public function CheckoutController::checkAccess in Commerce Core 8.2

Checks access for the form page.

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.

\Drupal\Core\Session\AccountInterface $account: The current user account.

Return value

\Drupal\Core\Access\AccessResult The access result.

2 string references to 'CheckoutController::checkAccess'

commerce_checkout.routing.yml in modules/checkout/commerce_checkout.routing.yml

modules/checkout/commerce_checkout.routing.yml

commerce_payment.routing.yml in modules/payment/commerce_payment.routing.yml

modules/payment/commerce_payment.routing.yml

File

modules/checkout/src/Controller/CheckoutController.php, line 157

Class

CheckoutController

Provides the checkout form page.

Namespace

Drupal\commerce_checkout\Controller

Code

public function checkAccess(RouteMatchInterface $route_match, AccountInterface $account) {

  /** @var \Drupal\commerce_order\Entity\OrderInterface $order */
  $order = $route_match
    ->getParameter('commerce_order');
  if ($order
    ->getState()
    ->getId() == 'canceled') {
    return AccessResult::forbidden()
      ->addCacheableDependency($order);
  }

  // The user can checkout only their own non-empty orders.
  if ($account
    ->isAuthenticated()) {
    $customer_check = $account
      ->id() == $order
      ->getCustomerId();
  }
  else {
    $active_cart = $this->cartSession
      ->hasCartId($order
      ->id(), CartSession::ACTIVE);
    $completed_cart = $this->cartSession
      ->hasCartId($order
      ->id(), CartSession::COMPLETED);
    $customer_check = $active_cart || $completed_cart;
  }
  $access = AccessResult::allowedIf($customer_check)
    ->andIf(AccessResult::allowedIf($order
    ->hasItems()))
    ->andIf(AccessResult::allowedIfHasPermission($account, 'access checkout'))
    ->addCacheableDependency($order);
  return $access;
}