summaryrefslogtreecommitdiffstats
path: root/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
diff options
context:
space:
mode:
authorAlex Pott2015-02-02 12:31:59 +0000
committerAlex Pott2015-02-02 12:31:59 +0000
commit466759dc15f57fb2a01381612041a71da32b0362 (patch)
treeee92af5ac03645c9f81a7c39cfa0121938bac228 /core/modules/rest/src/Plugin/rest/resource/EntityResource.php
parent49001708757faaee72597a6a5b23cbecd9f30c7e (diff)
Issue #2405091 by marthinal, Berdir, RavindraSingh: Cannot create user entities - {"error":"Access denied on creating field pass"}
Diffstat (limited to 'core/modules/rest/src/Plugin/rest/resource/EntityResource.php')
-rw-r--r--core/modules/rest/src/Plugin/rest/resource/EntityResource.php12
1 files changed, 8 insertions, 4 deletions
diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
index ffb15e0..1059bd4 100644
--- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
@@ -87,9 +87,13 @@ class EntityResource extends ResourceBase {
if (!$entity->isNew()) {
throw new BadRequestHttpException('Only new entities can be created');
}
- foreach ($entity as $field_name => $field) {
- if (!$field->access('create')) {
- throw new AccessDeniedHttpException(String::format('Access denied on creating field ', array('@field' => $field_name)));
+
+ // Only check 'edit' permissions for fields that were actually
+ // submitted by the user. Field access makes no difference between 'create'
+ // and 'update', so the 'edit' operation is used here.
+ foreach ($entity->_restSubmittedFields as $key => $field_name) {
+ if (!$entity->get($field_name)->access('edit')) {
+ throw new AccessDeniedHttpException(String::format('Access denied on creating field @field', array('@field' => $field_name)));
}
}
@@ -134,7 +138,7 @@ class EntityResource extends ResourceBase {
// Overwrite the received properties.
$langcode_key = $entity->getEntityType()->getKey('langcode');
- foreach ($entity->_restPatchFields as $field_name) {
+ foreach ($entity->_restSubmittedFields as $field_name) {
$field = $entity->get($field_name);
// It is not possible to set the language to NULL as it is automatically
// re-initialized. As it must not be empty, skip it if it is.