src/Routing/Routes.php | 50 ++++++++++++++++++----------------- tests/src/Unit/Routing/RoutesTest.php | 16 +++++------ 2 files changed, 34 insertions(+), 32 deletions(-) diff --git a/src/Routing/Routes.php b/src/Routing/Routes.php index e05a05a..bc5f6e2 100644 --- a/src/Routing/Routes.php +++ b/src/Routing/Routes.php @@ -204,8 +204,8 @@ class Routes implements ContainerInjectionInterface { if ($resource_type->isLocatable()) { $individual_route = new Route("/{$path}/{{$entity_type_id}}"); $individual_route->setMethods(['GET']); - // No _entity_access requirement because "view" and "view label" access are - // checked in the controller. So it's safe to allow anybody access. + // No _entity_access requirement because "view" and "view label" access + // are checked in the controller. So it's safe to allow anybody access. $individual_route->setRequirement('_access', 'TRUE'); $routes->add(static::getRouteName($resource_type, 'individual'), $individual_route); } @@ -230,28 +230,30 @@ class Routes implements ContainerInjectionInterface { $routes->add(static::getRouteName($resource_type, 'individual.delete'), $individual_remove_route); } - // Get an individual resource's related resources. - $related_route = new Route("/{$path}/{{$entity_type_id}}/{related}"); - $related_route->setMethods(['GET']); - // @todo: remove this when each related route is defined per relationship field and access is no longer checked by the controller in https://www.drupal.org/project/jsonapi/issues/2953346. - $related_route->setRequirement('_access', 'TRUE'); - $routes->add(static::getRouteName($resource_type, 'related'), $related_route); - - // Read, update, add, or remove an individual resources relationships to - // other resources. - $relationship_route = new Route("/{$path}/{{$entity_type_id}}/relationships/{related}"); - $relationship_route->setMethods($resource_type->isMutable() - ? ['GET', 'POST', 'PATCH', 'DELETE'] - : ['GET'] - ); - // @todo: remove the _on_relationship default in https://www.drupal.org/project/jsonapi/issues/2953346. - $relationship_route->addDefaults(['_on_relationship' => TRUE]); - $relationship_route->addDefaults(['serialization_class' => Relationship::class]); - $relationship_route->setRequirement('_csrf_request_header_token', 'TRUE'); - $routes->add(static::getRouteName($resource_type, 'relationship'), $relationship_route); - - // Add entity parameter conversion to every route. - $routes->addOptions(['parameters' => [$entity_type_id => ['type' => 'entity:' . $entity_type_id]]]); + if ($resource_type->isLocatable()) { + // Get an individual resource's related resources. + $related_route = new Route("/{$path}/{{$entity_type_id}}/{related}"); + $related_route->setMethods(['GET']); + // @todo: remove this when each related route is defined per relationship field and access is no longer checked by the controller in https://www.drupal.org/project/jsonapi/issues/2953346. + $related_route->setRequirement('_access', 'TRUE'); + $routes->add(static::getRouteName($resource_type, 'related'), $related_route); + + // Read, update, add, or remove an individual resources relationships to + // other resources. + $relationship_route = new Route("/{$path}/{{$entity_type_id}}/relationships/{related}"); + $relationship_route->setMethods($resource_type->isMutable() + ? ['GET', 'POST', 'PATCH', 'DELETE'] + : ['GET'] + ); + // @todo: remove the _on_relationship default in https://www.drupal.org/project/jsonapi/issues/2953346. + $relationship_route->addDefaults(['_on_relationship' => TRUE]); + $relationship_route->addDefaults(['serialization_class' => Relationship::class]); + $relationship_route->setRequirement('_csrf_request_header_token', 'TRUE'); + $routes->add(static::getRouteName($resource_type, 'relationship'), $relationship_route); + + // Add entity parameter conversion to every route. + $routes->addOptions(['parameters' => [$entity_type_id => ['type' => 'entity:' . $entity_type_id]]]); + } return $routes; } diff --git a/tests/src/Unit/Routing/RoutesTest.php b/tests/src/Unit/Routing/RoutesTest.php index c31a68d..e0537a6 100644 --- a/tests/src/Unit/Routing/RoutesTest.php +++ b/tests/src/Unit/Routing/RoutesTest.php @@ -79,14 +79,6 @@ class RoutesTest extends UnitTestCase { $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY)); $this->assertEquals(['GET'], $route->getMethods()); $this->assertSame(Routes::FRONT_CONTROLLER, $route->getDefault(RouteObjectInterface::CONTROLLER_NAME)); - // Check the collection POST route. - $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.collection.post'); - $this->assertSame('/jsonapi/entity_type_1/bundle_1_1', $route->getPath()); - $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth')); - $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY)); - $this->assertEquals(['POST'], $route->getMethods()); - $this->assertSame(Routes::FRONT_CONTROLLER, $route->getDefault(RouteObjectInterface::CONTROLLER_NAME)); - $this->assertSame('Drupal\jsonapi\JsonApiResource\JsonApiDocumentTopLevel', $route->getDefault('serialization_class')); } /** @@ -109,6 +101,14 @@ class RoutesTest extends UnitTestCase { 'resource_type' => ['type' => 'jsonapi_resource_type'], ], $route->getOption('parameters')); + $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.individual.create'); + $this->assertSame('/jsonapi/entity_type_1/bundle_1_1', $route->getPath()); + $this->assertSame(['lorem', 'ipsum'], $route->getOption('_auth')); + $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY)); + $this->assertEquals(['POST'], $route->getMethods()); + $this->assertSame(Routes::FRONT_CONTROLLER, $route->getDefault(RouteObjectInterface::CONTROLLER_NAME)); + $this->assertSame(JsonApiDocumentTopLevel::class, $route->getDefault('serialization_class')); + $route = $iterator->offsetGet('jsonapi.entity_type_1--bundle_1_1.individual.patch'); $this->assertSame('/jsonapi/entity_type_1/bundle_1_1/{entity_type_1}', $route->getPath()); $this->assertSame('entity_type_1--bundle_1_1', $route->getDefault(Routes::RESOURCE_TYPE_KEY));