jsonapi-8.x-2.x-dev/src/Routing/Routes.php
src/Routing/Routes.php
<?php
namespace Drupal\jsonapi\Routing;
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
use Drupal\jsonapi\Access\RelationshipFieldAccess;
use Drupal\jsonapi\Controller\EntryPoint;
use Drupal\jsonapi\ParamConverter\ResourceTypeConverter;
use Drupal\jsonapi\ResourceType\ResourceType;
use Drupal\jsonapi\ResourceType\ResourceTypeRepositoryInterface;
use Symfony\Cmf\Component\Routing\RouteObjectInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\Routing\Route;
use Symfony\Component\Routing\RouteCollection;
/**
* Defines dynamic routes.
*
* @internal JSON:API maintains no PHP API since its API is the HTTP API. This
* class may change at any time and this will break any dependencies on it.
*
* @see https://www.drupal.org/project/jsonapi/issues/3032787
* @see jsonapi.api.php
*/
class Routes implements ContainerInjectionInterface {
/**
* The service name for the primary JSON:API controller.
*
* All resources except the entrypoint are served by this controller.
*
* @var string
*/
const CONTROLLER_SERVICE_NAME = 'jsonapi.entity_resource';
/**
* A key with which to flag a route as belonging to the JSON:API module.
*
* @var string
*/
const JSON_API_ROUTE_FLAG_KEY = '_is_jsonapi';
/**
* The route default key for the route's resource type information.
*
* @var string
*/
const RESOURCE_TYPE_KEY = 'resource_type';
/**
* The JSON:API resource type repository.
*
* @var \Drupal\jsonapi\ResourceType\ResourceTypeRepositoryInterface
*/
protected $resourceTypeRepository;
/**
* List of providers.
*
* @var string[]
*/
protected $providerIds;
/**
* The JSON:API base path.
*
* @var string
*/
protected $jsonApiBasePath;
/**
* Instantiates a Routes object.
*
* @param \Drupal\jsonapi\ResourceType\ResourceTypeRepositoryInterface $resource_type_repository
* The JSON:API resource type repository.
* @param string[] $authentication_providers
* The authentication providers, keyed by ID.
* @param string $jsonapi_base_path
* The JSON:API base path.
*/
public function __construct(ResourceTypeRepositoryInterface $resource_type_repository, array $authentication_providers, $jsonapi_base_path) {
$this->resourceTypeRepository = $resource_type_repository;
$this->providerIds = array_keys($authentication_providers);
assert(is_string($jsonapi_base_path));
assert(
$jsonapi_base_path[0] === '/',
sprintf('The provided base path should contain a leading slash "/". Given: "%s".', $jsonapi_base_path)
);
assert(
substr($jsonapi_base_path, -1) !== '/',
sprintf('The provided base path should not contain a trailing slash "/". Given: "%s".', $jsonapi_base_path)
);
$this->jsonApiBasePath = $jsonapi_base_path;
}
/**
* {@inheritdoc}
*/
public static function create(ContainerInterface $container) {
return new static(
$container->get('jsonapi.resource_type.repository'),
$container->getParameter('authentication_providers'),
$container->getParameter('jsonapi.base_path')
);
}
/**
* {@inheritdoc}
*/
public function routes() {
$routes = new RouteCollection();
$upload_routes = new RouteCollection();
// JSON:API's routes: entry point + routes for every resource type.
foreach ($this->resourceTypeRepository->all() as $resource_type) {
$routes->addCollection(static::getRoutesForResourceType($resource_type, $this->jsonApiBasePath));
$upload_routes->addCollection(static::getFileUploadRoutesForResourceType($resource_type, $this->jsonApiBasePath));
}
$routes->add('jsonapi.resource_list', static::getEntryPointRoute($this->jsonApiBasePath));
// Require the JSON:API media type header on every route, except on file
// upload routes, where we require `application/octet-stream`.
$routes->addRequirements(['_content_type_format' => 'api_json']);
$upload_routes->addRequirements(['_content_type_format' => 'bin']);
$routes->addCollection($upload_routes);
// Enable all available authentication providers.
$routes->addOptions(['_auth' => $this->providerIds]);
// Flag every route as belonging to the JSON:API module.
$routes->addDefaults([static::JSON_API_ROUTE_FLAG_KEY => TRUE]);
// All routes serve only the JSON:API media type.
$routes->addRequirements(['_format' => 'api_json']);
return $routes;
}
/**
* Gets applicable resource routes for a JSON:API resource type.
*
* @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type
* The JSON:API resource type for which to get the routes.
