Given that full REST support requires for example config validation we limit the scope for now onto GET requests.
All what GET requests need is a way to serialize those entities, which is already given using the serializer API.
- Just provide GET routes for config entities, remove POST, PUT, DELETE, and PATCH routes which are available now but don't actually work.
- The permission logic will not change. It uses entity view access for all entities on GET. Since core config entities don't have separate view permissions core config entities will rely on admin access permissions. At least one config entity, field_storage_config, doesn't provide admin permissions so will effectively it will not be available via REST because there is currently no way to grant entity view access. There may be other config entities that have this problem.
- Fix a couple of places in the code where we assume fieldable entities, so just run it in those cases
- Since most configuration entities do not canonical links they will be available at the path 'entity/[ENTITY_TYPE]/[ENTITY_ID]'.
For example to retrieve the tags vocabulary use.
curl --user admin:admin --request GET "http://drupal.d8/entity/taxonomy_vocabulary/tags?_format=json"
- Configuration entities that do have canonical links, contact forms are the only example in core, will be available at their canonical link and not the path pattern above.
For instance to retrieve the Feedback contact form you can use:
curl --user admin:admin --request GET "http://drupal.d8/contact/feedback?_format=json"
User interface changes
Removed methods 'POST', 'PUT', 'DELETE', 'PATCH' from Config Entity resources. While this methods were available before this change they would result in fatal errors if you actually tried to use them.
Data model changes