kupshop/bundles/KupShop/ContentBundle/View/OrderView.php

<?php

namespace KupShop\ContentBundle\View;

use KupShop\ComponentsBundle\Twig\DataProvider\OrderDataProvider;
use KupShop\ComponentsBundle\View\ComponentsViewInterface;
use KupShop\ComponentsBundle\View\ComponentsViewTrait;
use KupShop\KupShopBundle\Context\UserContext;
use KupShop\KupShopBundle\Exception\RedirectException;
use KupShop\KupShopBundle\Util\Contexts;
use KupShop\KupShopBundle\Util\Database\QueryHint;
use KupShop\KupShopBundle\Views\Traits\RequestTrait;
use KupShop\KupShopBundle\Views\View;
use KupShop\OrderingBundle\Util\Order\OrderInfo;
use Order;
use Query\Operator;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class OrderView extends View implements ComponentsViewInterface
{
    use RequestTrait;
    use ComponentsViewTrait;

    protected string $smartyFallback = 'account';
    protected string $entrypoint = 'account';
    protected $template = 'orderView.tpl';

    protected $order;

    protected $IDo;
    protected $printPreview;
    protected $showOrder = true;
    protected $error;

    public $orderInfo;

    public function __construct(OrderInfo $orderInfo,
        protected ?OrderDataProvider $orderDataProvider = null,
    ) {
        $this->orderInfo = $orderInfo;
    }

    public static function checkOrderOwnership($orderId, $cf)
    {
        $user = \User::getCurrentUser();

        if ($user) {
            $qb = sqlQueryBuilder()
                ->select('id')
                ->from('orders')
                ->where(Operator::equals(['id' => $orderId]))
                ->setMaxResults(1)
                ->sendToMaster();

            $userIds = [$user['id']];
            if (findModule(\Modules::USER_MANAGER)) {
                $managedUsersIds = sqlQueryBuilder()->select('id_user')
                    ->from('users_manager_relations')
                    ->andWhere(Operator::equals(['id_user_master' => $user['id']]))
                    ->execute()->fetchFirstColumn();

                $userIds = array_merge($managedUsersIds, $userIds);
            }

            $qb->andWhere(Operator::inIntArray($userIds, 'id_user'));

            if ($qb->execute()->rowCount() == 0 && !empty($cf)) {
                // allow access to order if user is logged and cf is correct
                if (sqlQueryBuilder()->select('id')
                    ->from('orders')
                    ->where(Operator::equals(['id' => $orderId]))
                    ->sendToMaster()
                    ->execute()->fetchAssociative()) {
                    $order = new \Order($orderId);
                    if ($cf != $order->getSecurityCode()) {
                        throw new RedirectException(
                            createScriptURL([
                                'URL' => 'launch.php',
                                's' => 'orders',
                                'ESCAPE' => 'NO',
                            ])
                        );
                    }
                }
            } elseif ($qb->execute()->rowCount() == 0) {
                throw new RedirectException(
                    createScriptURL([
                        'URL' => 'launch.php',
                        's' => 'orders',
                        'ESCAPE' => 'NO',
                    ])
                );
            }
        } else {
            if ($cf === null) {
                redirection('LOGIN');
            }

            $qb = sqlQueryBuilder()
                ->select('id', 'order_no', 'date_created')
                ->from('orders')
                ->where(Operator::equals(['id' => $orderId]))
                ->sendToMaster()
                ->setMaxResults(1)
                ->execute();

            $code = 'superwpjtajnykod';

            if ($qb->rowCount() == 1) {
                $order = $qb->fetchAssociative();
                $code = $order['id'].'*'.$order['order_no'].'*'.$order['date_created'];
                $code = md5($code);
            }

            if ($code != $cf || $qb->rowCount() == 0) {
                throw new RedirectException(
                    createScriptURL([
                        'URL' => 'launch.php',
                        's' => 'orders',
                        'ESCAPE' => 'NO',
                    ])
                );
            }
        }
    }

    public function getResponse(?Request $request = null)
    {
        if (!findModule('orders')) {
            redirection('MODUL_NOT_FOUND');
        }

        if (intval($this->IDo) == 0) {
            redirection(createScriptURL([
                'URL' => 'launch.php',
                's' => 'orders',
                'ESCAPE' => 'NO',
            ]));
        }

        $order = sqlQueryBuilder()
            ->select('id')
            ->from('orders')
            ->where(Operator::equals(['id' => $this->IDo]))
            ->sendToMaster()
            ->execute()->fetchOne();

        if (!$order) {
            throw new NotFoundHttpException('Order not found');
        }

        self::checkOrderOwnership($this->IDo, $this->request->get('cf'));

        return parent::getResponse($request);
    }

    public function getBodyVariables()
    {
        $vars = parent::getBodyVariables();

        QueryHint::routeToMaster();

        $orderObj = new \Order();
        $orderObj->createFromDB($this->IDo);
        $this->title = str_replace('%ORDERNO', $orderObj->order_no, translate('title', 'orderView'));

        // TODO: Render also successView using twig
        if (findModule(\Modules::COMPONENTS) && !($this instanceof OrderSuccessView)) {
            $vars['id_order'] = $this->IDo;
            $this->orderDataProvider->addOrder($orderObj);

            return $vars;
        }

        $deliveryId = $orderObj->getDeliveryId();
        $payment = null;
        $deliveryType = null;

        if ($deliveryId > 0) {
            $deliveryType = $orderObj->getDeliveryType($deliveryId);

            if (!empty($deliveryType['payment_class'])) {
                $payment = $deliveryType['payment_class'];
                $payment->setOrder($orderObj->id);
            }
        }

        if (getVal('pay') == 1) {
            if ($payment) {
                $payment->startPayment();
            } else {
                $this->error = 5;
            }
        }

