fix: ID resolution made consistent across all edit and delete node mutations

Author: kidunot89

includes/data/mutation/class-order-mutation.php

@@ -9,6 +9,7 @@
 namespace WPGraphQL\WooCommerce\Data\Mutation;
 
 use GraphQL\Error\UserError;
+use WPGraphQL\Utils\Utils;
 
 
 /**
@@ -34,18 +35,24 @@ public static function authorized( $input, $context, $info, $mutation = 'create'
 		 */
 		$post_type_object = get_post_type_object( 'shop_order' );
 
-		return apply_filters(
-			"graphql_woocommerce_authorized_to_{$mutation}_orders",
-			current_user_can(
-				'delete' === $mutation
-					? $post_type_object->cap->delete_posts
-					: $post_type_object->cap->edit_posts
-			),
-			$order_id,
-			$input,
-			$context,
-			$info
-		);
+		if ( $order_id === null ) {
+			return apply_filters(
+				"graphql_woocommerce_authorized_to_{$mutation}_orders",
+				current_user_can($post_type_object->cap->edit_posts),
+				$order_id,
+				$input,
+				$context,
+				$info
+			);
+		}
+
+		$order = \wc_get_order( $order_id );
+		$post_type = get_post_type( $order_id );
+
+		// Return true if user is owner or admin
+		$is_owner = 0 !== get_current_user_id() && $order->get_customer_id() === get_current_user_id();
+		$is_admin = \wc_rest_check_post_permissions( $post_type, 'edit', $order_id );
+		return $is_owner || $is_admin;
 	}
 
 	/**
@@ -565,25 +572,26 @@ public static function apply_coupons( $order_id, $coupons ) {
 	/**
 	 * Validates order customer
 	 *
-	 * @param array $input  Input data describing order.
+	 * @param string $customer_id  ID of customer for order.
 	 *
 	 * @return bool
 	 */
-	public static function validate_customer( $input ) {
-		if ( ! empty( $input['customerId'] ) ) {
-			// Make sure customer exists.
-			if ( false === get_user_by( 'id', $input['customerId'] ) ) {
-				return false;
-			}
-			// Make sure customer is part of blog.
-			if ( is_multisite() && ! is_user_member_of_blog( $input['customerId'] ) ) {
-				add_user_to_blog( get_current_blog_id(), $input['customerId'], 'customer' );
-			}
+	public static function validate_customer( $customer_id ) {
+		$id = Utils::get_database_id_from_id( $customer_id );
+		if ( ! $id ) {
+			return false;
+		}
 
-			return true;
+		if ( false === get_user_by( 'id', $id ) ) {
+			return false;
 		}
 
-		return false;
+		// Make sure customer is part of blog.
+		if ( is_multisite() && ! is_user_member_of_blog( $id ) ) {
+			add_user_to_blog( get_current_blog_id(), $id, 'customer' );
+		}
+
+		return true;
 	}
 
 	/**

includes/mutation/class-coupon-create.php

@@ -12,10 +12,10 @@
 
 use GraphQL\Error\UserError;
 use GraphQL\Type\Definition\ResolveInfo;
-use GraphQLRelay\Relay;
 use WPGraphQL\AppContext;
 use WPGraphQL\WooCommerce\Data\Mutation\Coupon_Mutation;
 use WPGraphQL\WooCommerce\Model\Coupon;
+use WPGraphQL\Utils\Utils;
 
 /**
  * Class Coupon_Create
@@ -163,16 +163,14 @@ public static function get_output_fields() {
 	 */
 	public static function mutate_and_get_payload( $input, AppContext $context, ResolveInfo $info ) {
 		// Retrieve order ID.
-		$coupon_id = 0;
-		if ( ! empty( $input['id'] ) && is_numeric( $input['id'] ) ) {
-			$coupon_id = absint( $input['id'] );
-		} elseif ( ! empty( $input['id'] ) ) {
-			$id_components = Relay::fromGlobalId( $input['id'] );
-			if ( empty( $id_components['id'] ) || empty( $id_components['type'] ) ) {
-				throw new UserError( __( 'The "id" provided is invalid', 'wp-graphql-woocommerce' ) );
-			}
+		if ( ! empty ( $input['id'] ) ) {
+			$coupon_id = Utils::get_database_id_from_id( $input['id'] );
+		} else {
+			$coupon_id = 0;
+		}
 
-			$coupon_id = absint( $id_components['id'] );
+		if ( false === $coupon_id ) {
+			throw new UserError( __( 'Coupon ID provided is invalid. Please check input and try again.', 'wp-graphql-woocommerce' ) );
 		}
 
