function _commerce_cart_order_access in Commerce Core 8.2
Checks that the account has access to the cart.
Parameters
\Drupal\commerce_order\Entity\OrderInterface $order: The cart order.
string $operation: The operation.
\Drupal\Core\Session\AccountInterface $account: The account.
Return value
\Drupal\Core\Access\AccessResultInterface The access result.
2 calls to _commerce_cart_order_access()
- commerce_cart_commerce_order_access in modules/
cart/ commerce_cart.module - Implements hook_ENTITY_TYPE_access().
- commerce_cart_commerce_order_item_access in modules/
cart/ commerce_cart.module - Implements hook_ENTITY_TYPE_access().
File
- modules/
cart/ commerce_cart.module, line 151 - Implements the shopping cart system and add to cart features.
Code
function _commerce_cart_order_access(OrderInterface $order, $operation, AccountInterface $account) {
if ($operation !== 'view' && $operation !== 'update') {
return AccessResult::neutral();
}
$customer_id = (int) $order
->getCustomerId();
$order_id = $order
->id();
if ($account
->isAuthenticated()) {
$customer_check = (int) $account
->id() === $customer_id;
}
else {
$cart_session = \Drupal::service('commerce_cart.cart_session');
assert($cart_session instanceof CartSessionInterface);
$active_cart = $cart_session
->hasCartId($order_id, CartSessionInterface::ACTIVE);
$completed_cart = $cart_session
->hasCartId($order_id, CartSessionInterface::COMPLETED);
$customer_check = $active_cart || $completed_cart;
}
$access_result = AccessResult::allowedIf($customer_check);
if ($operation === 'update') {
$access_result = $access_result
->andIf(AccessResult::allowedIf($order
->getState()
->getId() === 'draft'));
}
return $access_result
->addCacheableDependency($order)
->cachePerUser();
}