So I am using Basic Auth in conjunction with the JSONAPI for a headless Drupal setup on Drupal 8.8.4.
When the user I use to query the JSONAPI has the role of "administrator", then obviously everything goes through and all the data is visible.
I created some Taxonomy Term references for a content type. The issue is that if I use the JSONAPI with a user that is not an administrator, then the Taxonomy Term data won't appear in the "relationships" part of the payload for say an article.
I'd like to find out which permission is needed in order for the Taxonomy Term data to be included in the "relationships" part of the payload. Or if anyone can perhaps offer some tips on this one to make it at least a little less painful.
I've googled this and have searched the forums and I know that the permissions follow the Entity API, the issue I'm having is that I don't know how to find the exact permission that is required. Its a big, ugly, unwieldy thing the Drupal Permissions table.
I've even looked through the JSONAPI code lightly. I believe* the code that checks the permission is
function jsonapi_jsonapi_taxonomy_term_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) {
// @see \Drupal\taxonomy\TermAccessControlHandler::checkAccess()
return ([
JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'administer taxonomy'),
JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowedIfHasPermission($account, 'access content'),
]);
}
But I'm not 100% on this or if there is something else. (Taken from jsonapi.module Line ~298)
I tried checking "access content" or as it is titled in the big old table "View published Content" and the other one
"administer taxonomy" or "Administer vocabularies and terms" and still no success.
As of now, just so the data will go through I've made the JSONAPI user have the administrator role, but I bet there is a better solution. Any tips appreciated.
Comments