Currently this module doesn't work with the 2.x branch of https://www.drupal.org/project/jsonapi. I'm trying to use the two together currently and have found that the issue is around the customer access check event dispatcher. A small fix appears to resolve the issue, but, tbh I haven't had time to review this completely. I'm interested in your thoughts. I'm going to add a ticket in our project board to go back and review this code to make sure it's not breaking anything else.

CommentFileSizeAuthor
#8 permissions_by_term--use-access-result--3032557--8.patch1.68 KBbstan
#7 permissions_by_term--use-access-result--3032557--6.patch1.43 KBbstan
#6 permissions_by_term--use-access-result--3032557--6.patch1.45 KBbstan
#5 permissions_by_term--use-access-result--3032557--4.patch1.61 KBrichardgaunt
#4 permissions_by_term--use-access-result--3032557--4.patch0 bytesrichardgaunt
#3 permissions_by_term--use-access-result--3032557--3.patch1.43 KBdamontgomery
#2 permissions_by_term-jsonapi_integration-3032557-2-8.26.patch1.54 KBkurtfoster

Issue fork permissions_by_term-3032557

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

    About issue forks

    Comments

    kurtfoster created an issue. See original summary.

    kurtfoster’s picture

    kurtfoster commented
    StatusFileSize
    new permissions_by_term-jsonapi_integration-3032557-2-8.26.patch1.54 KB

    Here's the patch.

    damontgomery’s picture

    damontgomery commented
    StatusFileSize
    new permissions_by_term--use-access-result--3032557--3.patch1.43 KB

    I had a similar issue. I'll attach my patch below.

    Use case:

    Use a term reference field on a node. Configure a term to provide access to a role. Configure this module with `Permissions mode`.

    Assign the `access content` permission to the role.

    Access a list of that node type at /jsonapi/node/article for example.

    Expected:
    Only the nodes with that term are shown.

    Actual:
    All nodes are shown.

    ----

    Viewing things through the browser works as expected, only nodes with the terms can be seen.

    I've narrowed it down to this code:

    /**
 * Implements hook_node_access().
 *
 * Forwards user by drupal_access_denied(); to an access denied page, if a
 * single restricted node is called.
 *
 * This hook is not fired if admin is logged in. Users with the
 * "bypass node access" permission may always view and edit content
 * through the administrative interface.
 */
function permissions_by_term_node_access(NodeInterface $node, $op, AccountInterface $account) {
  /* @var \Drupal\permissions_by_term\Service\AccessCheck $accessCheck */
  $accessCheck = \Drupal::service('permissions_by_term.access_check');

  $accessCheck->dispatchDeniedEventOnRestricedAccess($node->id(), $node->language()->getId());
}

    This code as described throws a message which forwards the user in the browser. But... that doesn't apply to the API endpoint and thus it does nothing and the default `access content` permission says we can access the content. If I remove that permission, I cannot access content at all on the browser or through the API.

    I expect node_access hooks to return an AccessResult object. Why use this redirect pattern instead of the AccessResult object?

    The patch I worked on is similar to that above, but gets rid of the dispatcher (well, doesn't call it at this point). I swap the message for the AccessResult object which worked for us. If this is a more specific use case, people can use the patch in a custom module.

    richardgaunt’s picture

    richardgaunt commented
    StatusFileSize
    new permissions_by_term--use-access-result--3032557--4.patch0 bytes

    Sorry ignore.

    richardgaunt’s picture

    richardgaunt commented
    StatusFileSize
    new permissions_by_term--use-access-result--3032557--4.patch1.61 KB

    Reroll #2 patch for module version 8.x-2.33

    bstan’s picture

    bstan commented
    StatusFileSize
    new permissions_by_term--use-access-result--3032557--6.patch1.45 KB

    Re-roll #2 patch for 3.1.x

    bstan’s picture

    bstan commented
    StatusFileSize
    new permissions_by_term--use-access-result--3032557--6.patch1.43 KB

    Fixed patch with latest in 3.1.x-dev

    bstan’s picture

    bstan commented
    StatusFileSize
    new permissions_by_term--use-access-result--3032557--8.patch1.68 KB

    Missed removing the `void` 🤦‍♂️

    jepster_’s picture

    jepster_
    Location 🇩🇪Düsseldorf
    commented
    Status: Active » Fixed

    Thanks for your contribution. I've released this with version 3.1.41. See: https://www.drupal.org/project/permissions_by_term/releases/3.1.41

    Now that this issue is closed, review the contribution record.

    As a contributor, attribute any organization that helped you, or if you volunteered your own time.

    Maintainers, credit people who helped resolve this issue.

    • 09b2b120 committed on 3.1.x-dev 
      feat: #3032557 Integration with jsonapi

    • d0b2b3ea committed on 3.1.x-dev 
      feat: #3032557 Integration with jsonapi

By: kurtfoster
By: damontgomery...

    Status: Fixed » Closed (fixed)

    Automatically closed - issue fixed for 2 weeks with no activity.