Skip to content
This repository has been archived by the owner on Apr 4, 2020. It is now read-only.

Added User Meta Endpoints #3

Merged
merged 11 commits into from
Feb 25, 2016
Merged

Added User Meta Endpoints #3

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
d75b058
Added User Meta Endpoints
kjbenk Feb 22, 2016
561af3c
Fixed Permissions Check
kjbenk Feb 23, 2016
577117c
Added Unit Tests
kjbenk Feb 23, 2016
4ed1829
Fixed User Authentication Bug
kjbenk Feb 23, 2016
cf8a2d4
Added More Unit Tests
kjbenk Feb 23, 2016
ae64817
Removed references to posts
kjbenk Feb 23, 2016
b89e515
Added Support for Multisite
kjbenk Feb 23, 2016
7521a83
Removed Whitespace
kjbenk Feb 23, 2016
75f9209
Added User Meta Unit Test
kjbenk Feb 23, 2016
0d73db6
Fixed Line Indent
kjbenk Feb 23, 2016
f1a9a7c
Improved code readability
kjbenk Feb 24, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
113 changes: 113 additions & 0 deletions lib/class-wp-rest-meta-users-controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
<?php

class WP_REST_Meta_Users_Controller extends WP_REST_Meta_Controller {

/**
* Associated object type.
*
* @var string "user"
*/
protected $parent_type = 'user';

/**
* Base path for parent meta type endpoints.
*
* @var string "users"
*/
protected $parent_base = 'users';

/**
* User controller class object.
*
* @var WP_REST_Users_Controller
*/
protected $parent_controller;

public function __construct() {
$this->parent_controller = new WP_REST_Users_Controller();
$this->namespace = 'wp/v2';
$this->rest_base = 'meta';
}

/**
* Check if a given request has access to get meta for a user.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function get_items_permissions_check( $request ) {
$parent = get_user_by( 'id', (int) $request['parent_id'] );
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we rename this variable to $user? $parent doesn't make sense as a variable in this context.


if ( empty( $parent ) || empty( $parent->ID ) ) {
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user id.' ), array( 'status' => 404 ) );
}

/* @todo Add a new check to read user

if ( ! $this->parent_controller->check_read_permission( $parent ) ) {
return new WP_Error( 'rest_forbidden', __( 'Sorry, you cannot view this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
*/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you remove this commented code?


if ( ! current_user_can( 'edit_user', $parent->ID ) ) {
return new WP_Error( 'rest_forbidden', __( 'Sorry, you cannot view the meta for this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}

/**
* Check if a given request has access to get a specific meta entry for a user.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function get_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request );
}

/**
* Check if a given request has access to create a meta entry for a user.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function create_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request );
}

/**
* Check if a given request has access to update a meta entry for a user.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function update_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request );
}

/**
* Check if a given request has access to delete meta for a user.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function delete_item_permissions_check( $request ) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same two comments from get_items_permissions_check are applicable here.

$parent = get_user_by( 'id', (int) $request['parent_id'] );

if ( empty( $parent ) || empty( $parent->ID ) ) {
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user id.' ), array( 'status' => 404 ) );
}

/* @todo Add a new check to read user

if ( ! $this->parent_controller->check_read_permission( $parent ) ) {
return new WP_Error( 'rest_forbidden', __( 'Sorry, you cannot view this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
*/

if ( ! current_user_can( 'delete_user', $parent->ID ) ) {
return new WP_Error( 'rest_forbidden', __( 'Sorry, you cannot delete the meta for this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
}
8 changes: 8 additions & 0 deletions plugin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,20 @@ function meta_rest_api_init() {
require_once dirname( __FILE__ ) . '/lib/class-wp-rest-meta-posts-controller.php';
}

if ( class_exists( 'WP_REST_Controller' )
&& ! class_exists( 'WP_REST_Meta_Users_Controller' ) ) {
require_once dirname( __FILE__ ) . '/lib/class-wp-rest-meta-users-controller.php';
}

foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
if ( post_type_supports( $post_type->name, 'custom-fields' ) ) {
$meta_controller = new WP_REST_Meta_Posts_Controller( $post_type->name );
$meta_controller->register_routes();
}
}

$user_meta_controller = new WP_REST_Meta_Users_Controller();
$user_meta_controller->register_routes();
}

add_action( 'rest_api_init', 'meta_rest_api_init', 11 );
Loading