Commit 730c5a97 authored by effulgentsia's avatar effulgentsia

Issue #2808217 by Wim Leers, tedbow, YesCT, dawehner, xjm, Berdir,...

Issue #2808217 by Wim Leers, tedbow, YesCT, dawehner, xjm, Berdir, damiankloip, slucero: To be able to view Vocabulary config entities via REST, one should not have to grant the 'administer taxonomy' permission
parent 4204b0b2
......@@ -66,4 +66,18 @@ protected function getNormalizedPostEntity() {
// @todo Update in
* {@inheritdoc}
protected function getExpectedUnauthorizedAccessMessage($method) {
if ($this->config('rest.settings')->get('bc_entity_resource_permissions')) {
return parent::getExpectedUnauthorizedAccessMessage($method);
if ($method === 'GET') {
return "The following permissions are required: 'access taxonomy overview' OR 'administer taxonomy'.";
return parent::getExpectedUnauthorizedAccessMessage($method);
......@@ -20,6 +20,7 @@ class VocabularyAccessControlHandler extends EntityAccessControlHandler {
protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) {
switch ($operation) {
case 'access taxonomy overview':
case 'view':
return AccessResult::allowedIfHasPermissions($account, ['access taxonomy overview', 'administer taxonomy'], 'OR');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment