OrderItemAccessControlHandler.php in Commerce Core 8.2
File
modules/order/src/OrderItemAccessControlHandler.php
View source
<?php
namespace Drupal\commerce_order;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\EntityAccessControlHandler as CoreEntityAccessControlHandler;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
class OrderItemAccessControlHandler extends CoreEntityAccessControlHandler {
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
if ($account
->hasPermission($this->entityType
->getAdminPermission())) {
return AccessResult::allowed()
->cachePerPermissions();
}
$order = $entity
->getOrder();
if (!$order) {
return AccessResult::forbidden()
->addCacheableDependency($entity);
}
if ($operation == 'view') {
$result = $order
->access('view', $account, TRUE);
}
else {
$bundle = $entity
->bundle();
$result = AccessResult::allowedIfHasPermission($account, "manage {$bundle} commerce_order_item");
if ($order
->getState()
->getId() === 'draft') {
$result = $result
->andIf(AccessResult::allowedIf(!$entity
->isLocked()));
}
}
return $result;
}
protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) {
$result = AccessResult::allowedIfHasPermissions($account, [
$this->entityType
->getAdminPermission(),
"manage {$entity_bundle} commerce_order_item",
], 'OR');
return $result;
}
}