config/schema/jsonapi.schema.yml | 2 +- src/Routing/ReadOnlyModeMethodFilter.php | 2 +- tests/src/Functional/FileUploadTest.php | 4 ++-- tests/src/Functional/ResourceTestBase.php | 14 +++++++++++--- tests/src/Functional/UserTest.php | 4 ++-- 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/config/schema/jsonapi.schema.yml b/config/schema/jsonapi.schema.yml index e14cff4..0fdec75 100644 --- a/config/schema/jsonapi.schema.yml +++ b/config/schema/jsonapi.schema.yml @@ -4,4 +4,4 @@ jsonapi.settings: mapping: read_only: type: boolean - label: 'Read-only mode enabled' + label: 'Restrict JSON:API to only read operations' diff --git a/src/Routing/ReadOnlyModeMethodFilter.php b/src/Routing/ReadOnlyModeMethodFilter.php index b77cb75..f826621 100644 --- a/src/Routing/ReadOnlyModeMethodFilter.php +++ b/src/Routing/ReadOnlyModeMethodFilter.php @@ -72,7 +72,7 @@ class ReadOnlyModeMethodFilter implements FilterInterface { if (count($collection)) { return $collection; } - throw new MethodNotAllowedHttpException(array_intersect($all_supported_methods, $read_only_methods), sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromRoute('jsonapi.settings')->setAbsolute()->toString(TRUE)->getGeneratedUrl())); + throw new MethodNotAllowedHttpException(array_intersect($all_supported_methods, $read_only_methods), sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromRoute('jsonapi.settings')->setAbsolute()->toString(TRUE)->getGeneratedUrl())); } } diff --git a/tests/src/Functional/FileUploadTest.php b/tests/src/Functional/FileUploadTest.php index afbe9e2..a98448f 100644 --- a/tests/src/Functional/FileUploadTest.php +++ b/tests/src/Functional/FileUploadTest.php @@ -206,7 +206,7 @@ class FileUploadTest extends ResourceTestBase { // DX: 405 when read-only mode is enabled. $response = $this->fileRequest($uri, $this->testFileData); - $this->assertResourceErrorResponse(405, sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $uri, $response); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $uri, $response); $this->assertSame(['GET'], $response->getHeader('Allow')); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); @@ -284,7 +284,7 @@ class FileUploadTest extends ResourceTestBase { // DX: 405 when read-only mode is enabled. $response = $this->fileRequest($uri, $this->testFileData); - $this->assertResourceErrorResponse(405, sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $uri, $response); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $uri, $response); $this->assertSame(['GET'], $response->getHeader('Allow')); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); diff --git a/tests/src/Functional/ResourceTestBase.php b/tests/src/Functional/ResourceTestBase.php index 6abb30f..1b8caaf 100644 --- a/tests/src/Functional/ResourceTestBase.php +++ b/tests/src/Functional/ResourceTestBase.php @@ -1875,6 +1875,14 @@ abstract class ResourceTestBase extends BrowserTestBase { public function testPostIndividual() { // @todo Remove this in https://www.drupal.org/node/2300677. if ($this->entity instanceof ConfigEntityInterface) { + $url = Url::fromUri('base:/jsonapi/' . static::$entityTypeId . '/' . static::$entityTypeId); + $request_options = []; + $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json'; + $request_options = NestedArray::mergeDeep($request_options, $this->getAuthenticationRequestOptions()); + + $response = $this->request('POST', $url, $request_options); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); + $this->assertTrue(TRUE, 'POSTing config entities is not yet supported.'); return; } @@ -1901,7 +1909,7 @@ abstract class ResourceTestBase extends BrowserTestBase { // DX: 405 when read-only mode is enabled. $response = $this->request('POST', $url, $request_options); - $this->assertResourceErrorResponse(405, sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); if ($this->resourceType->isLocatable()) { $this->assertSame(['GET'], $response->getHeader('Allow')); } @@ -2124,7 +2132,7 @@ abstract class ResourceTestBase extends BrowserTestBase { // DX: 405 when read-only mode is enabled. $response = $this->request('PATCH', $url, $request_options); - $this->assertResourceErrorResponse(405, sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); $this->assertSame(['GET'], $response->getHeader('Allow')); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); @@ -2418,7 +2426,7 @@ abstract class ResourceTestBase extends BrowserTestBase { // DX: 405 when read-only mode is enabled. $response = $this->request('DELETE', $url, $request_options); - $this->assertResourceErrorResponse(405, sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); $this->assertSame(['GET'], $response->getHeader('Allow')); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); diff --git a/tests/src/Functional/UserTest.php b/tests/src/Functional/UserTest.php index 94d3d5a..bd871ea 100644 --- a/tests/src/Functional/UserTest.php +++ b/tests/src/Functional/UserTest.php @@ -224,7 +224,7 @@ class UserTest extends ResourceTestBase { // DX: 405 when read-only mode is enabled. $response = $this->request('PATCH', $url, $request_options); - $this->assertResourceErrorResponse(405, sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); $this->assertSame(['GET'], $response->getHeader('Allow')); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE); @@ -340,7 +340,7 @@ class UserTest extends ResourceTestBase { // DX: 405 when read-only mode is enabled. $response = $this->request('PATCH', $url, $request_options); - $this->assertResourceErrorResponse(405, sprintf("JSON:API's read-only mode is enabled. Site administrators can enable writes at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); + $this->assertResourceErrorResponse(405, sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromUri('base:/admin/config/services/jsonapi')->setAbsolute()->toString(TRUE)->getGeneratedUrl()), $url, $response); $this->assertSame(['GET'], $response->getHeader('Allow')); $this->config('jsonapi.settings')->set('read_only', FALSE)->save(TRUE);