Changeset 39957
- Timestamp:
- 01/26/2017 01:46:54 PM (8 years ago)
- Location:
- branches/4.7
- Files:
-
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.7
-
branches/4.7/src/wp-includes/rest-api.php
r39401 r39957 47 47 } 48 48 49 if ( isset( $args['args'] ) ) { 50 $common_args = $args['args']; 51 unset( $args['args'] ); 52 } else { 53 $common_args = array(); 54 } 55 49 56 if ( isset( $args['callback'] ) ) { 50 57 // Upgrade a single set to multiple. … … 58 65 ); 59 66 foreach ( $args as $key => &$arg_group ) { 60 if ( ! is_numeric( $ arg_group) ) {67 if ( ! is_numeric( $key ) ) { 61 68 // Route option, skip here. 62 69 continue; … … 64 71 65 72 $arg_group = array_merge( $defaults, $arg_group ); 73 $arg_group['args'] = array_merge( $common_args, $arg_group['args'] ); 66 74 } 67 75 -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
r39631 r39957 64 64 65 65 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 66 'args' => array( 67 'id' => array( 68 'description' => __( 'Unique identifier for the object.' ), 69 'type' => 'integer', 70 ), 71 ), 66 72 array( 67 73 'methods' => WP_REST_Server::READABLE, … … 301 307 302 308 /** 309 * Get the comment, if the ID is valid. 310 * 311 * @since 4.7.2 312 * 313 * @param int $id Supplied ID. 314 * @return WP_Comment|WP_Error Comment object if ID is valid, WP_Error otherwise. 315 */ 316 protected function get_comment( $id ) { 317 $error = new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 318 if ( (int) $id <= 0 ) { 319 return $error; 320 } 321 322 $id = (int) $id; 323 $comment = get_comment( $id ); 324 if ( empty( $comment ) ) { 325 return $error; 326 } 327 328 if ( ! empty( $comment->comment_post_ID ) ) { 329 $post = get_post( (int) $comment->comment_post_ID ); 330 if ( empty( $post ) ) { 331 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 332 } 333 } 334 335 return $comment; 336 } 337 338 /** 303 339 * Checks if a given request has access to read the comment. 304 340 * … … 310 346 */ 311 347 public function get_item_permissions_check( $request ) { 312 $id = (int) $request['id']; 313 314 $comment = get_comment( $id ); 315 316 if ( ! $comment ) { 317 return true; 348 $comment = $this->get_comment( $request['id'] ); 349 if ( is_wp_error( $comment ) ) { 350 return $comment; 318 351 } 319 352 … … 345 378 */ 346 379 public function get_item( $request ) { 347 $id = (int) $request['id']; 348 349 $comment = get_comment( $id ); 350 if ( empty( $comment ) ) { 351 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 352 } 353 354 if ( ! empty( $comment->comment_post_ID ) ) { 355 $post = get_post( $comment->comment_post_ID ); 356 if ( empty( $post ) ) { 357 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 358 } 380 $comment = $this->get_comment( $request['id'] ); 381 if ( is_wp_error( $comment ) ) { 382 return $comment; 359 383 } 360 384 … … 625 649 */ 626 650 public function update_item_permissions_check( $request ) { 627 628 $id = (int) $request['id'];629 630 $comment = get_comment( $id );631 632 if ( $comment &&! $this->check_edit_permission( $comment ) ) {651 $comment = $this->get_comment( $request['id'] ); 652 if ( is_wp_error( $comment ) ) { 653 return $comment; 654 } 655 656 if ( ! $this->check_edit_permission( $comment ) ) { 633 657 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this comment.' ), array( 'status' => rest_authorization_required_code() ) ); 634 658 } … … 647 671 */ 648 672 public function update_item( $request ) { 649 $id = (int) $request['id']; 650 651 $comment = get_comment( $id ); 652 653 if ( empty( $comment ) ) { 654 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 655 } 673 $comment = $this->get_comment( $request['id'] ); 674 if ( is_wp_error( $comment ) ) { 675 return $comment; 676 } 677 678 $id = $comment->comment_ID; 656 679 657 680 if ( isset( $request['type'] ) && get_comment_type( $id ) !