summaryrefslogtreecommitdiffstats
path: root/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
diff options
context:
space:
mode:
authorAlex Pott2016-12-02 22:18:44 +0000
committerAlex Pott2016-12-02 22:18:44 +0000
commit67c7387fd9de3e1c8de1add0c9945fbcf318b3e3 (patch)
tree5b03e42c7296ea0c3098e6a3b44d7ed6a2c235a1 /core/modules/rest/src/Plugin/rest/resource/EntityResource.php
parent740ccca37f6f3255e8afcf3246ce8cd7de05a12e (diff)
Issue #2789315 by amateescu, timmillwood, claudiu.cristea, sandervd, GroovyCarrot, catch, Wim Leers, Berdir, pfrenssen, twistor, xjm: Create EntityPublishedInterface and use for Node and Comment
Diffstat (limited to 'core/modules/rest/src/Plugin/rest/resource/EntityResource.php')
-rw-r--r--core/modules/rest/src/Plugin/rest/resource/EntityResource.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
index 55ce64a..a5cb361 100644
--- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
@@ -213,6 +213,13 @@ class EntityResource extends ResourceBase implements DependentPluginInterface {
// them. However, rather than throwing an error, we just ignore them as
// long as their specified values match their current values.
if (in_array($field_name, $entity_keys, TRUE)) {
+ // @todo Work around the wrong assumption that entity keys need special
+ // treatment, when only read-only fields need it.
+ // This will be fixed in https://www.drupal.org/node/2824851.
+ if ($entity->getEntityTypeId() == 'comment' && $field_name == 'status' && !$original_entity->get($field_name)->access('edit')) {
+ throw new AccessDeniedHttpException("Access denied on updating field '$field_name'.");
+ }
+
// Unchanged values for entity keys don't need access checking.
if ($original_entity->get($field_name)->getValue() === $entity->get($field_name)->getValue()) {
continue;