public function QueryAccessSubscriber::onQueryAccess in Commerce Core 8.2
Modifies the access conditions for cart orders.
Parameters
\Drupal\entity\QueryAccess\QueryAccessEvent $event: The event.
File
- modules/
cart/ src/ EventSubscriber/ QueryAccessSubscriber.php, line 54
Class
Namespace
Drupal\commerce_cart\EventSubscriberCode
public function onQueryAccess(QueryAccessEvent $event) {
if ($event
->getOperation() != 'view') {
return;
}
$conditions = $event
->getConditions();
// The user already has full access due to a "administer commerce_order"
// or "view commerce_order" permission.
if (!$conditions
->count() && !$conditions
->isAlwaysFalse()) {
return;
}
$account = $event
->getAccount();
// Any user can view their own active carts, regardless of any permissions.
$cart_ids = $this->cartProvider
->getCartIds($account);
if ($account
->isAnonymous()) {
$completed_cart_ids = $this->cartSession
->getCartIds(CartSessionInterface::COMPLETED);
$cart_ids = array_merge($cart_ids, $completed_cart_ids);
}
if (!empty($cart_ids)) {
$conditions
->addCondition('order_id', $cart_ids);
$conditions
->alwaysFalse(FALSE);
}
}