Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Now that #1780646: entity_access() fails to check node type specific create access is fixed we should remove this temporary hack and rely on the default access callback of the entity API again.
Comment | File | Size | Author |
---|---|---|---|
#1 | restws-property-access-2237879-1.patch | 3.6 KB | klausi |
Comments
Comment #1
klausiPatch attached, I'm glad that we have the test cases to catch our special use case of property/field access.
Comment #2
muschpusch CreditAttribution: muschpusch commentedThe patch isn't working for me. I also tried it in combination with #1720602. At least i don't need to give the 'bypass node access permission' anymore but administer content is still required.
[edit]I use entity API 1.4 and dev version of restws[/edit]
Comment #3
muschpusch CreditAttribution: muschpusch commentedok after having a better look at this. The problem is in the part of the code which is checking for the $info['access callback'] if that one isn't set it checks for the setter permission, which is 'administer nodes' at least for the "sticky" and "status"properties of nodes. Should we just exclude those from the check?
Comment #5
klausiThis issue is only about fixing the temporary hack, if there is something left to do for nodes we should have a separate issue. "sticky" and "status" are access protected properties that require the administer nodes permission. Did you try to just leave them out in your POST/PUT request?