email must exactly match the order's billing email. We use
		// direct comparison rather than Users::should_user_verify_order_email() because that function has a grace
		// period for newly created orders which is inappropriate for use when querying orders on the API.
		if ( 0 !== strcasecmp( $order_billing_email, $billing_email ) ) {
			throw new RouteException( 'woocommerce_rest_invalid_billing_email', esc_html__( 'Invalid billing email provided.', 'woocommerce' ), 401 );
		}
	}
}

Exit & Reset Text mode: syntax highlighting auto-detects file type.

Name	Size	Perms	Modified	Actions
AgenticCheckoutUtils.php	14.76 KB	lrw-r--r--	2026-02-23 17:58:34	Edit Download recursive recursive
ArrayUtils.php	1.49 KB	lrw-r--r--	2024-04-30 19:35:34	Edit Download recursive recursive
CartController.php	48.42 KB	lrw-r--r--	2026-03-12 20:10:34	Edit Download recursive recursive
CartTokenUtils.php	1.81 KB	lrw-r--r--	2025-06-23 19:46:28	Edit Download recursive recursive
CheckoutTrait.php	10.82 KB	lrw-r--r--	2025-06-23 19:46:28	Edit Download recursive recursive
DraftOrderTrait.php	1.76 KB	lrw-r--r--	2024-09-04 20:34:26	Edit Download recursive recursive
JsonWebToken.php	5.45 KB	lrw-r--r--	2025-07-29 12:34:58	Edit Download recursive recursive
LocalPickupUtils.php	5.67 KB	lrw-r--r--	2026-01-19 14:46:18	Edit Download recursive recursive
NoticeHandler.php	2.02 KB	lrw-r--r--	2025-03-03 22:28:12	Edit Download recursive recursive
OrderAuthorizationTrait.php	3.29 KB	lrw-r--r--	2025-12-22 17:20:32	Edit Download recursive recursive
OrderController.php	32.10 KB	lrw-r--r--	2026-05-05 14:26:50	Edit Download recursive recursive
Pagination.php	2.05 KB	lrw-r--r--	2023-12-27 00:45:02	Edit Download recursive recursive
PaymentUtils.php	3.65 KB	lrw-r--r--	2025-05-12 21:07:28	Edit Download recursive recursive
ProductItemTrait.php	3.54 KB	lrw-r--r--	2026-03-30 17:12:24	Edit Download recursive recursive
ProductLinksTrait.php	1.82 KB	lrw-r--r--	2026-03-30 17:12:24	Edit Download recursive recursive
ProductQuery.php	21.61 KB	lrw-r--r--	2026-05-05 14:26:50	Edit Download recursive recursive
ProductQueryFilters.php	9.25 KB	lrw-r--r--	2025-07-29 12:34:58	Edit Download recursive recursive
QuantityLimits.php	10.11 KB	lrw-r--r--	2025-07-29 12:34:58	Edit Download recursive recursive
RateLimits.php	6.14 KB	lrw-r--r--	2025-03-03 22:28:12	Edit Download recursive recursive
SanitizationUtils.php	794 B	lrw-r--r--	2024-02-27 18:59:46	Edit Download recursive recursive
ValidationUtils.php	1.73 KB	lrw-r--r--	2023-12-27 00:45:02	Edit Download recursive recursive

Directory Contents