Problem/Motivation
Please refer the problem/motivation section of #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method
And #2870018: Should the 'access content' permission be used to control access to viewing configuration entities via REST
Proposed resolution
- Add admin permission to entity annotation
- Write EntityResourceTestBase subclass for the RdfMapping entity.
Remaining tasks
References
1. Follow-up of #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method
2. Subtask of #2824572: Write EntityResourceTestBase subclasses for every other entity type.
Comment | File | Size | Author |
---|---|---|---|
#13 | entityresource_provide-2843771-13.patch | 9.25 KB | Wim Leers |
#13 | interdiff.txt | 2.91 KB | Wim Leers |
#9 | interdiff-2843771-6-9.txt | 1.02 KB | shadcn |
#9 | entityresource_provide-2843771-9.patch | 10.54 KB | shadcn |
#6 | interdiff-2843771-3-6.txt | 2.24 KB | shadcn |
Comments
Comment #3
shadcn CreditAttribution: shadcn at Chapter Three commentedOK here we go.
We have the same access issue here. So this adds an access handler to
\Drupal\rdf\Entity\RdfMapping
.Let's see what fails.
Comment #5
Wim Leerss/rdf/RDF/
This is not for vocabulary config entities.
s/NodeType/RdfMapping/
This is why the test failed :)
These comments are pointless, and inconsistent with the others. But I don't care enough to insist on them being removed.
Comment #6
shadcn CreditAttribution: shadcn at Chapter Three commentedThanks for the review Wim.
1. Done.
2. Removed.
3. Fixed. Thanks.
4. I do. Removed them. Let's keep things consistent :)
Comment #8
Wim LeersOne more thing. Let's replace this with:
Then it's far more clear what's happening. Also consistent with the rest. No more magic!
Comment #9
shadcn CreditAttribution: shadcn at Chapter Three commentedDone. Thanks.
Comment #10
Wim LeersComment #11
alexpottI think we need an issue to discuss the applicability of this permission to config entities. It doesn't feel right. See #2843772-15: EntityResource: Provide comprehensive test coverage for DateFormat entity
Comment #12
Wim LeersThis is blocked on #2870018: Should the 'access content' permission be used to control access to viewing configuration entities via REST reaching consensus.
Comment #13
Wim LeersConsensus was achieved! Quoting #2870018-35: Should the 'access content' permission be used to control access to viewing configuration entities via REST:
It seemed reasonable to use the same
administer site configuration
as theadmin_permission
for theRdfMapping
config entity type, since\Drupal\Core\Datetime\Entity\DateFormat
does this too, and it's very similar site builder-wise, and editing frequency-wise.Comment #14
alexpottRehashing title and issue summary to cover scope
Comment #15
alexpottThis is a bug fix because the config entity should not be exposed to users without the admin permission via REST or JsonAPI.
Comment #16
alexpottCommitted and pushed f135eb2 to 8.4.x and b986493 to 8.3.x. Thanks!
Backported to 8.3.x to close the anon access and for the additional test coverage.
Comment #19
Wim LeersYay, thanks! Updated #2824572: Write EntityResourceTestBase subclasses for every other entity type., 16 now remain :)