[D8] Jsonapi Role Access

Hi @arshadkhan35,

Please implement hook_help, and I see that the settings form has "access content" permission which means that it can be accessed by anonymous user as well, So please use your own permissions.

Showing the output given from a tool isn't making a manual review. I removed those review from the Manual reviews list.

Yes, the access content permission isn't thought to be used for the settings pages a module uses. In a site, that permission could be given to anonymous users too, as vigneshvalliappan said, and it's pretty normal to do so. Using that permission for other purposes is a security issue, IMO.

Hello there,

I've reviewed the application and created several tasks in project issues queue:

• #3182717: Add module to "JSON:API" ecosystem
• #3182721: Rename module name to keep the consistency
• #3182725: Provide configuration schema and default configuration values
• #3182727: Use AccessDeniedHttpException exception to forbid the access
• #3182728: Improve permission information

I don't consider them as bugs or security issues, that's why I'm not moving this task to "Needs Work".

I edited the issue tags as per https://www.drupal.org/node/1975228.

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.