- Timestamp:
- 01/26/2017 01:38:27 PM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r39843 r39954 66 66 67 67 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 68 'args' => array( 69 'id' => array( 70 'description' => __( 'Unique identifier for the user.' ), 71 'type' => 'integer', 72 ), 73 ), 68 74 array( 69 75 'methods' => WP_REST_Server::READABLE, … … 328 334 329 335 /** 336 * Get the user, if the ID is valid. 337 * 338 * @since 4.7.2 339 * 340 * @param int $id Supplied ID. 341 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 342 */ 343 protected function get_user( $id ) { 344 $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 345 if ( (int) $id <= 0 ) { 346 return $error; 347 } 348 349 $user = get_userdata( (int) $id ); 350 if ( empty( $user ) || ! $user->exists() ) { 351 return $error; 352 } 353 354 return $user; 355 } 356 357 /** 330 358 * Checks if a given request has access to read a user. 331 359 * … … 337 365 */ 338 366 public function get_item_permissions_check( $request ) { 339 340 $id = (int) $request['id']; 341 $user = get_userdata( $id ); 367 $user = $this->get_user( $request['id'] ); 368 if ( is_wp_error( $user ) ) { 369 return $user; 370 } 371 342 372 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 343 373 344 if ( empty( $id ) || empty( $user->ID ) ) { 345 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 346 } 347 348 if ( get_current_user_id() === $id ) { 374 if ( get_current_user_id() === $user->ID ) { 349 375 return true; 350 376 } … … 352 378 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 353 379 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 354 } elseif ( ! count_user_posts( $ id, $types ) && ! current_user_can( 'edit_user', $id) && ! current_user_can( 'list_users' ) ) {380 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 355 381 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 356 382 } … … 369 395 */ 370 396 public function get_item( $request ) { 371 $id = (int) $request['id']; 372 $user = get_userdata( $id ); 373 374 if ( empty( $id ) || empty( $user->ID ) ) { 375 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 397 $user = $this->get_user( $request['id'] ); 398 if ( is_wp_error( $user ) ) { 399 return $user; 376 400 } 377 401 … … 543 567 */ 544 568 public function update_item_permissions_check( $request ) { 545 546 $id = (int) $request['id']; 547 548 if ( ! current_user_can( 'edit_user', $id ) ) { 569 $user = $this->get_user( $request['id'] ); 570 if ( is_wp_error( $user ) ) { 571 return $user; 572 } 573 574 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 549 575 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 550 576 } … … 567 593 */ 568 594 public function update_item( $request ) { 569 $id = (int) $request['id']; 570 $user = get_userdata( $id ); 595 $user = $this->get_user( $request['id'] ); 596 if ( is_wp_error( $user ) ) { 597 return $user; 598 } 599 600 $id = $user->ID; 571 601 572 602 if ( ! $user ) { … … 683 713 */ 684 714 public function delete_item_permissions_check( $request ) { 685 686 $id = (int) $request['id']; 687 688 if ( ! current_user_can( 'delete_user', $id ) ) { 715 $user = $this->get_user( $request['id'] ); 716 if ( is_wp_error( $user ) ) { 717 return $user; 718 } 719 720 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 689 721 return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); 690 722 } … … 707 739 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) ); 708 740 } 709 710 $id = (int) $request['id']; 741 $user = $this->get_user( $request['id'] ); 742 if ( is_wp_error( $user ) ) { 743 return $user; 744 } 745 746 $id = $user->ID; 711 747 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 712 748 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; … … 715 751 if ( ! $force ) { 716 752 return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) ); 717 }718 719 $user = get_userdata( $id );720 721 if ( ! $user ) {722 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );723 753 } 724 754
Note: See TracChangeset
for help on using the changeset viewer.