You are here

function _commerce_cart_order_access in Commerce Core 8.2

Checks that the account has access to the cart.

Parameters

\Drupal\commerce_order\Entity\OrderInterface $order: The cart order.

string $operation: The operation.

\Drupal\Core\Session\AccountInterface $account: The account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

2 calls to _commerce_cart_order_access()
commerce_cart_commerce_order_access in modules/cart/commerce_cart.module
Implements hook_ENTITY_TYPE_access().
commerce_cart_commerce_order_item_access in modules/cart/commerce_cart.module
Implements hook_ENTITY_TYPE_access().

File

modules/cart/commerce_cart.module, line 151
Implements the shopping cart system and add to cart features.

Code

function _commerce_cart_order_access(OrderInterface $order, $operation, AccountInterface $account) {
  if ($operation !== 'view' && $operation !== 'update') {
    return AccessResult::neutral();
  }
  $customer_id = (int) $order
    ->getCustomerId();
  $order_id = $order
    ->id();
  if ($account
    ->isAuthenticated()) {
    $customer_check = (int) $account
      ->id() === $customer_id;
  }
  else {
    $cart_session = \Drupal::service('commerce_cart.cart_session');
    assert($cart_session instanceof CartSessionInterface);
    $active_cart = $cart_session
      ->hasCartId($order_id, CartSessionInterface::ACTIVE);
    $completed_cart = $cart_session
      ->hasCartId($order_id, CartSessionInterface::COMPLETED);
    $customer_check = $active_cart || $completed_cart;
  }
  $access_result = AccessResult::allowedIf($customer_check);
  if ($operation === 'update') {
    $access_result = $access_result
      ->andIf(AccessResult::allowedIf($order
      ->getState()
      ->getId() === 'draft'));
  }
  return $access_result
    ->addCacheableDependency($order)
    ->cachePerUser();
}