Changeset 39954
- Timestamp:
- 01/26/2017 01:38:27 PM (8 years ago)
- Location:
- trunk
- Files:
-
- 13 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api.php
r39923 r39954 47 47 } 48 48 49 if ( isset( $args['args'] ) ) { 50 $common_args = $args['args']; 51 unset( $args['args'] ); 52 } else { 53 $common_args = array(); 54 } 55 49 56 if ( isset( $args['callback'] ) ) { 50 57 // Upgrade a single set to multiple. … … 58 65 ); 59 66 foreach ( $args as $key => &$arg_group ) { 60 if ( ! is_numeric( $ arg_group) ) {67 if ( ! is_numeric( $key ) ) { 61 68 // Route option, skip here. 62 69 continue; … … 64 71 65 72 $arg_group = array_merge( $defaults, $arg_group ); 73 $arg_group['args'] = array_merge( $common_args, $arg_group['args'] ); 66 74 } 67 75 -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
r39922 r39954 64 64 65 65 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 66 'args' => array( 67 'id' => array( 68 'description' => __( 'Unique identifier for the object.' ), 69 'type' => 'integer', 70 ), 71 ), 66 72 array( 67 73 'methods' => WP_REST_Server::READABLE, … … 301 307 302 308 /** 309 * Get the comment, if the ID is valid. 310 * 311 * @since 4.7.2 312 * 313 * @param int $id Supplied ID. 314 * @return WP_Comment|WP_Error Comment object if ID is valid, WP_Error otherwise. 315 */ 316 protected function get_comment( $id ) { 317 $error = new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 318 if ( (int) $id <= 0 ) { 319 return $error; 320 } 321 322 $id = (int) $id; 323 $comment = get_comment( $id ); 324 if ( empty( $comment ) ) { 325 return $error; 326 } 327 328 if ( ! empty( $comment->comment_post_ID ) ) { 329 $post = get_post( (int) $comment->comment_post_ID ); 330 if ( empty( $post ) ) { 331 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 332 } 333 } 334 335 return $comment; 336 } 337 338 /** 303 339 * Checks if a given request has access to read the comment. 304 340 * … … 310 346 */ 311 347 public function get_item_permissions_check( $request ) { 312 $id = (int) $request['id']; 313 314 $comment = get_comment( $id ); 315 316 if ( ! $comment ) { 317 return true; 348 $comment = $this->get_comment( $request['id'] ); 349 if ( is_wp_error( $comment ) ) { 350 return $comment; 318 351 } 319 352 … … 345 378 */ 346 379 public function get_item( $request ) { 347 $id = (int) $request['id']; 348 349 $comment = get_comment( $id ); 350 if ( empty( $comment ) ) { 351 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 352 } 353 354 if ( ! empty( $comment->comment_post_ID ) ) { 355 $post = get_post( $comment->comment_post_ID ); 356 if ( empty( $post ) ) { 357 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 358 } 380 $comment = $this->get_comment( $request['id'] ); 381 if ( is_wp_error( $comment ) ) { 382 return $comment; 359 383 } 360 384 … … 631 655 */ 632 656 public function update_item_permissions_check( $request ) { 633 634 $id = (int) $request['id'];635 636 $comment = get_comment( $id );637 638 if ( $comment &&! $this->check_edit_permission( $comment ) ) {657 $comment = $this->get_comment( $request['id'] ); 658 if ( is_wp_error( $comment ) ) { 659 return $comment; 660 } 661 662 if ( ! $this->check_edit_permission( $comment ) ) { 639 663 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) ); 640 664 } … … 653 677 */ 654 678 public function update_item( $request ) { 655 $id = (int) $request['id']; 656 657 $comment = get_comment( $id ); 658 659 if ( empty( $comment ) ) { 660 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 661 } 679 $comment = $this->get_comment( $request['id'] ); 680 if ( is_wp_error( $comment ) ) { 681 return $comment; 682 } 683 684 $id = $comment->comment_ID; 662 685 663 686 if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) { … … 751 774 */ 752 775 public function delete_item_permissions_check( $request ) { 753 $id = (int) $request['id']; 754 $comment = get_comment( $id ); 755 756 if ( ! $comment ) { 757 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 776 $comment = $this->get_comment( $request['id'] ); 777 if ( is_wp_error( $comment ) ) { 778 return $comment; 758 779 } 759 780 … … 774 795 */ 775 796 public function delete_item( $request ) { 776 $id = (int) $request['id']; 797 $comment = $this->get_comment( $request['id'] ); 798 if ( is_wp_error( $comment ) ) { 799 return $comment; 800 } 801 777 802 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 778 779 $comment = get_comment( $id );780 781 if ( empty( $comment ) ) {782 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );783 }784 803 785 804 /** -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php
