- πΊπΈUnited States smustgrave
This came up as a daily BSI
Don't have time to fully setup but would be good to confirm first if still an issue in D11.
Uploading files via rest is not allowed when a user / role DOES have permission for the bundle. The error thrown is below;
Path: /file/upload/node/{bundle}/{field}?_format=hal_json. Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException: in Drupal\file\Plugin\rest\resource\FileUploadResource->validateAndLoadFieldDefinition() (line 443 of /var/www/d9/core/modules/file/src/Plugin/rest/resource/FileUploadResource.php).
A bare-bone Drupal installation does not have "field permissions" unless installing "Field Permissions" module. The way I see it, it is impossible to upload a file for other roles apart from an administrator.
If a role has create/edit permission on the bundle, the field should inherit the bundle permissions.
```
$entity_access_control_handler = $this->entityTypeManager->getAccessControlHandler($entity_type_id);
$bundle = $this->entityTypeManager->getDefinition($entity_type_id)->hasKey('bundle') ? $bundle : NULL;
$access_result = $entity_access_control_handler->createAccess($bundle, NULL, [], TRUE)
->andIf($entity_access_control_handler->fieldAccess('edit', $field_definition, NULL, NULL, TRUE));
if (!$access_result->isAllowed()) {
throw new AccessDeniedHttpException($access_result->getReason());
}```
Make a post request to "/file/upload/node/{bundle}/{field}?_format=hal_json" as any role apart from administrator.
Active
11.0 π₯
file system
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This came up as a daily BSI
Don't have time to fully setup but would be good to confirm first if still an issue in D11.