When requesting the user entity via: /jsonapi/user/user

There's an exception generated that appears to come from trying to load user number 0 (anonymous):

"meta": {
    "errors": [
      {
        "title": "Forbidden",
        "status": 403,
        "detail": "The current user is not allowed to GET the selected resource.",
        "links": {
          "info": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4"
        },
        "code": 0,
        "id": "/user--user/fa541e40-8071-43eb-9791-79a53072dad3",
        "source": {
          "pointer": "/data"
        }
      }
    ]
  },

If you are logged in when this happens you'll get a nicely JSON wrapped stack trace (attached).

CommentFileSizeAuthor
jsonapi_stacktrace.txt39.09 KBjoshk

Comments

joshk created an issue. See original summary.

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented
Status: Active » Closed (works as designed)

Yeah… that is a limitation with how the anonymous user is integrated as a "regular" user.

You can avoid this by doing: /jsonapi/user/user?filter[anon][condition][path]=uid&filter[anon][condition][value]=0&filter[anon][condition][operator]=<>

Please, feel free to reopen if needed.

kostajh’s picture

kostajh commented

I added a note to the documentation here, but @e0ipso, would you consider making the default behavior be that requests to /jsonapi/user/user without any filter are translated to /jsonapi/user/user?filter[anon][condition][path]=uid&filter[anon][condition][value]=0&filter[anon][condition][operator]=<> ?

e0ipso’s picture

e0ipso
Primary language Catalan
Location Can Picafort
commented

Thanks for adding that documentation note @kostajh!

I don't think we'll be adding default filtering on resources soon. It opens up a set of problems we're not ready to deal with.