php-commerce/View/Modal/Web/CheckoutCancel.php

<?php

namespace Core\Commerce\View\Modal\Web;

use Illuminate\Support\Facades\Auth;
use Livewire\Attributes\Layout;
use Livewire\Component;
use Core\Commerce\Models\Order;
use Core\Mod\Tenant\Models\User;

#[Layout('shared::layouts.checkout')]
class CheckoutCancel extends Component
{
    public ?Order $order = null;

    public string $orderNumber = '';

    public function mount(?string $order = null): void
    {
        if ($order) {
            $this->orderNumber = $order;
            $foundOrder = Order::where('order_number', $order)->first();

            // Verify ownership before exposing order details
            if ($foundOrder && $this->authorizeOrder($foundOrder)) {
                $this->order = $foundOrder;
            }
        }
    }

    /**
     * Verify the current user is authorised to view this order.
     */
    protected function authorizeOrder(Order $order): bool
    {
        $user = Auth::user();

        if (! $user instanceof User) {
            return false;
        }

        $workspace = $user->defaultHostWorkspace();

        if (! $workspace) {
            return false;
        }

        return $order->workspace_id === $workspace->id;
    }

    public function render()
    {
        return view('commerce::web.checkout.checkout-cancel');
    }
}
monorepo sepration 2026-01-27 00:24:22 +00:00			`<?php`

			`namespace Core\Commerce\View\Modal\Web;`

			`use Illuminate\Support\Facades\Auth;`
			`use Livewire\Attributes\Layout;`
			`use Livewire\Component;`
			`use Core\Commerce\Models\Order;`
			`use Core\Mod\Tenant\Models\User;`

			`#[Layout('shared::layouts.checkout')]`
			`class CheckoutCancel extends Component`
			`{`
			`public ?Order $order = null;`

			`public string $orderNumber = '';`

			`public function mount(?string $order = null): void`
			`{`
			`if ($order) {`
			`$this->orderNumber = $order;`
			`$foundOrder = Order::where('order_number', $order)->first();`

			`// Verify ownership before exposing order details`
			`if ($foundOrder && $this->authorizeOrder($foundOrder)) {`
			`$this->order = $foundOrder;`
			`}`
			`}`
			`}`

			`/**`
			`* Verify the current user is authorised to view this order.`
			`*/`
			`protected function authorizeOrder(Order $order): bool`
			`{`
			`$user = Auth::user();`

			`if (! $user instanceof User) {`
			`return false;`
			`}`

			`$workspace = $user->defaultHostWorkspace();`

			`if (! $workspace) {`
			`return false;`
			`}`

			`return $order->workspace_id === $workspace->id;`
			`}`

			`public function render()`
			`{`
			`return view('commerce::web.checkout.checkout-cancel');`
			`}`
			`}`