Headless and custom node / entity access

cn flag

I struggle to set up custom access rules for "nodes" that are viewed via the

  • jsonApi
  • entityQueries which response via json endpoint

What I try to achieve:

  1. I need to skip a node, that belongs to an authors user account that is not within running subscription. (the state if a user has a valid subscription is defined by a date value ... so if field_date_subscription_ends is < "now" = "false").

  2. I need to skip a node that has a field_show_until_date. Again if now is larger I want to skip this entity in jsonApi responses and entityQuery responses.

Both these rules should be valid for just anonymous users

I found out:

  • hook_entity_access is never called by entityQueries or the jsonApi.
  • xxx_node_grants should work but as it does not provide logic in real time but instead just when the node is saved I have no idea how to define a custom permission dependent on author:field_date_subscription_ends.

What I do not want is to filter this within the query. Also as far as I know this is anyways not supported by the jsonAPI.

I could run xxx_node_access_records for every existing node on cron to rebuild access rights dependent on the now date... but this seems totally insecure.

I just cannot believe that it is not possible to check on operation "view" if a nodes author has a specific field value.

But as this topic is new to me... most likely I am just not informed about the really cool solutions that I just don't know about :)

Is the xxx_node_grants way to recreate node access on every cron the right way to go or is there a way to check against a computed result somehow?

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.