You are here

Home » API reference » Commerce Core 8.2 » PaymentMethodAccessCheck.php » PaymentMethodAccessCheck

public function PaymentMethodAccessCheck::checkAccess in Commerce Core 8.2

Checks access.

Confirms that the user either has the 'administer commerce_payment_method' permission, or the 'manage own commerce_payment_method' permission while visiting their own payment method pages.

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.

\Drupal\Core\Session\AccountInterface $account: The current user account.

Return value

\Drupal\Core\Access\AccessResult The access result.

1 string reference to 'PaymentMethodAccessCheck::checkAccess'
commerce_payment.routing.yml in modules/payment/commerce_payment.routing.yml
modules/payment/commerce_payment.routing.yml

File

modules/payment/src/Access/PaymentMethodAccessCheck.php, line 31

Class

PaymentMethodAccessCheck
Checks access for payment method routes.

Namespace

Drupal\commerce_payment\Access

Code

public function checkAccess(RouteMatchInterface $route_match, AccountInterface $account) {
  if ($account
    ->isAnonymous()) {

    // Anonymous users can't manage their payment methods.
    return AccessResult::forbidden()
      ->addCacheContexts([
      'user.roles:authenticated',
    ]);
  }
  $result = AccessResult::allowedIfHasPermissions($account, [
    'administer commerce_payment_method',
  ]);
  $current_user = $route_match
    ->getParameter('user');
  if ($result
    ->isNeutral() && $current_user
    ->id() == $account
    ->id()) {
    $result = AccessResult::allowedIfHasPermissions($account, [
      'manage own commerce_payment_method',
    ])
      ->cachePerUser();
  }
  return $result;
}