Discovered while working on #2930028: Comprehensive JSON API integration test coverage phase 1: for every entity type, individual resources only → .
\Drupal\jsonapi\Normalizer\EntityAccessDeniedHttpExceptionNormalizer() does this:
if (isset($entity)) {
$errors[0]['id'] = sprintf(
'/%s--%s/%s',
$entity->getEntityTypeId(),
$entity->bundle(),
$entity->uuid()
);
}
yet http://jsonapi.org/format/#error-objects says:
An error object MAY have the following members:
- id: a unique identifier for this particular occurrence of the problem.
Yet something like /user--user/550e8400-e29b-41d4-a716-446655440000 is not a unique identifier for this particular occurrence of the problem!
This was introduced in #2844130: Create a custom EntityAccessDeniedHttpException → .
Remove it.
None.
None.
None.
None.
Closed: works as designed
8.9 ⚰️
Last updated
Enhances developer experience.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Hmm, if this works as designed, we might need to move along and try and execute: /Users/bjorn/projects/drupal/core/modules/jsonapi/tests/src/Functional/NodeTest.php:341. Which is a todo to remove some code when this issue is closed. Opening a child issue.