DDEV is the official local development tool of Drupal. And like Drupal, DDEV depends on the support of the open source community.
The JSON:API Advanced Permissions module provides enhanced control over JSON:API permissions in Drupal. It allows granular permission management for JSON:API resources, ensuring better security and flexibility.
Features
The JSON:API Advanced Permissions module allows administrators to configure detailed permissions for JSON:API endpoints in Drupal. By enabling this module, users gain the ability to set permissions at the resource level, granting fine-grained control over what users can access or modify through JSON:API.
Key features include:
Granular control over resource permissions: Allow or restrict access to specific JSON:API endpoints based on user roles.
Separate permissions for read, create, update, and delete operations: Tailor access to resources depending on the user's needs.
Enhanced security: Ensure that sensitive data is exposed only to authorized users.
This module is useful when you need to expose specific parts of your site’s content via JSON:API but with controlled access.
For example, in a headless Drupal setup where different user roles should have different levels of API access.
Post-Installation
Once you install the JSON:Advanced Permissions module, you'll notice that new permissions appear for each JSON:API
resource types. To configure these, follow these steps:
Go to Admin > Web services > JSON:API Advanced Permissions.
Enable/disable the preferred permissions you want to control.
Important Note: Once you enable any of the choices all of your JSON:API endpoints with that type will require new permissions generated. Unless you grant permissions to roles only administrator role will be able to access those endpoints.
Go to Admin > People > Permissions.
Locate the new permissions under the "JSON:API Advanced Permissions" section.
Configure these permissions to control which roles have access to which JSON
endpoints, and specify what actions they can perform (e.g., view, create, edit, delete).
You don't need to create new content types or change existing ones. The module simply adds new granular permissions for controlling API access.
Additional Requirements
This module requires JSON:API to be installed and enabled. The module works seamlessly with JSON:API, providing more flexibility and security over its default permission settings.
Required Module: JSON:API
Similar projects
There are other modules offering permission control for JSON:API, such as the JSON:API Permission Access module.
However, JSON:API Advanced Permissions stands out by providing more granular control at the individual resource level, which allows for more detailed permission settings, especially useful in complex API-based applications.
This module aims to offer the best experience for managing permissions in JSON:API-driven Drupal sites. We encourage community feedback and contributions to improve its functionality and usability.
Supporting organizations:
Project information
- Project categories: Access control, Decoupled
- Ecosystem: JSON:API
28 sites report using this module- Created by mtbrkrgn on , updated
Stable releases for this project are covered by the security advisory policy.
There are currently no supported stable releases.
