You are here

Home » API reference » Payment 8.2 » PaymentAccessControlHandler.php » PaymentAccessControlHandler

protected function PaymentAccessControlHandler::checkAccess in Payment 8.2

Performs access checks.

This method is supposed to be overwritten by extending classes that do their own custom access checking.

Parameters

\Drupal\Core\Entity\EntityInterface $entity: The entity for which to check access.

string $operation: The entity operation. Usually one of 'view', 'view label', 'update' or 'delete'.

\Drupal\Core\Session\AccountInterface $account: The user for which to check access.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

Overrides EntityAccessControlHandler::checkAccess

File

src/Entity/Payment/PaymentAccessControlHandler.php, line 22

Class

PaymentAccessControlHandler
Provides an access control handler for payment entities.

Namespace

Drupal\payment\Entity\Payment

Code

protected function checkAccess(EntityInterface $payment, $operation, AccountInterface $account) {

  /** @var \Drupal\payment\Entity\PaymentInterface $payment */
  if ($operation == 'update_status') {
    $payment_method = $payment
      ->getPaymentMethod();
    if ($payment_method instanceof PaymentMethodUpdatePaymentStatusInterface && !$payment_method
      ->updatePaymentStatusAccess($account)) {
      return AccessResult::forbidden();
    }
  }
  elseif ($operation == 'capture') {
    $payment_method = $payment
      ->getPaymentMethod();
    if ($payment_method instanceof PaymentMethodCapturePaymentInterface) {
      return AccessResult::allowedIf($payment_method instanceof PaymentMethodCapturePaymentInterface)
        ->andIf(AccessResult::allowedIf($payment_method
        ->capturePaymentAccess($account)))
        ->andIf($this
        ->checkAccessPermission($payment, $operation, $account));
    }
    return AccessResult::forbidden();
  }
  elseif ($operation == 'refund') {
    $payment_method = $payment
      ->getPaymentMethod();
    if ($payment_method instanceof PaymentMethodRefundPaymentInterface) {
      return AccessResult::allowedIf($payment_method
        ->refundPaymentAccess($account))
        ->andIf($this
        ->checkAccessPermission($payment, $operation, $account));
    }
    return AccessResult::forbidden();
  }
  elseif ($operation == 'complete') {
    if ($payment
      ->getPaymentMethod()) {
      return AccessResult::allowedIf($payment
        ->getOwnerId() == $account
        ->id())
        ->orIf(AccessResult::forbiddenIf($payment
        ->getPaymentMethod()
        ->getPaymentExecutionResult()
        ->isCompleted()));
    }
    else {
      return AccessResult::forbidden();
    }
  }
  return $this
    ->checkAccessPermission($payment, $operation, $account);
}