403 Forbidden on saving a user (PATCH) about angular-drupal HOT 7 CLOSED

@EnzoEghermanne this is most likely related to this issue: https://www.drupal.org/node/2631774 - Although that issue is for updating comments, I think it's essentially the same problem in that Drupal thinks we're trying to update a protected value, and is rejecting it with an access denied.

In the mean time, you may be able to preprocess the request and remove the user name from the data that is being PATCHed: http://jdrupal.easystreet3.com/8/api/API.js.html

from angular-drupal.

@signalpoint It seems like it is indeed related to that issue.

Could you give me a small example on how and where I would implement the hook_rest_pre_process function? I can't figure out what to do with it...

from angular-drupal.

@EnzoEghermanne As a quick & dirty test, does removing the name property allow the entity to save? Something like this, with delete:

var user = drupal.currentUser();
    user.entity.field_hobbies[0].value = "Programming, cooking, sports,...";
    // Delete name b/c of https://www.drupal.org/node/2631774
    // This may require a cloned object to prevent altering the original entity.
    delete user.entity.name;
    user.save().then(function(){
        console.log("user saved successfully");
    });

from angular-drupal.

@kentr I'm not at the office at the moment. I'll try it out first thing in the morning and keep u guys posted.

Thanks for the suggestion.

from angular-drupal.

@kentr You were right, it was because the request tried to PATCH the disallowed fields name, created, changed and roles, even though they were unaltered. So this is what I did:

var user = drupal.currentUser();
user.entity.field_hobbies[0].value = "Programming, cooking, sports,...";
delete user.entity.name;
delete user.entity.created;
delete user.entity.changed;
delete user.entity.roles;
user.save().then(function(){
    console.log("user saved successfully");
});

Which resulted in:

Thanks for the help!

from angular-drupal.

Glad to know it worked.

As I thought about it this morning, I wondered if granting Drupal's Change own username permission would allow the name field to be in the PATCH (at admin/people/permissions).

from angular-drupal.

I'll try it out next week, but if I recall correctly that was something I already tried out. Will keep u posted.

EDIT: Tested out the permissions as proposed, the 403 Patch forbidden on field name appeared again.
So I guess just deleting these entities before saving is the only option for now.

from angular-drupal.