better syslog, get user roles on login

composer.json

@@ -33,6 +33,7 @@
         "drupal/console": "^1.0.2",
         "drupal/core": "^8.7.1",
         "drupal/entity_clone": "^1.0",
+        "drupal/error_log": "^1.0",
         "drupal/genpass": "1.x-dev",
         "drupal/login_history": "1.x-dev",
         "drupal/mailgun": "1.x-dev",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "bc11fe6d1de292436e12158c0c5f4099",
+    "content-hash": "b8885355b53124506546f75d8e3d43c8",
     "packages": [
         {
             "name": "alchemy/zippy",
@@ -5872,6 +5872,53 @@
                 "source": "https://git.drupalcode.org/project/entity_reference_revisions"
             }
         },
+        {
+            "name": "drupal/error_log",
+            "version": "1.0.0",
+            "source": {
+                "type": "git",
+                "url": "https://git.drupalcode.org/project/error_log.git",
+                "reference": "8.x-1.0"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://ftp.drupal.org/files/projects/error_log-8.x-1.0.zip",
+                "reference": "8.x-1.0",
+                "shasum": "68e4d109391fcabfe5decb75a0dcceda0e073eba"
+            },
+            "require": {
+                "drupal/core": "~8.0"
+            },
+            "type": "drupal-module",
+            "extra": {
+                "branch-alias": {
+                    "dev-1.x": "1.x-dev"
+                },
+                "drupal": {
+                    "version": "8.x-1.0",
+                    "datestamp": "1548205084",
+                    "security-coverage": {
+                        "status": "covered",
+                        "message": "Covered by Drupal's security advisory policy"
+                    }
+                }
+            },
+            "notification-url": "https://packages.drupal.org/8/downloads",
+            "license": [
+                "GPL-2.0-or-later"
+            ],
+            "authors": [
+                {
+                    "name": "mfb",
+                    "homepage": "https://www.drupal.org/user/12302"
+                }
+            ],
+            "description": "Sends log messages to the PHP error log.",
+            "homepage": "https://www.drupal.org/project/error_log",
+            "support": {
+                "source": "https://git.drupalcode.org/project/error_log"
+            }
+        },
         {
             "name": "drupal/extlink",
             "version": "1.1.0",
@@ -16101,6 +16148,7 @@
         "drupal/domain": 20,
         "drupal/domain_alias": 20,
         "drupal/domain_config": 20,
+        "drupal/email_registration": 5,
         "drupal/entity_browser_enhanced": 5,
         "drupal/entity_clone": 15,
         "drupal/filefield_sources": 20,

config/sync/core.extension.yml

@@ -61,6 +61,7 @@ module:
   entity_browser: 0
   entity_browser_enhanced: 0
   entity_reference_revisions: 0
+  error_log: 0
   field: 0
   field_group: 0
   field_ui: 0
@@ -86,6 +87,7 @@ module:
   mailsystem: 0
   materio_home: 0
   materio_id: 0
+  materio_jsonapi: 0
   materio_migrate: 0
   materio_samples: 0
   matomo: 0
@@ -122,6 +124,7 @@ module:
   smtp: 0
   state_machine: 0
   synonyms: 0
+  syslog: 0
   system: 0
   taxonomy: 0
   telephone: 0

config/sync/error_log.settings.yml

@@ -0,0 +1,12 @@
+log_levels:
+  level_0: true
+  level_1: true
+  level_2: true
+  level_3: true
+  level_4: true
+  level_5: true
+  level_6: true
+  level_7: true
+ignored_channels: {  }
+_core:
+  default_config_hash: SAMpXusU9XDhy-bTk720d2XnjbA2xeE1ZDgye7Rizhw

config/sync/syslog.settings.yml

@@ -0,0 +1,5 @@
+identity: ''
+facility: 176
+format: '[!type|!request_uri|!uid|!ip] !message'
+_core:
+  default_config_hash: vdXLRPZRg35PBykBRRXr6RTql5EJR_fUi2kxyZ8c5m0

config/sync/user.role.authenticated.yml

@@ -14,6 +14,7 @@ permissions:
   - 'access devel information'
   - 'access kint'
   - 'access synonyms entity autocomplete'
+  - 'access user profiles'
   - 'add composition entities'
   - 'add fil entities'
   - 'create corpus_documents workflow_transition'
@@ -26,6 +27,7 @@ permissions:
   - 'edit own composition entities'
   - 'edit own fil entities'
   - 'manage own commerce_payment_method'
+  - 'materio_jsonapi ownroles'
   - 'opt-in or out of matomo tracking'
   - 'subscribe to newsletters'
   - 'use chutier'

web/modules/custom/materio_jsonapi/materio_jsonapi.module

@@ -3,28 +3,20 @@
 use Drupal\Core\Entity\EntityInterface;
 use Drupal\Core\Session\AccountInterface;
 use Drupal\Core\Access\AccessResult;
+use Drupal\Core\Field\FieldDefinitionInterface;
+use Drupal\Core\Field\FieldItemListInterface;
 
 /**
- * Implements hook_ENTITY_TYPE_access().
+ * Implements hook_entity_field_access().
  */
-function materio_jsonapi_user_role_access(EntityInterface $entity, $operation, AccountInterface $account) {
-  debug($operation, 'operation materio_jsonapi_user_role_access');
-  // watchdog('materio_jsonapi_user_role_access');
-  if ($operation === 'view') {
-    return AccessResult::allowedIfHasPermission($account, 'view role info');
+function materio_jsonapi_entity_field_access($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) {
+  if ($field_definition->getName() == 'roles' && $operation == 'view') {
+    $user = $items->getEntity();
+    if($account->id() == $user->id() && !$user->hasPermission('materio_jsonapi roles')){
+      return AccessResult::allowedIfHasPermission($account, 'materio_jsonapi ownroles');
+    }
+    return AccessResult::allowedIfHasPermission($account, 'materio_jsonapi roles');
+    // return AccessResult::allowed();
   }
   return AccessResult::neutral();
 }
-
-
-/**
- * Implements hook_entity_field_access_alter().
- */
-function materio_jsonapi_entity_field_access_alter(array &$grants, array $context) {
-  debug($context, 'context materio_jsonapi_entity_field_access_alter');
-  // watchdog('materio_jsonapi_entity_field_access_alter');
-  $field = $context['field_definition']->getName();
-  if ($field == 'roles' && $context['operation'] == 'view') {
-    $grants[':default'] = AccessResult::allowedIfHasPermission($context['account'], 'view role info');
-  }
-}

web/themes/custom/materiotheme/vuejs/store/modules/user.js

@@ -66,8 +66,9 @@ export default {
       REST.get(`/user/${state.uid}?_format=json`, params)
         .then(({ data }) => {
           console.log('user REST getUser data', data)
+          console.log('roles', data['roles']);
           commit('setUser', data)
-          JSONAPI.get(`/user/user/${state.uuid}`)
+          JSONAPI.get(`/user/user/${state.uuid}?include=roles`)
             .then(({ data }) => {
               console.log('user JSONAPI getUser data', data)
             })