function commerce_order_jsonapi_commerce_order_filter_access in Commerce Core 8.2
Implements hook_jsonapi_ENTITY_TYPE_filter_access().
File
- modules/
order/ commerce_order.module, line 414 - Defines the Order entity and associated features.
Code
function commerce_order_jsonapi_commerce_order_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) {
// Entity API automatically hooks into the JSON:API query filter system for
// entities that has a permission_provider and query_handler. However, orders
// do not have an `owner` key and are not evaluated for the
// JSONAPI_FILTER_AMONG_OWN check. This means only JSONAPI_FILTER_AMONG_ALL is
// evaluated, which defaults to the admin permission.
//
// Since we have a query_handler configured and inaccessible entities will
// be filtered out automatically, we set it to allowed.
return [
JSONAPI_FILTER_AMONG_ALL => AccessResult::allowed(),
];
}