// Allow anybody access because "view" and "view label" access are checked
// in the controller.
$collection_route->
setRequirement('_access', 'TRUE'
);
$routes->
add(static::
getRouteName($resource_type, 'collection'
),
$collection_route);
} // Creation route.
if ($resource_type->
isMutable()) { $collection_create_route =
new Route("/{
$resource_type->
getPath()}"
);
$collection_create_route->
addDefaults([RouteObjectInterface::CONTROLLER_NAME =>
static::CONTROLLER_SERVICE_NAME . ':createIndividual'
]);
$collection_create_route->
setMethods(['POST'
]);
$create_requirement =
sprintf("%s:%s",
$resource_type->
getEntityTypeId(),
$resource_type->
getBundle());
$collection_create_route->
setRequirement('_entity_create_access',
$create_requirement);
$collection_create_route->
setRequirement('_csrf_request_header_token', 'TRUE'
);
$routes->
add(static::
getRouteName($resource_type, 'collection.post'
),
$collection_create_route);
} // Individual routes like `/jsonapi/node/article/{uuid}` or
// `/jsonapi/node/article/{uuid}/relationships/uid`.
$routes->
addCollection(static::
getIndividualRoutesForResourceType($resource_type));
// Add the resource type as a parameter to every resource route.
foreach ($routes as $route) {