- 🇨🇳China 司南
I found that this issues is not only on user entity, status field of any entity type can not be filter.
I want for certain role to be able list all active users. I added permission for given role "View user information". Now it if call
/jsonapi/user/user
I get list of all users which is expected behaviour. But if I call
/jsonapi/user/user?filter[status][value]=1
I get error:
{
"errors": [
{
"detail": "The current user is not authorized to filter by the `status` field, given in the path `status`.",
"links": {
"info": {
"href": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4"
},
"via": {
"href": "https://XXX/jsonapi/user/user?filter%5Bstatus%5D%5Bvalue%5D=1"
}
},
"status": "403",
"title": "Forbidden"
}
],
"jsonapi": {
"meta": {
"links": {
"self": {
"href": "http://jsonapi.org/format/1.0/"
}
}
},
"version": "1.0"
}
}
For admin user it works so syntax should be ok. I did little research and i was able to get it work for given role only if I assigned permission "Administer users". It doest make sense to me. I can view all users (active and blocked) but I can't filter only active or blocked? And assinging permission "Administer users" seems to be too much.
/jsonapi/user/user?filter[status][value]=1Allow user status for user with permission "View user information" or if its on purpose for some reason we could add new permission just for user status?
Needs work
11.0 🔥
jsonapi.module
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I found that this issues is not only on user entity, status field of any entity type can not be filter.