Contrib.social

RouteSubscriber should define methods

Open on Drupal.org →
Created on 12 September 2024, 2 months ago

Problem/Motivation

The state machine module route subscriber does not define allowed methods on the state transition form.
It's creating some issues with the router matching system, for example when using REST module to PATCH a commerce order shipment.

In the Router class, there are these lines of codes :

    $collection = $this->applyRouteFilters($collection, $request);
    $collection = $this->applyFitOrder($collection);

    if ($ret = $this->matchCollection(rawurldecode($this->currentPath->getPath($request)), $collection)) {
      return $this->applyRouteEnhancers($ret, $request);
    }

Without declaring the allowed methods on the "state-transition-form" route, it would get a match and cause an 500 error on our project.

Steps to reproduce

- Enable the REST module & Commerce & Commerce shipping.
- Enable PATCH on the commerce shipment endpoint : /admin/commerce/orders/{commerce_order}/shipments/{commerce_shipment}: PATCH
- Use curl to experiment with the endpoint : 

curl -X PATCH --location "https://localhost/admin/commerce/orders/XXXX/shipments/XXXX?_format=json" \
    -H "authorization: Bearer XXXX" \
    -H "Content-Type: application/json" \
    -d '{
            "type": "default",
            "shipment_id": [
                {
                    "value": XXXX
                }
            ],
        }'

- Receive an error 500 : 

The website encountered an unexpected error. Please try again later.<br/><em
        class="placeholder">Error</em>: Call to undefined method Drupal\Core\Field\Plugin\Field\FieldType\EntityReferenceItem::getTransitions() in
<em class="placeholder">Drupal\state_machine\Access\StateTransitionAccessCheck-&gt;access()</em> (line <em
        class="placeholder">51</em> of <em class="placeholder">modules/contrib/state_machine/src/Access/StateTransitionAccessCheck.php</em>).
<pre class="backtrace">Drupal\state_machine\Access\StateTransitionAccessCheck-&gt;access(Object, Object)
call_user_func_array(Array, Array) (Line: 160)
Drupal\Core\Access\AccessManager-&gt;performCheck(&#039;access_check.state_transition&#039;, Object) (Line: 136)
Drupal\Core\Access\AccessManager-&gt;check(Object, Object, Object, 1) (Line: 113)
Drupal\Core\Access\AccessManager-&gt;checkRequest(Object, Object, 1) (Line: 110)
Drupal\Core\Routing\AccessAwareRouter-&gt;checkAccess(Object) (Line: 95)
Drupal\Core\Routing\AccessAwareRouter-&gt;matchRequest(Object) (Line: 151)
Drupal\Core\Routing\AccessAwareRouter-&gt;match(&#039;/admin/commerce/orders/6450/shipments/1408&#039;) (Line: 139)
Drupal\user\Plugin\LanguageNegotiation\LanguageNegotiationUserAdmin-&gt;isAdminPath(Object) (Line: 105)
Drupal\user\Plugin\LanguageNegotiation\LanguageNegotiationUserAdmin-&gt;getLangcode(Object) (Line: 197)
Drupal\language\LanguageNegotiator-&gt;negotiateLanguage(&#039;language_interface&#039;, &#039;language-user-admin&#039;) (Line: 137)
Drupal\language\LanguageNegotiator-&gt;initializeType(&#039;language_interface&#039;) (Line: 218)
Drupal\language\ConfigurableLanguageManager-&gt;getCurrentLanguage() (Line: 92)
Drupal\language\EventSubscriber\LanguageRequestSubscriber-&gt;setLanguageOverrides() (Line: 74)
Drupal\language\EventSubscriber\LanguageRequestSubscriber-&gt;onKernelRequestLanguage(Object, &#039;kernel.request&#039;, Object)
call_user_func(Array, Object, &#039;kernel.request&#039;, Object) (Line: 142)
Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher-&gt;dispatch(Object, &#039;kernel.request&#039;) (Line: 145)
Symfony\Component\HttpKernel\HttpKernel-&gt;handleRaw(Object, 1) (Line: 81)
Symfony\Component\HttpKernel\HttpKernel-&gt;handle(Object, 1, 1) (Line: 58)
Drupal\Core\StackMiddleware\Session-&gt;handle(Object, 1, 1) (Line: 51)
Drupal\ld_api\RequestLoggerMiddleware-&gt;handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\KernelPreHandle-&gt;handle(Object, 1, 1) (Line: 106)
Drupal\page_cache\StackMiddleware\PageCache-&gt;pass(Object, 1, 1) (Line: 85)
Drupal\page_cache\StackMiddleware\PageCache-&gt;handle(Object, 1, 1) (Line: 50)
Drupal\ban\BanMiddleware-&gt;handle(Object, 1, 1) (Line: 48)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware-&gt;handle(Object, 1, 1) (Line: 51)
Drupal\Core\StackMiddleware\NegotiationMiddleware-&gt;handle(Object, 1, 1) (Line: 36)
Drupal\ld_api\ContentTypeMiddleware-&gt;handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel-&gt;handle(Object, 1, 1) (Line: 718)
Drupal\Core\DrupalKernel-&gt;handle(Object) (Line: 19)

Proposed resolution

Define the allowed methods GET and POST on the state machine form routes.

🐛 Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

🇫🇷France Renrhaf 📍 Strasbourg 🐦🦜

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024