How can I GET/POST flag user by REST API in Drupal 8 or higher

> {"flag_id":"Content" ,"flag_name":"Favorites", "content_id":"34", "action": "flag"}

When you flag something, you're creating a flagging entity. So you should be using the REST API to do that.

However, you're bypassing the Flag API, which might mean counts don't get increased and access doesn't get considered.

(BTW, please don't add random keywords in the tags field!)

HI joachim, I have tried your way and i can't manage to flag the content. Is there something I may be missing?

example.com/entity/flagging is the path I'm using, and using your code for body.

I was only quoting the issue summary, not saying that was the right code to use.

> So finally what can we do to add favorite flag by Api Rest in drupal 8 i couldn't do it until now ?

I don't know. I've not tried it and the Flag module wasn't written with the REST API use case in mind at all.

> anyone did it before? or another way we can make it ?

Looks like not.

What I suggest you do is look at the actual fields that are defined on the Flagging entity. That should tell you what you should be passing in as data.

Then, look at what the Flagging entities does when it saves. As I said above, IIRC you are bypassing the Flag API. Not everything will work as expected.

Hello I try with the default REST entity API but first I implements permissions for flagging to make access on API, but then it's trigerring lot of fatal error (requirement for sql query).
So i made module with 3 endpoints:
-flag
-unflag
-get user flag

For the flag and unflag you need to send this body parameter:
{"flag_id":"flag_article" ,"entity_type":"card_who_did_it", "entity_id":"30"}

for the last endpoint you can filter with this query parameter :
-flag_id : filter on only one flag type.
-entity_type & bundle : get flagging for a given entity type and bundle
-content_load (true or false, false by default) load the entity flagged in result.
=> they are all optional, if no filter send, we get all flagging of current user

wrong patch :)

Missing one exception.

My bad unflag not working this patch should be ok :)

We maybe should reopen #2468275: Create a unified and flexible method of flagging an entity., or pick up the question from there in a new issue:

Really though, we have a philosophical problem here: does flag() wrap around save(), or does save() wrap around flag()?

The D7 way was that flag() wrapped around save(); there was no way we could enforce it, but basically if you called entity_save() on a $flagging, you were violating the API.

@musa.thomas I get this error with the patch
Error: Declaration of Drupal\flag\FlagService::getUserFlagging(array $flags, $load_entities = false, ?Drupal\Core\Session\AccountInterface $account = NULL) must be compatible with Drupal\flag\FlagServiceInterface::getUserFlagging(array $flags, ?Drupal\Core\Session\AccountInterface $account = NULL) in .../public_html/web/modules/contrib/flag/src/FlagService.php, line 17

Hello.

I tried like this and it works: https://airoweb.com/drupal/2019/02/10/How-can-I-POST-flag-by-REST-API-in....

Caveat: I had to give the user the permission "'administer flaggings", this can be a issue.

But I haven't checked the problems that @joachim mentioned about

+1 on this, its a problem that we need to allow 'administer flaggings', is there anyway that this can be breaken down into a basic permission for auth user?

+1

I create a new issue about jsonapi with this module: Use jsonapi to post a flagging needs permission 'administer flaggings'

So I think we should make jsonapi/rest works on permissions like: Flag Favorite product Unflag Favorite product

I've created a merge request based on patch #12 as it wasn't applying correctly in the latest flag version.

I've also added some slight changes that were making the resources to not work properly, and make it compatible with drupal 9. Now the three endpoints are working back in the latest Drupal 9 version.

Please review, thanks!

I've just noticed that the resources to flag / unflag do not check that the current user has permission to perform flagging. Moving to 'Needs work'.

Hmm I was wrong, seems the problem is not in the patch because the access is being checked in the performFlagging method: https://git.drupalcode.org/project/flag/-/merge_requests/9/diffs#1d001cb...

Moving to needs review again.

It was possible to flag/unflag using the rest resource without having permission. Adjusting the way the access is checked in the resource, now it only allows to flag / unflag when the user has the flag/unflag permission needed for the specific entity.