Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Hey!
I'm having problems with filtering users by role. I was previously on Drupal version 8.6.3 and jsonapi version 8.x-2.0-rc1 and was using the following filters to find users with role 'driver'.
filter[role][condition][path]: roles
filter[role][condition][value]: driver
After updating Drupal to 8.6.10 and jsonapi to 2.3, the filter doesn't work any more.
At first I got the following error:
Invalid nested filtering. The field `roles`, given in the path `roles` is incomplete, it must end with one of the following specifiers: `id`.
After changing the filter to:
filter[role][condition][path]: roles.id
filter[role][condition][value]: driver
I'm getting the error Filtering on config entities is not supported by Drupal's entity API. You tried to filter on a Role config entity.
Is there a new way for finding users by role or do I need to build a custom endpoint?
On a sidenote, it seems that the error message for invalid property is outdated since [path]: roles doesn't work: Invalid nested filtering. The property `target_id`, given in the path `roles.target_id`, does not exist. Filter by `roles`, not `roles.target_id` (the JSON:API module elides property names from single-property fields).
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | Screen Shot 2019-02-21 at 14.32.34.png | 87.45 KB | HanPa |
Comments
Comment #2
wim leersThanks for the detailed issue! 👌
You then were on an already insecure version: https://www.drupal.org/project/jsonapi/releases/8.x-2.0-rc4 fixed that, as did 1.24. See https://www.drupal.org/sa-contrib-2018-081
Despite https://www.drupal.org/node/1902034, it's not actually possible to do filtering on config entities if the starting point is a content entity, since content and config entities are stored in different places. See #2959445-7: Entity querying config entities does not work, so neither does JSON API collection filtering: provide helpful DX for a detailed explanation. Hopefully we can make that possible some day :)
So … despite you not getting an error previously, I don't think it ever actually worked? Or did it? I'd be surprised if it did, because #2959445: Entity querying config entities does not work, so neither does JSON API collection filtering: provide helpful DX happened in May 2018, in both the 1.x and 2.x branches, so we've been detecting that edge case and informing the API client for quite some time.
Comment #3
HanPa commentedYeah, I still have a working version running. Actually it seems my Drupal version was 8.6.9, sorry about that.
$ composer outdated "drupal/*"My Vue.js front-end still gets the drivers using these filters when connected to the old back-end:
Weird stuff.
But the good thing is the site is not in production yet and I can find another way to get the drivers.
Thanks for your help!
Comment #4
wim leersAnd does it actually do the necessary filtering? Or does it also happen to return users without that role?
Comment #5
gabesulliceIt worked because
rolesused to filter bytarget_id, which doesn't attempt toJOINthe referenced entity table.We got rid of this, citing it as a "leaky abstraction".
I had a conversation with @pixelwhip yesterday about this same behavior. I tried to help him figure it out but it think we made it impossible.
Perhaps we need to add a
drupal_internal__idmetaproperty to relationships so that we can continue to support filtering on the entity referencetarget_idproperty.Comment #6
wim leersHrm… But isn't this especially a problem because config entity objects have an
uuid(which must be unique), but also have aid(which actually also must be unique), and references to config entities storeuuid, notid.That's why
*.target_id = some_nameused to work: because it stored the name (id) rather than the UUID.I think the most realistic solution is to detect that the target resource type is a config entity type, and in that case, accept
roles.id, but map that to a query that usesroles.target_id?Finally: i think that that makes this officially a regression? 😔
Comment #7
gabesulliceI agree that it's a regression. However, I'm closing this as a duplicate. Reasoning here: #3036593-3: Add 'drupal_internal__target_id' to JSON:API representation of entity reference fields, because that can't be retrieved from the target resource for target entity types without corresponding resources
Comment #8
ro-no-lo commentedI'm sorry to hijack this closed topic, but it seems to be the only one, when searching for "JSON:API filtering users by role".
Could you please add an example how by now (Drupal 9.2.7) you can filter users by role(s) with the JSON:API?
I still get: Filtering on config entities is not supported by Drupal's entity API. You tried to filter on a Rolle config entity.
I tried to use roles_target_id IN ('customers') as filter but get the same error.
Comment #9
gonzalo2683 commentedFor those looking for information on how to filter users by role:
In this issue: https://www.drupal.org/project/drupal/issues/3036593 was fixed.
Was added 'drupal_internal__target_id' property that would allow filtering on configuration entities.
If we read that issue, we see that the changes necessary to filter by roles (configuration entities), entered the Drupal 9.3 branch.
So being in the Drupal 9.3 branch, to filter by roles it would be as follows.
/user/user?include=roles&filter[roles.meta.drupal_internal__target_id]=editor