Skip to content
This repository has been archived by the owner on Apr 4, 2020. It is now read-only.

Added: Comment Meta Endpoints #7

Merged
merged 5 commits into from
Feb 26, 2016
Merged

Added: Comment Meta Endpoints #7

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fe6d58b
Added Comment Meta Endpoints
kjbenk Feb 24, 2016
e4c16be
Fixed Permissions Check and Unit Tests
kjbenk Feb 25, 2016
5f7992d
Merge remote-tracking branch 'WP-API/master' into add/comment-meta-en…
kjbenk Feb 25, 2016
83d5c56
Merge remote-tracking branch 'WP-API/master' into add/comment-meta-en…
kjbenk Feb 25, 2016
f68134f
Updated `delete_item_permissions_check`
kjbenk Feb 26, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 100 additions & 0 deletions lib/class-wp-rest-meta-comments-controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
<?php

class WP_REST_Meta_Comments_Controller extends WP_REST_Meta_Controller {
/**
* Associated object type.
*
* @var string Type "comment"
*/
protected $parent_type = 'comment';

/**
* Associated comment controller class object.
*
* @var WP_REST_Comments_Controller
*/
protected $parent_controller;

/**
* Base path for parent meta type endpoints.
*
* @var string "comments"
*/
protected $parent_base = 'comments';

public function __construct() {
$this->parent_controller = new WP_REST_Comments_Controller();
$this->namespace = 'wp/v2';
$this->rest_base = 'meta';
}

/**
* Check if a given request has access to get meta for a comment.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function get_items_permissions_check( $request ) {
$comment_id = (int) $request['parent_id'];
$comment = get_comment( $comment_id );

if ( empty( $comment ) || empty( $comment->comment_ID ) ) {
return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment id.' ), array( 'status' => 404 ) );
}

if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) {
return new WP_Error( 'rest_forbidden', __( 'Sorry, you cannot view the meta for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}

/**
* Check if a given request has access to get a specific meta entry for a comment.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function get_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request );
}

/**
* Check if a given request has access to create a meta entry for a comment.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function create_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request );
}

/**
* Check if a given request has access to update a meta entry for a comment.
*
* @param WP_REST_Request $request Full data about the request.
* @return WP_Error|boolean
*/
public function update_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request );
}

/**
* Check if a given request has access to delete meta for a comment.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function delete_item_permissions_check( $request ) {
$comment_id = (int) $request['parent_id'];
$comment = get_comment( $comment_id );

if ( empty( $comment ) || empty( $comment->comment_ID ) ) {
return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment id.' ), array( 'status' => 404 ) );
}

if ( ! current_user_can( 'moderate_comments' ) ) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, I'd think this check should be edit_comment again, no?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe since the edit_comment cap is used when trying to delete a comment anyways.

https://github.com/WordPress/WordPress/blob/06225cc394ee72035b3afa6ef380b847f1e98912/wp-admin/comment.php#L89

return new WP_Error( 'rest_forbidden', __( 'Sorry, you cannot delete the meta for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
}
13 changes: 12 additions & 1 deletion lib/class-wp-rest-meta-controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,18 @@ protected function get_id_column() {
* @return string
*/
protected function get_parent_column() {
return ( 'user' === $this->parent_type ) ? 'user_id' : 'post_id';
$parent_column = 'post_id';

switch ( $this->parent_type ) {
case 'user':
return 'user_id';
case 'comment':
return 'comment_id';
default:
return $parent_column;
}

return $parent_column;
}

/**
Expand Down
8 changes: 8 additions & 0 deletions plugin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,11 @@ function meta_rest_api_init() {
require_once dirname( __FILE__ ) . '/lib/class-wp-rest-meta-users-controller.php';
}

if ( class_exists( 'WP_REST_Controller' )
&& ! class_exists( 'WP_REST_Meta_Comments_Controller' ) ) {
require_once dirname( __FILE__ ) . '/lib/class-wp-rest-meta-comments-controller.php';
}

foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
if ( post_type_supports( $post_type->name, 'custom-fields' ) ) {
$meta_controller = new WP_REST_Meta_Posts_Controller( $post_type->name );
Expand All @@ -35,6 +40,9 @@ function meta_rest_api_init() {

$user_meta_controller = new WP_REST_Meta_Users_Controller();
$user_meta_controller->register_routes();

$comment_meta_controller = new WP_REST_Meta_Comments_Controller();
$comment_meta_controller->register_routes();
}

add_action( 'rest_api_init', 'meta_rest_api_init', 11 );
Loading