== $request['type'] ) { … … 745 768 */ 746 769 public function delete_item_permissions_check( $request ) { 747 $id = (int) $request['id']; 748 $comment = get_comment( $id ); 749 750 if ( ! $comment ) { 751 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) ); 770 $comment = $this->get_comment( $request['id'] ); 771 if ( is_wp_error( $comment ) ) { 772 return $comment; 752 773 } 753 774 … … 768 789 */ 769 790 public function delete_item( $request ) { 770 $id = (int) $request['id']; 791 $comment = $this->get_comment( $request['id'] ); 792 if ( is_wp_error( $comment ) ) { 793 return $comment; 794 } 795 771 796 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 772 773 $comment = get_comment( $id );774 775 if ( empty( $comment ) ) {776 return new WP_Error( 'rest_comment_invalid_id', __( 'Invalid comment ID.' ), array( 'status' => 404 ) );777 }778 797 779 798 /** -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php
r39342 r39957 49 49 50 50 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<status>[\w-]+)', array( 51 'args' => array( 52 'status' => array( 53 'description' => __( 'An alphanumeric identifier for the status.' ), 54 'type' => 'string', 55 ), 56 ), 51 57 array( 52 58 'methods' => WP_REST_Server::READABLE, -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php
r39342 r39957 49 49 50 50 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<type>[\w-]+)', array( 51 'args' => array( 52 'type' => array( 53 'description' => __( 'An alphanumeric identifier for the post type.' ), 54 'type' => 'string', 55 ), 56 ), 51 57 array( 52 58 'methods' => WP_REST_Server::READABLE, -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r39631 r39957 89 89 } 90 90 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 91 'args' => array( 92 'id' => array( 93 'description' => __( 'Unique identifier for the object.' ), 94 'type' => 'integer', 95 ), 96 ), 91 97 array( 92 98 'methods' => WP_REST_Server::READABLE, … … 351 357 352 358 /** 359 * Get the post, if the ID is valid. 360 * 361 * @since 4.7.2 362 * 363 * @param int $id Supplied ID. 364 * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. 365 */ 366 protected function get_post( $id ) { 367 $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 368 if ( (int) $id <= 0 ) { 369 return $error; 370 } 371 372 $post = get_post( (int) $id ); 373 if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { 374 return $error; 375 } 376 377 return $post; 378 } 379 380 /** 353 381 * Checks if a given request has access to read a post. 354 382 * … … 360 388 */ 361 389 public function get_item_permissions_check( $request ) { 362 363 $post = get_post( (int) $request['id'] ); 390 $post = $this->get_post( $request['id'] ); 391 if ( is_wp_error( $post ) ) { 392 return $post; 393 } 364 394 365 395 if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) { … … 429 459 */ 430 460 public function get_item( $request ) { 431 $id = (int) $request['id']; 432 $post = get_post( $id ); 433 434 if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { 435 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 461 $post = $this->get_post( $request['id'] ); 462 if ( is_wp_error( $post ) ) { 463 return $post; 436 464 } 437 465 … … 440 468 441 469 if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) { 442 $response->link_header( 'alternate', get_permalink( $ id), array( 'type' => 'text/html' ) );470 $response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) ); 443 471 } 444 472 … … 456 484 */ 457 485 public function create_item_permissions_check( $request ) { 486 if ( ! empty( $request['id'] ) ) { 487 return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) ); 488 } 458 489 459 490 $post_type = get_post_type_object( $this->post_type ); … … 592 623 */ 593 624 public function update_item_permissions_check( $request ) { 594 595 $post = get_post( $request['id'] ); 625 $post = $this->get_post( $request['id'] ); 626 if ( is_wp_error( $post ) ) { 627 return $post; 628 } 629 596 630 $post_type = get_post_type_object( $this->post_type ); 597 631 … … 625 659 */ 626 660 public function update_item( $request ) { 627 $id = (int) $request['id']; 628 $post = get_post( $id ); 629 630 if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) { 631 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) ); 661 $valid_check = $this->get_post( $request['id'] ); 662 if ( is_wp_error( $valid_check ) ) { 663 return $valid_check; 632 