public function post(EntityInterface
$entity = NULL
) { if ($entity == NULL
) { throw new BadRequestHttpException('No entity content received.'
);
} $entity_access =
$entity->
access('create', NULL, TRUE
);
if (!
$entity_access->
isAllowed()) { throw new AccessDeniedHttpException($entity_access->
getReason() ?:
$this->
generateFallbackAccessDeniedMessage($entity, 'create'
));
} $definition =
$this->
getPluginDefinition();
// Verify that the deserialized entity is of the type that we expect to
// prevent security issues.
if ($entity->
getEntityTypeId() !=
$definition['entity_type'
]) { throw new BadRequestHttpException('Invalid entity type'
);
} // POSTed entities must not have an ID set, because we always want to create
// new entities here.
if (!
$entity->
isNew()) { throw new BadRequestHttpException('Only new entities can be created'
);
}