You are here

public function AddToWishlistController::access in Commerce Add To Cart Link 8

Same name and namespace in other branches
  1. 2.x modules/wishlist/src/Controller/AddToWishlistController.php \Drupal\commerce_add_to_wishlist_link\Controller\AddToWishlistController::access()

Access callback for the action route.

Parameters

\Drupal\commerce_product\Entity\ProductInterface $commerce_product: The product entity.

\Drupal\commerce_product\Entity\ProductVariationInterface $commerce_product_variation: The product variation to add.

string $token: The CSRF token.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

1 string reference to 'AddToWishlistController::access'
commerce_add_to_wishlist_link.routing.yml in modules/wishlist/commerce_add_to_wishlist_link.routing.yml
modules/wishlist/commerce_add_to_wishlist_link.routing.yml

File

modules/wishlist/src/Controller/AddToWishlistController.php, line 117

Class

AddToWishlistController
Defines the add to wishlist controller.

Namespace

Drupal\commerce_add_to_wishlist_link\Controller

Code

public function access(ProductInterface $commerce_product, ProductVariationInterface $commerce_product_variation, $token) {
  if (!$commerce_product
    ->isPublished() || !$commerce_product
    ->access('view')) {

    // If product is disabled or the user has no view access, deny.
    return AccessResult::forbidden();
  }
  if (!$commerce_product_variation
    ->isPublished() || !$commerce_product_variation
    ->access('view')) {

    // If the variation is inactive, deny.
    return AccessResult::forbidden();
  }
  if ((int) $commerce_product
    ->id() !== (int) $commerce_product_variation
    ->getProductId()) {

    // Deny, if the product ID and variation's parent product ID don't match.
    return AccessResult::forbidden();
  }
  return AccessResult::allowedIf($this->cartLinkToken
    ->validate($commerce_product_variation, $token));
}