Order connection permission check updated

Author: kidunot89

includes/data/connection/class-order-connection-resolver.php

@@ -48,21 +48,21 @@ public function __construct( $source, $args, $context, $info ) {
 	}
 
 	/**
-	 * Confirms the uses has the privileges to query Orders
+	 * Checks if user is authorized to query orders
 	 *
 	 * @return bool
 	 */
 	public function should_execute() {
-		$post_type_obj = get_post_type_object( 'shop_order' );
-		switch ( true ) {
-			case current_user_can( $post_type_obj->cap->edit_posts ):
-			case is_a( $this->source, Customer::class )
-				&& 'orders' === $this->info->fieldName
-				&& get_current_user_id() === $this->source->ID:
-				return true;
-			default:
-				return false;
+		$post_type_obj = get_post_type_object( $this->post_type );
+		if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
+			return true;
 		}
+
+		if ( is_a( $this->source, Customer::class ) ) {
+			return 'orders' === $this->info->fieldName && get_current_user_id() === $this->source->ID;
+		}
+
+		return false;
 	}
 
 	/**

includes/model/class-order.php

@@ -37,6 +37,30 @@ public function __construct( $id ) {
 			'isPublic',
 			'id',
 			'orderId',
+			'orderNumber',
+			'date',
+			'modified',
+			'datePaid',
+			'dateCompleted',
+			'paymentMethodTitle',
+			'customerNote',
+			'billing',
+			'shipping',
+			'discountTotal',
+			'discountTax',
+			'shippingTotal',
+			'shippingTax',
+			'cartTax',
+			'subtotal',
+			'total',
+			'totalTax',
+			'isDownloadPermitted',
+			'shippingAddressMapUrl',
+			'needsShippingAddress',
+			'needsPayment',
+			'needsProcessing',
+			'hasDownloadableItem',
+			'downloadableItems',
 		);
 
 		parent::__construct( $allowed_restricted_fields, 'shop_order', $id );