Make WordPress Core


Ignore:
Timestamp:
11/03/2016 01:45:48 AM (8 years ago)
Author:
joehoyle
Message:

REST API: Support querying for multiple post statuses.

Multiple post statuses can be specified by the usual CSV or array-propper format.

Props jnylen0, kadamwhite, websupporter.
Fixes #38420.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

    r39093 r39104  
    21212121        $params['status'] = array(
    21222122            'default'           => 'publish',
    2123             'description'       => __( 'Limit result set to posts assigned a specific status; can be comma-delimited list of status types.' ),
    2124             'enum'              => array_merge( array_keys( get_post_stati() ), array( 'any' ) ),
    2125             'sanitize_callback' => 'sanitize_key',
    2126             'type'              => 'string',
    2127             'validate_callback' => array( $this, 'validate_user_can_query_private_statuses' ),
     2123            'description'       => __( 'Limit result set to posts assigned one or more statuses.' ),
     2124            'type'              => 'array',
     2125            'items'             => array(
     2126                'enum'          => array_merge( array_keys( get_post_stati() ), array( 'any' ) ),
     2127                'type'          => 'string',
     2128            ),
     2129            'sanitize_callback' => array( $this, 'sanitize_post_statuses' ),
    21282130        );
    21292131
     
    21532155
    21542156    /**
    2155      * Validates whether the user can query private statuses.
     2157     * Sanitizes and validates the list of post statuses, including whether the
     2158     * user can query private statuses.
    21562159     *
    21572160     * @since 4.7.0
    21582161     * @access public
    21592162     *
    2160      * @param  mixed           $value     Post status.
     2163     * @param  string|array    $statuses  One or more post statuses.
    21612164     * @param  WP_REST_Request $request   Full details about the request.
    21622165     * @param  string          $parameter Additional parameter to pass to validation.
    2163      * @return bool|WP_Error Whether the request can query private statuses, otherwise WP_Error object.
    2164      */
    2165     public function validate_user_can_query_private_statuses( $value, $request, $parameter ) {
    2166         if ( 'publish' === $value ) {
    2167             return rest_validate_request_arg( $value, $request, $parameter );
    2168         }
    2169 
    2170         $post_type_obj = get_post_type_object( $this->post_type );
    2171 
    2172         if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
    2173             return rest_validate_request_arg( $value, $request, $parameter );
    2174         }
    2175 
    2176         return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );
     2166     * @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
     2167     */
     2168    public function sanitize_post_statuses( $statuses, $request, $parameter ) {
     2169        $statuses = wp_parse_slug_list( $statuses );
     2170
     2171        // The default status is different in WP_REST_Attachments_Controller
     2172        $attributes = $request->get_attributes();
     2173        $default_status = $attributes['args']['status']['default'];
     2174
     2175        foreach ( $statuses as $status ) {
     2176            if ( $status === $default_status ) {
     2177                continue;
     2178            }
     2179
     2180            $post_type_obj = get_post_type_object( $this->post_type );
     2181
     2182            if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
     2183                $result = rest_validate_request_arg( $status, $request, $parameter );
     2184                if ( is_wp_error( $result ) ) {
     2185                    return $result;
     2186                }
     2187            } else {
     2188                return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) );
     2189            }
     2190        }
     2191
     2192        return $statuses;
    21772193    }
    21782194}
Note: See TracChangeset for help on using the changeset viewer.