diff --git a/core/modules/file/src/FileAccessControlHandler.php b/core/modules/file/src/FileAccessControlHandler.php index 2e336af..65a71c1 100644 --- a/core/modules/file/src/FileAccessControlHandler.php +++ b/core/modules/file/src/FileAccessControlHandler.php @@ -65,4 +65,11 @@ protected function getFileReferences(FileInterface $file) { return file_get_file_references($file, NULL, EntityStorageInterface::FIELD_LOAD_REVISION, NULL); } + /** + * {@inheritdoc} + */ + protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { + return AccessResult::allowed(); + } + } diff --git a/core/modules/hal/hal.services.yml b/core/modules/hal/hal.services.yml index a4df304..7149ede 100644 --- a/core/modules/hal/hal.services.yml +++ b/core/modules/hal/hal.services.yml @@ -17,6 +17,11 @@ services: tags: - { name: normalizer, priority: 20 } arguments: ['@rest.link_manager', '@entity.manager', '@module_handler'] + serializer.normalizer.node_entity.hal: + class: Drupal\hal\Normalizer\NodeEntityNormalizer + tags: + - { name: normalizer, priority: 20 } + arguments: ['@rest.link_manager', '@entity.manager', '@module_handler'] serializer.normalizer.entity.hal: class: Drupal\hal\Normalizer\ContentEntityNormalizer arguments: ['@rest.link_manager', '@entity.manager', '@module_handler'] diff --git a/core/modules/hal/src/Normalizer/FileEntityNormalizer.php b/core/modules/hal/src/Normalizer/FileEntityNormalizer.php index a4aeba7..676568f 100644 --- a/core/modules/hal/src/Normalizer/FileEntityNormalizer.php +++ b/core/modules/hal/src/Normalizer/FileEntityNormalizer.php @@ -8,8 +8,8 @@ namespace Drupal\hal\Normalizer; use Drupal\Component\Utility\SafeMarkup; -use Drupal\Component\Utility\String; use Symfony\Component\Serializer\Exception\RuntimeException; +use Symfony\Component\Serializer\Exception\UnexpectedValueException; /** * Converts the Drupal entity object structure to a HAL array structure. @@ -44,6 +44,16 @@ public function denormalize($data, $class, $format = NULL, array $context = arra $file_data = $data['data'][0]['value']; unset($data['data']); + $data_validators = $data['validators'][0]; + foreach ($data_validators as $validator_key => $validator_value) { + foreach ($validator_value as $format_key => $format_value) { + $formats .= ' ' .$format_value['value']; + } + $validators = [$validator_key => [$formats]]; + } + // Avoid 'validators' being treated as a field. + unset($data['validators']); + $entity = parent::denormalize($data, $class, $format, $context); // Decode and save to file if it's a new file. @@ -53,6 +63,10 @@ public function denormalize($data, $class, $format = NULL, array $context = arra file_prepare_directory($dirname, FILE_CREATE_DIRECTORY); if ($uri = file_unmanaged_save_data($file_contents, $entity->getFileUri())) { $entity->setFileUri($uri); + // Validate the file. + if ($errors = file_validate($entity, $validators)) { + throw new UnexpectedValueException("Validation Error."); + } } else { throw new RuntimeException(SafeMarkup::format('Failed to write @filename.', array('@filename' => $entity->getFilename()))); diff --git a/core/modules/hal/src/Normalizer/NodeEntityNormalizer.php b/core/modules/hal/src/Normalizer/NodeEntityNormalizer.php new file mode 100644 index 0000000..c76f7e4 --- /dev/null +++ b/core/modules/hal/src/Normalizer/NodeEntityNormalizer.php @@ -0,0 +1,48 @@ +getTypedData()->getProperties(); + + foreach ($entity->getFieldDefinitions() as $property_name => $definition) { + // Check if the current field is a file or image. + if ($definition->getType() == 'image' || $definition->getType() == 'file') { + // Instantiate the field type to obtain validators. + $field = \Drupal::service('plugin.manager.field.field_type')->createInstance('file', ['field_definition' => $definition]); + $validators = $field->getUploadValidators(); + + // Get the files from the referenced entities. + if ($files = $properties[$property_name]->referencedEntities()) { + foreach($files as $file) { + // Validate the files. + if ($errors = file_validate($file, $validators)) { + // @TODO show errors. + throw new UnexpectedValueException('Validation error!'); + } + } + } + } + } + + return $entity; + + } + +} diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php index eb76e66..f7a0fa4 100644 --- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php +++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php @@ -78,9 +78,9 @@ public function post(EntityInterface $entity = NULL) { throw new BadRequestHttpException('No entity content received.'); } - //if (!$entity->access('create')) { - //throw new AccessDeniedHttpException(); - //} + if (!$entity->access('create')) { + throw new AccessDeniedHttpException(); + } $definition = $this->getPluginDefinition(); // Verify that the deserialized entity is of the type that we expect to // prevent security issues.