' . t('About') . ''; $output .= '

' . t('The JSON:API module is a fully compliant implementation of the JSON:API Specification. By following shared conventions, you can increase productivity, take advantage of generalized tooling, and focus on what matters: your application. Clients built around JSON:API are able to take advantage of features like efficient response caching, which can sometimes eliminate network requests entirely. For more information, see the online documentation for the JSON:API module.', [ ':spec' => 'https://jsonapi.org', ':docs' => 'https://www.drupal.org/docs/8/modules/json-api', ]) . '

'; $output .= '

' . t('General') . ': ' . t('JSON:API is a particular implementation of REST that provides conventions for resource relationships, collections, filters, pagination, and sorting. These conventions help developers build clients faster and encourages reuse of code.') . '; ' . t('The JSON:API and RESTful Web Services modules serve similar purposes. Read the comparison of the RESTFul Web Services and JSON:API modules to determine the best choice for your site.', [ ':jsonapi-docs' => 'https://www.drupal.org/docs/8/modules/json-api', ':rest-docs' => 'https://www.drupal.org/docs/8/core/modules/rest', ':comparison' => 'https://www.drupal.org/docs/8/modules/jsonapi/jsonapi-vs-cores-rest-module', ]) . '; ' . t('Some multilingual features currently do not work well with JSON:API. See the JSON:API multilingual support documentation for more information on the current status of multilingual support.', [ ':jsonapi-docs' => 'https://www.drupal.org/docs/8/modules/jsonapi/translations', ]) . '; ' . t('Revision support is currently read-only and only for the "Content" and "Media" entity types in JSON:API. See the JSON:API revision support documentation for more information on the current status of revision support.', [ ':jsonapi-docs' => 'https://www.drupal.org/docs/8/modules/jsonapi/revisions', ]) . '

