You are here

Home » API reference » Commerce Core 8.2 » OrderQueryAccessHandler.php

class OrderQueryAccessHandler in Commerce Core 8.2

Controls query access based on the Order entity permissions.

Hierarchy

Expanded class hierarchy of OrderQueryAccessHandler

See also

\Drupal\commerce_order\OrderAccessControlHandler

\Drupal\commerce_order\OrderPermissionProvider

2 files declare their use of OrderQueryAccessHandler
CartQueryAccessTest.php in modules/cart/tests/src/Kernel/CartQueryAccessTest.php
OrderQueryAccessHandlerTest.php in modules/order/tests/src/Kernel/OrderQueryAccessHandlerTest.php

File

modules/order/src/OrderQueryAccessHandler.php, line 15

Namespace

Drupal\commerce_order
View source 
class OrderQueryAccessHandler extends QueryAccessHandlerBase {

  /**
   * {@inheritdoc}
   */
  protected function buildEntityConditions($operation, AccountInterface $account) {

    // Orders don't implement EntityOwnerInterface, but they do have a
    // "view own" permission.
    if ($operation == 'view') {
      $conditions = new ConditionGroup('OR');
      $conditions
        ->addCacheContexts([
        'user.permissions',
      ]);

      // The $entity_type permission.
      if ($account
        ->hasPermission('view commerce_order')) {

        // The user has full access, no conditions needed.
        return $conditions;
      }

      // Own $entity_type permission.
      if ($account
        ->hasPermission('view own commerce_order')) {
        $conditions
          ->addCacheContexts([
          'user',
        ]);
        $conditions
          ->addCondition('uid', $account
          ->id());
      }
      $bundles = array_keys($this->bundleInfo
        ->getBundleInfo('commerce_order'));
      $bundles_with_any_permission = [];
      foreach ($bundles as $bundle) {
        if ($account
          ->hasPermission("view {$bundle} commerce_order")) {
          $bundles_with_any_permission[] = $bundle;
        }
      }

      // The $bundle permission.
      if ($bundles_with_any_permission) {
        $conditions
          ->addCondition('type', $bundles_with_any_permission);
      }
      return $conditions
        ->count() ? $conditions : NULL;
    }
    return parent::buildEntityConditions($operation, $account);
  }

}

Members

Namesort descending Modifiers Type Description Overrides
OrderQueryAccessHandler::buildEntityConditions protected function Builds the conditions for entities that do not have an owner. Overrides QueryAccessHandlerBase::buildEntityConditions
QueryAccessHandlerBase::$bundleInfo protected property The entity type bundle info.
QueryAccessHandlerBase::$currentUser protected property The current user.
QueryAccessHandlerBase::$entityType protected property The entity type.
QueryAccessHandlerBase::$eventDispatcher protected property The event dispatcher.
QueryAccessHandlerBase::buildConditions public function Builds the conditions for the given operation and user.
QueryAccessHandlerBase::buildEntityOwnerConditions protected function Builds the conditions for entities that have an owner. 1
QueryAccessHandlerBase::createInstance public static function Instantiates a new instance of this entity handler. Overrides EntityHandlerInterface::createInstance
QueryAccessHandlerBase::getConditions public function Gets the conditions for the given operation and user. Overrides QueryAccessHandlerInterface::getConditions
QueryAccessHandlerBase::__construct public function Constructs a new QueryAccessHandlerBase object.