src/Routing/Routes.php | 69 +++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 37 deletions(-) diff --git a/src/Routing/Routes.php b/src/Routing/Routes.php index aa06463..e05a05a 100644 --- a/src/Routing/Routes.php +++ b/src/Routing/Routes.php @@ -138,35 +138,25 @@ class Routes implements ContainerInjectionInterface { $routes = new RouteCollection(); - // Collection route like `/jsonapi/node/article`. - $collection_route = new Route('/' . $resource_type->getPath()); - $collection_route->setMethods(['GET']); - // Allow anybody access because "view" and "view label" access are checked - // in the controller. - $collection_route->setRequirement('_access', 'TRUE'); - if ($resource_type->isMutable()) { - $collection_create_route = new Route($collection_route->getPath()); - $collection_create_route->setMethods(['POST']); - $collection_create_route->addDefaults(['serialization_class' => JsonApiDocumentTopLevel::class]); - $create_requirement = sprintf("%s:%s", $resource_type->getEntityTypeId(), $resource_type->getBundle()); - $collection_create_route->setRequirement('_entity_create_access', $create_requirement); - $collection_create_route->setRequirement('_csrf_request_header_token', 'TRUE'); - } + // Individual routes like `/jsonapi/node/article/{uuid}` or + // `/jsonapi/node/article/{uuid}/relationships/uid`. + $routes->addCollection(static::getIndividualRoutesForResourceType($resource_type)); + // The 'collection' route must always exist. So if the resource type is not // locatable, assign the "create" route definition to it. if ($resource_type->isLocatable()) { - $routes->add(static::getRouteName($resource_type, 'collection'), $collection_route); - if ($resource_type->isMutable()) { - $routes->add(static::getRouteName($resource_type, 'collection.post'), $collection_create_route); - } + // Collection route like `/jsonapi/node/article`. + $collection_route = new Route('/' . $resource_type->getPath()); + $collection_route->setMethods(['GET']); + // Allow anybody access because "view" and "view label" access are checked + // in the controller. + $collection_route->setRequirement('_access', 'TRUE'); } - if (!$resource_type->isLocatable() && $resource_type->isMutable()) { - $routes->add(static::getRouteName($resource_type, 'collection'), $collection_create_route); + else { + $individual_create_route = $routes->get(static::getRouteName($resource_type, 'individual.create')); + $collection_route = clone $individual_create_route; } - - // Individual routes like `/jsonapi/node/article/{uuid}` or - // `/jsonapi/node/article/{uuid}/relationships/uid`. - $routes->addCollection(static::getIndividualRoutesForResourceType($resource_type)); + $routes->add(static::getRouteName($resource_type, 'collection'), $collection_route); // Add the resource type as a parameter to every resource route. foreach ($routes as $route) { @@ -205,30 +195,35 @@ class Routes implements ContainerInjectionInterface { * The route collection. */ protected static function getIndividualRoutesForResourceType(ResourceType $resource_type) { - if (!$resource_type->isLocatable()) { - return new RouteCollection(); - } - $routes = new RouteCollection(); $path = $resource_type->getPath(); $entity_type_id = $resource_type->getEntityTypeId(); - // Individual read, update and remove. - $individual_route = new Route("/{$path}/{{$entity_type_id}}"); - $individual_route->setMethods(['GET']); - // No _entity_access requirement because "view" and "view label" access are - // checked in the controller. So it's safe to allow anybody access. - $individual_route->setRequirement('_access', 'TRUE'); - $routes->add(static::getRouteName($resource_type, 'individual'), $individual_route); + // Individual read, create, update and remove. + if ($resource_type->isLocatable()) { + $individual_route = new Route("/{$path}/{{$entity_type_id}}"); + $individual_route->setMethods(['GET']); + // No _entity_access requirement because "view" and "view label" access are + // checked in the controller. So it's safe to allow anybody access. + $individual_route->setRequirement('_access', 'TRUE'); + $routes->add(static::getRouteName($resource_type, 'individual'), $individual_route); + } if ($resource_type->isMutable()) { - $individual_update_route = new Route($individual_route->getPath()); + $individual_create_route = new Route('/' . $resource_type->getPath()); + $individual_create_route->setMethods(['POST']); + $individual_create_route->addDefaults(['serialization_class' => JsonApiDocumentTopLevel::class]); + $create_requirement = sprintf("%s:%s", $resource_type->getEntityTypeId(), $resource_type->getBundle()); + $individual_create_route->setRequirement('_entity_create_access', $create_requirement); + $individual_create_route->setRequirement('_csrf_request_header_token', 'TRUE'); + $routes->add(static::getRouteName($resource_type, 'individual.create'), $individual_create_route); + $individual_update_route = new Route("/{$path}/{{$entity_type_id}}"); $individual_update_route->setMethods(['PATCH']); $individual_update_route->addDefaults(['serialization_class' => JsonApiDocumentTopLevel::class]); $individual_update_route->setRequirement('_entity_access', "{$entity_type_id}.update"); $individual_update_route->setRequirement('_csrf_request_header_token', 'TRUE'); $routes->add(static::getRouteName($resource_type, 'individual.patch'), $individual_update_route); - $individual_remove_route = new Route($individual_route->getPath()); + $individual_remove_route = new Route("/{$path}/{{$entity_type_id}}"); $individual_remove_route->setMethods(['DELETE']); $individual_remove_route->setRequirement('_entity_access', "{$entity_type_id}.delete"); $individual_remove_route->setRequirement('_csrf_request_header_token', 'TRUE');