Opened 5 years ago
Closed 4 years ago
#48819 closed defect (bug) (fixed)
Filter response by context misses certain schemas
Reported by: | TimothyBlynJacobs | Owned by: | TimothyBlynJacobs |
---|---|---|---|
Milestone: | 5.5 | Priority: | normal |
Severity: | normal | Version: | 4.7 |
Component: | REST API | Keywords: | has-patch has-unit-tests early |
Focuses: | Cc: |
Description
WP_REST_Controller:filter_response_by_context
is used to remove properties from a response that require a different context than requested. ie it removes edit
properties if the request doesn't have an edit
context. However it misses a few cases.
- Does not check array items.
- Does not checked multi nested properties. It only checks the first child property level.
- Does not handle
additionalProperties
. - Does not handle
type
being an array of types.
Attachments (2)
Change History (13)
This ticket was mentioned in Slack in #core-restapi by timothybjacobs. View the logs.
5 years ago
#3
@
5 years ago
I've uploaded a revised version of the patch that does not traverse child schemas unless a context
is set at every level. This means the performance impact of traversing the entire object will only occur if the author is utilizing that functionality.
That is, for the following schema.
<?php array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'type' => 'object', 'properties' => array( 'parent' => array( 'type' => 'object', 'context' => array( 'view', 'edit' ), 'properties' => array( 'child' => array( 'type' => 'object', 'properties' => array( 'grand' => array( 'type' => 'string', 'context' => array( 'view', 'edit' ), ), 'hidden' => array( 'type' => 'string', 'context' => array( 'edit' ), ), ), ), ), ), ), )
and the following data
<?php array( 'parent' => array( 'child' => array( 'grand' => 'hi', 'hidden' => 'there', ), ), )
In the first patch, the hidden field would be excluded, now it isn't. Notice that no context
is specified for the child
schema.
#4
@
5 years ago
- Keywords early added
- Milestone changed from 5.4 to 5.5
Punting to 5.5. I think this is too large a change to land at this point in the cycle.
This ticket was mentioned in Slack in #core by david.baumwald. View the logs.
4 years ago
#7
@
4 years ago
@davidbaumwald yep. The work is done, really just needs another pair of eyes before landing. cc @kadamwhite.
This ticket was mentioned in Slack in #core by david.baumwald. View the logs.
4 years ago
This ticket was mentioned in PR #249 on WordPress/wordpress-develop by TimothyBJacobs.
4 years ago
#9
Trac ticket: https://core.trac.wordpress.org/ticket/48819
This ticket was mentioned in PR #249 on WordPress/wordpress-develop by TimothyBJacobs.
4 years ago
#10
Trac ticket: https://core.trac.wordpress.org/ticket/48819
I did a first pass patch implementing the changes described above. I ended up extracting it to a standalone function. I think it is still helpful when not subclassing
WP_REST_Controller
. It also made it a bit easier to test.This new function also uses recursion to ensure we traverse the whole schema. It seemed like it might be unsafe BC wise to implement recursion with the original method if any controllers are overwriting that method and calling the parent.