Exposing configurable languages through JSON:API is challenging due to permission issues

Created on 4 July 2023, over 1 year ago

Problem/Motivation

When I try to expose the configurable language resource through JSON:API I've got the following access check:

"The current user is not allowed to GET the selected resource. The 'administer languages' permission is required."

This is due to the fact that all requests to the JSON:API endpoint are considered to be made by unauthenticated users and I don't want to grant anonymous users "administer languages" permission in order to have the languages in JSON API.

Steps to reproduce

Enable the JSON:API module
Enable the Languge module
(optional) Enable the "Configurable Language" resource in JSON:API extras if needed.
(optional) Enable the "Configurable Language" resource in JSON:API extras if needed.
Send an HTTP request to: {domain}/jsonapi/configurable_language/configurable_language

Proposed resolution

The quick fix for that is to implement hook_entity_access or hook_ENTITY_TYPE_access to modify the access control handler for "view" operations.

Another solution is to introduce a "view" permission for configurable languages similar to the Vocabulary entity where the "Access the taxonomy vocabulary overview page" permission can be used to have all vocabularies exposed through JSON:API

I'd like to hear your opinion on that.

Remaining tasks

Nothing yet.

User interface changes

Nope

API changes

Nope

Data model changes

Nope

Release notes snippet

✨ Feature request

Status

Active

Version

10.1 ✨

Component

Language system →

Last updated about 9 hours ago

Maintained by
🇩🇪Germany @sun

Created by

🇧🇬Bulgaria nikolabintev

Live updates comments and jobs are added and updated live.

jsonapi

Comments & Activities

Issue created by @nikolabintev

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024