How can I GET/POST flag user by REST API in Drupal 8 or higher

> {"flag_id":"Content" ,"flag_name":"Favorites", "content_id":"34", "action": "flag"}

When you flag something, you're creating a flagging entity. So you should be using the REST API to do that.

However, you're bypassing the Flag API, which might mean counts don't get increased and access doesn't get considered.

(BTW, please don't add random keywords in the tags field!)

HI joachim, I have tried your way and i can't manage to flag the content. Is there something I may be missing?

example.com/entity/flagging is the path I'm using, and using your code for body.

I was only quoting the issue summary, not saying that was the right code to use.

> So finally what can we do to add favorite flag by Api Rest in drupal 8 i couldn't do it until now ?

I don't know. I've not tried it and the Flag module wasn't written with the REST API use case in mind at all.

> anyone did it before? or another way we can make it ?

Looks like not.

What I suggest you do is look at the actual fields that are defined on the Flagging entity. That should tell you what you should be passing in as data.

Then, look at what the Flagging entities does when it saves. As I said above, IIRC you are bypassing the Flag API. Not everything will work as expected.

Hello I try with the default REST entity API but first I implements permissions for flagging to make access on API, but then it's trigerring lot of fatal error (requirement for sql query).
So i made module with 3 endpoints:
-flag
-unflag
-get user flag

For the flag and unflag you need to send this body parameter:
{"flag_id":"flag_article" ,"entity_type":"card_who_did_it", "entity_id":"30"}

for the last endpoint you can filter with this query parameter :
-flag_id : filter on only one flag type.
-entity_type & bundle : get flagging for a given entity type and bundle
-content_load (true or false, false by default) load the entity flagged in result.
=> they are all optional, if no filter send, we get all flagging of current user

wrong patch :)

Missing one exception.

My bad unflag not working this patch should be ok :)

We maybe should reopen #2468275: Create a unified and flexible method of flagging an entity., or pick up the question from there in a new issue:

Really though, we have a philosophical problem here: does flag() wrap around save(), or does save() wrap around flag()?

The D7 way was that flag() wrapped around save(); there was no way we could enforce it, but basically if you called entity_save() on a $flagging, you were violating the API.

@musa.thomas I get this error with the patch
Error: Declaration of Drupal\flag\FlagService::getUserFlagging(array $flags, $load_entities = false, ?Drupal\Core\Session\AccountInterface $account = NULL) must be compatible with Drupal\flag\FlagServiceInterface::getUserFlagging(array $flags, ?Drupal\Core\Session\AccountInterface $account = NULL) in .../public_html/web/modules/contrib/flag/src/FlagService.php, line 17

Hello.

I tried like this and it works: https://airoweb.com/drupal/2019/02/10/How-can-I-POST-flag-by-REST-API-in....

Caveat: I had to give the user the permission "'administer flaggings", this can be a issue.

But I haven't checked the problems that @joachim mentioned about

+1 on this, its a problem that we need to allow 'administer flaggings', is there anyway that this can be breaken down into a basic permission for auth user?

+1

I create a new issue about jsonapi with this module: Use jsonapi to post a flagging needs permission 'administer flaggings'

So I think we should make jsonapi/rest works on permissions like: Flag Favorite product Unflag Favorite product

I've created a merge request based on patch #12 as it wasn't applying correctly in the latest flag version.

I've also added some slight changes that were making the resources to not work properly, and make it compatible with drupal 9. Now the three endpoints are working back in the latest Drupal 9 version.

Please review, thanks!

I've just noticed that the resources to flag / unflag do not check that the current user has permission to perform flagging. Moving to 'Needs work'.

Hmm I was wrong, seems the problem is not in the patch because the access is being checked in the performFlagging method: https://git.drupalcode.org/project/flag/-/merge_requests/9/diffs#1d001cb...

Moving to needs review again.

It was possible to flag/unflag using the rest resource without having permission. Adjusting the way the access is checked in the resource, now it only allows to flag / unflag when the user has the flag/unflag permission needed for the specific entity.

Merge request re-rolled. Tests are passing now. Ready to review again.

@omarlopesino, thanks!

Needs to fix pipeline warnings

All the warnings reported by static analysis have been fixed, which led to some small refactors. It should preserve the old behaviour. Please review, thanks!

Thanks! Needs to add some tests for REST

I had encountered a bug in a react application (embedded in Drupal on the same domain) that for anonymous users, no session id was present.
I found the functionality where this was set and extended it slightly, this should correctly set the session id if it's ever missing.

I also fixed the core version requirement I had mentioned before.

The tests are still needed though, leaving status as-is.

The branch for MR first needs to be changed to 5.x, as this is quite an old issue, to see what's happening there. Once that is done the test can be added.

Cherry picked the changes from 8.x to 5.x, so we have updated branch and test can now be added.

Locally the test is passing. For whatever reason the Drupal CI is not discovering the restful resources (the api/flag, api/unflag and api/user-flag) even though the config is created and enabled. This then produces the 404 error as the page is not found. I'm not sure how to reproduce this locally to try and correct. One option would be to add the configuration into module install, so that when module is enabled/installed it gets the configuration from that. I can not guarantee it will work, but I'm kinda out of suggestions at this point.