class FieldAccess in Commerce Cart API 8
Hierarchy
- class \Drupal\commerce_cart_api\FieldAccess implements FieldAccessInterface
Expanded class hierarchy of FieldAccess
1 string reference to 'FieldAccess'
1 service uses FieldAccess
File
- src/
FieldAccess.php, line 12
Namespace
Drupal\commerce_cart_apiView source
class FieldAccess implements FieldAccessInterface {
/**
* The route match.
*
* @var \Drupal\Core\Routing\RouteMatchInterface
*/
protected $routeMatch;
/**
* Constructs a new FieldAccess object.
*
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The route match.
*/
public function __construct(RouteMatchInterface $route_match) {
$this->routeMatch = $route_match;
}
/**
* {@inheritdoc}
*/
public function handle($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
$route = $this->routeMatch
->getRouteObject();
// Only check access if this is running on our API routes.
if (!$route || !$route
->hasRequirement('_cart_api')) {
return AccessResult::neutral();
}
$entity_type_id = $field_definition
->getTargetEntityTypeId();
$method = 'allowed' . Container::camelize("{$entity_type_id}_fields");
if (method_exists($this, $method)) {
$allowed_fields = $this
->{$method}($operation, $field_definition, $account, $items) ?: [];
return AccessResult::forbiddenIf(!in_array($field_definition
->getName(), $allowed_fields, TRUE));
}
if ($operation === 'view') {
// Disallow access to generic entity fields for any other entity which
// has been normalized and being returns (like purchasable entities.)
$disallowed_fields = [
'created',
'changed',
'default_langcode',
'langcode',
'status',
'uid',
];
return AccessResult::forbiddenIf(in_array($field_definition
->getName(), $disallowed_fields, TRUE));
}
return AccessResult::neutral();
}
/**
* Allowed commerce_order fields.
*
* @param string $operation
* The operation to be performed.
* @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition
* The field definition.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account to check.
* @param \Drupal\Core\Field\FieldItemListInterface $items
* (optional) The entity field object for which to check access, or NULL if
* access is checked for the field definition, without any specific value
* available. Defaults to NULL.
*
* @return array
* The allowed fields.
*/
protected function allowedCommerceOrderFields($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
if ($operation === 'view') {
return [
'order_id',
'uuid',
'order_number',
'store_id',
// Allow after https://www.drupal.org/project/commerce/issues/2916252.
// 'adjustments',
'coupons',
'order_total',
'total_price',
'order_items',
];
}
return [];
}
/**
* Allowed commerce_order_item fields.
*
* @param string $operation
* The operation to be performed.
* @param \Drupal\Core\Field\FieldDefinitionInterface $field_definition
* The field definition.
* @param \Drupal\Core\Session\AccountInterface $account
* The user account to check.
* @param \Drupal\Core\Field\FieldItemListInterface $items
* (optional) The entity field object for which to check access, or NULL if
* access is checked for the field definition, without any specific value
* available. Defaults to NULL.
*
* @return array
* The allowed fields.
*/
protected function allowedCommerceOrderItemFields($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
if ($operation === 'view') {
return [
'order_id',
'order_item_id',
'uuid',
'purchased_entity',
'title',
// Allow after https://www.drupal.org/project/commerce/issues/2916252.
// 'adjustments',
'quantity',
'order_total',
'unit_price',
'total_price',
];
}
return [];
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
FieldAccess:: |
protected | property | The route match. | |
FieldAccess:: |
protected | function | Allowed commerce_order fields. | |
FieldAccess:: |
protected | function | Allowed commerce_order_item fields. | |
FieldAccess:: |
public | function |
Handle field access. Overrides FieldAccessInterface:: |
|
FieldAccess:: |
public | function | Constructs a new FieldAccess object. |