diff --git a/core/modules/rest/src/Plugin/rest/resource/UserRegistrationResource.php b/core/modules/rest/src/Plugin/rest/resource/UserRegistrationResource.php index 78cebbe..9d9df04 100644 --- a/core/modules/rest/src/Plugin/rest/resource/UserRegistrationResource.php +++ b/core/modules/rest/src/Plugin/rest/resource/UserRegistrationResource.php @@ -97,6 +97,37 @@ public static function create(ContainerInterface $container, array $configuratio * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException */ public function post(UserInterface $account = NULL) { + $this->ensureAccountCanRegister($account); + + // Only active new users if visitors are allowed to register and no email + // verification required. + if ($this->userSettings->get('register') == USER_REGISTER_VISITORS && !$this->userSettings->get('verify_mail')) { + $account->activate(); + } + else { + $account->block(); + } + + $this->checkEditFieldAccess($account); + + // Make sure that the user entity is valid (email and name are valid). + $this->validate($account); + + // Create the account. + $account->save(); + + $this->sendEmailNotifications($account); + + return new ModifiedResourceResponse($account, 200); + } + + /** + * Ensure the account can be registered in this request. + * + * @param \Drupal\user\UserInterface $account + * The user account to register. + */ + protected function ensureAccountCanRegister(UserInterface $account = NULL) { if ($account === NULL) { throw new BadRequestHttpException('No user account data for registration received.'); } @@ -113,42 +144,32 @@ public function post(UserInterface $account = NULL) { if (!$this->currentUser->isAnonymous()) { throw new AccessDeniedHttpException('Only anonymous users can register users.'); } - $approvalSettings = $this->userSettings->get('register'); // Verify that the current user can register a user account. - if ($approvalSettings == USER_REGISTER_ADMINISTRATORS_ONLY) { + if ($this->userSettings->get('register') == USER_REGISTER_ADMINISTRATORS_ONLY) { throw new AccessDeniedHttpException('You cannot register a new user account.'); } - // Only active new users if visitors are allowed to register and no email - // verification required. - if ($approvalSettings == USER_REGISTER_VISITORS && !$this->userSettings->get('verify_mail')) { - $account->activate(); - } - else { - $account->block(); - } - - $this->checkEditFieldAccess($account); - - // Make sure that the user entity is valid (email and name are valid). - $this->validate($account); - - // Create the account. - $account->save(); + } + /** + * Sends email notifications if necessary for user that was registered. + * + * @param \Drupal\user\UserInterface $account + * The user account. + */ + protected function sendEmailNotifications(UserInterface $account) { + $approval_settings = $this->userSettings->get('register'); // No e-mail verification is required. Activating the user. - if ($approvalSettings == USER_REGISTER_VISITORS) { + if ($approval_settings == USER_REGISTER_VISITORS) { if ($this->userSettings->get('verify_mail')) { // No administrator approval required. _user_mail_notify('register_no_approval_required', $account); } } // Administrator approval required. - elseif ($approvalSettings == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) { + elseif ($approval_settings == USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL) { _user_mail_notify('register_pending_approval', $account); } - - return new ModifiedResourceResponse($account, 200); } } diff --git a/core/modules/rest/src/ResourceAccessTrait.php b/core/modules/rest/src/ResourceAccessTrait.php index 776caa6..00d8461 100644 --- a/core/modules/rest/src/ResourceAccessTrait.php +++ b/core/modules/rest/src/ResourceAccessTrait.php @@ -2,7 +2,7 @@ namespace Drupal\rest; -use Drupal\Core\Entity\EntityInterface; +use Drupal\Core\Entity\FieldableEntityInterface; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; trait ResourceAccessTrait { @@ -10,14 +10,14 @@ /** * Performs edit access checks for fields. * - * @param \Drupal\Core\Entity\EntityInterface $entity - * The entity object. + * @param \Drupal\Core\Entity\FieldableEntityInterface $entity + * Drupal\Core\Entity\FieldableEntityInterface * * @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException * Throws access denied when the user does not have permissions to edit a * field. */ - protected function checkEditFieldAccess(EntityInterface $entity) { + protected function checkEditFieldAccess(FieldableEntityInterface $entity) { // Only check 'edit' permissions for fields that were actually submitted by // the user. Field access makes no difference between 'create' and 'update', // so the 'edit' operation is used here. diff --git a/core/modules/rest/src/ResourceValidationTrait.php b/core/modules/rest/src/ResourceValidationTrait.php index f8576a7..c1d667c 100644 --- a/core/modules/rest/src/ResourceValidationTrait.php +++ b/core/modules/rest/src/ResourceValidationTrait.php @@ -2,7 +2,7 @@ namespace Drupal\rest; -use Drupal\Core\Entity\EntityInterface; +use Drupal\Core\Entity\FieldableEntityInterface; use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException; trait ResourceValidationTrait { @@ -10,13 +10,13 @@ /** * Verifies that the whole entity does not violate any validation constraints. * - * @param \Drupal\Core\Entity\EntityInterface $entity - * The entity object. + * @param \Drupal\Core\Entity\FieldableEntityInterface $entity + * The entity fields are attached to. * * @throws \Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException * If validation errors are found. */ - protected function validate(EntityInterface $entity) { + protected function validate(FieldableEntityInterface $entity) { $violations = $entity->validate(); // Remove violations of inaccessible fields as they cannot stem from our