664 } 633 665 … … 715 747 */ 716 748 public function delete_item_permissions_check( $request ) { 717 718 $post = get_post( $request['id'] ); 749 $post = $this->get_post( $request['id'] ); 750 if ( is_wp_error( $post ) ) { 751 return $post; 752 } 719 753 720 754 if ( $post && ! $this->check_delete_permission( $post ) ) { … … 735 769 */ 736 770 public function delete_item( $request ) { 737 $id = (int) $request['id']; 771 $post = $this->get_post( $request['id'] ); 772 if ( is_wp_error( $post ) ) { 773 return $post; 774 } 775 776 $id = $post->ID; 738 777 $force = (bool) $request['force']; 739 740 $post = get_post( $id );741 742 if ( empty( $id ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {743 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 404 ) );744 }745 778 746 779 $supports_trash = ( EMPTY_TRASH_DAYS > 0 ); … … 902 935 // Post ID. 903 936 if ( isset( $request['id'] ) ) { 904 $prepared_post->ID = absint( $request['id'] ); 937 $existing_post = $this->get_post( $request['id'] ); 938 if ( is_wp_error( $existing_post ) ) { 939 return $existing_post; 940 } 941 942 $prepared_post->ID = $existing_post->ID; 905 943 } 906 944 -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
r39489 r39957 72 72 73 73 register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base, array( 74 'args' => array( 75 'parent' => array( 76 'description' => __( 'The ID for the parent of the object.' ), 77 'type' => 'integer', 78 ), 79 ), 74 80 array( 75 81 'methods' => WP_REST_Server::READABLE, … … 82 88 83 89 register_rest_route( $this->namespace, '/' . $this->parent_base . '/(?P<parent>[\d]+)/' . $this->rest_base . '/(?P<id>[\d]+)', array( 90 'args' => array( 91 'parent' => array( 92 'description' => __( 'The ID for the parent of the object.' ), 93 'type' => 'integer', 94 ), 95 'id' => array( 96 'description' => __( 'Unique identifier for the object.' ), 97 'type' => 'integer', 98 ), 99 ), 84 100 array( 85 101 'methods' => WP_REST_Server::READABLE, … … 108 124 109 125 /** 126 * Get the parent post, if the ID is valid. 127 * 128 * @since 4.7.2 129 * 130 * @param int $id Supplied ID. 131 * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. 132 */ 133 protected function get_parent( $parent ) { 134 $error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) ); 135 if ( (int) $parent <= 0 ) { 136 return $error; 137 } 138 139 $parent = get_post( (int) $parent ); 140 if ( empty( $parent ) || empty( $parent->ID ) || $this->parent_post_type !== $parent->post_type ) { 141 return $error; 142 } 143 144 return $parent; 145 } 146 147 /** 110 148 * Checks if a given request has access to get revisions. 111 149 * … … 117 155 */ 118 156 public function get_items_permissions_check( $request ) { 119 120 $parent = get_post( $request['parent'] );121 if ( ! $parent ) {122 return true;123 } 157 $parent = $this->get_parent( $request['parent'] ); 158 if ( is_wp_error( $parent ) ) { 159 return $parent; 160 } 161 124 162 $parent_post_type_obj = get_post_type_object( $parent->post_type ); 125 163 if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { … … 131 169 132 170 /** 171 * Get the revision, if the ID is valid. 172 * 173 * @since 4.7.2 174 * 175 * @param int $id Supplied ID. 176 * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise. 177 */ 178 protected function get_revision( $id ) { 179 $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) ); 180 if ( (int) $id <= 0 ) { 181 return $error; 182 } 183 184 $revision = get_post( (int) $id ); 185 if ( empty( $revision ) || empty( $revision->ID ) || 'revision' !== $revision->post_type ) { 186 return $error; 187 } 188 189 return $revision; 190 } 191 192 /** 133 193 * Gets a collection of revisions. 134 194 * … … 140 200 */ 141 201 public function get_items( $request ) { 142 $parent = get_post( $request['parent'] );143 if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type) {144 return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );202 $parent = $this->get_parent( $request['parent'] ); 203 if ( is_wp_error( $parent ) ) { 204 return $parent; 145 205 } 146 206 … … 178 238 */ 179 239 public function get_item( $request ) { 180 $parent = get_post( $request['parent'] );181 if ( ! $request['parent'] || ! $parent || $this->parent_post_type !