r39342 r39954 49 49 50 50 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<status>[\w-]+)', array( 51 'args' => array( 52 'status' => array( 53 'description' => __( 'An alphanumeric identifier for the status.' ), 54 'type' => 'string', 55 ), 56 ), 51 57 array( 52 58 'methods' => WP_REST_Server::READABLE, -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php
r39647 r39954 49 49 50 50 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<type>[\w-]+)', array( 51 'args' => array( 52 'type' => array( 53 'description' => __( 'An alphanumeric identifier for the post type.' ), 54 'type' => 'string', 55 ), 56 ), 51 57 array( 52 58 'methods' => WP_REST_Server::READABLE, -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r39671 r39954 89 89 } 90 90 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 91 'args' => array( 92 'id' => array( 93 'description' => __( 'Unique identifier for the object.' ), 94 'type' => 'integer', 95 ), 96 ), 91 97 array( 92 98 'methods' => WP_REST_Server::READABLE, … … 351 357 352 358 /** 359 * Get the post, if the ID is valid. 360 * 361 * @since 4.7.2 362 * 363 * @param int $id Supplied ID. 364 * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. 365 */ 366 protected function get_post( $id ) { 367 $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 368 if ( (int) $id <= 0 ) { 369 return $error; 370 } 371 372 $post = get_post( (int) $id ); 373 if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { 374 return $error; 375 } 376 377 return $post; 378 } 379 380 /** 353 381 * Checks if a given request has access to read a post. 354 382 * … … 360 388 */ 361 389 public function get_item_permissions_check( $request ) { 362 363 $post = get_post( (int) $request['id'] ); 390 $post = $this->get_post( $request['id'] ); 391 if ( is_wp_error( $post ) ) { 392 return $post; 393 } 364 394 365 395 if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) { … … 429 459 */ 430 460 public function get_item( $request ) { 431 $id = (int) $request['id']; 432 $post = get_post( $id ); 433 434 if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { 435 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 461 $post = $this->get_post( $request['id'] ); 462 if ( is_wp_error( $post ) ) { 463 return $post; 436 464 } 437 465 … … 440 468 441 469 if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) { 442 $response->link_header( 'alternate', get_permalink( $ id), array( 'type' => 'text/html' ) );470 $response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) ); 443 471 } 444 472 … … 456 484 */ 457 485 public function create_item_permissions_check( $request ) { 486 if ( ! empty( $request['id'] ) ) { 487 return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) ); 488 } 458 489 459 490 $post_type = get_post_type_object( $this->post_type ); … … 592 623 */ 593 624 public function update_item_permissions_check( $request ) { 594 595 $post = get_post( $request['id'] ); 625 $post = $this->get_post( $request['id'] ); 626 if ( is_wp_error( $post ) ) { 627 return $post; 628 } 629 596 630 $post_type = get_post_type_object( $this->post_type ); 597 631 … … 625 659 */ 626 660 public function update_item( $request ) { 627 $id = (int) $request['id']; 628 $post = get_post( $id ); 629 630 if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { 631 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 661 $valid_check = $this->get_post( $request['id'] ); 662 if ( is_wp_error( $valid_check ) ) { 663 return $valid_check; 632 664 } 633 665 … … 715 747 */ 716 748 public function delete_item_permissions_check( $request ) { 717 718 $post = get_post( $request['id'] ); 749 $post = $this->get_post( $request['id'] ); 750 if ( is_wp_error( $post ) ) { 751 return $post; 752 } 719 753 720 754 if ( $post && ! $this->check_delete_permission( $post ) ) { … … 735 769 */ 736 770 public function delete_item( $request ) { 737 $id = (int) $request['id']; 771 $post = $this->get_post( $request['id'] ); 772 if ( is_wp_error( $post ) ) { 773 return $post; 774 } 775 776 $id = $post->ID; 738 777 $force = (bool) $request['force']; 739 740 $post = get_post( $id );741 742 if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {743 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );744 }745 778 746 779 $supports_trash = ( EMPTY_TRASH_DAYS > 0 ); … … 902 935 // Post ID. 903 936 if ( isset( $request['id'] ) ) { 904 $prepared_post->ID = absint( $request['id'] ); 937 $existing_post = $this->get_post( $request['id'] ); 938 if ( is_wp_error( $existing_post ) ) { 939 return $existing_post; 940 } 941 942 $prepared_post->ID = $existing_post->ID; 905 943 } 906 944 -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
r39488 r39954 72 72 73 73 register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base, array( 74 'args' => array( 75 'parent' => array( 76 'description' => __( 'The ID for the parent of the object.' ), 77 'type' => 'integer', 78 ), 79 ), 74 80 array( 75 81 'methods' => WP_REST_Server::READABLE, … … 82 88 83 89 register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', array( 90 'args' => array( 91 'parent' => array( 92 'description' => __( 'The ID for the parent of the object.' ), 93 'type' => 'integer', 94 ), 95 'id' => array( 96 'description' => __( 'Unique identifier for the object.' ), 97 'type' => 'integer', 98 ), 99 ), 84 100 array( 85 101 'methods' => WP_REST_Server::READABLE, … … 108 124 109 125 /** 126 * Get the parent post, if the ID is valid. 127 * 128 * @since 4.7.2 129 * 130 * @param int $id Supplied ID. 131 * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. 132 */ 133 protected function get_parent( $parent ) { 134 $error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) ); 135 if ( (int) $parent <= 0 ) { 136 return $error; 137 } 138 139 $parent = get_post( (int) $parent ); 140 if ( empty( $parent ) || empty( $parent->ID ) || $this->parent_post_type !== $parent->post_type ) { 141 return $error; 142 } 143 144 return $parent; 145 } 146 147 /** 110 148 * Checks if a given request has access to get revisions. 111 149 * … … 117 155 */ 118 156 public function get_items_permissions_check( $request ) { 119 120 $parent = get_post( $request['parent'] );121 if ( ! $parent ) {122 return true;123 } 157 $parent = $this->get_parent( $request['parent'] ); 158 if ( is_wp_error( $parent ) ) { 159 return $parent; 160 } 161 124 162 $parent_post_type_obj = get_post_type_object( $parent->post_type ); 125 163 if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { … … 131 169 132 170 /** 171 * Get the revision, if the ID is valid. 172 * 173 * @since 4.7.2 174 * 175 * @param int $id Supplied ID. 176 * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise. 177 */ 178 protected function get_revision( $id ) { 179 $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) ); 180 if ( (int) $id <= 0 ) { 181 return $error; 182 } 183 184 $revision = get_post( (int) $id ); 185 if ( empty( $revision ) || empty( $revision->ID ) || 'revision' !== $revision->post_type ) { 186 return $error; 187 } 188 189 return $revision; 190 } 191 192 /** 133 193 * Gets a collection of revisions. 134 194 * … … 140 200 */ 141 201 public function get_items( $request ) { 142 $parent = get_post( $request['parent'] );143 if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type) {144 return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );202 $parent = $this->get_parent( $request['parent'] ); 203 if ( is_wp_error( $parent ) ) { 204 return $parent; 145 205 } 146 206 … … 178 238 */ 179 239 public function get_item( $request ) { 180 $parent = get_post( $request['parent'] );181 if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type) {182 return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );183 } 184 185 $revision = get_post( $request['id'] );186 if ( ! $revision || 'revision' !