I’ve completed the implementation of the node/latest route, which allows editors to view their latest changes on the frontend.
However, I’m not sure about the current approach used in this ticket to retrieve a specific entity revision. The issue is that, in theory, a user without permission to view revisions could still use this route to obtain the JSON:API URL of a revision.
I believe that retrieving a specific revision should be handled through the entity.{type}.revision route, which ensures proper access checks. For example, for a node, it should be /node/123/revisions/12345/view, and the user should have a permission like view all revisions.
Hi team,
While investigating an issue with /node/123/latest, I came across this ticket. It looks like this route currently resolves to the default revision instead of the latest revision, as the resourceVersion with the latest revision ID is missing.
I've addressed this in the commit linked above—please review.
kovalski.1298 → made their first commit to this issue’s fork.
Fixed the issue that prevented the previous patch from being applied.
Fixed the WebP file search in the database and ensured correct usage of the WebP module.