Quantcast
Channel: Issues for Drupal core
Viewing all articles
Browse latest Browse all 294336

Posting Comments only works from administrator

$
0
0

Posting comments to the 'jsonapi/comment/comment' endpoint only works if the relationship for the UID (owner/author) is included, but when standard users with create comments permissions tries it they receive the error that they are not allowed to post relationships of field 'uid'. Requires administer user permission.

For reference, I'm using:
"drupal/core": "^8.7.7",
"drupal/jsonapi_extras": "^3.9",
"drupal/simple_oauth": "^4.0"

The payload that works for admin only and registers the correct user is as follows, but is blocked by the aforementioned permission error is:

const payload = {
      data: {
        type: "comment--comment",
        attributes: {
          entity_type: "node",
          field_name: "comment",
          subject: subject,
          comment_body: {
            value: comment,
            format: "plain_text",
          },
        },
         relationships: {
          entity_id: {
            data: {
              type: type,
              id: id,
            },
          },
          entity_id: {
            data: {
              type: self.props.type.replace("__", "--"),
              id: self.props.id,
            },
          },
        },
      },
    }

The payload that works for non-admins and admins alike, but registers as an Anonymous author (despite permissions showing that anonymous user do not have permission to post comments) is as follows:

const payload = {
      data: {
        type: "comment--comment",
        attributes: {
          entity_type: "node",
          field_name: "comment",
          subject: subject,
          comment_body: {
            value: comment,
            format: "plain_text",
          },
        },
        relationships: {
          entity_id: {
            data: {
              type: type,
              id: id,
            },
          },
        },
      },
    }

Bear in mind that the same users, without administration permissions, are allowed to create content and that endpoint attributes the correct author based on the Bearer Token.


Viewing all articles
Browse latest Browse all 294336

Trending Articles