== $revision->post_type) {187 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );240 $parent = $this->get_parent( $request['parent'] ); 241 if ( is_wp_error( $parent ) ) { 242 return $parent; 243 } 244 245 $revision = $this->get_revision( $request['id'] ); 246 if ( is_wp_error( $revision ) ) { 247 return $revision; 188 248 } 189 249 … … 202 262 */ 203 263 public function delete_item_permissions_check( $request ) { 264 $parent = $this->get_parent( $request['parent'] ); 265 if ( is_wp_error( $parent ) ) { 266 return $parent; 267 } 268 269 $revision = $this->get_revision( $request['id'] ); 270 if ( is_wp_error( $revision ) ) { 271 return $revision; 272 } 204 273 205 274 $response = $this->get_items_permissions_check( $request ); … … 208 277 } 209 278 210 $post = get_post( $request['id'] );211 if ( ! $post ) {212 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );213 }214 279 $post_type = get_post_type_object( 'revision' ); 215 return current_user_can( $post_type->cap->delete_post, $ post->ID );280 return current_user_can( $post_type->cap->delete_post, $revision->ID ); 216 281 } 217 282 … … 226 291 */ 227 292 public function delete_item( $request ) { 293 $revision = $this->get_revision( $request['id'] ); 294 if ( is_wp_error( $revision ) ) { 295 return $revision; 296 } 297 228 298 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 229 299 … … 233 303 } 234 304 235 $revision = get_post( $request['id'] );236 305 $previous = $this->prepare_item_for_response( $revision, $request ); 237 306 -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php
r39342 r39954 49 49 50 50 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<taxonomy>[\w-]+)', array( 51 'args' => array( 52 'taxonomy' => array( 53 'description' => __( 'An alphanumeric identifier for the taxonomy.' ), 54 'type' => 'string', 55 ), 56 ), 51 57 array( 52 58 'methods' => WP_REST_Server::READABLE, -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r39671 r39954 97 97 98 98 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 99 'args' => array( 100 'id' => array( 101 'description' => __( 'Unique identifier for the term.' ), 102 'type' => 'integer', 103 ), 104 ), 99 105 array( 100 106 'methods' => WP_REST_Server::READABLE, … … 109 115 'callback' => array( $this, 'update_item' ), 110 116 'permission_callback' => array( $this, 'update_item_permissions_check' ), 111 'args' 117 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 112 118 ), 113 119 array( … … 289 295 290 296 /** 297 * Get the term, if the ID is valid. 298 * 299 * @since 4.7.2 300 * 301 * @param int $id Supplied ID. 302 * @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise. 303 */ 304 protected function get_term( $id ) { 305 $error = new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); 306 307 if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 308 return $error; 309 } 310 311 if ( (int) $id <= 0 ) { 312 return $error; 313 } 314 315 $term = get_term( (int) $id, $this->taxonomy ); 316 if ( empty( $term ) || $term->taxonomy !== $this->taxonomy ) { 317 return $error; 318 } 319 320 return $term; 321 } 322 323 /** 291 324 * Checks if a request has access to read or edit the specified term. 292 325 * … … 298 331 */ 299 332 public function get_item_permissions_check( $request ) { 300 $tax_obj = get_taxonomy( $this->taxonomy ); 301 if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 302 return false; 303 } 304 if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', (int) $request['id'] ) ) { 333 $term = $this->get_term( $request['id'] ); 334 if ( is_wp_error( $term ) ) { 335 return $term; 336 } 337 338 if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) { 305 339 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) ); 306 340 } … … 318 352 */ 319 353 public function get_item( $request ) { 320 321 $term = get_term( (int) $request['id'], $this->taxonomy ); 322 323 if ( ! $term || $term->taxonomy !