* @param string $path_prefix
* The root path prefix.
*
* @return \Symfony\Component\Routing\RouteCollection
* A collection of routes for the given resource type.
*/
protected static function getRoutesForResourceType(ResourceType $resource_type, $path_prefix) {
// Internal resources have no routes.
if ($resource_type->isInternal()) {
return new RouteCollection();
}
$routes = new RouteCollection();
// Collection route like `/jsonapi/node/article`.
if ($resource_type->isLocatable()) {
$collection_route = new Route("/{$resource_type->getPath()}");
$collection_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => static::CONTROLLER_SERVICE_NAME . ':getCollection']);
$collection_route->setMethods(['GET']);
// Allow anybody access because "view" and "view label" access are checked
// in the controller.
$collection_route->setRequirement('_access', 'TRUE');
$routes->add(static::getRouteName($resource_type, 'collection'), $collection_route);
}
// Creation route.
if ($resource_type->isMutable()) {
$collection_create_route = new Route("/{$resource_type->getPath()}");
$collection_create_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => static::CONTROLLER_SERVICE_NAME . ':createIndividual']);
$collection_create_route->setMethods(['POST']);
$create_requirement = sprintf("%s:%s", $resource_type->getEntityTypeId(), $resource_type->getBundle());
$collection_create_route->setRequirement('_entity_create_access', $create_requirement);
$collection_create_route->setRequirement('_csrf_request_header_token', 'TRUE');
$routes->add(static::getRouteName($resource_type, 'collection.post'), $collection_create_route);
}
// Individual routes like `/jsonapi/node/article/{uuid}` or
// `/jsonapi/node/article/{uuid}/relationships/uid`.
$routes->addCollection(static::getIndividualRoutesForResourceType($resource_type));
// Add the resource type as a parameter to every resource route.
foreach ($routes as $route) {
static::addRouteParameter($route, static::RESOURCE_TYPE_KEY, ['type' => ResourceTypeConverter::PARAM_TYPE_ID]);
$route->addDefaults([static::RESOURCE_TYPE_KEY => $resource_type->getTypeName()]);
}
// Resource routes all have the same base path.
$routes->addPrefix($path_prefix);
return $routes;
}
/**
* Gets the file upload route collection for the given resource type.
*
* @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type
* The resource type for which the route collection should be created.
* @param string $path_prefix
* The root path prefix.
*
* @return \Symfony\Component\Routing\RouteCollection
* The route collection.
*/
protected static function getFileUploadRoutesForResourceType(ResourceType $resource_type, $path_prefix) {
// @todo Remove this when JSON:API requires Drupal >=8.6, see https://www.drupal.org/node/1927648.
if (\Drupal::VERSION < 8.6) {
return new RouteCollection();
}
$routes = new RouteCollection();
// Internal resources have no routes; individual routes require locations.
if ($resource_type->isInternal() || !$resource_type->isLocatable()) {
return $routes;
}
// File upload routes are only necessary for resource types that have file
// fields.
$has_file_field = array_reduce($resource_type->getRelatableResourceTypes(), function ($carry, array $target_resource_types) {
return $carry || static::hasNonInternalFileTargetResourceTypes($target_resource_types);
}, FALSE);
if (!$has_file_field) {
return $routes;
}
if ($resource_type->isMutable()) {
$path = $resource_type->getPath();
$entity_type_id = $resource_type->getEntityTypeId();
$new_resource_file_upload_route = new Route("/{$path}/{file_field_name}");
$new_resource_file_upload_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => 'jsonapi.file_upload:handleFileUploadForNewResource']);
$new_resource_file_upload_route->setMethods(['POST']);
$new_resource_file_upload_route->setRequirement('_csrf_request_header_token', 'TRUE');
$routes->add(static::getFileUploadRouteName($resource_type, 'new_resource'), $new_resource_file_upload_route);
$existing_resource_file_upload_route = new Route("/{$path}/{entity}/{file_field_name}");
$existing_resource_file_upload_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => 'jsonapi.file_upload:handleFileUploadForExistingResource']);
$existing_resource_file_upload_route->setMethods(['POST']);
$existing_resource_file_upload_route->setRequirement('_csrf_request_header_token', 'TRUE');
$routes->add(static::getFileUploadRouteName($resource_type, 'existing_resource'), $existing_resource_file_upload_route);
// Add entity parameter conversion to every route.
