Anonymous JSON:API users can't view Redirect Entities

Created on 10 August 2019, over 5 years ago

Updated 4 August 2022, over 2 years ago

Problem/Motivation

JSON:API consumers cannot retrieve redirects because viewing a redirect entity is based on the permission "administer redirects". Those who wish to bypass Drupal's router, but use functionality/not retrain users are left unable to use this module.

Reproduction

Install JSON:API and Redirects.
Create any redirect.
As an anonymous user, navigate to /jsonapi/redirects/redirects and see that any redirects created require "administer redirects" to view

Proposed resolution

Implement access() and provide a "view redirects" permission that is disabled by default. Add a description to said permission that makes it clear that this is for use with APIs.

Remaining tasks

Patch written, review needed.

User interface changes

Additional Permission now available called "View individual URL redirections through APIs".

API changes

None as far as I'm aware.

Data model changes

None as far as I'm aware.

🐛 Bug report

Status

Needs review

Version

1.0

Component

Code

Created by

🇺🇸United States MarieKirya

Live updates comments and jobs are added and updated live.

Incomplete comments

Merge Requests

!23Anonymous JSON:API users can't view Redirect Entities
Open
🇺🇦Ukraine quadrexdev
updated about 13 hours ago

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Merge request !233073966 - Fixed an issue with access method in order to allow... → (Open) created by quadrexdev
Open in Jenkins → Open on Drupal.org →
Core: 9.5.x + Environment: PHP 7.4 & MySQL 5.7
last update about 2 years ago
63 pass
Comment about 13 hours ago →
🇦🇺Australia GuillaumeG
Thanks for the patch, it is working great here!

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024