== $parent->post_type) {182 return new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) );183 } 184 185 $revision = get_post( $request['id'] );186 if ( ! $revision || 'revision' !== $revision->post_type) {187 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );240 $parent = $this->get_parent( $request['parent'] ); 241 if ( is_wp_error( $parent ) ) { 242 return $parent; 243 } 244 245 $revision = $this->get_revision( $request['id'] ); 246 if ( is_wp_error( $revision ) ) { 247 return $revision; 188 248 } 189 249 … … 202 262 */ 203 263 public function delete_item_permissions_check( $request ) { 264 $parent = $this->get_parent( $request['parent'] ); 265 if ( is_wp_error( $parent ) ) { 266 return $parent; 267 } 268 269 $revision = $this->get_revision( $request['id'] ); 270 if ( is_wp_error( $revision ) ) { 271 return $revision; 272 } 204 273 205 274 $response = $this->get_items_permissions_check( $request ); … … 208 277 } 209 278 210 $post = get_post( $request['id'] );211 if ( ! $post ) {212 return new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) );213 }214 279 $post_type = get_post_type_object( 'revision' ); 215 return current_user_can( $post_type->cap->delete_post, $ post->ID );280 return current_user_can( $post_type->cap->delete_post, $revision->ID ); 216 281 } 217 282 … … 226 291 */ 227 292 public function delete_item( $request ) { 293 $revision = $this->get_revision( $request['id'] ); 294 if ( is_wp_error( $revision ) ) { 295 return $revision; 296 } 297 228 298 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 229 299 … … 233 303 } 234 304 235 $revision = get_post( $request['id'] );236 305 $previous = $this->prepare_item_for_response( $revision, $request ); 237 306 -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php
r39342 r39957 49 49 50 50 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<taxonomy>[\w-]+)', array( 51 'args' => array( 52 'taxonomy' => array( 53 'description' => __( 'An alphanumeric identifier for the taxonomy.' ), 54 'type' => 'string', 55 ), 56 ), 51 57 array( 52 58 'methods' => WP_REST_Server::READABLE, -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r39631 r39957 97 97 98 98 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 99 'args' => array( 100 'id' => array( 101 'description' => __( 'Unique identifier for the term.' ), 102 'type' => 'integer', 103 ), 104 ), 99 105 array( 100 106 'methods' => WP_REST_Server::READABLE, … … 109 115 'callback' => array( $this, 'update_item' ), 110 116 'permission_callback' => array( $this, 'update_item_permissions_check' ), 111 'args' 117 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 112 118 ), 113 119 array( … … 289 295 290 296 /** 297 * Get the term, if the ID is valid. 298 * 299 * @since 4.7.2 300 * 301 * @param int $id Supplied ID. 302 * @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise. 303 */ 304 protected function get_term( $id ) { 305 $error = new WP_Error( 'rest_term_invalid', __( 'Term does not exist.' ), array( 'status' => 404 ) ); 306 307 if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 308 return $error; 309 } 310 311 if ( (int) $id <= 0 ) { 312 return $error; 313 } 314 315 $term = get_term( (int) $id, $this->taxonomy ); 316 if ( empty( $term ) || $term->taxonomy !== $this->taxonomy ) { 317 return $error; 318 } 319 320 return $term; 321 } 322 323 /** 291 324 * Checks if a request has access to read or edit the specified term. 292 325 * … … 298 331 */ 299 332 public function get_item_permissions_check( $request ) { 300 $tax_obj = get_taxonomy( $this->taxonomy ); 301 if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 302 return false; 303 } 304 if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', (int) $request['id'] ) ) { 333 $term = $this->get_term( $request['id'] ); 334 if ( is_wp_error( $term ) ) { 335 return $term; 336 } 337 338 if ( 'edit' === $request['context'] && ! current_user_can( 'edit_term', $term->term_id ) ) { 305 339 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this term.' ), array( 'status' => rest_authorization_required_code() ) ); 306 340 } … … 318 352 */ 319 353 public function get_item( $request ) { 320 321 $term = get_term( (int) $request['id'], $this->taxonomy ); 322 323 if ( ! $term || $term->taxonomy !