This modules is pretty interesting for updating and designing Drupal site. I have an external webapp/page where I run waterwheel commands that uses jsonapi formats.
I have a valid Oauth declared at the top of the page script and I was able to successfully create a node or content using GET, PATCH and POST method using waterwheel.
I have VotingAPi installed in the site to implement voting in nodes and entities.
Now, when trying to use GET of votes and pull data from site, I am getting an "Access Denied" from the Drupal logs and 403 Response in the browser console.
This is the command I issued to access the votes where I got the error:
waterwheel.jsonapi.get('vote/like/[VOTE_UUID]', {})
.then(res => {
console.table(res)
console.log('Success!')
})
.catch(err => {
console.log(err)
});
Comment | File | Size | Author |
---|---|---|---|
#13 | voting_api_getting_an-2872435-13.patch | 4.69 KB | sylus |
Comments
Comment #2
dawehnerI believe the main problem is that voting API doesn't expose any access control handler for this entity: http://cgit.drupalcode.org/votingapi/tree/src/Entity/Vote.php?h=8.x-3.x#n23 so access is never granted.
Comment #3
clemens.tolboomI guess this can be moved to Voting API project right? Please do so.
Comment #4
dawehner@clemens.tolboom
I totally believe so.
Comment #5
Wim LeersComment #6
GrandmaGlassesRopeManComment #7
sylus CreditAttribution: sylus commentedI needed the baseline functionality for this to work in my integration with external_entities + custom storage clients (CKAN + Solr). External entities works great with external_comments so just needed to get voting to work. I am leveraging the votingapi_widgets module + the following patch to votingapi:
https://www.drupal.org/files/issues/2846341-anonymous-votes-5.patch
For now I just returned Access:Allowed for both Vote + VoteResult. However there were still issues with Vote Result which does not have a UUID column which causes issues with jsonapi. I added this column and now the following queries do work along with relationships to nodes:
All Votes / Votes by UUID
All Vote Results / Vote Results by UUID
Get all votes from a specific node
Get the vote calculated average from a specific node
Comment #8
clemens.tolboomSound great! I've added #2846341: Different anonymous users cannot vote separately as related.
Comment #9
johnreytanquinco CreditAttribution: johnreytanquinco commentedYes, tried your patch and we are getting errors from the log related to UUID as you mentioned:
Drupal\Core\Database\DatabaseExceptionWrapper: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'base.uuid' in 'field list': SELECT base.id AS id, base.uuid AS uuid, base.type AS type, base.entity_type AS entity_type, base.entity_id AS entity_id, base.value AS value, base.value_type AS value_type, base.function AS function, base.timestamp AS timestamp FROM {votingapi_result} base WHERE base.id IN (:db_condition_placeholder_0); Array ( [:db_condition_placeholder_0] => 8 ) in Drupal\Core\Entity\Sql\SqlContentEntityStorage->getFromStorage() (line 428 of /var/www/opensocial/html/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php).
Comment #10
p4tric CreditAttribution: p4tric commentedI am also getting the same error.
Comment #11
magick93 CreditAttribution: magick93 commentedI am also facing the same issue. Any updates on this?
Comment #12
sylus CreditAttribution: sylus commentedAh apologies, I broke out the UUID stuff and just added the access control as should introduce the UUID problems in another issue.
I forgot it requires a patch to core's EntityReferenceItem.php to determine when to use string (uuid) vs int for referencing an entity which will cause the BaseFieldDefinitions on install to relate to.
Updated patch with just the baseline need to not get this issue, but they are largely just access bypass so will need to add more appropriate checks.
Comment #13
sylus CreditAttribution: sylus commentedForgot to remove the entity constraint override.
Comment #14
johnreytanquinco CreditAttribution: johnreytanquinco commentedHi @sylus, Thanks for updating the patch. I actually tried to run a simple test using
GET
andPOST
in postman. I was able to fetch details using get, but now when posting or updating a vote I am still getting a 403 response. I think I have correct configuration and permission of vote. I even allow anonymous use to vote in contents and its working fine with manual voting.In postman I use `sitename/entity/vote` as path for `post` method where I am getting a 403 response. It actually logs in to the site but can't update or post vote on the content.
Comment #15
magick93 CreditAttribution: magick93 as a volunteer commentedComment #16
magick93 CreditAttribution: magick93 as a volunteer commentedHi Sylus, which Drupal core version did you test this fix on?
Comment #17
johnreytanquinco CreditAttribution: johnreytanquinco commentedMy mistake. I confirmed the patch works as expected. I was able to update the vote using post. Thanks! Appreciate it!
Comment #18
mqannehPatch #13 fixed the issue.
Comment #20
pifagorDone
Comment #21
pifagor