Opened 13 years ago
Closed 13 years ago
#18438 closed task (blessed) (fixed)
Create a new term in XMLRPC
Reported by: | nprasath002 | Owned by: | westi |
---|---|---|---|
Milestone: | 3.4 | Priority: | normal |
Severity: | normal | Version: | |
Component: | XML-RPC | Keywords: | has-patch |
Focuses: | Cc: |
Description
Attachments (10)
Change History (37)
#2
@
13 years ago
- Milestone changed from Awaiting Review to 3.4
- Owner set to westi
- Status changed from new to accepted
- Type changed from feature request to task (blessed)
#3
@
13 years ago
As discussed on IRC, I've put together a patch that combines the methods from the seven taxonomy-related XML-RPC method tickets.
#5
@
13 years ago
Updated the patch after the changes in [19848]. Going to start working on unit tests later in the week.
#6
@
13 years ago
I've updated the taxes.combo.2.patch
file to apply cleanly after other recent commits to class-wp-xmlrpc-server.php
.
#7
follow-up:
↓ 8
@
13 years ago
Was busy with creating unit tests for the patch and I wonder the following things:
wp_newTerm
- Check if taxonomy is set and is a string
- Why is there the following line: $taxonomy = (array) taxonomy?
- return term_id should have strval()
wp_editTerm
- should the current_user_can check $term_id as second parameter?
- error check op $parent_term but trying to show the error of $term
- Error message for parent variable is not the same as newTerm, the same for error code
#8
in reply to:
↑ 7
@
13 years ago
Replying to markoheijnen:
Was busy with creating unit tests for the patch and I wonder the following things:
wp_newTerm
- Check if taxonomy is set and is a string
A new term must be associated with a taxonomy. So we check whether the input taxonomy is valid.
- Why is there the following line: $taxonomy = (array) taxonomy?
get_taxonomy() returns a taxonomy object.
We use
$object->key
to get the value from the object.
To use
$object['key']
you must cast the object to an array.
Of course we can use
$object->key
through out.
But all of the other functions are coded in
$object['key']
style.
For consistency i casted it to an array.
- return term_id should have strval()
+1
wp_editTerm
- should the current_user_can check $term_id as second parameter?
I think for terms we check capability in general. Not for a specific term like in posts.
AFAIK there is no 'edit_term' cap defined in the core.
- error check op $parent_term but trying to show the error of $term
+1. Should fix that
- Error message for parent variable is not the same as newTerm, the same for error code
+1
#9
follow-up:
↓ 11
@
13 years ago
Thanks for the answers. About the taxonomy check if you pass an array it will result in an error since an array can't be a key.
Not sure if this is something that should be checked tho.
About the error codes is there a page about which codes should apply to an error?
#10
@
13 years ago
Added some basic unit tests for creating and editing a term. First time I wrote something like this. Love to get some feedback.
#11
in reply to:
↑ 9
@
13 years ago
Replying to markoheijnen:
Thanks for the answers. About the taxonomy check if you pass an array it will result in an error since an array can't be a key.
Not sure if this is something that should be checked tho.
About the error codes is there a page about which codes should apply to an error?
The error codes are based on http error codes,
http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
although some of the error codes in class-xmlrpc-server don't line up perfectly
#12
@
13 years ago
I thought so but wasn't sure. I think a lot of the 500 error code should be changed since in the XML-RPC we don't know the reason but the function that is given the error does. It returns an error message so error code 500 isn't the right one. 403 makes more sense then.
#13
follow-ups:
↓ 14
↓ 15
@
13 years ago
Added a new patch and new unit tests.
- return term_id should have strval()
- error check op $parent_term but trying to show the error of $term
- Error message for parent variable is not the same as newTerm, the same for error code
- Changed some of the error messages so it is the same for all the term/taxonomy methods
Did wonder if someone can explain why there is an assign term check for wp_getTerm and wp_getTerms. Same for the edit taxonomy check for wp_getTaxonomy and wp_getTaxonomies. I think those checks can be removed.