== $this->taxonomy ) { 324 return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) ); 325 } 354 $term = $this->get_term( $request['id'] ); 326 355 327 356 if ( is_wp_error( $term ) ) { … … 446 475 */ 447 476 public function update_item_permissions_check( $request ) { 448 449 if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 450 return false; 451 } 452 453 $term = get_term( (int) $request['id'], $this->taxonomy ); 454 455 if ( ! $term ) { 456 return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) ); 477 $term = $this->get_term( $request['id'] ); 478 if ( is_wp_error( $term ) ) { 479 return $term; 457 480 } 458 481 … … 474 497 */ 475 498 public function update_item( $request ) { 499 $term = $this->get_term( $request['id'] ); 500 if ( is_wp_error( $term ) ) { 501 return $term; 502 } 503 476 504 if ( isset( $request['parent'] ) ) { 477 505 if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) { … … 488 516 $prepared_term = $this->prepare_item_for_database( $request ); 489 517 490 $term = get_term( (int) $request['id'], $this->taxonomy );491 492 518 // Only update the term if we haz something to update. 493 519 if ( ! empty( $prepared_term ) ) { … … 499 525 } 500 526 501 $term = get_term( (int) $request['id'], $this->taxonomy );527 $term = get_term( $term->term_id, $this->taxonomy ); 502 528 503 529 /* This action is documented in lib/endpoints/class-wp-rest-terms-controller.php */ … … 506 532 $schema = $this->get_item_schema(); 507 533 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 508 $meta_update = $this->meta->update_value( $request['meta'], (int) $request['id']);534 $meta_update = $this->meta->update_value( $request['meta'], $term->term_id ); 509 535 510 536 if ( is_wp_error( $meta_update ) ) { … … 536 562 */ 537 563 public function delete_item_permissions_check( $request ) { 538 if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 539 return false; 540 } 541 542 $term = get_term( (int) $request['id'], $this->taxonomy ); 543 544 if ( ! $term ) { 545 return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) ); 564 $term = $this->get_term( $request['id'] ); 565 if ( is_wp_error( $term ) ) { 566 return $term; 546 567 } 547 568 … … 563 584 */ 564 585 public function delete_item( $request ) { 586 $term = $this->get_term( $request['id'] ); 587 if ( is_wp_error( $term ) ) { 588 return $term; 589 } 565 590 566 591 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; … … 570 595 return new WP_Error( 'rest_trash_not_supported', __( 'Terms do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) ); 571 596 } 572 573 $term = get_term( (int) $request['id'], $this->taxonomy );574 597 575 598 $request->set_param( 'context', 'view' ); -
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r39844 r39957 66 66 67 67 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 68 'args' => array( 69 'id' => array( 70 'description' => __( 'Unique identifier for the user.' ), 71 'type' => 'integer', 72 ), 73 ), 68 74 array( 69 75 'methods' => WP_REST_Server::READABLE, … … 327 333 328 334 /** 335 * Get the user, if the ID is valid. 336 * 337 * @since 4.7.2 338 * 339 * @param int $id Supplied ID. 340 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 341 */ 342 protected function get_user( $id ) { 343 $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 344 if ( (int) $id <= 0 ) { 345 return $error; 346 } 347 348 $user = get_userdata( (int) $id ); 349 if ( empty( $user ) || ! $user->exists() ) { 350 return $error; 351 } 352 353 return $user; 354 } 355 356 /** 329 357 * Checks if a given request has access to read a user. 330 358 * … … 336 364 */ 337 365 public function get_item_permissions_check( $request ) { 338 339 $id = (int) $request['id']; 340 $user = get_userdata( $id ); 366 $user = $this->get_user( $request['id'] ); 367 if ( is_wp_error( $user ) ) { 368 return $user; 369 } 370 341 371 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 342 