Use jsonapi to post a flagging needs permission 'administer flaggings' and always failed to "A flagging can't be moved to another entity."

Created on 1 November 2019, about 5 years ago

Updated 2 March 2024, 9 months ago

Problem/Motivation

At present, flaggings cannot be posted or retrieved from jsonapi unless the user has the "Administer flaggings" permission.

This is incorrect behavior because users may have permission to make flaggings/access their own flags, so they shouldn't be automatically denied access.

According to Wim Leers → , the Flag module needs to provide a normalizer for rest/jsonapi.

Steps to reproduce

1. Create a flag and have authenticated users flag some content.
2. Use jsonapi to try to post a flagging while logged in as a non-admin user that has permission to post a flag.

You will get an "access denied" message.

Proposed resolution

Add support for POST operations for flags in jsonapi.

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Needs review

Version

4.0

Component

Flag core

Created by

🇨🇳China lawxen

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Open on Drupal.org →
Core: 9.5.x + Environment: PHP 7.3 & MySQL 5.7
last update 9 months ago
Waiting for branch to pass
Comment 9 months ago →
🇸🇪Sweden kevinn
Created patch from the fork.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024