You are here

Home » API reference » Commerce Core 8.2 » ProductVariationCollectionAccessCheck.php » ProductVariationCollectionAccessCheck

public function ProductVariationCollectionAccessCheck::access in Commerce Core 8.2

Checks access to the product variation collection.

Parameters

\Symfony\Component\Routing\Route $route: The route to check against.

\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

File

modules/product/src/Access/ProductVariationCollectionAccessCheck.php, line 50

Class

ProductVariationCollectionAccessCheck
Defines an access checker for the product variation collection route.

Namespace

Drupal\commerce_product\Access

Code

public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {

  /** @var \Drupal\commerce_product\Entity\ProductInterface $product */
  $product = $route_match
    ->getParameter('commerce_product');
  if (!$product) {
    return AccessResult::forbidden();
  }
  $product_type_storage = $this->entityTypeManager
    ->getStorage('commerce_product_type');

  /** @var \Drupal\commerce_product\Entity\ProductTypeInterface $product_type */
  $product_type = $product_type_storage
    ->load($product
    ->bundle());
  if (!$product_type
    ->allowsMultipleVariations()) {

    // Product types that don't allow multiple variations do not need
    // a product variation collection route.
    return AccessResult::forbidden()
      ->addCacheableDependency($product_type);
  }
  $variation_type_id = $product_type
    ->getVariationTypeId();

  // The collection route can be accessed by users with the administer
  // or manage permissions, because those permissions grant full access
  // to variations (add/edit/delete). The route can also be accessed by
  // users with the "access overview" permission, allowing both product and
  // variation listings to be viewed even if no other operations are allowed.
  $permissions = [
    'administer commerce_product',
    'access commerce_product overview',
    "manage {$variation_type_id} commerce_product_variation",
  ];
  return AccessResult::allowedIfHasPermissions($account, $permissions, 'OR');
}