 		$coupon = new \WC_Coupon( $coupon_id );

includes/mutation/class-coupon-delete.php

@@ -12,9 +12,9 @@
 
 use GraphQL\Error\UserError;
 use GraphQL\Type\Definition\ResolveInfo;
-use GraphQLRelay\Relay;
 use WPGraphQL\AppContext;
 use WPGraphQL\WooCommerce\Model\Coupon;
+use WPGraphQL\Utils\Utils;
 
 /**
  * Class Coupon_Delete
@@ -87,17 +87,11 @@ public static function get_output_fields() {
 	 */
 	public static function mutate_and_get_payload( $input, AppContext $context, ResolveInfo $info ) {
 		// Retrieve order ID.
-		$coupon_id = 0;
-		if ( ! empty( $input['id'] ) && is_numeric( $input['id'] ) ) {
-			$coupon_id = absint( $input['id'] );
-		} elseif ( ! empty( $input['id'] ) ) {
-			$id_components = Relay::fromGlobalId( $input['id'] );
-			if ( empty( $id_components['id'] ) || empty( $id_components['type'] ) ) {
-				throw new UserError( __( 'The "id" provided is invalid', 'wp-graphql-woocommerce' ) );
-			}
-
-			$coupon_id = absint( $id_components['id'] );
+		$coupon_id = Utils::get_database_id_from_id( $input['id'] );
+		if ( empty( $coupon_id ) ) {
+			throw new UserError( __( 'Coupon ID provided is missing or invalid. Please check input and try again.', 'wp-graphql-woocommerce' ) );
 		}
+
 		$coupon = new Coupon( $coupon_id );
 
 		if ( ! $coupon->ID ) {

includes/mutation/class-order-create.php

@@ -167,7 +167,7 @@ public static function mutate_and_get_payload() {
 				WC()->payment_gateways();
 
 				// Validate customer ID, if set.
-				if ( ! empty( $input['customerId'] ) && ! Order_Mutation::validate_customer( $input ) ) {
+				if ( ! empty( $input['customerId'] ) && ! Order_Mutation::validate_customer( $input['customerId'] ) ) {
 					throw new UserError( __( 'Customer ID is invalid.', 'wp-graphql-woocommerce' ) );
 				}
 

includes/mutation/class-order-delete-items.php

@@ -12,10 +12,10 @@
 
 use GraphQL\Error\UserError;
 use GraphQL\Type\Definition\ResolveInfo;
-use GraphQLRelay\Relay;
 use WPGraphQL\AppContext;
 use WPGraphQL\WooCommerce\Data\Mutation\Order_Mutation;
 use WPGraphQL\WooCommerce\Model\Order;
+use WPGraphQL\Utils\Utils;
 
 /**
  * Class Order_Delete_Items
@@ -45,13 +45,14 @@ public static function register_mutation() {
 	public static function get_input_fields() {
 		return array_merge(
 			[
-				'id'      => [
+				'id'          => [
 					'type'        => 'ID',
-					'description' => __( 'Order global ID', 'wp-graphql-woocommerce' ),
+					'description' => __( 'Database ID or global ID of the order', 'wp-graphql-woocommerce' ),
 				],
-				'orderId' => [
-					'type'        => 'Int',
-					'description' => __( 'Order WP ID', 'wp-graphql-woocommerce' ),
+				'orderId'     => [
+					'type'              => 'Int',
+					'description'       => __( 'Order WP ID', 'wp-graphql-woocommerce' ),
+					'deprecationReason' => __( 'Use "id" field instead.', 'wp-graphql-woocommerce' ),
 				],
 				'itemIds' => [
 					'type'        => [ 'list_of' => 'Int' ],
@@ -87,20 +88,16 @@ public static function mutate_and_get_payload() {
 			// Retrieve order ID.
 			$order_id = null;
 			if ( ! empty( $input['id'] ) ) {
-				$id_components = Relay::fromGlobalId( $input['id'] );
-				if ( empty( $id_components['id'] ) || empty( $id_components['type'] ) ) {
-					throw new UserError( __( 'The "id" provided is invalid', 'wp-graphql-woocommerce' ) );
-				}
-				$order_id = absint( $id_components['id'] );
+				$order_id = Utils::get_database_id_from_id( $input['id'] );
 			} elseif ( ! empty( $input['orderId'] ) ) {
 				$order_id = absint( $input['orderId'] );
 			} else {
-				throw new UserError( __( 'No order ID provided.', 'wp-graphql-woocommerce' ) );
+				throw new UserError( __( 'Order ID provided is missing or invalid. Please check input and try again.', 'wp-graphql-woocommerce' ) );
 			}
 
