Skip to content

Routing & Permissions

The Modeler API dynamically generates routes and permissions for each registered Model Owner and Modeler plugin.

Dynamic route generation

Routes are generated by Drupal\modeler_api\Routing\Routes::routes(), which is registered as a route_callback in modeler_api.routing.yml:

route_callbacks:
  - '\Drupal\modeler_api\Routing\Routes::routes'

Generated routes per Model Owner

For each Model Owner plugin with a non-null configEntityBasePath(), the following routes are generated:

Route name Path Purpose
modeler_api.{owner}.collection /{basePath} Model listing
modeler_api.{owner}.settings /{basePath}/settings Owner-specific settings
modeler_api.{owner}.add /{basePath}/add Add model form
modeler_api.{owner}.edit /{basePath}/{id}/edit Edit form
modeler_api.{owner}.delete /{basePath}/{id}/delete Delete confirmation
modeler_api.{owner}.enable /{basePath}/{id}/enable Enable model
modeler_api.{owner}.disable /{basePath}/{id}/disable Disable model
modeler_api.{owner}.clone /{basePath}/{id}/clone Clone model
modeler_api.{owner}.export /{basePath}/{id}/export Export as archive
modeler_api.{owner}.export_recipe /{basePath}/{id}/export_recipe Export as Drupal recipe
modeler_api.{owner}.import /{basePath}/import Import form

Modeler-specific routes

For each Modeler plugin, additional routes are created:

Route name Path Purpose
modeler_api.{owner}.add.{modeler} /{basePath}/add/{modeler} Add with specific modeler
modeler_api.{owner}.edit_with.{modeler} /{basePath}/{id}/edit_with/{modeler} Edit with specific modeler
modeler_api.{owner}.view_with.{modeler} /{basePath}/{id}/view_with/{modeler} View with specific modeler

Static routes

Static routes defined in modeler_api.routing.yml:

Route name Path Method Purpose
modeler_api.settings /admin/config/workflow/modeler_api GET Global settings form
modeler_api.apply_template /system/modeler_api/apply_template POST Apply templates to model elements

The apply_template route is CSRF-protected via _csrf_request_header_token and accepts a JSON body containing an array of template application requests. See Architecture: Template token system for details.

The module uses plugin derivers to generate admin UI elements:

  • Parent: system.admin_config_workflow
  • Generates a menu link for each Model Owner's collection page.
  • Generates import and settings sub-links when applicable.

Local tasks (ModelerApiLocalTask)

  • Generates tab links for Models / Import / Settings per Model Owner.

Local actions (ModelerApiLocalAction)

  • Generates "Add new model" action links on collection pages.
  • When multiple modelers are available, generates separate "Add with {modeler}" actions.
  • Integrates with config_translation if available.

Permission system

Permissions are generated dynamically by Drupal\modeler_api\ModelerApiPermissions::permissions(), registered in modeler_api.permissions.yml:

administer modeler_api:
  title: 'Administer Modeler API'

permission_callbacks:
  - \Drupal\modeler_api\ModelerApiPermissions::permissions

Static permissions

Permission Description
administer modeler_api Full administrative access

Per-owner permissions

For each Model Owner, the following permissions are generated:

Permission pattern Description
administer {owner_id} Full admin for this owner
{owner_id} collection View the model listing
edit {owner_id} Edit models
delete {owner_id} Delete models
view {owner_id} View models
edit {owner_id} metadata Edit model metadata (label, tags, etc.)
switch {owner_id} context Switch between contexts
test {owner_id} Run model tests
replay {owner_id} Access replay data
create {owner_id} template Create model templates
edit {owner_id} template Edit model templates

Per-modeler permissions

For each Modeler plugin, the following permissions are generated:

Permission pattern Description
edit with {modeler_id} Edit models using this modeler
view with {modeler_id} View models using this modeler

Access control

Route access is checked using these permissions. The Entity\AccessControlHandler enforces:

  • View: requires view {owner_id} or administer {owner_id}
  • Edit: requires edit {owner_id} or administer {owner_id}
  • Delete: requires delete {owner_id} or administer {owner_id}
  • Modeler-specific: additionally requires edit with {modeler_id} or view with {modeler_id}

Parameter converter

The ModelerApiConverter service is tagged as a paramconverter and handles upcasting of route parameters for the dynamically generated routes. It matches parameters where the provider is modeler_api.

Controller

The Drupal\modeler_api\Controller\ModelerApi class handles the following controller-based routes:

Method Purpose
add() Add model form (with modeler selection)
edit() Edit model in modeler
view() View model read-only
save() AJAX save endpoint
enable() Enable model
disable() Disable model
cloneModel() Clone model
exportModel() Export model archive
configForm() AJAX config form for components
loadReplayData() Load replay data for component
testModel() Start or poll test job