Пример #1
0
 /**
  * AJAX action to download invoice
  */
 public function bewpi_download_invoice()
 {
     if (isset($_GET['action']) && isset($_GET['order_id']) && isset($_GET['nonce'])) {
         $action = $_GET['action'];
         $order_id = $_GET['order_id'];
         $nonce = $_REQUEST["nonce"];
         if (!wp_verify_nonce($nonce, $action)) {
             die('Invalid request');
         }
         if (empty($order_id)) {
             die('Invalid order ID');
         }
         $invoice = new BEWPI_Invoice($order_id);
         $invoice->view();
     }
 }
Пример #2
0
 /**
  * Callback to sniff for specific plugin actions to view, create or delete invoice.
  */
 private function invoice_actions()
 {
     if (isset($_GET['bewpi_action']) && isset($_GET['post']) && is_numeric($_GET['post']) && isset($_GET['nonce'])) {
         $action = $_GET['bewpi_action'];
         $order_id = $_GET['post'];
         $nonce = $_REQUEST['nonce'];
         if (!wp_verify_nonce($nonce, $action)) {
             wp_die(__('Invalid request', 'woocommerce-pdf-invoices'));
         }
         if (empty($order_id)) {
             wp_die(__('Invalid order ID', 'woocommerce-pdf-invoices'));
         }
         $user = wp_get_current_user();
         $allowed_roles = array('administrator', 'shop_manager');
         $customer_user_id = get_post_meta($order_id, '_customer_user', true);
         if (!array_intersect($allowed_roles, $user->roles) && get_current_user_id() != $customer_user_id) {
             wp_die(__('Access denied', 'woocommerce-pdf-invoices'));
         }
         $invoice = new BEWPI_Invoice($order_id);
         switch ($_GET['bewpi_action']) {
             case "view":
                 $invoice->view();
                 break;
             case "cancel":
                 $invoice->delete();
                 break;
             case "create":
                 $invoice->save("F");
                 break;
         }
     }
 }