diff --git a/commerce_services.module b/commerce_services.module index e9f606f..4d70903 100644 --- a/commerce_services.module +++ b/commerce_services.module @@ -5,6 +5,25 @@ * Defines Services resources for Drupal Commerce entities and systems. */ +/** +* Implements hook_permission(). +*/ +function commerce_services_permission() { + return array( + 'use line-item/retrieve method' => array( + 'title' => t("Use 'retrieve' method of 'line-item' resource."), + ), + 'use line-item/create method' => array( + 'title' => t("Use 'create' method of 'line-item' resource."), + ), + 'use line-item/update method' => array( + 'title' => t("Use 'update' method of 'line-item' resource."), + ), + 'use line-item/delete method' => array( + 'title' => t("Use 'delete' method of 'line-item' resource."), + ), + ); +} /** * Implements hook_services_resources(). @@ -1441,7 +1460,7 @@ function commerce_services_update_field_value($entity_type, $entity, $field_info // was not zero, so we ensure this is the case by changing the delta key of // the field value array. if ($field_info['cardinality'] == 1) { - $current_delta = key($entity->{$field_name}[$langcode]); + $current_delta = isset($entity->{$field_name}[$langcode]) ? key($entity->{$field_name}[$langcode]) : 0; if ($current_delta != 0) { $entity->{$field_name}[$langcode][0] = $entity->{$field_name}[$langcode][$current_delta]; diff --git a/resources/line_item.inc b/resources/line_item.inc index e4770ea..4afcd2b 100644 --- a/resources/line_item.inc +++ b/resources/line_item.inc @@ -48,8 +48,11 @@ function commerce_services_line_item_retrieve_access($line_item_id) { // Attempt to load the line item. if ($line_item = commerce_line_item_load($line_item_id)) { // And perform the view access check. - if (commerce_line_item_access('view', $line_item)) { - return TRUE; + global $user; + if (user_access('use line-item/retrieve method') || commerce_line_item_access('view', $line_item)) { + if ($user->uid == $order->uid) { + return TRUE; + } } else { return services_error(t('Access to this operation not granted'), 401); @@ -142,10 +145,12 @@ function commerce_services_line_item_create_access($data) { if (empty($order)) { return services_error(t('You must specify a valid order ID'), 400); } - // If the user has access to update the order... - if (commerce_order_access('update', $order)) { - return TRUE; + global $user; + if (user_access('use line-item/create method') || commerce_order_access('update', $order)) { + if ($user->uid == $order->uid) { + return TRUE; + } } else { return services_error(t('Access to this operation not granted'), 401); @@ -226,8 +231,11 @@ function commerce_services_line_item_update_access($line_item_id) { // Attempt to load the line item. if ($line_item = commerce_line_item_load($line_item_id)) { // If the user has access to perform the operation... - if (commerce_line_item_access('update', $line_item)) { - return TRUE; + global $user; + if (user_access('use line-item/update method') || commerce_line_item_access('update', $line_item)) { + if ($user->uid == $order->uid) { + return TRUE; + } } else { return services_error(t('Access to this operation not granted'), 401); @@ -261,8 +269,11 @@ function commerce_services_line_item_delete_access($line_item_id) { // Attempt to load the line item. if ($line_item = commerce_line_item_load($line_item_id)) { // If the user has access to perform the operation... - if (commerce_line_item_access('delete', $line_item)) { - return TRUE; + global $user; + if (user_access('use line-item/delete method') || commerce_line_item_access('delete', $line_item)) { + if ($user->uid == $order->uid) { + return TRUE; + } } else { return services_error(t('Access to this operation not granted'), 401);