You are here

Home » API reference » Commerce Wishlist 8.3 » WishlistItemDetailsAccessCheck.php » WishlistItemDetailsAccessCheck

public function WishlistItemDetailsAccessCheck::access in Commerce Wishlist 8.3

Checks access to the wishlist item details form.

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The route match.

\Drupal\Core\Session\AccountInterface $account: The currently logged in account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

File

src/Access/WishlistItemDetailsAccessCheck.php, line 44

Class

WishlistItemDetailsAccessCheck
Access check for the wishlist item details_form route.

Namespace

Drupal\commerce_wishlist\Access

Code

public function access(RouteMatchInterface $route_match, AccountInterface $account) {
  if ($account
    ->hasPermission('administer commerce_wishlist')) {

    // Administrators can modify anyone's wishlst.
    $access = AccessResult::allowed()
      ->cachePerPermissions();
  }
  else {

    // Users can modify their own wishlists.

    /** @var \Drupal\commerce_wishlist\Entity\WishlistItemInterface $wishlist_item */
    $wishlist_item = $route_match
      ->getParameter('commerce_wishlist_item');
    $user = $wishlist_item
      ->getWishlist()
      ->getOwner();
    if ($account
      ->isAuthenticated()) {
      $access = AccessResult::allowedIf($user
        ->id() === $account
        ->id())
        ->addCacheableDependency($wishlist_item)
        ->cachePerUser();
    }
    else {
      $access = AccessResult::allowedIf($this->wishlistSession
        ->hasWishlistId($wishlist_item
        ->getWishlistId()))
        ->addCacheableDependency($wishlist_item)
        ->addCacheContexts([
        'wishlist',
      ]);
    }
  }
  return $access;
}