.../src/Plugin/rest/resource/EntityResource.php | 10 -------- .../user/src/Plugin/rest/resource/UserResource.php | 27 ++++++++++++++++++++++ core/modules/user/user.module | 9 ++++++++ 3 files changed, 36 insertions(+), 10 deletions(-) diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php index cb3e07f..bba239d 100644 --- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php +++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php @@ -231,16 +231,6 @@ public function patch(EntityInterface $original_entity, EntityInterface $entity // Overwrite the received fields. foreach ($entity->_restSubmittedFields as $field_name) { $field = $entity->get($field_name); - - // The User entity type's 'pass' field is a very special case: even though - // it is not allowed to be viewed nor edited, to be able to modify - // security-sensitive fields, the password must be specified. - // @see \Drupal\Tests\rest\Functional\EntityResource\User\UserResourceTestBase::testPatchDxForSecuritySensitiveBaseFields() - if ($original_entity instanceof UserInterface && $field_name === 'pass') { - $original_entity->set('pass', $field->getValue()); - continue; - } - if ($this->checkPatchFieldAccess($field_name, $original_entity->get($field_name), $field)) { $original_entity->set($field_name, $field->getValue()); } diff --git a/core/modules/user/src/Plugin/rest/resource/UserResource.php b/core/modules/user/src/Plugin/rest/resource/UserResource.php new file mode 100644 index 0000000..0df3925 --- /dev/null +++ b/core/modules/user/src/Plugin/rest/resource/UserResource.php @@ -0,0 +1,27 @@ +