Changeset 59892

Timestamp:

02/28/2025 06:19:21 PM (2 months ago)

Author:

joemcgill

Message:

REST API: Add support for search_columns to the user endpoint.

This adds support for passing a search_columns argument to the user controller so that users with list_users caps can specify which field is being searched.

Props youknowriad, joemcgill, ntsekouras, mreishus, mamaduka.
Fixes 62596.

Location:

trunk

Files:

• src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php (modified) (3 diffs)
• tests/phpunit/tests/rest-api/rest-users-controller.php (modified) (2 diffs)
• tests/qunit/fixtures/wp-api-generated.js (modified) (1 diff)

trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

@@ -258 +258 @@
      *
      * @since 4.7.0
+     * @since 6.8.0 Added support for the search_columns query param.
      *
      * @param WP_REST_Request $request Full details about the request.
@@ -332 +333 @@
                 $prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' );
             }
+            $search_columns         = $request->get_param( 'search_columns' );
+            $valid_columns          = isset( $prepared_args['search_columns'] )
+                ? $prepared_args['search_columns']
+                : array( 'ID', 'user_login', 'user_nicename', 'user_email', 'display_name' );
+            $search_columns_mapping = array(
+                'id'       => 'ID',
+                'username' => 'user_login',
+                'slug'     => 'user_nicename',
+                'email'    => 'user_email',
+                'name'     => 'display_name',
+            );
+            $search_columns         = array_map(
+                static function ( $column ) use ( $search_columns_mapping ) {
+                    return $search_columns_mapping[ $column ];
+                },
+                $search_columns
+            );
+            $search_columns         = array_intersect( $search_columns, $valid_columns );
+            if ( ! empty( $search_columns ) ) {
+                $prepared_args['search_columns'] = $search_columns;
+            }
             $prepared_args['search'] = '*' . $prepared_args['search'] . '*';
         }
@@ -1614 +1636 @@
         );
 
+        $query_params['search_columns'] = array(
+            'default'     => array(),
+            'description' => __( 'Array of column names to be searched.' ),
+            'type'        => 'array',
+            'items'       => array(
+                'enum' => array( 'email', 'name', 'id', 'username', 'slug' ),
+                'type' => 'string',
+            ),
+        );
+
         /**
          * Filters REST API collection parameters for the users controller.

trunk/tests/phpunit/tests/rest-api/rest-users-controller.php

@@ -213 +213 @@
                 'slug',
                 'who',
+                'search_columns',
                 'has_published_posts',
             ),
@@ -709 +710 @@
 
         wp_set_current_user( self::$editor );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertCount( 0, $response->get_data() );
+    }
+
+    /**
+     * @ticket 62596
+     */
+    public function test_get_items_search_columns() {
+        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request->set_param( 'search', 'yololololo' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertCount( 0, $response->get_data() );
+
+        self::factory()->user->create(
+            array(
+                'display_name' => 'Adam',
+                'user_email'   => 'yololololo@example.localhost',
+            )
+        );
+
+        wp_set_current_user( self::$user );
+        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request->set_param( 'search', 'yololololo' );
+        $request->set_param( 'search_columns', 'email' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertCount( 1, $response->get_data() );
+
+        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request->set_param( 'search', 'yololololo' );
+        $request->set_param( 'search_columns', 'name' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertCount( 0, $response->get_data() );
+
+        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request->set_param( 'search', 'Adam' );
+        $request->set_param( 'search_columns', 'name' );
+        $response = rest_get_server()->dispatch( $request );
+        $this->assertCount( 1, $response->get_data() );
+    }
+
+    /**
+     * @ticket 62596
+     */
+    public function test_get_items_search_columns_without_permission() {
+        self::factory()->user->create(
+            array(
+                'display_name' => 'Adam',
+                'user_email'   => 'yololololo@example.localhost',
+            )
+        );
+
+        // Test user without sufficient capabilities - 'list_users'.
+        wp_set_current_user( self::$editor );
+
+        $request = new WP_REST_Request( 'GET', '/wp/v2/users' );
+        $request->set_param( 'search', 'yololololo' );
+        $request->set_param( 'search_columns', 'email' );
         $response = rest_get_server()->dispatch( $request );
         $this->assertCount( 0, $response->get_data() );

trunk/tests/qunit/fixtures/wp-api-generated.js

@@ -9605 +9605 @@
                             },
                             "required": false
+                        },
+                        "search_columns": {
+                            "default": [],
+                            "description": "Array of column names to be searched.",
+                            "type": "array",
+                            "items": {
+                                "enum": [
+                                    "email",
+                                    "name",
+                                    "id",
+                                    "username",
+                                    "slug"
+                                ],
+                                "type": "string"
+                            },
+                            "required": false
                         }
                     }