Contrib.social

Anonymous Checkout Denied When Order is Programmatic

Open on Drupal.org β†’
Created on 5 March 2017, about 8 years ago
Updated 18 November 2024, 5 months ago

When creating an order programmatically and skipping to the checkout process via redirect, the checkout system is denying access to anonymous users and not properly redirecting them to the login / guest checkout page as normal. Currently, at least I, have not been able to override the access check at a high enough level to override. There should be a check added to ensure the redirect is called last in order to ensure the anonymous user is properly redirected. As an alternative, we should be able to override the access check from within a module to allow for anonymous checkouts without going through the continue as guest process.

This was tested on a clean install of the dev branch.

Custom Controller Code Causing Issue:

<?php
/**
 * @file
 * Contains \Drupal\add_cart_by_url\Controller\CartAdditionController.
 */

namespace Drupal\add_cart_by_url\Controller;

use Drupal\Core\Controller\ControllerBase;
use Drupal\commerce_order\Entity\OrderInterface;
use Symfony\Component\HttpFoundation;

class CartAdditionController extends ControllerBase {
  public function process_product($product_sku) { 
    // Get Current User
    $user = \Drupal\user\Entity\User::load(\Drupal::currentUser()->id());

    // Load Order Type
    // @TO DO: Get Dynamic Order Type
    // $order_type = \Drupal\commerce_order\Entity\OrderType::load('default');

    // @TO DO: Allow for Selection of what type of products have dynamic URLS in Admin Settings
    // $order_item_type = \Drupal\commerce_order\Entity\OrderItemType::load('default');

    // Load Product
    // @TO DO: Allow option for URL to be determined at the product level
    // $product = \Drupal\commerce_product\Entity\Product::load($product_url);
       $product = \Drupal\commerce_order\Entity\OrderItem::load($product_sku);

    // Create the billing profile.
    $profile = \Drupal\profile\Entity\Profile::create([
      'type' => 'customer',
      'uid' => $user->get('uid')->value,
    ]);

    $profile->save();

    // Set Order Item
    $order_item = \Drupal\commerce_order\Entity\OrderItem::create([
      'type' => 'default',
      'purchased_entity' => $product_sku,
      'quantity' => 1,
      'unit_price' => NULL,
    ]);

	
    // @TO DO: Pull Product / Product Variation Prices Dynamically so that they are not manually adjusted
    $unit_price = new \Drupal\commerce_price\Price('0', 'USD');
    $order_item->setUnitPrice($unit_price);

    $order_item->save();

    // Create the User's Order, Order Items are Products
    $order = \Drupal\commerce_order\Entity\Order::create([
      'type' => 'default',
      'store_id' => 1,
      'uid' => $user->get('uid')->value,
      'mail' => $user->get('mail')->value,
      'ip_address' =>  \Drupal::request()->getClientIp(),
      'billing_profile' => $profile,
      'state' => 'draft',
      'placed' => time(),
      'order_items' => [$order_item],
    ]);  

    // Save the Order
    $order->save();
	
    return $this->redirect('commerce_checkout.form', ['commerce_order' => $order->id()]); 
  }
}

?>
πŸ’¬ Support request
Status

Fixed

Version

2.0

Component

Documentation

Created by

πŸ‡ΊπŸ‡ΈUnited States JMOmandown

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 5 months ago β†’
    πŸ‡¨πŸ‡¦Canada leducdubleuet Chicoutimi QC

    Nowadays with current versions, the solution proposed here is not working anymore. Adding the order id to the user's cart session is not enough to make it work.

    In case anybody lands here with that same problem, here is an example of what worked for me :

          // Step 1: Ensure the session is started for anonymous users.
      if ($current_user->isAnonymous()) {
        $session = \Drupal::service('session');
        // If the session is not started, forcefully start it.
        if (!$session->isStarted()) {
          session_start();
        }
      }

      // Step 2: Check if there's an existing cart order for the current user session.
      /* @var \Drupal\commerce_cart\CartProviderInterface $cart_provider */
      $cart_provider = \Drupal::service('commerce_cart.cart_provider');
      /* @var \Drupal\commerce_cart\CartManagerInterface $cart_manager */
      $cart_manager = \Drupal::service('commerce_cart.cart_manager');

      // Get the current cart if any
      $order = $cart_provider->getCart('default');

      // If there's an existing cart order, empty it.
      if (!empty($order)) {
        $cart_manager->emptyCart($order);
      } else {
        // Create a new empty cart if it doesn't exist.
        $order = $cart_provider->createCart('default');
      }

      $checkout_url = '/checkout/' . $order->id();
      $response = new RedirectResponse($checkout_url);
      $response->send();

    This starts the session first when it was not already to fix the access denied on the checkout for anonymous users!

    The call to createCart() adds the order id to user's cart session, no need to do that manually.

    Hope this helps!

    Thanks!

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024