Editor cannot create entity with Json API call because field access checks on the field value.

The website encountered an unexpected error. Please try again later.
Error: Call to a member function access() on string in Drupal\jsonapi\Controller\EntityResource->createIndividual() (line 209 of modules/contrib/jsonapi/src/Controller/EntityResource.php).

This blocks user to send post request to the Drupal with json api endpoint.
Why are we checking field permission when we creating an entity with api endpoint?

CommentFileSizeAuthor
#3 fix_post_request_breaks_due_field_access_checks_2953637.patch2.12 KBRkhatun

Comments

Rkhatun created an issue. See original summary.

Rkhatun’s picture

Rkhatun commented
Issue summary: View changes
Rkhatun’s picture

Rkhatun commented
StatusFileSize
new fix_post_request_breaks_due_field_access_checks_2953637.patch2.12 KB
gabesullice’s picture

gabesullice
Primary language English
commented
Status: Active » Postponed (maintainer needs more info)

Hi @Rkhatun! Thanks for the bug report and even a patch :)

Can you provide a few more specifics? I believe it is correct for the module to be checking access to fields on POST. Perhaps this is something that you need to address specifically in your project, but without more detail I'm not able to help.

Thanks for providing a bit more context!

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Issue tags: +Needs steps to reproduce
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Status: Postponed (maintainer needs more info) » Closed (duplicate)
Related issues: +#2946746: Unhandled exceptions/fatal errors when POST/PATCH documents contain unknown field names

I'm fairly certain this was a duplicate of #2946746: Unhandled exceptions/fatal errors when POST/PATCH documents contain unknown field names. That bug has been fixed! If that turns out to be wrong, feel free to reopen, but then please provide steps to reproduce!