You are here

Home » API reference » Commerce Core 8.2 » AddressBookController.php » AddressBookController

public function AddressBookController::checkCreateAccess in Commerce Core 8.2

Checks access for the add form.

Parameters

\Drupal\user\UserInterface $user: The user account.

\Drupal\profile\Entity\ProfileTypeInterface $profile_type: The profile type.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

1 string reference to 'AddressBookController::checkCreateAccess'
commerce_order.routing.yml in modules/order/commerce_order.routing.yml
modules/order/commerce_order.routing.yml

File

modules/order/src/Controller/AddressBookController.php, line 285

Class

AddressBookController
Provides the address book UI.

Namespace

Drupal\commerce_order\Controller

Code

public function checkCreateAccess(UserInterface $user, ProfileTypeInterface $profile_type, AccountInterface $account) {
  $user_access = $user
    ->access('view', $account, TRUE);
  if (!$user_access
    ->isAllowed()) {

    // The account does not have access to the user's canonical page
    // ("/user/{user}"), don't allow access to any sub-pages either.
    return $user_access;
  }
  $access_control_handler = $this->entityTypeManager
    ->getAccessControlHandler('profile');

  /** @var \Drupal\Core\Access\AccessResult $result */
  $result = $access_control_handler
    ->createAccess($profile_type
    ->id(), $account, [
    'profile_owner' => $user,
  ], TRUE);
  if ($result
    ->isAllowed()) {

    // There is no create any/own permission, confirm that the account is
    // either an administrator, or they're creating a profile for themselves.
    $admin_permission = $this->entityTypeManager
      ->getDefinition('profile')
      ->getAdminPermission();
    $owner_result = AccessResult::allowedIfHasPermission($account, $admin_permission)
      ->orIf(AccessResult::allowedIf($account
      ->id() == $user
      ->id()))
      ->cachePerUser();
    $result = $result
      ->andIf($owner_result);

    // Deny access when the profile type only allows a single profile
    // per user, and such a profile already exists.
    if (!$profile_type
      ->allowsMultiple()) {
      $profile = $this->addressBook
        ->load($user, $profile_type
        ->id());

      // The result is marked as non-cacheable because profiles change
      // too often for the result to be cached based on their list tag.
      $other_result = AccessResult::allowedIf(empty($profile))
        ->mergeCacheMaxAge(0);
      $result = $result
        ->andIf($other_result);
    }
    $result
      ->addCacheableDependency($profile_type);
  }
  return $result;
}