Make WordPress Core


Ignore:
Timestamp:
07/19/2018 06:48:52 PM (6 years ago)
Author:
kadamwhite
Message:

REST API: Support meta registration for specific object subtypes.

Introduce an object_subtype argument to the args array for register_meta() which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).

Introduce register_post_meta() and register_term_meta() wrapper methods for register_meta to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected register_meta to function, and should be used in place of direct register_meta where possible.

Props flixos90, tharsheblows, spacedmonkey.

Merges [43378] to the 4.9 branch.
Fixes #38323.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9/src/wp-includes/capabilities.php

    r43287 r43510  
    277277        list( $_, $object_type, $_ ) = explode( '_', $cap );
    278278        $object_id = (int) $args[0];
    279 
    280         switch ( $object_type ) {
    281             case 'post':
    282                 $post = get_post( $object_id );
    283                 if ( ! $post ) {
    284                     break;
    285                 }
    286 
    287                 $sub_type = get_post_type( $post );
    288                 break;
    289 
    290             case 'comment':
    291                 $comment = get_comment( $object_id );
    292                 if ( ! $comment ) {
    293                     break;
    294                 }
    295 
    296                 $sub_type = empty( $comment->comment_type ) ? 'comment' : $comment->comment_type;
    297                 break;
    298 
    299             case 'term':
    300                 $term = get_term( $object_id );
    301                 if ( ! $term instanceof WP_Term ) {
    302                     break;
    303                 }
    304 
    305                 $sub_type = $term->taxonomy;
    306                 break;
    307 
    308             case 'user':
    309                 $user = get_user_by( 'id', $object_id );
    310                 if ( ! $user ) {
    311                     break;
    312                 }
    313 
    314                 $sub_type = 'user';
    315                 break;
    316         }
    317 
    318         if ( empty( $sub_type ) ) {
     279        $object_subtype = get_object_subtype( $object_type, $object_id );
     280
     281        if ( empty( $object_subtype ) ) {
    319282            $caps[] = 'do_not_allow';
    320283            break;
     
    325288        $meta_key = isset( $args[1] ) ? $args[1] : false;
    326289
    327         $has_filter = has_filter( "auth_{$object_type}_meta_{$meta_key}" ) || has_filter( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}" );
    328         if ( $meta_key && $has_filter ) {
    329 
    330             /**
    331              * Filters whether the user is allowed to edit meta.
    332              *
    333              * Use the {@see auth_post_$object_type_meta_$meta_key} filter to modify capabilities for
    334              * specific object types. Return true to have the mapped meta caps from edit_{$object_type} apply.
    335              *
    336              * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
    337              * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
    338              *
    339              * @since 3.3.0 As 'auth_post_meta_{$meta_key}'.
    340              * @since 4.6.0
    341              *
    342              * @param bool   $allowed  Whether the user can add the post meta. Default false.
    343              * @param string $meta_key The meta key.
    344              * @param int    $post_id  Post ID.
    345              * @param int    $user_id  User ID.
    346              * @param string $cap      Capability name.
    347              * @param array  $caps     User capabilities.
    348              */
    349             $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", false, $meta_key, $object_id, $user_id, $cap, $caps );
    350 
    351             /**
    352              * Filters whether the user is allowed to add post meta to a post of a given type.
    353              *
    354              * Use the {@see auth_$object_type_$sub_type_meta_$meta_key} filter to modify capabilities for
    355              * specific object types/subtypes. Return true to have the mapped meta caps from edit_{$object_type} apply.
    356              *
    357              * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
    358              * The dynamic portion of the hook name, `$sub_type` refers to the object subtype being filtered.
    359              * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
    360              *
    361              * @since 4.6.0 As 'auth_post_{$post_type}_meta_{$meta_key}'.
    362              * @since 4.7.0
    363              *
    364              * @param bool   $allowed  Whether the user can add the post meta. Default false.
    365              * @param string $meta_key The meta key.
    366              * @param int    $post_id  Post ID.
    367              * @param int    $user_id  User ID.
    368              * @param string $cap      Capability name.
    369              * @param array  $caps     User capabilities.
    370              */
    371             $allowed = apply_filters( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
     290        if ( $meta_key ) {
     291            $allowed = ! is_protected_meta( $meta_key, $object_type );
     292
     293            if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
     294
     295                /**
     296                 * Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype.
     297                 *
     298                 * The dynamic portions of the hook name, `$object_type`, `$meta_key`,
     299                 * and `$object_subtype`, refer to the metadata object type (comment, post, term or user),
     300                 * the meta key value, and the object subtype respectively.
     301                 *
     302                 * @since 4.9.8
     303                 *
     304                 * @param bool     $allowed   Whether the user can add the object meta. Default false.
     305                 * @param string   $meta_key  The meta key.
     306                 * @param int      $object_id Object ID.
     307                 * @param int      $user_id   User ID.
     308                 * @param string   $cap       Capability name.
     309                 * @param string[] $caps      Array of the user's capabilities.
     310                 */
     311                $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
     312            } else {
     313
     314                /**
     315                 * Filters whether the user is allowed to edit a specific meta key of a specific object type.
     316                 *
     317                 * Return true to have the mapped meta caps from `edit_{$object_type}` apply.
     318                 *
     319                 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
     320                 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
     321                 *
     322                 * @since 3.3.0 As `auth_post_meta_{$meta_key}`.
     323                 * @since 4.6.0
     324                 *
     325                 * @param bool     $allowed   Whether the user can add the object meta. Default false.
     326                 * @param string   $meta_key  The meta key.
     327                 * @param int      $object_id Object ID.
     328                 * @param int      $user_id   User ID.
     329                 * @param string   $cap       Capability name.
     330                 * @param string[] $caps      Array of the user's capabilities.
     331                 */
     332                $allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
     333            }
     334
     335            if ( ! empty( $object_subtype ) ) {
     336
     337                /**
     338                 * Filters whether the user is allowed to edit meta for specific object types/subtypes.
     339                 *
     340                 * Return true to have the mapped meta caps from `edit_{$object_type}` apply.
     341                 *
     342                 * The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
     343                 * The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered.
     344                 * The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
     345                 *
     346                 * @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`.
     347                 * @since 4.7.0
     348                 * @deprecated 4.9.8 Use `auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}`
     349                 *
     350                 * @param bool     $allowed   Whether the user can add the object meta. Default false.
     351                 * @param string   $meta_key  The meta key.
     352                 * @param int      $object_id Object ID.
     353                 * @param int      $user_id   User ID.
     354                 * @param string   $cap       Capability name.
     355                 * @param string[] $caps      Array of the user's capabilities.
     356                 */
     357                $allowed = apply_filters_deprecated( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ), '4.9.8', "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" );
     358            }
    372359
    373360            if ( ! $allowed ) {
    374361                $caps[] = $cap;
    375362            }
    376         } elseif ( $meta_key && is_protected_meta( $meta_key, $object_type ) ) {
    377             $caps[] = $cap;
    378363        }
    379364        break;
Note: See TracChangeset for help on using the changeset viewer.