$routes->addOptions(['parameters' => ['entity' => ['type' => 'entity:' . $entity_type_id]]]);
// Add the resource type as a parameter to every resource route.
foreach ($routes as $route) {
static::addRouteParameter($route, static::RESOURCE_TYPE_KEY, ['type' => ResourceTypeConverter::PARAM_TYPE_ID]);
$route->addDefaults([static::RESOURCE_TYPE_KEY => $resource_type->getTypeName()]);
}
}
// File upload routes all have the same base path.
$routes->addPrefix($path_prefix);
return $routes;
}
/**
* Determines if the given request is for a JSON:API generated route.
*
* @param array $defaults
* The request's route defaults.
*
* @return bool
* Whether the request targets a generated route.
*/
public static function isJsonApiRequest(array $defaults) {
return isset($defaults[RouteObjectInterface::CONTROLLER_NAME])
&& strpos($defaults[RouteObjectInterface::CONTROLLER_NAME], static::CONTROLLER_SERVICE_NAME) === 0;
}
/**
* Gets a route collection for the given resource type.
*
* @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type
* The resource type for which the route collection should be created.
*
* @return \Symfony\Component\Routing\RouteCollection
* The route collection.
*/
protected static function getIndividualRoutesForResourceType(ResourceType $resource_type) {
if (!$resource_type->isLocatable()) {
return new RouteCollection();
}
$routes = new RouteCollection();
$path = $resource_type->getPath();
$entity_type_id = $resource_type->getEntityTypeId();
// Individual read, update and remove.
$individual_route = new Route("/{$path}/{entity}");
$individual_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => static::CONTROLLER_SERVICE_NAME . ':getIndividual']);
$individual_route->setMethods(['GET']);
// No _entity_access requirement because "view" and "view label" access are
// checked in the controller. So it's safe to allow anybody access.
$individual_route->setRequirement('_access', 'TRUE');
$routes->add(static::getRouteName($resource_type, 'individual'), $individual_route);
if ($resource_type->isMutable()) {
$individual_update_route = new Route($individual_route->getPath());
$individual_update_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => static::CONTROLLER_SERVICE_NAME . ':patchIndividual']);
$individual_update_route->setMethods(['PATCH']);
$individual_update_route->setRequirement('_entity_access', "entity.update");
$individual_update_route->setRequirement('_csrf_request_header_token', 'TRUE');
$routes->add(static::getRouteName($resource_type, 'individual.patch'), $individual_update_route);
$individual_remove_route = new Route($individual_route->getPath());
$individual_remove_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => static::CONTROLLER_SERVICE_NAME . ':deleteIndividual']);
$individual_remove_route->setMethods(['DELETE']);
$individual_remove_route->setRequirement('_entity_access', "entity.delete");
$individual_remove_route->setRequirement('_csrf_request_header_token', 'TRUE');
$routes->add(static::getRouteName($resource_type, 'individual.delete'), $individual_remove_route);
}
foreach ($resource_type->getRelatableResourceTypes() as $relationship_field_name => $target_resource_types) {
// Read, update, add, or remove an individual resources relationships to
// other resources.
$relationship_route = new Route("/{$path}/{entity}/relationships/{$relationship_field_name}");
$relationship_route->addDefaults(['_on_relationship' => TRUE]);
$relationship_route->addDefaults(['related' => $relationship_field_name]);
$relationship_route->setRequirement(RelationshipFieldAccess::ROUTE_REQUIREMENT_KEY, $relationship_field_name);
$relationship_route->setRequirement('_csrf_request_header_token', 'TRUE');
$relationship_route_methods = $resource_type->isMutable()
? ['GET', 'POST', 'PATCH', 'DELETE']
: ['GET'];
$relationship_controller_methods = [
'GET' => 'getRelationship',
'POST' => 'addToRelationshipData',
'PATCH' => 'replaceRelationshipData',
'DELETE' => 'removeFromRelationshipData',
];
foreach ($relationship_route_methods as $method) {
$method_specific_relationship_route = clone $relationship_route;
$method_specific_relationship_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => static::CONTROLLER_SERVICE_NAME . ":{$relationship_controller_methods[$method]}"]);
$method_specific_relationship_route->setMethods($method);
$routes->add(static::getRouteName($resource_type, sprintf("%s.relationship.%s", $relationship_field_name, strtolower($method))), $method_specific_relationship_route);
}
// Only create routes for related routes that target at least one
// non-internal resource type.
if (static::hasNonInternalTargetResourceTypes($target_resource_types)) {
// Get an individual resource's related resources.
