JSON API responses now contain a `meta.omitted` object when resources have been removed from the response for access reasons

By gabesullice on 22 August 2018

Change record status:

Published (View all published change records)

Project:

JSON:API

Introduced in branch:

8.x-2.x

Introduced in version:

8.x-2.0

Issue links:

https://www.drupal.org/node/2853066

Description:

JSON API responses never contain resources that the user is not permitted to view (and never have). This can sometimes be difficult to understand and/or to debug. For this, use the meta.omitted object.

In some response types, namely collection responses, to-many related responses and compound documents (those that have an included member), a meta.omitted object will be added to the response if items were removed because of insufficient authorization

The meta.omitted object contains helpful information and links about why the response may not contain all the expected resource, how that can be mitigated, and direct links to the removed resources so that a client may attempt to fetch them with appropriate authorization credentials.

Impacts:

Module developers

Themers

JSON API responses now contain a `meta.omitted` object when resources have been removed from the response for access reasons

News items

Our community

Documentation

Drupal code base

Governance of community