Routing & Permissions¶

The Modeler API dynamically generates routes and permissions for each registered Model Owner and Modeler plugin.

Dynamic route generation¶

Routes are generated by Drupal\modeler_api\Routing\Routes::routes(), which is registered as a route_callback in modeler_api.routing.yml:

route_callbacks:
  - '\Drupal\modeler_api\Routing\Routes::routes'

Generated routes per Model Owner¶

For each Model Owner plugin with a non-null configEntityBasePath(), the following routes are generated:

Route name	Path	Purpose
`modeler_api.{owner}.collection`	`/{basePath}`	Model listing
`modeler_api.{owner}.settings`	`/{basePath}/settings`	Owner-specific settings
`modeler_api.{owner}.add`	`/{basePath}/add`	Add model form
`modeler_api.{owner}.edit`	`/{basePath}/{id}/edit`	Edit form
`modeler_api.{owner}.delete`	`/{basePath}/{id}/delete`	Delete confirmation
`modeler_api.{owner}.enable`	`/{basePath}/{id}/enable`	Enable model
`modeler_api.{owner}.disable`	`/{basePath}/{id}/disable`	Disable model
`modeler_api.{owner}.clone`	`/{basePath}/{id}/clone`	Clone model
`modeler_api.{owner}.export`	`/{basePath}/{id}/export`	Export as archive
`modeler_api.{owner}.export_recipe`	`/{basePath}/{id}/export_recipe`	Export as Drupal recipe
`modeler_api.{owner}.import`	`/{basePath}/import`	Import form

Modeler-specific routes¶

For each Modeler plugin, additional routes are created:

Route name	Path	Purpose
`modeler_api.{owner}.add.{modeler}`	`/{basePath}/add/{modeler}`	Add with specific modeler
`modeler_api.{owner}.edit_with.{modeler}`	`/{basePath}/{id}/edit_with/{modeler}`	Edit with specific modeler
`modeler_api.{owner}.view_with.{modeler}`	`/{basePath}/{id}/view_with/{modeler}`	View with specific modeler

Static routes¶

Static routes defined in modeler_api.routing.yml:

Route name	Path	Method	Purpose
`modeler_api.settings`	`/admin/config/workflow/modeler_api`	GET	Global settings form
`modeler_api.apply_template`	`/system/modeler_api/apply_template`	POST	Apply templates to model elements

The apply_template route is CSRF-protected via _csrf_request_header_token and accepts a JSON body containing an array of template application requests. See Architecture: Template token system for details.

The module uses plugin derivers to generate admin UI elements:

Menu links (`ModelerApiMenuLink`)¶

Parent: system.admin_config_workflow
Generates a menu link for each Model Owner's collection page.
Generates import and settings sub-links when applicable.

Local tasks (`ModelerApiLocalTask`)¶

Generates tab links for Models / Import / Settings per Model Owner.

Local actions (`ModelerApiLocalAction`)¶

Generates "Add new model" action links on collection pages.
When multiple modelers are available, generates separate "Add with {modeler}" actions.
Integrates with config_translation if available.

Permission system¶

Permissions are generated dynamically by Drupal\modeler_api\ModelerApiPermissions::permissions(), registered in modeler_api.permissions.yml:

administer modeler_api:
  title: 'Administer Modeler API'

permission_callbacks:
  - \Drupal\modeler_api\ModelerApiPermissions::permissions

Static permissions¶

Permission	Description
`administer modeler_api`	Full administrative access

Per-owner permissions¶

For each Model Owner, the following permissions are generated:

Permission pattern	Description
`administer {owner_id}`	Full admin for this owner
`{owner_id} collection`	View the model listing
`edit {owner_id}`	Edit models
`delete {owner_id}`	Delete models
`view {owner_id}`	View models
`edit {owner_id} metadata`	Edit model metadata (label, tags, etc.)
`switch {owner_id} context`	Switch between contexts
`test {owner_id}`	Run model tests
`replay {owner_id}`	Access replay data
`create {owner_id} template`	Create model templates
`edit {owner_id} template`	Edit model templates

Per-modeler permissions¶

For each Modeler plugin, the following permissions are generated:

Permission pattern	Description
`edit with {modeler_id}`	Edit models using this modeler
`view with {modeler_id}`	View models using this modeler

Access control¶

Route access is checked using these permissions. The Entity\AccessControlHandler enforces:

View: requires view {owner_id} or administer {owner_id}
Edit: requires edit {owner_id} or administer {owner_id}
Delete: requires delete {owner_id} or administer {owner_id}
Modeler-specific: additionally requires edit with {modeler_id} or view with {modeler_id}

Parameter converter¶

The ModelerApiConverter service is tagged as a paramconverter and handles upcasting of route parameters for the dynamically generated routes. It matches parameters where the provider is modeler_api.

Controller¶

The Drupal\modeler_api\Controller\ModelerApi class handles the following controller-based routes:

Method	Purpose
`add()`	Add model form (with modeler selection)
`edit()`	Edit model in modeler
`view()`	View model read-only
`save()`	AJAX save endpoint
`enable()`	Enable model
`disable()`	Disable model
`cloneModel()`	Clone model
`exportModel()`	Export model archive
`configForm()`	AJAX config form for components
`loadReplayData()`	Load replay data for component
`testModel()`	Start or poll test job