- Issue created by @djdevin
When retrieving an entity from JSON:API that is currently versioned in the workspace, access is denied unless the user also has "view all revisions" which should not be necessary, as the node's swapped revision itself is accessible by the same user.
JSON:API does an explicit check on isDefaultRevision() which is causing the issue.
1. Install Drupal
2. Enable workspaces, jsonapi
3. Create and save a page, then edit the page in the default Stage workspace.
3. Login as a user with a role that has access to workspaces, but not "view all revisions", and ensure you can see the change in #3 on node/1
4. Visit /jsonapi/node/page?filter[drupal_internal__nid]=1
5. Verify error: "The current user is not allowed to GET the selected resource. The user does not have access to the requested version."
TBD
Active
11.0 π₯
workspaces.module