Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
REST clients can GET an entity resource, which includes values for fields that the user is allowed to view. However, the REST client then does not know which of these fields the user is allowed to edit.
Proposed resolution
- For the HAL format, we're already returning 'type' link relations with the entity resource. The URI of that is defined in TypeLinkManager::getTypeUri(), the current documentation of which explains that this is a URI without a core-provided resource backing it. So one possible solution to this issue is to implement that resource.
- If we do #2664876: Add JsonApi (application/vnd.api+json) and deprecate HAL?, then JsonAPI provides its own specification for inlining metadata into the entity resource.
Comments
Comment #6
Grayside CreditAttribution: Grayside at Phase2 commentedGiven the Typed Data API has an isReadOnly() method, as long as that is consistently and correctly set this is something Contrib modules like Schemata could help as well providing these insights to other resource formats.
Comment #7
Wim LeersThe problem is also that it's access-dependent — even if something is editable, it may be editable only by admins, for example.
Comment #8
dawehnerHere are a couple of sort of related discussions worth reading in general:
but none of them provide real solutions.