'; return $output; } return NULL; } /** * Implements hook_modules_installed(). */ function jsonapi_modules_installed($modules) { $potential_conflicts = [ 'content_translation', 'config_translation', 'language', ]; if (!empty(array_intersect($modules, $potential_conflicts))) { \Drupal::messenger()->addWarning(t('Some multilingual features currently do not work well with JSON:API. See the JSON:API multilingual support documentation for more information on the current status of multilingual support.', [ ':jsonapi-docs' => 'https://www.drupal.org/docs/8/modules/jsonapi/translations', ])); } } /** * Implements hook_entity_bundle_create(). */ function jsonapi_entity_bundle_create() { JsonApiRoutes::rebuild(); } /** * Implements hook_entity_bundle_delete(). */ function jsonapi_entity_bundle_delete() { JsonApiRoutes::rebuild(); } /** * Implements hook_entity_create(). */ function jsonapi_entity_create(EntityInterface $entity) { if (in_array($entity->getEntityTypeId(), ['field_storage_config', 'field_config'])) { // @todo: only do this when relationship fields are updated, not just any field. JsonApiRoutes::rebuild(); } } /** * Implements hook_entity_delete(). */ function jsonapi_entity_delete(EntityInterface $entity) { if (in_array($entity->getEntityTypeId(), ['field_storage_config', 'field_config'])) { // @todo: only do this when relationship fields are updated, not just any field. JsonApiRoutes::rebuild(); } } /** * Implements hook_jsonapi_entity_filter_access(). */ function jsonapi_jsonapi_entity_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // All core entity types and most or all contrib entity types allow users // with the entity type's administrative permission to view all of the // entities, so enable similarly permissive filtering to those users as well. // A contrib module may override this decision by returning // AccessResult::forbidden() from its implementation of this hook. if ($admin_permission = $entity_type->getAdminPermission()) { return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, $admin_permission), ]); } } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'aggregator_feed'. */ function jsonapi_jsonapi_aggregator_feed_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\aggregator\FeedAccessControlHandler::checkAccess() return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'access news feeds'), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'block_content'. */ function jsonapi_jsonapi_block_content_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\block_content\BlockContentAccessControlHandler::checkAccess() // \Drupal\jsonapi\Access\TemporaryQueryGuard adds the condition for // (isReusable()), so this does not have to. return ([ JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowed(), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'comment'. */ function jsonapi_jsonapi_comment_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\comment\CommentAccessControlHandler::checkAccess() // \Drupal\jsonapi\Access\TemporaryQueryGuard adds the condition for // (access to the commented entity), so this does not have to. return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'administer comments'), JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowedIfHasPermission($account, 'access comments'), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'entity_test'. */ function jsonapi_jsonapi_entity_test_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\entity_test\EntityTestAccessControlHandler::checkAccess() return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'view test entity'), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'file'. */ function jsonapi_jsonapi_file_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\file\FileAccessControlHandler::checkAccess() // \Drupal\jsonapi\Access\TemporaryQueryGuard adds the condition for // (public OR owner), so this does not have to. return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'access content'), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'media'. */ function jsonapi_jsonapi_media_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\media\MediaAccessControlHandler::checkAccess() return ([ JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowedIfHasPermission($account, 'view media'), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'node'. */ function jsonapi_jsonapi_node_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\node\NodeAccessControlHandler::access() if ($account->hasPermission('bypass node access')) { return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowed()->cachePerPermissions(), ]); } if (!$account->hasPermission('access content')) { $forbidden = AccessResult::forbidden("The 'access content' permission is required.")->cachePerPermissions(); return ([ JSONAPI_FILTER_AMONG_ALL => $forbidden, JSONAPI_FILTER_AMONG_OWN => $forbidden, JSONAPI_FILTER_AMONG_PUBLISHED => $forbidden, // For legacy reasons, the Node entity type has a "status" key, so forbid // this subset as well, even though it has no semantic meaning. JSONAPI_FILTER_AMONG_ENABLED => $forbidden, ]); } return ([ // @see \Drupal\node\NodeAccessControlHandler::checkAccess() JSONAPI_FILTER_AMONG_OWN => AccessResult::allowedIfHasPermission($account, 'view own unpublished content'), // @see \Drupal\node\NodeGrantDatabaseStorage::access() // Note that: // - This is just for the default grant. Other node access conditions are // added via the 'node_access' query tag. // - Permissions were checked earlier in this function, so we must vary the // cache by them. JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowed()->cachePerPermissions(), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'shortcut'. */ function jsonapi_jsonapi_shortcut_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\shortcut\ShortcutAccessControlHandler::checkAccess() // \Drupal\jsonapi\Access\TemporaryQueryGuard adds the condition for // (shortcut_set = shortcut_current_displayed_set()), so this does not have // to. return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'administer shortcuts') ->orIf(AccessResult::allowedIfHasPermissions($account, ['access shortcuts', 'customize shortcut links'])), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'taxonomy_term'. */ function jsonapi_jsonapi_taxonomy_term_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\taxonomy\TermAccessControlHandler::checkAccess() return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'administer taxonomy'), JSONAPI_FILTER_AMONG_PUBLISHED => AccessResult::allowedIfHasPermission($account, 'access content'), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'user'. */ function jsonapi_jsonapi_user_filter_access(EntityTypeInterface $entity_type, AccountInterface $account) { // @see \Drupal\user\UserAccessControlHandler::checkAccess() // \Drupal\jsonapi\Access\TemporaryQueryGuard adds the condition for // (!isAnonymous()), so this does not have to. return ([ JSONAPI_FILTER_AMONG_OWN => AccessResult::allowed(), JSONAPI_FILTER_AMONG_ENABLED => AccessResult::allowedIfHasPermission($account, 'access user profiles'), ]); } /** * Implements hook_jsonapi_ENTITY_TYPE_filter_access() for 'workspace'. */ function jsonapi_jsonapi_workspace_filter_access(EntityTypeInterface $entity_type, $published, $owner, AccountInterface $account) { // @see \Drupal\workspaces\WorkspaceAccessControlHandler::checkAccess() return ([ JSONAPI_FILTER_AMONG_ALL => AccessResult::allowedIfHasPermission($account, 'view any workspace'), JSONAPI_FILTER_AMONG_OWN => AccessResult::allowedIfHasPermission($account, 'view own workspace'), ]); }