BrianHenryIE/woo_rest_authorisation.php

## woo_rest_authorisation.php
add_filter( 'woocommerce_rest_check_permissions', 'rest_check_permissions', 10, 4 );

public function rest_check_permissions( $permission, $context, $object_id, $post_type ) {

    $auth_customer = wp_get_current_user();
    $auth_customer_id = $auth_customer->ID;

    // Bad/no authentication
    if ( $auth_customer_id == 0 ) {
        return $permission;
    }

    if ( $post_type == 'shop_order' && $context == 'read' ) {

        // If we're listing orders
        if ( isset( $_GET['customer'] ) ) {

            $query_customer_id = (int) $_GET['customer'];

            if ( $query_customer_id == $auth_customer_id ) {
                return true;
            }
        }

        // If it's a single order
        if ( $object_id != 0 ) {

            $order = new WC_Order($object_id);

            $order_customer_id = $order->get_customer_id();

            if ($order_customer_id == $auth_customer_id) {
                return true;
            }
        }
    }

    return $permission;
}
	add_filter( 'woocommerce_rest_check_permissions', 'rest_check_permissions', 10, 4 );

	public function rest_check_permissions( $permission, $context, $object_id, $post_type ) {

	$auth_customer = wp_get_current_user();
	$auth_customer_id = $auth_customer->ID;

	// Bad/no authentication
	if ( $auth_customer_id == 0 ) {
	return $permission;
	}

	if ( $post_type == 'shop_order' && $context == 'read' ) {

	// If we're listing orders
	if ( isset( $_GET['customer'] ) ) {

	$query_customer_id = (int) $_GET['customer'];

	if ( $query_customer_id == $auth_customer_id ) {
	return true;
	}
	}

	// If it's a single order
	if ( $object_id != 0 ) {

	$order = new WC_Order($object_id);

	$order_customer_id = $order->get_customer_id();

	if ($order_customer_id == $auth_customer_id) {
	return true;
	}
	}
	}

	return $permission;
	}