public function CheckoutController::checkAccess in Commerce Core 8.2
Checks access for the form page.
Parameters
\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.
\Drupal\Core\Session\AccountInterface $account: The current user account.
Return value
\Drupal\Core\Access\AccessResult The access result.
2 string references to 'CheckoutController::checkAccess'
- commerce_checkout.routing.yml in modules/
checkout/ commerce_checkout.routing.yml - modules/checkout/commerce_checkout.routing.yml
- commerce_payment.routing.yml in modules/
payment/ commerce_payment.routing.yml - modules/payment/commerce_payment.routing.yml
File
- modules/
checkout/ src/ Controller/ CheckoutController.php, line 157
Class
- CheckoutController
- Provides the checkout form page.
Namespace
Drupal\commerce_checkout\ControllerCode
public function checkAccess(RouteMatchInterface $route_match, AccountInterface $account) {
/** @var \Drupal\commerce_order\Entity\OrderInterface $order */
$order = $route_match
->getParameter('commerce_order');
if ($order
->getState()
->getId() == 'canceled') {
return AccessResult::forbidden()
->addCacheableDependency($order);
}
// The user can checkout only their own non-empty orders.
if ($account
->isAuthenticated()) {
$customer_check = $account
->id() == $order
->getCustomerId();
}
else {
$active_cart = $this->cartSession
->hasCartId($order
->id(), CartSession::ACTIVE);
$completed_cart = $this->cartSession
->hasCartId($order
->id(), CartSession::COMPLETED);
$customer_check = $active_cart || $completed_cart;
}
$access = AccessResult::allowedIf($customer_check)
->andIf(AccessResult::allowedIf($order
->hasItems()))
->andIf(AccessResult::allowedIfHasPermission($account, 'access checkout'))
->addCacheableDependency($order);
return $access;
}