Changeset 39954 for trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

Timestamp:

01/26/2017 01:38:27 PM (5 years ago)

Author:

joehoyle

Message:

REST API: Unify object access handling for simplicity.

Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.

See #38792.

File:

• trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (modified) (10 diffs)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

@@ -66 +66 @@
 
         register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
+            'args' => array(
+                'id' => array(
+                    'description' => __( 'Unique identifier for the user.' ),
+                    'type'        => 'integer',
+                ),
+            ),
             array(
                 'methods'             => WP_REST_Server::READABLE,
@@ -328 +334 @@
 
     /**
+     * Get the user, if the ID is valid.
+     *
+     * @since 4.7.2
+     *
+     * @param int $id Supplied ID.
+     * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
+     */
+    protected function get_user( $id ) {
+        $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
+        if ( (int) $id <= 0 ) {
+            return $error;
+        }
+
+        $user = get_userdata( (int) $id );
+        if ( empty( $user ) || ! $user->exists() ) {
+            return $error;
+        }
+
+        return $user;
+    }
+
+    /**
      * Checks if a given request has access to read a user.
      *
@@ -337 +365 @@
      */
     public function get_item_permissions_check( $request ) {
-
-        $id = (int) $request['id'];
-        $user = get_userdata( $id );
+        $user = $this->get_user( $request['id'] );
+        if ( is_wp_error( $user ) ) {
+            return $user;
+        }
+
         $types = get_post_types( array( 'show_in_rest' => true ), 'names' );
 
-        if ( empty( $id ) || empty( $user->ID ) ) {
-            return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
-        }
-
-        if ( get_current_user_id() === $id ) {
+        if ( get_current_user_id() === $user->ID ) {
             return true;
         }
@@ -352 +378 @@
         if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
             return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
-        } elseif ( ! count_user_posts( $id, $types ) && ! current_user_can( 'edit_user', $id ) && ! current_user_can( 'list_users' ) ) {
+        } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) {
             return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
         }
@@ -369 +395 @@
      */
     public function get_item( $request ) {
-        $id   = (int) $request['id'];
-        $user = get_userdata( $id );
-
-        if ( empty( $id ) || empty( $user->ID ) ) {
-            return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
+        $user = $this->get_user( $request['id'] );
+        if ( is_wp_error( $user ) ) {
+            return $user;
         }
 
@@ -543 +567 @@
      */
     public function update_item_permissions_check( $request ) {
-
-        $id = (int) $request['id'];
-
-        if ( ! current_user_can( 'edit_user', $id ) ) {
+        $user = $this->get_user( $request['id'] );
+        if ( is_wp_error( $user ) ) {
+            return $user;
+        }
+
+        if ( ! current_user_can( 'edit_user', $user->ID ) ) {
             return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
         }
@@ -567 +593 @@
      */
     public function update_item( $request ) {
-        $id   = (int) $request['id'];
-        $user = get_userdata( $id );
+        $user = $this->get_user( $request['id'] );
+        if ( is_wp_error( $user ) ) {
+            return $user;
+        }
+
+        $id = $user->ID;
 
         if ( ! $user ) {
@@ -683 +713 @@
      */
     public function delete_item_permissions_check( $request ) {
-
-        $id = (int) $request['id'];
-
-        if ( ! current_user_can( 'delete_user', $id ) ) {
+        $user = $this->get_user( $request['id'] );
+        if ( is_wp_error( $user ) ) {
+            return $user;
+        }
+
+        if ( ! current_user_can( 'delete_user', $user->ID ) ) {
             return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) );
         }
@@ -707 +739 @@
             return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
         }
-
-        $id       = (int) $request['id'];
+        $user = $this->get_user( $request['id'] );
+        if ( is_wp_error( $user ) ) {
+            return $user;
+        }
+
+        $id       = $user->ID;
         $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
         $force    = isset( $request['force'] ) ? (bool) $request['force'] : false;
@@ -715 +751 @@
         if ( ! $force ) {
             return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
-        }
-
-        $user = get_userdata( $id );
-
-        if ( ! $user ) {
-            return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
         }