Changeset 39957 for branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
- Timestamp:
- 01/26/2017 01:46:54 PM (8 years ago)
- Location:
- branches/4.7
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.7
-
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r39844 r39957 66 66 67 67 register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array( 68 'args' => array( 69 'id' => array( 70 'description' => __( 'Unique identifier for the user.' ), 71 'type' => 'integer', 72 ), 73 ), 68 74 array( 69 75 'methods' => WP_REST_Server::READABLE, … … 327 333 328 334 /** 335 * Get the user, if the ID is valid. 336 * 337 * @since 4.7.2 338 * 339 * @param int $id Supplied ID. 340 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 341 */ 342 protected function get_user( $id ) { 343 $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 344 if ( (int) $id <= 0 ) { 345 return $error; 346 } 347 348 $user = get_userdata( (int) $id ); 349 if ( empty( $user ) || ! $user->exists() ) { 350 return $error; 351 } 352 353 return $user; 354 } 355 356 /** 329 357 * Checks if a given request has access to read a user. 330 358 * … … 336 364 */ 337 365 public function get_item_permissions_check( $request ) { 338 339 $id = (int) $request['id']; 340 $user = get_userdata( $id ); 366 $user = $this->get_user( $request['id'] ); 367 if ( is_wp_error( $user ) ) { 368 return $user; 369 } 370 341 371 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 342 372 343 if ( empty( $id ) || empty( $user->ID ) ) { 344 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 345 } 346 347 if ( get_current_user_id() === $id ) { 373 if ( get_current_user_id() === $user->ID ) { 348 374 return true; 349 375 } … … 351 377 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 352 378 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 353 } elseif ( ! count_user_posts( $ id, $types ) && ! current_user_can( 'edit_user', $id) && ! current_user_can( 'list_users' ) ) {379 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 354 380 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 355 381 } … … 368 394 */ 369 395 public function get_item( $request ) { 370 $id = (int) $request['id']; 371 $user = get_userdata( $id ); 372 373 if ( empty( $id ) || empty( $user->ID ) ) { 374 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 396 $user = $this->get_user( $request['id'] ); 397 if ( is_wp_error( $user ) ) { 398 return $user; 375 399 } 376 400 … … 542 566 */ 543 567 public function update_item_permissions_check( $request ) { 544 545 $id = (int) $request['id']; 546 547 if ( ! current_user_can( 'edit_user', $id ) ) { 568 $user = $this->get_user( $request['id'] ); 569 if ( is_wp_error( $user ) ) { 570 return $user; 571 } 572 573 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 548 574 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 549 575 } … … 566 592 */ 567 593 public function update_item( $request ) { 568 $id = (int) $request['id']; 569 $user = get_userdata( $id ); 594 $user = $this->get_user( $request['id'] ); 595 if ( is_wp_error( $user ) ) { 596 return $user; 597 } 598 599 $id = $user->ID; 570 600 571 601 if ( ! $user ) { … … 682 712 */ 683 713 public function delete_item_permissions_check( $request ) { 684 685 $id = (int) $request['id']; 686 687 if ( ! current_user_can( 'delete_user', $id ) ) { 714 $user = $this->get_user( $request['id'] ); 715 if ( is_wp_error( $user ) ) { 716 return $user; 717 } 718 719 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 688 720 return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); 689 721 } … … 706 738 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) ); 707 739 } 708 709 $id = (int) $request['id']; 740 $user = $this->get_user( $request['id'] ); 741 if ( is_wp_error( $user ) ) { 742 return $user; 743 } 744 745 $id = $user->ID; 710 746 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 711 747 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; … … 714 750 if ( ! $force ) { 715 751 return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) ); 716 }717 718 $user = get_userdata( $id );719 720 if ( ! $user ) {721 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );722 752 } 723 753
Note: See TracChangeset
for help on using the changeset viewer.