summaryrefslogtreecommitdiffstats
path: root/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
diff options
context:
space:
mode:
authorNathaniel Catchpole2016-02-15 21:24:23 +0900
committerNathaniel Catchpole2016-02-15 21:24:23 +0900
commitac415b1f5b24f9f765ab25baddb75cfc7ed1abc6 (patch)
tree9253614240aedbcc9e86fb8414e0c4e9025c4cb6 /core/modules/rest/src/Plugin/rest/resource/EntityResource.php
parent55e3b425461bcd5f9a406dcbd27fb6e126050878 (diff)
Issue #2485683 by Wim Leers: REST entity resource missing entity & field access cacheability metadata
Diffstat (limited to 'core/modules/rest/src/Plugin/rest/resource/EntityResource.php')
-rw-r--r--core/modules/rest/src/Plugin/rest/resource/EntityResource.php17
1 files changed, 11 insertions, 6 deletions
diff --git a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
index cbe6e2e..a830d97 100644
--- a/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/src/Plugin/rest/resource/EntityResource.php
@@ -45,19 +45,24 @@ class EntityResource extends ResourceBase {
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
*/
public function get(EntityInterface $entity) {
- if (!$entity->access('view')) {
+ $entity_access = $entity->access('view', NULL, TRUE);
+ if (!$entity_access->isAllowed()) {
throw new AccessDeniedHttpException();
}
+
+ $response = new ResourceResponse($entity, 200);
+ $response->addCacheableDependency($entity);
+ $response->addCacheableDependency($entity_access);
foreach ($entity as $field_name => $field) {
- if (!$field->access('view')) {
+ /** @var \Drupal\Core\Field\FieldItemListInterface $field */
+ $field_access = $field->access('view', NULL, TRUE);
+ $response->addCacheableDependency($field_access);
+
+ if (!$field_access->isAllowed()) {
$entity->set($field_name, NULL);
}
}
- $response = new ResourceResponse($entity, 200);
- // Make the response use the entity's cacheability metadata.
- // @todo include access cacheability metadata, for the access checks above.
- $response->addCacheableDependency($entity);
return $response;
}