I have user groups set up with customer administrators for each group. I am now trying to set it up so the administrator of a user group can see all the orders placed for that specific user group. I have gotten fairly close but instead of showing only the orders placed for that group it is showing all orders from every group.
This is from my controllers/customers/orders.php (around line 340)
if (!empty($auth['user_id'])) {
$params['user_id'] = $auth['user_id'];
$ugadid = $auth['user_id'];
$yes = "Y";
$cntsql = "SELECT COUNT(*) FROM cscart_usergroup_links WHERE user_id='$ugadid' AND group_administrator='$yes' AND status='A'";
$cntresult = db_query($cntsql) or trigger_error("SQL", E_USER_ERROR);
$cntr = mysqli_fetch_row($cntresult);
$numrows = $cntr[0];
if($numrows !== "0") {
$query = db_query("SELECT usergroup_id FROM cscart_usergroup_links WHERE user_id='$ugadid' AND group_administrator='$yes' AND status='A'"); //query the db
while($row = mysqli_fetch_assoc($query)) {
$grpid = $row['usergroup_id']; //add row to array
}
$customers = db_get_array("SELECT user_id FROM cscart_usergroup_links WHERE usergroup_id='$grpid' ORDER BY user_id");
$usr_ids = is_array($customers) ? $customers : explode(',', $customers['user_id']);
$params['user_id'] = array_intersect($usr_ids, $customers);
}
else { $params['user_id'] = $auth['user_id']; }
} elseif (!empty($auth['order_ids'])) {
if (empty($params['order_id'])) {
$params['order_id'] = $auth['order_ids'];
} else {
$ord_ids = is_array($params['order_id']) ? $params['order_id'] : explode(',', $params['order_id']);
$params['order_id'] = array_intersect($ord_ids, $auth['order_ids']);
}
} else {
return array(CONTROLLER_STATUS_REDIRECT, "auth.login_form?return_url=" . urlencode(Registry::get('config.current_url')));
}
list($orders, $search) = fn_get_orders($params, Registry::get('settings.Appearance.orders_per_page'));
$view->assign('orders', $orders);
$view->assign('search', $search);
Any help is greatly appreciated.