 			// Check if authorized to delete items on this order.
 			if ( ! Order_Mutation::authorized( $input, $context, $info, 'delete-items', $order_id ) ) {
-				throw new UserError( __( 'User does not have the capabilities necessary to delete an order.', 'wp-graphql-woocommerce' ) );
+				throw new UserError( __( 'User does not have the capabilities necessary to delete order items.', 'wp-graphql-woocommerce' ) );
 			}
 
 			// Confirm item IDs.

includes/mutation/class-order-delete.php

@@ -12,11 +12,11 @@
 
 use GraphQL\Error\UserError;
 use GraphQL\Type\Definition\ResolveInfo;
-use GraphQLRelay\Relay;
 use WC_Order_Factory;
 use WPGraphQL\AppContext;
 use WPGraphQL\WooCommerce\Data\Mutation\Order_Mutation;
 use WPGraphQL\WooCommerce\Model\Order;
+use WPGraphQL\Utils\Utils;
 
 /**
  * Class Order_Delete
@@ -48,11 +48,12 @@ public static function get_input_fields() {
 			[
 				'id'          => [
 					'type'        => 'ID',
-					'description' => __( 'Order global ID', 'wp-graphql-woocommerce' ),
+					'description' => __( 'Database ID or global ID of the order', 'wp-graphql-woocommerce' ),
 				],
 				'orderId'     => [
-					'type'        => 'Int',
-					'description' => __( 'Order WP ID', 'wp-graphql-woocommerce' ),
+					'type'              => 'Int',
+					'description'       => __( 'Order WP ID', 'wp-graphql-woocommerce' ),
+					'deprecationReason' => __( 'Use "id" field instead.', 'wp-graphql-woocommerce' ),
 				],
 				'forceDelete' => [
 					'type'        => 'Boolean',
@@ -88,15 +89,11 @@ public static function mutate_and_get_payload() {
 			// Retrieve order ID.
 			$order_id = null;
 			if ( ! empty( $input['id'] ) ) {
-				$id_components = Relay::fromGlobalId( $input['id'] );
-				if ( empty( $id_components['id'] ) || empty( $id_components['type'] ) ) {
-					throw new UserError( __( 'The "id" provided is invalid', 'wp-graphql-woocommerce' ) );
-				}
-				$order_id = absint( $id_components['id'] );
+				$order_id = Utils::get_database_id_from_id( $input['id'] );
 			} elseif ( ! empty( $input['orderId'] ) ) {
 				$order_id = absint( $input['orderId'] );
 			} else {
-				throw new UserError( __( 'No order ID provided.', 'wp-graphql-woocommerce' ) );
+				throw new UserError( __( 'Order ID provided is missing or invalid. Please check input and try again.', 'wp-graphql-woocommerce' ) );
 			}
 
 			// Check if authorized to delete this order.

includes/mutation/class-order-update.php

@@ -12,11 +12,11 @@
 
 use GraphQL\Error\UserError;
 use GraphQL\Type\Definition\ResolveInfo;
-use GraphQLRelay\Relay;
 use WC_Order_Factory;
 use WPGraphQL\AppContext;
 use WPGraphQL\WooCommerce\Data\Mutation\Order_Mutation;
 use WPGraphQL\WooCommerce\Model\Order;
+use WPGraphQL\Utils\Utils;
 
