Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
When I try to expose the configurable language resource through JSON:API I've got the following access check:
"The current user is not allowed to GET the selected resource. The 'administer languages' permission is required."
This is due to the fact that all requests to the JSON:API endpoint are considered to be made by unauthenticated users and I don't want to grant anonymous users "administer languages" permission in order to have the languages in JSON API.
Steps to reproduce
- Enable the JSON:API module
- Enable the Languge module
- (optional) Enable the "Configurable Language" resource in JSON:API extras if needed.
- (optional) Enable the "Configurable Language" resource in JSON:API extras if needed.
- Send an HTTP request to: {domain}/jsonapi/configurable_language/configurable_language
Proposed resolution
The quick fix for that is to implement hook_entity_access or hook_ENTITY_TYPE_access to modify the access control handler for "view" operations.
Another solution is to introduce a "view" permission for configurable languages similar to the Vocabulary entity where the "Access the taxonomy vocabulary overview page" permission can be used to have all vocabularies exposed through JSON:API
I'd like to hear your opinion on that.
Remaining tasks
Nothing yet.
User interface changes
Nope
API changes
Nope
Data model changes
Nope
Comments