$related_route = new Route("/{$path}/{entity}/{$relationship_field_name}");
$related_route->setMethods(['GET']);
$related_route->addDefaults([RouteObjectInterface::CONTROLLER_NAME => static::CONTROLLER_SERVICE_NAME . ':getRelated']);
$related_route->addDefaults(['related' => $relationship_field_name]);
$related_route->setRequirement(RelationshipFieldAccess::ROUTE_REQUIREMENT_KEY, $relationship_field_name);
$routes->add(static::getRouteName($resource_type, "$relationship_field_name.related"), $related_route);
}
}
// Add entity parameter conversion to every route.
$routes->addOptions(['parameters' => ['entity' => ['type' => 'entity:' . $entity_type_id]]]);
return $routes;
}
/**
* Provides the entry point route.
*
* @param string $path_prefix
* The root path prefix.
*
* @return \Symfony\Component\Routing\Route
* The entry point route.
*/
protected function getEntryPointRoute($path_prefix) {
$entry_point = new Route("/{$path_prefix}");
$entry_point->addDefaults([RouteObjectInterface::CONTROLLER_NAME => EntryPoint::class . '::index']);
$entry_point->setRequirement('_access', 'TRUE');
$entry_point->setMethods(['GET']);
return $entry_point;
}
/**
* Adds a parameter option to a route, overrides options of the same name.
*
* The Symfony Route class only has a method for adding options which
* overrides any previous values. Therefore, it is tedious to add a single
* parameter while keeping those that are already set.
*
* @param \Symfony\Component\Routing\Route $route
* The route to which the parameter is to be added.
* @param string $name
* The name of the parameter.
* @param mixed $parameter
* The parameter's options.
*/
protected static function addRouteParameter(Route $route, $name, $parameter) {
$parameters = $route->getOption('parameters') ?: [];
$parameters[$name] = $parameter;
$route->setOption('parameters', $parameters);
}
/**
* Get a unique route name for the JSON:API resource type and route type.
*
* @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type
* The resource type for which the route collection should be created.
* @param string $route_type
* The route type. E.g. 'individual' or 'collection'.
*
* @return string
* The generated route name.
*/
public static function getRouteName(ResourceType $resource_type, $route_type) {
return sprintf('jsonapi.%s.%s', $resource_type->getTypeName(), $route_type);
}
/**
* Get a unique route name for the file upload resource type and route type.
*
* @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type
* The resource type for which the route collection should be created.
* @param string $route_type
* The route type. E.g. 'individual' or 'collection'.
*
* @return string
* The generated route name.
*/
protected static function getFileUploadRouteName(ResourceType $resource_type, $route_type) {
return sprintf('jsonapi.%s.%s.%s', $resource_type->getTypeName(), 'file_upload', $route_type);
}
/**
* Determines if an array of resource types has any non-internal ones.
*
* @param \Drupal\jsonapi\ResourceType\ResourceType[] $resource_types
* The resource types to check.
*
* @return bool
* TRUE if there is at least one non-internal resource type in the given
* array; FALSE otherwise.
*/
protected static function hasNonInternalTargetResourceTypes(array $resource_types) {
return array_reduce($resource_types, function ($carry, ResourceType $target) {
return $carry || !$target->isInternal();
}, FALSE);
}
/**
* Determines if an array of resource types lists non-internal "file" ones.
*
* @param \Drupal\jsonapi\ResourceType\ResourceType[] $resource_types
* The resource types to check.
*
* @return bool
* TRUE if there is at least one non-internal "file" resource type in the
* given array; FALSE otherwise.
*/
protected static function hasNonInternalFileTargetResourceTypes(array $resource_types) {
return array_reduce($resource_types, function ($carry, ResourceType $target) {
return $carry || (!$target->isInternal() && $target->getEntityTypeId() === 'file');
}, FALSE);
}
/**
* Gets the resource type from a route or request's parameters.
*
* @param array $parameters
* An array of parameters. These may be obtained from a route's
* parameter defaults or from a request object.
*
* @return \Drupal\jsonapi\ResourceType\ResourceType|null
* The resource type, NULL if one cannot be found from the given parameters.
*/
public static function getResourceTypeNameFromParameters(array $parameters) {
if (isset($parameters[static::JSON_API_ROUTE_FLAG_KEY]) && $parameters[static::JSON_API_ROUTE_FLAG_KEY]) {
return isset($parameters[static::RESOURCE_TYPE_KEY]) ? $parameters[static::RESOURCE_TYPE_KEY] : NULL;
}
return NULL;
}
/**
* Invalidates any JSON:API resource type dependent responses and routes.
*/
public static function rebuild() {
\Drupal::service('cache_tags.invalidator')->invalidateTags(['jsonapi_resource_types']);
\Drupal::service('router.builder')->setRebuildNeeded();
}
}
