protected function PaymentMethodProfileFormatter::checkAccess in Commerce Core 8.2

Checks access to the given entity.

By default, entity 'view' access is checked. However, a subclass can choose to exclude certain items from entity access checking by immediately granting access.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity to check.

Return value

\Drupal\Core\Access\AccessResult A cacheable access result.

Overrides EntityReferenceFormatterBase::checkAccess

File

modules/payment/src/Plugin/Field/FieldFormatter/PaymentMethodProfileFormatter.php, line 44

Class

PaymentMethodProfileFormatter

Plugin implementation of the 'commerce_payment_method_profile' formatter.

Namespace

Drupal\commerce_payment\Plugin\Field\FieldFormatter

Code

protected function checkAccess(EntityInterface $entity) {

  /** @var \Drupal\commerce_order\Entity\OrderInterface $order */
  $order = $this->currentRouteMatch
    ->getParameter('commerce_order');

  // Defer to the parent method if the order could not be fetched from the
  // current route or if it doesn't reference a payment method.
  if (!$order || $order
    ->get('payment_method')
    ->isEmpty() || !$order
    ->get('payment_method')->entity) {
    return parent::checkAccess($entity);
  }

  /** @var \Drupal\commerce_payment\Entity\PaymentMethodInterface $payment_method */
  $payment_method = $order
    ->get('payment_method')->entity;

  // Allow access if the billing profile belongs to the payment method
  // referenced by the order being viewed.
  return AccessResult::allowedIf($payment_method
    ->getBillingProfile()
    ->id() == $entity
    ->id())
    ->addCacheableDependency($order);
}