允许访问 WooCommerce 前端的任何订单答案

【问题标题】：Allow access to any order on front-end on WooCommerce允许访问 WooCommerce 前端的任何订单
【发布时间】：2021-04-20 00:25:26
【问题描述】：

我的目标是允许特定角色查看商店中的任何订单。虽然在“我的帐户”页面中显示所有订单相对容易，但访问由不同用户创建的特定订单总是会出现“无效订单。我的帐户”错误。

到目前为止，我已经在woocommerce_my_account_my_orders_query 过滤器上添加了自定义查询，以便可以查看具有相同角色的帐户的所有订单。我将角色权限设置为完整（根据此链接，与 Shop Manager 和 Administrator 的权限相同，但是默认情况下这些角色也无法查看所有订单：https://github.com/woocommerce/woocommerce/blob/ee01d4219282387c2975ef4594677453c1dd7a0e/includes/class-wc-install.php#L1052

我正在考虑创建自定义view-order.php 模板，但我宁愿使用wc_get_order() 一次获取整个订单对象。有没有人遇到过这样的挑战？

以下是我添加新角色的方式：

function lf_wc_role_custom() {  
    add_role(
        'custom_role',
        'Custom Role',
        [
            'level_9'                => true,
            'level_8'                => true,
            'level_7'                => true,
            'level_6'                => true,
            'level_5'                => true,
            'level_4'                => true,
            'level_3'                => true,
            'level_2'                => true,
            'level_1'                => true,
            'level_0'                => true,
            'read'                   => true,
            'read_private_pages'     => true,
            'read_private_posts'     => true,
            'edit_posts'             => true,
            'edit_pages'             => true,
            'edit_published_posts'   => true,
            'edit_published_pages'   => true,
            'edit_private_pages'     => true,
            'edit_private_posts'     => true,
            'edit_others_posts'      => true,
            'edit_others_pages'      => true,
            'publish_posts'          => true,
            'publish_pages'          => true,
            'delete_posts'           => true,
            'delete_pages'           => true,
            'delete_private_pages'   => true,
            'delete_private_posts'   => true,
            'delete_published_pages' => true,
            'delete_published_posts' => true,
            'delete_others_posts'    => true,
            'delete_others_pages'    => true,
            'manage_categories'      => true,
            'manage_links'           => true,
            'moderate_comments'      => true,
            'upload_files'           => true,
            'export'                 => true,
            'import'                 => true,
            'list_users'             => true,
            'edit_theme_options'     => true,
        ]
    );
}
add_action('admin_init', 'lf_wc_role_custom');

这是我目前修改订单查询的方式：

function lf_modify_my_order_query( $query ) {
        global $wpdb;

        $current_user_id = get_current_user_id();
        $user = wp_get_current_user();
        $allowed_roles = ['administrator', 'custom_role'];

        if ( array_intersect( $allowed_roles, $user->roles ) ) {
            $args = array(
                'role' => $user->roles[0],
            );
            $all_users_with_role = get_users( $args );
            $user_ids = [];

            foreach ($all_users_with_role as $user_with_role) {
                array_push($user_ids, $user_with_role->data->ID);
            }

            $user_ids_query = implode("', '", $user_ids);

            $prepare_query = $wpdb->prepare(
                "SELECT post_id
                FROM {$wpdb->postmeta}
                WHERE
                    meta_key LIKE %s
                    AND meta_value IN ('$user_ids_query');",
                '_customer_user',
                $user_ids
            );

            $results = $wpdb->get_results( $prepare_query, ARRAY_A );
            $main_post_ids = wp_list_pluck( $results, 'post_id' );

            unset( $query['customer'] );
            $query['post__in'] = $main_post_ids;
        }

        return $query;
}
add_filter( 'woocommerce_my_account_my_orders_query', 'lf_modify_my_order_query', 20, 1 );```

【问题讨论】：

是的，你应该首先向我们展示你已经做了什么。

标签： php wordpress woocommerce

【解决方案1】：

好的，这就是我解决它的方法。我最终创建了view-order.php 模板的副本，我将提供给属于特定角色的用户。在我的子主题目录中，我创建了woocommerce/myaccount/view-my-order.php 文件，该文件在任何内容之前包含以下内容：

$user = wp_get_current_user();
$allowed_roles = ['custom_role'];
if ( array_intersect( $allowed_roles, $user->roles ) ) {
    $order = wc_get_order($order_id);
    $customer_id = $order->customer_id;
    $customer_meta = get_userdata($customer_id);
    $customer_roles = $customer_meta->roles;

    if (!array_intersect($allowed_roles, $customer_roles)) {
        echo 'You do not have permission to view this order.';
        die();
    }
}
else {
    die();
}

以上是为了确保登录用户只有在客户具有相同角色时才能查看订单。

然后在functions.php 中输入以下内容：

// Creates new query var so we can access new page
function lf_custom_query_vars( $vars ) {
    $vars['view-my-order'] = 'view-my-order';

    return $vars;
}
add_filter( 'woocommerce_get_query_vars', 'lf_custom_query_vars', 0 );

// Flushes rewrite rules (required with custom WC pages?)
function lf_custom_flush_rewrite_rules() {
    flush_rewrite_rules();
}
add_action( 'wp_loaded', 'lf_custom_flush_rewrite_rules' );

// Replaces native "View" button button next to each order on the list
add_filter('woocommerce_my_account_my_orders_actions', function($actions, $order) {
    $user = wp_get_current_user();
    $allowed_roles = ['custom_role'];

    if ( array_intersect( $allowed_roles, $user->roles ) ) {
        $actions['view'] = [
            'url' => wc_get_endpoint_url( 'view-my-order', $order->get_id() ),
            'name' => __( 'View', 'txtdomain' )
        ];
    }

    return $actions;
}, 10, 2);

// Renders new template
function lf_view_my_order_endpoint_content() {
    $order_id = get_query_var('view-my-order');

    wc_get_template('myaccount/view-my-order.php', [
        'order_id' => $order_id,
    ]);
}
add_action( 'woocommerce_account_view-my-order_endpoint', 'lf_view_my_order_endpoint_content' );

这一切都可以进一步优化，但你明白了。

【讨论】：