Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.I want to use the API to find the newest releases:
https://www.drupal.org/api-d7/node.json?type=project_release&sort=nid&di...
which returns a list of releases, with a field field_release_files that I need to download the ZIP file.
field_release_files contains field collection item meta data:
{"uri":"https://www.drupal.org/api-d7/field_collection_item/814595","id":"814595","resource":"field_collection_item"}
which suggests I can go to
https://www.drupal.org/api-d7/field_collection_item/814595
to find the field collection item and the real contents of field_release_files. But it returns an empty 404.
Quering this id in all field collection items returns a 403:
https://www.drupal.org/api-d7/field_collection_item.json?item_id=814595
It seems impossible to find the real contents of field_release_files...
Comments
Comment #1
drummFrom https://www.drupal.org/api:
I changed that from italic to bold, so it might be more visible now.
Comment #2
rudiedirkx CreditAttribution: rudiedirkx commentedSo why doesn't
https://www.drupal.org/api-d7/field_collection_item.json?item_id=814595
work? Or
https://www.drupal.org/api-d7/field_collection_item.json
Or any other request querying
field_collection_item?Does work: https://www.drupal.org/api-d7/field_collection_item/814595.json -- which means the API returns the wrong URLs. This can't be as designed...
Comment #3
drummThe https://www.drupal.org/project/restws module is designed to work alongside URLs like https://www.drupal.org/node/2429155 that return HTML. We prefixed the API URLs because we already have some modules overriding menu items, and didn't have the QA resources to test for conflicts, and #1969466: Fix GET /node/1 with page caching.
#2253947: format suffix not added to next-first-last page url's proposes adding those suffixes.
This may not be ideal, but the RestWS module is doing what it promises to do. We can upgrade to newer versions of RestWS when they are available.
Comment #4
rudiedirkx CreditAttribution: rudiedirkx commentedOooooh. That makes sense. If you know it. Thanks!
Comment #5
rudiedirkx CreditAttribution: rudiedirkx commentedStill, why can't I query field collection items?
Something like
https://www.drupal.org/api-d7/field_collection_item.json?field_release_f...
should work, shouldn't it? It's a silly query, but the path exists and the filter is valid.
Comment #6
YesCT CreditAttribution: YesCT commentedComment #7
drummhttps://www.drupal.org/api-d7/field_collection_item.json?field_release_f... does work for me.
Comment #8
rudiedirkx CreditAttribution: rudiedirkx commentedMust be your super power access. I get a 403. As anonymous too.
Comment #9
drummAh, I see
The "Access the resource field_collection_item" permission is granted to anonymous users, so the next step is to figure out what else RestWS is checking for access.
Comment #10
aczietlow CreditAttribution: aczietlow at Mindgrub Technologies commentedThis is still an issue to this day. In my case I'm trying to configure a slack bot that can pull recently worked on issues for all users that have our organization listed on their accounts. The goal being to help better facilitate our internal work within Drupal community. Since the associate of organization and user is stored within a field collection ideally I would like a request similar to the following to work
What's interesting is that I can access individual field collections by id
For reference for the above
Regarding #9 I agree that is the next step. Is this something that I would be able to investigate. If so how would I go about that? I've never worked on d.o. infra and am not aware if the configuration is publicly available.
Comment #11
aczietlow CreditAttribution: aczietlow at Mindgrub Technologies commented*polite bump* We're hoping to build some tools to better facilitate contrib work within our agency, and this is a blocker.
I'm willing to put in the time for any work that needs to be done to resolve this issue, but I could use some direction. I don't know if this issue is with the RESTWS module, or with d.o.'s implementation of access checks on the RESTWS provided endpoints.
Comment #12
drummFrom #3056913: Drupal.org Rest API Query for all users of an organization https://www.drupal.org/api-d7/field_collection_item.json?field_name=fiel... is another example that works while logged in with a session cookie, but not while logged out.
Comment #13
aczietlow CreditAttribution: aczietlow at Mindgrub Technologies commentedThanks for the reply. I still get a 403 when trying, even with my session cookie set. I'll try looking at #2344265 It's a rabbit hole I haven't been down yet.
(updated to reformat using the issue reference instead of url)
Comment #14
Gábor HojtsySame holds for "replaced by" info on projects. See https://www.drupal.org/api-d7/node.json?field_project_machine_name=cck lists items like https://www.drupal.org/api-d7/field_collection_item/1399291 which are not possible to follow.
Comment #15
drummhttps://www.drupal.org/api-d7/field_collection_item/1399291.json does work, and adding an
Accept: application/jsonrequest header would also work. See the “All requests must either have” note on https://www.drupal.org/drupalorg/docs/api. (RestWS module usually takes over the core paths, as in /node/3060.json or /node/3060 with the accept header, but we serve the API from a different root path on www.drupal.org.)Comment #16
drummI tracked this down to https://git.drupalcode.org/project/field_collection/-/blob/1913cdf5aaec9...
RestWS is calling
entity_access(), which callsfield_collection_item_access('view', NULL). This looks like it is expected to return whether the user has general view access on that entity type. Instead field_collection is denying access to the item that does not exist.I do not see any issues for this specifically yet.