ReadOnlyModeMethodFilter.php

Same filename in other branches
  1. 8.9.x core/modules/jsonapi/src/Routing/ReadOnlyModeMethodFilter.php
  2. 10 core/modules/jsonapi/src/Routing/ReadOnlyModeMethodFilter.php
  3. 11.x core/modules/jsonapi/src/Routing/ReadOnlyModeMethodFilter.php

Namespace

Drupal\jsonapi\Routing

File

core/modules/jsonapi/src/Routing/ReadOnlyModeMethodFilter.php

View source
<?php

namespace Drupal\jsonapi\Routing;

use Drupal\Core\Config\ConfigFactoryInterface;
use Drupal\Core\Routing\FilterInterface;
use Drupal\Core\Url;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
use Symfony\Component\Routing\RouteCollection;

/**
 * Filters routes based on the HTTP method and JSON:API's read-only mode.
 */
class ReadOnlyModeMethodFilter implements FilterInterface {
    
    /**
     * The decorated method filter.
     *
     * @var \Drupal\Core\Routing\FilterInterface
     */
    protected $inner;
    
    /**
     * Whether JSON:API's read-only mode is enabled.
     *
     * @var bool
     */
    protected $readOnlyModeIsEnabled;
    
    /**
     * ReadOnlyModeMethodFilter constructor.
     *
     * @param \Drupal\Core\Routing\FilterInterface $inner
     *   The decorated method filter.
     * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
     *   The configuration factory.
     */
    public function __construct(FilterInterface $inner, ConfigFactoryInterface $config_factory) {
        $this->inner = $inner;
        $this->readOnlyModeIsEnabled = $config_factory->get('jsonapi.settings')
            ->get('read_only');
    }
    
    /**
     * {@inheritdoc}
     */
    public function filter(RouteCollection $collection, Request $request) {
        $all_supported_methods = [];
        foreach ($collection->all() as $name => $route) {
            $all_supported_methods[] = $route->getMethods();
        }
        $all_supported_methods = array_merge([], ...$all_supported_methods);
        $collection = $this->inner
            ->filter($collection, $request);
        if (!$this->readOnlyModeIsEnabled) {
            return $collection;
        }
        $read_only_methods = [
            'GET',
            'HEAD',
            'OPTIONS',
            'TRACE',
        ];
        foreach ($collection->all() as $name => $route) {
            if (!$route->hasDefault(Routes::JSON_API_ROUTE_FLAG_KEY)) {
                continue;
            }
            $supported_methods = $route->getMethods();
            assert(count($supported_methods) > 0, 'JSON:API routes always have a method specified.');
            $is_read_only_route = empty(array_diff($supported_methods, $read_only_methods));
            if (!$is_read_only_route) {
                $collection->remove($name);
            }
        }
        if (count($collection)) {
            return $collection;
        }
        throw new MethodNotAllowedHttpException(array_intersect($all_supported_methods, $read_only_methods), sprintf("JSON:API is configured to accept only read operations. Site administrators can configure this at %s.", Url::fromRoute('jsonapi.settings')->setAbsolute()
            ->toString(TRUE)
            ->getGeneratedUrl()));
    }

}

Classes

Title Deprecated Summary
ReadOnlyModeMethodFilter Filters routes based on the HTTP method and JSON:API's read-only mode.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.