You are here

Home » API reference » Commerce Add To Cart Link 2.x » CartLinkToken.php » CartLinkToken

public function CartLinkToken::needsCsrfProtection in Commerce Add To Cart Link 2.x

Same name and namespace in other branches
  1. 8 src/CartLinkToken.php \Drupal\commerce_add_to_cart_link\CartLinkToken::needsCsrfProtection()

Checks whether the given user account needs CSRF protection.

Parameters

\Drupal\Core\Session\AccountInterface $account: The user account. If left NULL, the current user will be taken.

Return value

bool TRUE, if add to cart and wishlist links should be CSRF protected, FALSE otherwise.

Overrides CartLinkTokenInterface::needsCsrfProtection

2 calls to CartLinkToken::needsCsrfProtection()
CartLinkToken::generate in src/CartLinkToken.php
Generates a token for the given product variation.
CartLinkToken::validate in src/CartLinkToken.php
Checks the given token for the given variation for validity.

File

src/CartLinkToken.php, line 79

Class

CartLinkToken
Default cart link token service implementation.

Namespace

Drupal\commerce_add_to_cart_link

Code

public function needsCsrfProtection(AccountInterface $account = NULL) {
  if (is_null($account)) {
    $account = $this->currentUser;
  }
  $csrf_protected_roles = $this->config
    ->get('csrf_token.roles');
  if (empty($csrf_protected_roles)) {
    return FALSE;
  }
  return !empty(array_intersect($csrf_protected_roles, $account
    ->getRoles()));
}