== $this->taxonomy ) { 324 return new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); 325 } 326 354 $term = $this->get_term( $request['id'] ); 327 355 if ( is_wp_error( $term ) ) { 328 356 return $term; … … 446 474 */ 447 475 public function update_item_permissions_check( $request ) { 448 449 if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 450 return false; 451 } 452 453 $term = get_term( (int) $request['id'], $this->taxonomy ); 454 455 if ( ! $term ) { 456 return new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); 476 $term = $this->get_term( $request['id'] ); 477 if ( is_wp_error( $term ) ) { 478 return $term; 457 479 } 458 480 … … 474 496 */ 475 497 public function update_item( $request ) { 498 $term = $this->get_term( $request['id'] ); 499 if ( is_wp_error( $term ) ) { 500 return $term; 501 } 502 476 503 if ( isset( $request['parent'] ) ) { 477 504 if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) { … … 488 515 $prepared_term = $this->prepare_item_for_database( $request ); 489 516 490 $term = get_term( (int) $request['id'], $this->taxonomy );491 492 517 // Only update the term if we haz something to update. 493 518 if ( ! empty( $prepared_term ) ) { … … 499 524 } 500 525 501 $term = get_term( (int) $request['id'], $this->taxonomy );526 $term = get_term( $term->term_id, $this->taxonomy ); 502 527 503 528 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ … … 506 531 $schema = $this->get_item_schema(); 507 532 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 508 $meta_update = $this->meta->update_value( $request['meta'], (int) $request['id']);533 $meta_update = $this->meta->update_value( $request['meta'], $term->term_id ); 509 534 510 535 if ( is_wp_error( $meta_update ) ) { … … 536 561 */ 537 562 public function delete_item_permissions_check( $request ) { 538 if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 539 return false; 540 } 541 542 $term = get_term( (int) $request['id'], $this->taxonomy ); 543 544 if ( ! $term ) { 545 return new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); 563 $term = $this->get_term( $request['id'] ); 564 if ( is_wp_error( $term ) ) { 565 return $term; 546 566 } 547 567 … … 563 583 */ 564 584 public function delete_item( $request ) { 585 $term = $this->get_term( $request['id'] ); 586 if ( is_wp_error( $term ) ) { 587 return $term; 588 } 565 589 566 590 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; … … 570 594 return new WP_Error( 'rest_trash_not_supported', __( 'Terms do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) ); 571 595 } 572 573 $term = get_term( (int) $request['id'], $this->taxonomy );574 596 575 597 $request->set_param( 'context', 'view' ); -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r39843 r39954 66 66 67 67 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 68 'args' => array( 69 'id' => array( 70 'description' => __( 'Unique identifier for the user.' ), 71 'type' => 'integer', 72 ), 73 ), 68 74 array( 69 75 'methods' => WP_REST_Server::READABLE, … … 328 334 329 335 /** 336 * Get the user, if the ID is valid. 337 * 338 * @since 4.7.2 339 * 340 * @param int $id Supplied ID. 341 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 342 */ 343 protected function get_user( $id ) { 344 $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 345 if ( (int) $id <= 0 ) { 346 return $error; 347 } 348 349 $user = get_userdata( (int) $id ); 350 if ( empty( $user ) || ! $user->exists() ) { 351 return $error; 352 } 353 354 return $user; 355 } 356 357 /** 330 358 * Checks if a given request has access to read a user. 331 359 * … … 337 365 */ 338 366 public function get_item_permissions_check( $request ) { 339 340 $id = (int) $request['id']; 341 $user = get_userdata( $id ); 367 $user = $this->get_user( $request['id'] ); 368 if ( is_wp_error( $user ) ) { 369 return $user; 370 } 371 342 372 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 343 373 344 if ( empty( $id ) || empty( $user->ID ) ) { 345 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 346 } 347 348 if ( get_current_user_id() === $id ) { 374 if ( get_current_user_id() === $user->ID ) { 349 375 return true; 350 376 } … … 352 378 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 353 379 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 354 } elseif ( ! count_user_posts( $ id, $types ) && ! current_user_can( 'edit_user', $id) && ! current_user_can( 'list_users' ) ) {380 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 355 381 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 356 382 } … … 369 395 */ 370 396 public function get_item( $request ) { 371 $id = (int) $request['id']; 372 $user = get_userdata( $id ); 373 374 if ( empty( $id ) || empty( $user->ID ) ) { 375 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 397 $user = $this->get_user( $request['id'] ); 398 if ( is_wp_error( $user ) ) { 399 return $user; 376 400 } 377 401 … … 543 567 */ 544 568 public function update_item_permissions_check( $request ) { 545 546 $id = (int) $request['id']; 547 548 if ( ! current_user_can( 'edit_user', $id ) ) { 569 $user = $this->get_user( $request['id'] ); 570 if ( is_wp_error( $user ) ) { 571 return $user; 572 } 573 574 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 549 575 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 550 576 } … … 567 593 */ 568 594 public function update_item( $request ) { 569 $id = (int) $request['id']; 570 $user = get_userdata( $id ); 595 $user = $this->get_user( $request['id'] ); 596 if ( is_wp_error( $user ) ) { 597 return $user; 598 } 599 600 $id = $user->ID; 571 601 572 602 if ( ! $user ) { … … 683 713 */ 684 714 public function delete_item_permissions_check( $request ) { 685 686 $id = (int) $request['id']; 687 688 if ( ! current_user_can( 'delete_user', $id ) ) { 715 $user = $this->get_user( $request['id'] ); 716 if ( is_wp_error( $user ) ) { 717 return $user; 718 } 719 720 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 689 721 return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); 690 722 } … … 707 739 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) ); 708 740 } 709 710 $id = (int) $request['id']; 741 $user = $this->get_user( $request['id'] ); 742 if ( is_wp_error( $user ) ) { 743 return $user; 744 } 745 746 $id = $user->ID; 711 747 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 712 748 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; … … 715 751 if ( ! $force ) { 716 752 return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) ); 717 }718 719 $user = get_userdata( $id );720 721 if ( ! $user ) {722 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );723 753 } 724 754 -
trunk/tests/phpunit/tests/rest-api/rest-attachments-controller.php
r39848 r39954 183 183 $keys = array_keys( $data['endpoints'][0]['args'] ); 184 184 sort( $keys ); 185 $this->assertEquals( array( 'context' ), $keys );185 $this->assertEquals( array( 'context', 'id' ), $keys ); 186 186 } 187 187 -
trunk/tests/phpunit/tests/rest-api/rest-comments-controller.php
r39922 r39954 838 838 839 839 $response = $this->server->dispatch( $request ); 840 $this->assertErrorResponse( 'rest_ cannot_read', $response, 401);840 $this->assertErrorResponse( 'rest_post_invalid_id', $response, 404 ); 841 841 } 842 842 -
trunk/tests/phpunit/tests/rest-api/rest-posts-controller.php
r39913 r39954 129 129 $keys = array_keys( $data['endpoints'][0]['args'] ); 130 130 sort( $keys ); 131 $this->assertEquals( array( 'context', ' password' ), $keys );131 $this->assertEquals( array( 'context', 'id', 'password' ), $keys ); 132 132 } 133 133 -
trunk/tests/phpunit/tests/rest-api/rest-users-controller.php
r39913 r39954 1888 1888 $response = $this->server->dispatch( $request ); 1889 1889 1890 // Not implemented in multisite.1891 if ( is_multisite() ) {1892 $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );1893 return;1894 }1895 1896 1890 $this->assertErrorResponse( 'rest_user_invalid_id', $response, 404 ); 1897 1891 }
Note: See TracChangeset
for help on using the changeset viewer.