 /**
  * Class Order_Update
@@ -49,15 +49,16 @@ public static function get_input_fields() {
 			[
 				'id'         => [
 					'type'        => 'ID',
-					'description' => __( 'Order global ID', 'wp-graphql-woocommerce' ),
+					'description' => __( 'Database ID or global ID of the order', 'wp-graphql-woocommerce' ),
 				],
-				'orderId'    => [
-					'type'        => 'Int',
-					'description' => __( 'Order WP ID', 'wp-graphql-woocommerce' ),
+				'orderId'     => [
+					'type'              => 'Int',
+					'description'       => __( 'Order WP ID', 'wp-graphql-woocommerce' ),
+					'deprecationReason' => __( 'Use "id" field instead.', 'wp-graphql-woocommerce' ),
 				],
 				'customerId' => [
-					'type'        => 'Int',
-					'description' => __( 'Order customer ID', 'wp-graphql-woocommerce' ),
+					'type'        => 'ID',
+					'description' => __( 'Database ID or global ID of the customer for the order', 'wp-graphql-woocommerce' ),
 				],
 			]
 		);
@@ -89,17 +90,13 @@ public static function mutate_and_get_payload() {
 			// Retrieve order ID.
 			$order_id = null;
 			if ( ! empty( $input['id'] ) ) {
-				$id_components = Relay::fromGlobalId( $input['id'] );
-				if ( empty( $id_components['id'] ) || empty( $id_components['type'] ) ) {
-					throw new UserError( __( 'The "id" provided is invalid', 'wp-graphql-woocommerce' ) );
-				}
-				$order_id = absint( $id_components['id'] );
+				$order_id = Utils::get_database_id_from_id( $input['id'] );
 			} elseif ( ! empty( $input['orderId'] ) ) {
 				$order_id = absint( $input['orderId'] );
 			} else {
-				throw new UserError( __( 'No order ID provided.', 'wp-graphql-woocommerce' ) );
+				throw new UserError( __( 'Order ID provided is missing or invalid. Please check input and try again.', 'wp-graphql-woocommerce' ) );
 			}
-
+			
 			// Check if authorized to update this order.
 			if ( ! Order_Mutation::authorized( $input, $context, $info, 'update', $order_id ) ) {
 				throw new UserError( __( 'User does not have the capabilities necessary to update an order.', 'wp-graphql-woocommerce' ) );
@@ -133,7 +130,7 @@ public static function mutate_and_get_payload() {
 			\WC()->payment_gateways();
 
 			// Validate customer ID.
-			if ( ! empty( $input['customerId'] ) && ! Order_Mutation::validate_customer( $input ) ) {
+			if ( ! empty( $input['customerId'] ) && ! Order_Mutation::validate_customer( $input['customerId'] ) ) {
 				throw new UserError( __( 'New customer ID is invalid.', 'wp-graphql-woocommerce' ) );
 			}
 
@@ -147,7 +144,7 @@ public static function mutate_and_get_payload() {
 			}
 
 			// Actions for after the order is saved.
-			if ( true === $input['isPaid'] ) {
+			if ( isset( $input['isPaid'] ) && true === $input['isPaid'] ) {
 				$order->payment_complete(
 					! empty( $input['transactionId'] )
 						? $input['transactionId']

includes/mutation/class-review-delete-restore.php

@@ -14,6 +14,7 @@
 use GraphQL\Type\Definition\ResolveInfo;
 use GraphQLRelay\Relay;
 use WPGraphQL\AppContext;
+use WPGraphQL\Utils\Utils;
 
 /**
  * Class Review_Delete_Restore
@@ -130,12 +131,12 @@ public static function get_output_fields( $restore = false ) {
 	public static function mutate_and_get_payload() {
 		return static function ( $input, AppContext $context, ResolveInfo $info ) {
 			// Retrieve the product review rating for the payload.
-			$id_parts = Relay::fromGlobalId( $input['id'] );
-			if ( empty( $id_parts['id'] ) ) {
+			$id = Utils::get_database_id_from_id( $input['id'] );
+			if ( ! $id ) {
 				throw new UserError( __( 'Invalid Product Review ID provided', 'wp-graphql-woocommerce' ) );
 			}
 
-			$rating = get_comment_meta( absint( $id_parts['id'] ), 'rating' );
+			$rating = get_comment_meta( absint( $id ), 'rating' );
 
 			// @codingStandardsIgnoreLine
 			switch ( $info->fieldName ) {

includes/mutation/class-review-update.php

@@ -15,6 +15,7 @@
 use GraphQLRelay\Relay;
 use WPGraphQL\AppContext;
 use WPGraphQL\Mutation\CommentUpdate;
+use WPGraphQL\Utils\Utils;
 
 /**
  * Class Review_Update
@@ -80,11 +81,9 @@ public static function mutate_and_get_payload() {
 			];
 
 			$payload       = [];
-			$id_parts      = ! empty( $input['id'] ) ? Relay::fromGlobalId( $input['id'] ) : null;
-			$payload['id'] = isset( $id_parts['id'] ) && absint( $id_parts['id'] ) ? absint( $id_parts['id'] ) : null;
-
-			if ( empty( $payload['id'] ) ) {
-				throw new UserError( __( 'The Review could not be updated', 'wp-graphql-woocommerce' ) );
+			$id = Utils::get_database_id_from_id( $input['id'] );
+			if ( ! $id ) {
+				throw new UserError( __( 'Provided review ID missing or invalid ', 'wp-graphql-woocommerce' ) );
 			}
 
 			if ( array_intersect_key( $input, $skip ) !== $input ) {