I would like to enable anoymous user to access JSON API endpoint to preview nodes. The URL will remain same like "jsonapi/node/page/preview". Could someone point me to an example, or let me know which classes I need to extend? Thanks in advance!

Comments

Nitin Shirole created an issue. See original summary.

albertosilva’s picture

albertosilva
Primary language Basque
Location Basque Country
commented
Assigned: Unassigned » albertosilva
Status: Active » Closed (works as designed)

Enabling anonymous access to a node's preview data is, by design, a security breach, so I wouldn't recommend doing it. Preview data is stored using Drupal\Core\TempStore\PrivateTempStoreFactory, which is tied to the current user making the request, so I don't think it is even possible to do it.

JSON:API Node Preview module doesn't enforce any check on a node's preview data, leaving Drupal Core manage that access check in it's standard way: https://git.drupalcode.org/project/jsonapi_node_preview/-/blob/1.0.x/src...

Anyway, if you want to try it, have a look at:

  • web/core/modules/node/src/ParamConverter/NodePreviewConverter.php
  • web/core/modules/node/src/Controller/NodePreviewController.php
  • Drupal\node\Access\NodePreviewAccessCheck
  • search for the "_node_preview_access" tag