Make WordPress Core

Changeset 38968


Ignore:
Timestamp:
10/26/2016 09:36:29 PM (8 years ago)
Author:
rachelbaker
Message:

REST API: Remove experimental filter wrapper parameter from the Posts Controller class.

Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the filter param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.

Props websupporter, rachelbaker.
Fixes #38378.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

    r38911 r38968  
    112112
    113113        // Make sure a search string is set in case the orderby is set to 'relevance'.
    114         if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) && empty( $request['filter']['s'] ) ) {
     114        if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) {
    115115            return new WP_Error( 'rest_no_search_term_defined', __( 'You need to define a search term to order by relevance.' ), array( 'status' => 400 ) );
    116116        }
     
    162162        }
    163163
    164         if ( isset( $registered['filter'] ) && is_array( $request['filter'] ) ) {
    165             $args = array_merge( $args, $request['filter'] );
    166             unset( $args['filter'] );
    167         }
    168 
    169164        // Ensure our per_page parameter overrides any provided posts_per_page filter.
    170165        if ( isset( $registered['per_page'] ) ) {
     
    270265        }
    271266
    272         $max_pages = ceil( $total_posts / (int) $query_args['posts_per_page'] );
     267        $max_pages = ceil( $total_posts / (int) $posts_query->query_vars['posts_per_page'] );
    273268
    274269        $response = rest_ensure_response( $posts );
     
    277272
    278273        $request_params = $request->get_query_params();
    279         if ( ! empty( $request_params['filter'] ) ) {
    280             // Normalize the pagination params.
    281             unset( $request_params['filter']['posts_per_page'], $request_params['filter']['paged'] );
    282         }
    283274        $base = add_query_arg( $request_params, rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
    284275
     
    19111902            'validate_callback' => array( $this, 'validate_user_can_query_private_statuses' ),
    19121903        );
    1913         $params['filter'] = array(
    1914             'description'       => __( 'Use WP Query arguments to modify the response; private query vars require appropriate authorization.' ),
    1915         );
    19161904
    19171905        $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
  • trunk/tests/phpunit/tests/rest-api/rest-attachments-controller.php

    r38917 r38968  
    125125            'context',
    126126            'exclude',
    127             'filter',
    128127            'include',
    129128            'media_type',
  • trunk/tests/phpunit/tests/rest-api/rest-pages-controller.php

    r38832 r38968  
    6060            'context',
    6161            'exclude',
    62             'filter',
    6362            'include',
    6463            'menu_order',
     
    180179        $draft_id = $this->factory->post->create( array( 'post_status' => 'draft', 'post_type' => 'page' ) );
    181180        $request = new WP_REST_Request( 'GET', '/wp/v2/pages' );
    182         $request->set_param( 'filter', array( 'post_status' => 'draft' ) );
    183         $response = $this->server->dispatch( $request );
    184         $data = $response->get_data();
    185         $this->assertCount( 1, $data );
    186         $this->assertEquals( $page_id, $data[0]['id'] );
     181        $request->set_param( 'status', 'draft' );
     182        $response = $this->server->dispatch( $request );
     183        $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
     184
    187185        // But they are accessible to authorized users
    188186        wp_set_current_user( $this->editor_id );
  • trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php

    r38911 r38968  
    6868            'context',
    6969            'exclude',
    70             'filter',
    7170            'include',
    7271            'offset',
     
    9897        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
    9998        $request->set_query_params( array(
    100             'filter' => array( 'year' => 2008 ),
    101         ) );
    102         $response = $this->server->dispatch( $request );
    103         $this->assertEquals( array(), $response->get_data() );
     99            'author' => REST_TESTS_IMPOSSIBLY_HIGH_NUMBER,
     100        ) );
     101        $response = $this->server->dispatch( $request );
     102
     103        $this->assertEmpty( $response->get_data() );
    104104        $this->assertEquals( 200, $response->get_status() );
    105105    }
     
    310310        // Permit stickies
    311311        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
    312         $request->set_param( 'filter', array( 'ignore_sticky_posts' => false ) );
     312        $request->set_param( 'ignore_sticky_posts', false );
    313313        $response = $this->server->dispatch( $request );
    314314        $data = $response->get_data();
     
    577577    }
    578578
    579     public function test_get_items_private_filter_query_var() {
     579    public function test_get_items_private_status_query_var() {
    580580        // Private query vars inaccessible to unauthorized users
    581581        wp_set_current_user( 0 );
    582582        $draft_id = $this->factory->post->create( array( 'post_status' => 'draft' ) );
    583583        $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
    584         $request->set_param( 'filter', array( 'post_status' => 'draft' ) );
    585         $response = $this->server->dispatch( $request );
    586         $data = $response->get_data();
    587         $this->assertCount( 1, $data );
    588         $this->assertEquals( $this->post_id, $data[0]['id'] );
     584        $request->set_param( 'status', 'draft' );
     585        $response = $this->server->dispatch( $request );
     586        $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
     587
    589588        // But they are accessible to authorized users
    590589        wp_set_current_user( $this->editor_id );
     
    600599        $response = $this->server->dispatch( $request );
    601600        $this->assertErrorResponse( 'rest_invalid_param', $response, 400 );
    602     }
    603 
    604     public function test_get_items_invalid_posts_per_page_ignored() {
    605         // This test ensures that filter[posts_per_page] is ignored, and that -1
    606         // cannot be used to sidestep per_page's valid range to retrieve all posts
    607         for ( $i = 0; $i < 20; $i++ ) {
    608             $this->factory->post->create( array( 'post_status' => 'publish' ) );
    609         }
    610         $request = new WP_REST_Request( 'GET', '/wp/v2/posts' );
    611         $request->set_query_params( array( 'filter' => array( 'posts_per_page' => -1 ) ) );
    612         $response = $this->server->dispatch( $request );
    613         $this->assertCount( 10, $response->get_data() );
    614601    }
    615602
Note: See TracChangeset for help on using the changeset viewer.