summaryrefslogtreecommitdiffstats
path: root/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
diff options
context:
space:
mode:
authoreffulgentsia2016-08-03 10:28:52 -0700
committereffulgentsia2016-08-03 10:28:52 -0700
commit79dfc068a0bd40e1ffe9cfba785397468d239bfa (patch)
treefa57093283bf54dd4282d994a70028f331a7498b /core/modules/rest/src/Plugin/rest/resource/EntityResource.php
parent97f20479878617cf76c210c567ab7cf99262fb5f (diff)
Issue #2291055 by marthinal, tedbow, Wim Leers, kylebrowning, m1r1k, clemens.tolboom, jlbellido, vivekvpandya, snehal.brahmbhatt, dawehner, klausi, droti, alexpott, cloudbull, Berdir, heykarthikwithu, claudiu.cristea: REST resources for anonymous users: register
Diffstat (limited to 'core/modules/rest/src/Plugin/rest/resource/EntityResource.php')
-rw-r--r--core/modules/rest/src/Plugin/rest/resource/EntityResource.php48
1 files changed, 5 insertions, 43 deletions
diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
index 5cf42dd..dfb0272 100644
--- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
@@ -36,6 +36,9 @@ use Symfony\Component\HttpKernel\Exception\HttpException;
*/
class EntityResource extends ResourceBase implements DependentPluginInterface {
+ use EntityResourceValidationTrait;
+ use EntityResourceAccessTrait;
+
/**
* The entity type targeted by this resource.
*
@@ -156,14 +159,7 @@ class EntityResource extends ResourceBase implements DependentPluginInterface {
throw new BadRequestHttpException('Only new entities can be created');
}
- // Only check 'edit' permissions for fields that were actually
- // submitted by the user. Field access makes no difference between 'create'
- // and 'update', so the 'edit' operation is used here.
- foreach ($entity->_restSubmittedFields as $key => $field_name) {
- if (!$entity->get($field_name)->access('edit')) {
- throw new AccessDeniedHttpException("Access denied on creating field '$field_name'");
- }
- }
+ $this->checkEditFieldAccess($entity);
// Validate the received data before saving.
$this->validate($entity);
@@ -175,8 +171,7 @@ class EntityResource extends ResourceBase implements DependentPluginInterface {
// body. These responses are not cacheable, so we add no cacheability
// metadata here.
$url = $entity->urlInfo('canonical', ['absolute' => TRUE])->toString(TRUE);
- $response = new ModifiedResourceResponse($entity, 201, ['Location' => $url->getGeneratedUrl()]);
- return $response;
+ return new ModifiedResourceResponse($entity, 201, ['Location' => $url->getGeneratedUrl()]);
}
catch (EntityStorageException $e) {
throw new HttpException(500, 'Internal Server Error', $e);
@@ -277,39 +272,6 @@ class EntityResource extends ResourceBase implements DependentPluginInterface {
}
/**
- * Verifies that the whole entity does not violate any validation constraints.
- *
- * @param \Drupal\Core\Entity\EntityInterface $entity
- * The entity object.
- *
- * @throws \Symfony\Component\HttpKernel\Exception\HttpException
- * If validation errors are found.
- */
- protected function validate(EntityInterface $entity) {
- // @todo Remove when https://www.drupal.org/node/2164373 is committed.
- if (!$entity instanceof FieldableEntityInterface) {
- return;
- }
- $violations = $entity->validate();
-
- // Remove violations of inaccessible fields as they cannot stem from our
- // changes.
- $violations->filterByFieldAccess();
-
- if (count($violations) > 0) {
- $message = "Unprocessable Entity: validation failed.\n";
- foreach ($violations as $violation) {
- $message .= $violation->getPropertyPath() . ': ' . $violation->getMessage() . "\n";
- }
- // Instead of returning a generic 400 response we use the more specific
- // 422 Unprocessable Entity code from RFC 4918. That way clients can
- // distinguish between general syntax errors in bad serializations (code
- // 400) and semantic errors in well-formed requests (code 422).
- throw new HttpException(422, $message);
- }
- }
-
- /**
* {@inheritdoc}
*/
public function permissions() {