372 343 if ( empty( $id ) || empty( $user->ID ) ) { 344 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 345 } 346 347 if ( get_current_user_id() === $id ) { 373 if ( get_current_user_id() === $user->ID ) { 348 374 return true; 349 375 } … … 351 377 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 352 378 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 353 } elseif ( ! count_user_posts( $ id, $types ) && ! current_user_can( 'edit_user', $id) && ! current_user_can( 'list_users' ) ) {379 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 354 380 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 355 381 } … … 368 394 */ 369 395 public function get_item( $request ) { 370 $id = (int) $request['id']; 371 $user = get_userdata( $id ); 372 373 if ( empty( $id ) || empty( $user->ID ) ) { 374 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 396 $user = $this->get_user( $request['id'] ); 397 if ( is_wp_error( $user ) ) { 398 return $user; 375 399 } 376 400 … … 542 566 */ 543 567 public function update_item_permissions_check( $request ) { 544 545 $id = (int) $request['id']; 546 547 if ( ! current_user_can( 'edit_user', $id ) ) { 568 $user = $this->get_user( $request['id'] ); 569 if ( is_wp_error( $user ) ) { 570 return $user; 571 } 572 573 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 548 574 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 549 575 } … … 566 592 */ 567 593 public function update_item( $request ) { 568 $id = (int) $request['id']; 569 $user = get_userdata( $id ); 594 $user = $this->get_user( $request['id'] ); 595 if ( is_wp_error( $user ) ) { 596 return $user; 597 } 598 599 $id = $user->ID; 570 600 571 601 if ( ! $user ) { … … 682 712 */ 683 713 public function delete_item_permissions_check( $request ) { 684 685 $id = (int) $request['id']; 686 687 if ( ! current_user_can( 'delete_user', $id ) ) { 714 $user = $this->get_user( $request['id'] ); 715 if ( is_wp_error( $user ) ) { 716 return $user; 717 } 718 719 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 688 720 return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); 689 721 } … … 706 738 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) ); 707 739 } 708 709 $id = (int) $request['id']; 740 $user = $this->get_user( $request['id'] ); 741 if ( is_wp_error( $user ) ) { 742 return $user; 743 } 744 745 $id = $user->ID; 710 746 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 711 747 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; … … 714 750 if ( ! $force ) { 715 751 return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) ); 716 }717 718 $user = get_userdata( $id );719 720 if ( ! $user ) {721 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );722 752 } 723 753 -
branches/4.7/tests/phpunit/tests/rest-api/rest-attachments-controller.php
r39849 r39957 183 183 $keys = array_keys( $data['endpoints'][0]['args'] ); 184 184 sort( $keys ); 185 $this->assertEquals( array( 'context' ), $keys );185 $this->assertEquals( array( 'context', 'id' ), $keys ); 186 186 } 187 187 -
branches/4.7/tests/phpunit/tests/rest-api/rest-comments-controller.php
r39628 r39957 836 836 837 837 $response = $this->server->dispatch( $request ); 838 $this->assertErrorResponse( 'rest_ cannot_read', $response, 401);838 $this->assertErrorResponse( 'rest_post_invalid_id', $response, 404 ); 839 839 } 840 840 -
branches/4.7/tests/phpunit/tests/rest-api/rest-posts-controller.php
r39630 r39957 128 128 $keys = array_keys( $data['endpoints'][0]['args'] ); 129 129 sort( $keys ); 130 $this->assertEquals( array( 'context', ' password' ), $keys );130 $this->assertEquals( array( 'context', 'id', 'password' ), $keys ); 131 131 } 132 132 -
branches/4.7/tests/phpunit/tests/rest-api/rest-users-controller.php
r39844 r39957 1850 1850 $response = $this->server->dispatch( $request ); 1851 1851 1852 // Not implemented in multisite.1853 if ( is_multisite() ) {1854 $this->assertErrorResponse( 'rest_cannot_delete', $response, 501 );1855 return;1856 }1857 1858 1852 $this->assertErrorResponse( 'rest_user_invalid_id', $response, 404 ); 1859 1853 }
Note: See TracChangeset
for help on using the changeset viewer.