Problem/Motivation
Discovered while working on #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method. See #2737719-91: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method.
Updating an entity via REST fails when the entity has a certain field value that the current user may not set, even if the PATCH request does NOT modify that field.
For example: node body uses a certain format that user A is not allowed to use, but when user A PATCHes only the node title, they still get a validation error.
Proposed resolution
If a REST request sends a field that the user has access to but is unchanged from the current field value the validation should not be run on this field.
- Add
\Drupal\rest\Plugin\rest\resource\EntityResourceValidationTrait::validateWithFilteredFields(). - Let
EntityResource::patch()callEntityResourceValidationTrait::validateWithFilteredFields()rather thanEntityResourceValidationTrait::validate(). - (We still need
EntityResourceValidationTrait::validate()forPOSTing.)
Note that EntityResourceValidationTrait is @internal, so this is definitely not a BC break.
Remaining tasks
None.
User interface changes
None.
API changes
None.
Data model changes
None.