class QueryAccessSubscriber in Commerce Core 8.2
Hierarchy
- class \Drupal\commerce_cart\EventSubscriber\QueryAccessSubscriber implements \Symfony\Component\EventDispatcher\EventSubscriberInterface
Expanded class hierarchy of QueryAccessSubscriber
1 string reference to 'QueryAccessSubscriber'
- commerce_cart.services.yml in modules/
cart/ commerce_cart.services.yml - modules/cart/commerce_cart.services.yml
1 service uses QueryAccessSubscriber
File
- modules/
cart/ src/ EventSubscriber/ QueryAccessSubscriber.php, line 10
Namespace
Drupal\commerce_cart\EventSubscriberView source
class QueryAccessSubscriber implements EventSubscriberInterface {
/**
* The cart provider.
*
* @var \Drupal\commerce_cart\CartProviderInterface
*/
protected $cartProvider;
/**
* The cart session.
*
* @var \Drupal\commerce_cart\CartSessionInterface
*/
protected $cartSession;
/**
* Constructs a new QueryAccessSubscriber object.
*
* @param \Drupal\commerce_cart\CartProviderInterface $cart_provider
* The cart provider.
* @param \Drupal\commerce_cart\CartSessionInterface $cart_session
* The cart session.
*/
public function __construct(CartProviderInterface $cart_provider, CartSessionInterface $cart_session) {
$this->cartProvider = $cart_provider;
$this->cartSession = $cart_session;
}
/**
* {@inheritdoc}
*/
public static function getSubscribedEvents() {
return [
'entity.query_access.commerce_order' => 'onQueryAccess',
];
}
/**
* Modifies the access conditions for cart orders.
*
* @param \Drupal\entity\QueryAccess\QueryAccessEvent $event
* The event.
*/
public function onQueryAccess(QueryAccessEvent $event) {
if ($event
->getOperation() != 'view') {
return;
}
$conditions = $event
->getConditions();
// The user already has full access due to a "administer commerce_order"
// or "view commerce_order" permission.
if (!$conditions
->count() && !$conditions
->isAlwaysFalse()) {
return;
}
$account = $event
->getAccount();
// Any user can view their own active carts, regardless of any permissions.
$cart_ids = $this->cartProvider
->getCartIds($account);
if ($account
->isAnonymous()) {
$completed_cart_ids = $this->cartSession
->getCartIds(CartSessionInterface::COMPLETED);
$cart_ids = array_merge($cart_ids, $completed_cart_ids);
}
if (!empty($cart_ids)) {
$conditions
->addCondition('order_id', $cart_ids);
$conditions
->alwaysFalse(FALSE);
}
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
QueryAccessSubscriber:: |
protected | property | The cart provider. | |
|
QueryAccessSubscriber:: |
protected | property | The cart session. | |
|
QueryAccessSubscriber:: |
public static | function | Returns an array of event names this subscriber wants to listen to. | |
|
QueryAccessSubscriber:: |
public | function | Modifies the access conditions for cart orders. | |
|
QueryAccessSubscriber:: |
public | function | Constructs a new QueryAccessSubscriber object. |