        $orderObj->fetchItems();
        $orderObj->fetchItemsPhoto();

        $orderHistory = [];
        if ($this->showOrder) {
            $orderHistory = $this->showOrder($orderObj);
        }

        $orderObj['status_text'] = $this->orderInfo->getOrderStatus($orderObj['status']);

        $vars['returnNav'] = $this->getReturnNav();
        $vars['error'] = '';
        $vars['printPreview'] = false;
        $vars['printHtml'] = false;
        $vars['showOrder'] = $this->showOrder;
        $vars['order'] = $orderObj;
        $vars['orderObj'] = $orderObj;
        $vars['products'] = [];
        $vars['discounts'] = [];
        $vars['deliveryType'] = $deliveryType;
        $vars['payment'] = $payment;
        $vars['history'] = $orderHistory['history'];
        $vars['editable'] = $orderHistory['editable'];

        $this->handleError();

        return $vars;
    }

    public function getBreadcrumbsNew(): array
    {
        $breadcrumbs[] = ['link' => path('home'), 'text' => translate('getSections', 'functions')['home']];

        if (Contexts::get(UserContext::class)->getActive()) {
            $breadcrumbs[] = ['link' => path('account'), 'text' => translate('title', 'account')];
            $breadcrumbs[] = ['link' => path('orders'), 'text' => translate('returnNav', 'orderView')[0]];
        }

        $breadcrumbs[] = ['text' => $this->getTitle()];

        return $breadcrumbs;
    }

    public function getWpjToolbar()
    {
        $arr = [
            'url' => getAdminUrl('orders', ['ID' => $this->IDo]),
            'title' => 'Upravit objednávku',
        ];

        return array_merge(parent::getWpjToolbar(), $arr);
    }

    public function handleError()
    {
        switch ($this->error) {
            case 4:
                $this->addSuccessMessage(translate('error', 'orderView')[0]);
                break;
            case 5:
                $this->addErrorMessage(translate('error', 'orderView')[3]);
                break;
        }
    }

    public function showOrder(\Order $orderObj)
    {
        $data = [];
        $dbcfg = \Settings::getDefault();

        $data['editable'] = intval(getVal('edit')) > 0 && $orderObj->isEditable();

        $qb = sqlQueryBuilder()
                ->select('id_status', 'DATE_FORMAT(date, "'.$dbcfg['date_format'].' '.$dbcfg['time_format'].'") AS date', 'comment')
                ->from(getTableName('orders_history'), 'oh')
                ->where('id_order=:IDo')
                ->orderBy('date', 'ASC')
                ->setParameter('IDo', $this->IDo)
                ->execute()->fetchAll();

        $history = [];

        foreach ($qb as $row) {
            $history[] = [
                'date' => $row['date'],
                'status' => $this->orderInfo->getOrderStatus($row['id_status']),
                'note' => $row['comment'],
            ];
        }

        $data['history'] = $history;

        $this->title = str_replace('%ORDERNO', $orderObj->order_no, translate('title', 'orderView'));

        return $data;
    }

    public function getReturnNav()
    {
        if (Contexts::get(UserContext::class)->isActive()) {
            $url = createScriptURL([
                'URL' => 'launch.php',
                's' => 'orders',
            ]);

            return getReturnNavigation(-1, 'USER', [['link' => $url, 'text' => translate('returnNav', 'orderView')[0]], ['text' => translate('returnNav', 'orderView')[1]]]);
        } else {
            return getReturnNavigation(-1, 'NO_TYPE', [translate('returnNav', 'orderView')[1]]);
        }
    }

    public function changeDeliveryType($deliveryType)
    {
        $this->getOrder()->changeDeliveryType($deliveryType);
    }

    /**
     * @return bool
     */
    public function canChangePayment($paymentId)
    {
        /** @var \Order $order */
        $order = $this->getOrder();

        if (in_array($order->status, getStatuses('payment_change_allowed')) && $order->getDeliveryId() && $order->status_storno == 0 && !$order->isPaid()) {
            foreach ($this->getAvailableDeliveryTypes() as $type) {
                if ($type->id_payment == $paymentId) {
                    return $type->id;
                }
            }
        }

        return false;
    }

    public function getAvailableDeliveryTypes()
    {
        $deliveryTypes = \Order::getDeliveryTypeList($this->getOrder()->total_price, null);
        $actualDeliveryId = $this->getOrder()->getDeliveryType()->getDelivery()->id;
        $available = [];
        foreach ($deliveryTypes as $type) {
            if ($type->id_delivery == $actualDeliveryId) {
                $available[] = $type;
            }
        }

        return $available;
    }

    /**
     * @return \Order
     */
    public function getOrder()
    {
        if ($this->order) {
            return $this->order;
        }

        $order = new \Order();
        $order->createFromDB($this->IDo);

        return $this->order = $order;
    }

    public function setIDo($IDo)
    {
        $this->IDo = $IDo;
    }

    public function setError(string $error): self
    {
        $this->error = $error;

        return $this;
    }

    public function getCorrectUrl(): ?string
    {
        return path('kupshop_content_orders_order', ['id' => $this->getOrder()->id, 'cf' => $this->request->get('cf')]);
    }
}