Ticket #18425: wp.editUser.2.patch

wp-includes/class-wp-xmlrpc-server.php

@@ -64 +64 @@
                         'wp.getMediaItem'               => 'this:wp_getMediaItem',
                         'wp.getMediaLibrary'    => 'this:wp_getMediaLibrary',
                         'wp.getPostFormats'     => 'this:wp_getPostFormats',
+                        'wp.editUser'                   => 'this:wp_editUser',
 
                         // Blogger API
                         'blogger.getUsersBlogs' => 'this:blogger_getUsersBlogs',
@@ -1702 +1703 @@
                 return $formats;
         }
 
+        /**
+         * Edit a new user
+         *
+         * @uses wp_update_user()
+         * @param array $args Method parameters. Contains:
+         *  - int     $blog_id
+         *  - string  $username
+         *  - string  $password
+         *  - int     $user_id
+         *  - array   $content_struct.
+         *      It can optionally contain:
+         *      - 'email'
+         *      - 'first_name'
+         *      - 'last_name'
+         *      - 'website'
+         *      - 'role'
+         *      - 'nickname'
+         *      - 'usernicename'
+         *      - 'bio'
+         *      - 'usercontacts'
+         *      - 'password'
+         *  - boolean $send_mail optional. Defaults to false
+         * @return int user_id
+         */
+        function wp_editUser( $args ) {
+                $this->escape( $args );
+
+                $blog_id        = (int) $args[0];
+                $username       = $args[1];
+                $password       = $args[2];
+                $user_id        = (int) $args[3];
+                $content_struct = $args[4];
+
+                if ( ! $user = $this->login( $username, $password ) )
+                        return $this->error;
+
+                do_action( 'xmlrpc_call', 'wp.editUser' );
+
+                $user_info = get_userdata( $user_id );
+
+                if( ! $user_info )
+                        return new IXR_Error( 404, __( 'Invalid user ID.' ) );
+
+                if( ! ( $user_id == $user->ID || current_user_can( 'edit_users' ) ) )
+                        return new IXR_Error(401, __( 'Sorry, you cannot edit this user.' ) );
+
+                // holds data of the user
+                $user_data = array();
+                $user_data['ID'] = $user_id;
+
+                if ( isset( $content_struct['username'] ) && $content_struct['username'] !== $user_info->user_login )
+                        return new IXR_Error( 401, __( 'Username cannot be changed.' ) );
+
+                if ( isset( $content_struct['email'] ) ) {
+                        if( ! is_email( $content_struct['email'] ) )
+                                return new IXR_Error( 403, __( 'This email address is not valid.' ) );
+
+                        // check whether it is already registered
+                        if( $content_struct['email'] !== $user_info->user_email && email_exists( $content_struct['email'] ) )
+                                return new IXR_Error( 403, __( 'This email address is already registered.' ) );
+
+                        $user_data['user_email'] = $content_struct['email'];
+                }
+
+                if( isset ( $content_struct['role'] ) ) {
+                        if ( ! current_user_can( 'edit_users' ) )
+                                return new IXR_Error( 401, __( 'You are not allowed to change roles for this user.' ) );
+
+                        if ( get_role( $content_struct['role'] ) === null )
+                                return new IXR_Error( 403, __( 'The role specified is not valid' ) );
+
+                        $user_data['role'] = $content_struct['role'];
+                }
+
+                // only set the user details if it was given
+                if ( isset( $content_struct['first_name'] ) )
+                        $user_data['first_name'] = $content_struct['first_name'];
+
+                if ( isset( $content_struct['last_name'] ) )
+                        $user_data['last_name'] = $content_struct['last_name'];
+
+                if ( isset( $content_struct['website'] ) )
+                        $user_data['user_url'] = $content_struct['url'];
+
+                if ( isset( $content_struct['nickname'] ) )
+                        $user_data['nickname'] = $content_struct['nickname'];
+
+                if ( isset( $content_struct['usernicename'] ) )
+                        $user_data['user_nicename'] = $content_struct['nicename'];
+
+                if ( isset( $content_struct['bio'] ) )
+                        $user_data['description'] = $content_struct['bio'];
+
+                if( isset ( $content_struct['user_contacts'] ) ) {
+                        $user_contacts = _wp_get_user_contactmethods( $user_data );
+                        foreach( $content_struct['user_contacts'] as $key => $value ) {
+                                if( ! array_key_exists( $key, $user_contacts ) )
+                                        return new IXR_Error( 403, __( 'One of the contact method specified is not valid' ) );
+
+                                $user_data[ $key ] = $value;
+                        }
+                }
+
+                if( isset ( $content_struct['password'] ) )
+                        $user_data['user_pass'] = $content_struct['password'];
+
+                $result = wp_update_user( $user_data );
+
+                if ( is_wp_error( $result ) )
+                        return new IXR_Error( 500, $result->get_error_message() );
+
+                if ( ! $result )
+                        return new IXR_Error( 500, __( 'Sorry, the user cannot be updated. Something wrong happened.' ) );
+
+                return $result;
+        }
+
         /* Blogger API functions.
          * specs on http://plant.blogger.com/api and http://groups.yahoo.com/group/bloggerDev/
          */