API error: “The 'administer nodes' permission is required.”
https://drupal.stackexchange.com/questions/300025
-
02-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
When sending a POST to Drupal 8's JSON:API (to create an entity) that references another content piece (linked by a UUID), I get the error:
"The current user is not allowed to POST the selected field (uid). The 'administer nodes' permission is required."
or in more detail:
"errors": [
{
"title": "Forbidden",
"status": "403",
"detail": "The current user is not allowed to POST the selected field (uid). The 'administer nodes' permission is required.",
...
the original JSON in the POST request is:
{
"data": {
"type": "node--itinerary",
"attributes": {
"title": "Article by admin",
"body": {
"value": "Custom value",
"format": "plain_text"
}
},
"relationships": {
"uid": {
"value": "a05c9063-d594-4e5e-8b1f-f0b6b9f0d77e"
}
}
}
}
I've tried researching this issue but it's not clear what the permission is that needs to be set (there is no: "administer nodes" in permissions) and it's not clear if this level of access is too much. Does anyone have any further information/ideas?
Solution
First, administer nodes is the machine name of the permission. On the Permissions page, the name of that permission is Administer content. There's probably some historical reason why Drupal has some permissions where the machine name is different than the name shown in the UI, but it's horrible usability.
In any case, this is definitely too much access if you just want the user to be able to set the entity reference. Normally, you probably want to give the user some combination of Content type (Itinerary): Create Content type (Itinerary): Edit, and Content type (Itinerary): Delete permissions, which will be under Node at /admin/people/permissions.
Actually, though, your code has another problem. The error is about posting uid, which is not your entity reference, but the author of the node.
The format for setting the user id, as noted in the docs:
{
"data": {
"type": "node--article",
"attributes": {
"title": "Article by admin",
"body": {
"value": "Custom value",
"format": "plain_text"
}
},
"relationships": {
"uid": {
"data": {
"type": "user--user",
"id": "{{UUID of user 1}}"
}
}
}
}
}
You are missing the part about data and type.
And, even if you use this code above, it won't set an entity reference field. To set the entity reference field, in addition to the author, you need to set the entity reference field like this (example of setting a node entity reference field on a taxonomy term flag; this is maybe not the best example for your case but its code I wrote recently that shows how to set an entity reference field; in this case, the entity reference field is flagged_entity):
data: {
type: 'flagging--my_flag_type',
attributes: {
entity_type: 'taxonomy_term',
entity_id: drupalId,
field_text: textFieldValue,
},
relationships: {
uid: {
data: {
type: 'user--user',
id: MyUser.id,
},
},
flagged_entity: {
data: {
type: 'taxonomy_term--group',
id: MyGroup.id,
},
},
},
},
