class InvoiceOrderAccessCheck in Commerce Invoice 8.2
Defines an access checker for the Order invoices route.
Hierarchy
- class \Drupal\commerce_invoice\Access\InvoiceOrderAccessCheck implements AccessInterface
Expanded class hierarchy of InvoiceOrderAccessCheck
1 string reference to 'InvoiceOrderAccessCheck'
1 service uses InvoiceOrderAccessCheck
File
- src/
Access/ InvoiceOrderAccessCheck.php, line 15
Namespace
Drupal\commerce_invoice\AccessView source
class InvoiceOrderAccessCheck implements AccessInterface {
/**
* The entity type manager.
*
* @var \Drupal\Core\Entity\EntityTypeManagerInterface
*/
protected $entityTypeManager;
/**
* Constructs a new InvoiceOrderAccessCheck object.
*
* @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager
* The entity type manager.
*/
public function __construct(EntityTypeManagerInterface $entity_type_manager) {
$this->entityTypeManager = $entity_type_manager;
}
/**
* Checks access to the Order invoices route.
*
* @param \Symfony\Component\Routing\Route $route
* The route to check against.
* @param \Drupal\Core\Routing\RouteMatchInterface $route_match
* The route match.
* @param \Drupal\Core\Session\AccountInterface $account
* The currently logged in account.
*
* @return \Drupal\Core\Access\AccessResultInterface
* The access result.
*/
public function access(Route $route, RouteMatchInterface $route_match, AccountInterface $account) {
$invoice_type_storage = $this->entityTypeManager
->getStorage('commerce_invoice_type');
/** @var \Drupal\commerce_order\Entity\OrderInterface $order */
$order = $route_match
->getParameter('commerce_order');
/** @var \Drupal\commerce_invoice\Entity\InvoiceTypeInterface $invoice_type */
$invoice_type = $route_match
->getParameter('commerce_invoice_type') ?: $invoice_type_storage
->load('default');
$access = AccessResult::allowedIfHasPermission($account, 'administer commerce_invoice')
->mergeCacheMaxAge(0);
// Custom requirement for the invoice generate form.
if ($route
->hasRequirement('_invoice_generate_form_access')) {
$disallowed_order_states = [
'draft',
];
// Credit memos (refunds) can be created for a canceled order.
if ($invoice_type
->id() !== 'credit_memo') {
$disallowed_order_states[] = 'canceled';
}
if (in_array($order
->getState()
->getId(), $disallowed_order_states, TRUE) || !$order
->getTotalPrice()) {
return AccessResult::forbidden()
->mergeCacheMaxAge(0);
}
$result = $this->entityTypeManager
->getStorage('commerce_invoice')
->getAggregateQuery()
->condition('type', $invoice_type
->id(), '=')
->condition('orders', [
$order
->id(),
], 'IN')
->conditionAggregate('total_price.number', 'SUM', $order
->getTotalPrice()
->getNumber(), '>=')
->accessCheck(FALSE)
->execute();
// Do not allow access to the invoice generate form if the total price sum
// of the invoices that reference this order match or exceed its total
// price.
if (!empty($result)) {
return AccessResult::forbidden()
->mergeCacheMaxAge(0);
}
// The invoice generator service needs a store.
$order_requirements = !empty($order
->getStoreId());
$access
->andIf(AccessResult::allowedIf($order_requirements));
}
return $access;
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
InvoiceOrderAccessCheck:: |
protected | property | The entity type manager. | |
|
InvoiceOrderAccessCheck:: |
public | function | Checks access to the Order invoices route. | |
|
InvoiceOrderAccessCheck:: |
public | function | Constructs a new InvoiceOrderAccessCheck object. |