#14
in reply to:
↑ 13
@
13 years ago
Replying to markoheijnen:
Did wonder if someone can explain why there is an assign term check for wp_getTerm and wp_getTerms. Same for the edit taxonomy check for wp_getTaxonomy and wp_getTaxonomies. I think those checks can be removed.
I think that was an attempt to restrict access so that not just any user can fetch the taxonomy information. I'm not sure if or what a better cap check could be, or even what the data leakage concerns would be without a cap check.
The new wp.getPost and wp.getPosts methods check the edit_post
cap for similar reasons, I assume.
#15
in reply to:
↑ 13
@
13 years ago
Replying to markoheijnen:
Added a new patch and new unit tests.
- return term_id should have strval()
- error check op $parent_term but trying to show the error of $term
- Error message for parent variable is not the same as newTerm, the same for error code
- Changed some of the error messages so it is the same for all the term/taxonomy methods
Did wonder if someone can explain why there is an assign term check for wp_getTerm and wp_getTerms. Same for the edit taxonomy check for wp_getTaxonomy and wp_getTaxonomies. I think those checks can be removed.
Thanks for the updates - I started reviewing the tests and patch yesterday and came accross some of these too.
I'll restart my review from the latest patches :)
#17
@
13 years ago
Damn, I uploaded the wrong unit test file. Uploaded here again which also include all the other tests.
Do wonder how we should check the data we get back.
@
13 years ago
Updated version of combo 3 based on my changes so far to correct things while reviewing tests.
#18
@
13 years ago
It might be worth adding another function akin to wp.suggestCategories that can work against any of the taxonomies.
#19
follow-up:
↓ 20
@
13 years ago
For the terms get method don't we need to set the arg hide_empty to false for the function get_terms() ? Or at least the ability to modify it?
Also for get_term() shouldn't we set the output to ARRAY_A and for casting it to an array use get_object_vars()? Like WordPress does if you look into the get_term() function
#20
in reply to:
↑ 19
@
13 years ago
Replying to markoheijnen:
For the terms get method don't we need to set the arg hide_empty to false for the function get_terms() ? Or at least the ability to modify it?
I would be in favor of adding an optional $filter
parameter that covers most of the arguments to get_terms
, just like we did for wp.getPosts
.
Also for get_term() shouldn't we set the output to ARRAY_A and for casting it to an array use get_object_vars()? Like WordPress does if you look into the get_term() function
+1
#21
@
13 years ago
Cap check changes discussed yesterday on IRC:
- Only
wp.editTerm
needs to check theedit_terms
cap. Thewp.getTerm
,wp.getTerms
,wp.getTaxonomies
, andwp.getTaxonomy
methods should checkassign_terms
instead since they are read-only. - nacin suggested
wp.newTerm
should also checkassign_terms
instead ofedit_terms
/manage_terms
, since currently that's all that's required to create a new tag. He's going to follow up/confirm after doing some more research.
#22
@
13 years ago
Refreshed patch with following changes:
- Tweaked caps on
wp.getTaxonomy
andwp.getTaxonomies
per previous comment. - Added optional
filter
parameter towp.getTerms
to support more scenarios, includinghide_empty=0
andsearch
(in lieu of a separatewp.suggestTerm
method). - Use
get_object_vars
to convert term object to array.
#23
follow-up:
↓ 24
@
13 years ago
get_term
/get_term_by
return all field values as string
s, even though some represent int
s. For example, count
and the various IDs (term_id
, parent
, term_group
, term_taxonomy_id
). Should we cast these fields to int
in _prepare_term
?
#24
in reply to:
↑ 23
@
13 years ago
Replying to maxcutler:
get_term
/get_term_by
return all field values asstring
s, even though some representint
s. For example,count
and the various IDs (term_id
,parent
,term_group
,term_taxonomy_id
). Should we cast these fields toint
in_prepare_term
?
We should explicitly cast everything to whatever we want it returned as IMHO so as to future proof the code against internal api changes (in the past these have accidentally changed the datatypes returned by XMLRPC).
For anything where the db schema supports values larger than XML-RPC for Integers we should return them as strings to be safe.
Updated patch formatting and tightened the validation logic. Also fixed the return value which did not match the docstring.