Commit 54cc80e4 authored by xjm's avatar xjm

SA-CORE-2020-006 by BR0kEN, Wim Leers, xjm, larowlan

parent b34dc3f7
......@@ -322,7 +322,7 @@ public function patchIndividual(ResourceType $resource_type, EntityInterface $en
));
}
$data += ['attributes' => [], 'relationships' => []];
$field_names = array_merge(array_keys($data['attributes']), array_keys($data['relationships']));
$field_names = array_map([$resource_type, 'getInternalName'], array_merge(array_keys($data['attributes']), array_keys($data['relationships'])));
// User resource objects contain a read-only attribute that is not a real
// field on the user entity type.
......
......@@ -112,6 +112,7 @@ public function __construct(AccountInterface $current_user, EntityFieldManagerIn
* created file entity.
*/
public function handleFileUploadForExistingResource(Request $request, ResourceType $resource_type, $file_field_name, FieldableEntityInterface $entity) {
$file_field_name = $resource_type->getInternalName($file_field_name);
$field_definition = $this->validateAndLoadFieldDefinition($resource_type->getEntityTypeId(), $resource_type->getBundle(), $file_field_name);
static::ensureFileUploadAccess($this->currentUser, $field_definition, $entity);
......@@ -138,7 +139,7 @@ public function handleFileUploadForExistingResource(Request $request, ResourceTy
$entity->save();
$route_parameters = ['entity' => $entity->uuid()];
$route_name = sprintf('jsonapi.%s.%s.related', $resource_type->getTypeName(), $file_field_name);
$route_name = sprintf('jsonapi.%s.%s.related', $resource_type->getTypeName(), $resource_type->getPublicName($file_field_name));
$related_url = Url::fromRoute($route_name, $route_parameters)->toString(TRUE);
$request = Request::create($related_url->getGeneratedUrl(), 'GET', [], $request->cookies->all(), [], $request->server->all());
return $this->httpKernel->handle($request, HttpKernelInterface::SUB_REQUEST);
......@@ -161,6 +162,7 @@ public function handleFileUploadForExistingResource(Request $request, ResourceTy
* Thrown when there are validation errors.
*/
public function handleFileUploadForNewResource(Request $request, ResourceType $resource_type, $file_field_name) {
$file_field_name = $resource_type->getInternalName($file_field_name);
$field_definition = $this->validateAndLoadFieldDefinition($resource_type->getEntityTypeId(), $resource_type->getBundle(), $file_field_name);
static::ensureFileUploadAccess($this->currentUser, $field_definition);
......@@ -182,7 +184,7 @@ public function handleFileUploadForNewResource(Request $request, ResourceType $r
/* $self_link = new Link(new CacheableMetadata(), $this->entity->toUrl('jsonapi'), ['self']); */
$links = new LinkCollection(['self' => $self_link]);
$relatable_resource_types = $resource_type->getRelatableResourceTypesByField($file_field_name);
$relatable_resource_types = $resource_type->getRelatableResourceTypesByField($resource_type->getPublicName($file_field_name));
$file_resource_type = reset($relatable_resource_types);
$resource_object = ResourceObject::createFromEntity($file_resource_type, $file);
return new ResourceResponse(new JsonApiDocumentTopLevel(new ResourceObjectData([$resource_object], 1), new NullIncludedData(), $links), 201, []);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment