Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93
/home/sportsfe.../httpdocs/wp-inclu.../rest-api/endpoint...
File: class-wp-rest-users-controller.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* REST API: WP_REST_Users_Controller class
[2] Fix | Delete
*
[3] Fix | Delete
* @package WordPress
[4] Fix | Delete
* @subpackage REST_API
[5] Fix | Delete
* @since 4.7.0
[6] Fix | Delete
*/
[7] Fix | Delete
[8] Fix | Delete
/**
[9] Fix | Delete
* Core class used to manage users via the REST API.
[10] Fix | Delete
*
[11] Fix | Delete
* @since 4.7.0
[12] Fix | Delete
*
[13] Fix | Delete
* @see WP_REST_Controller
[14] Fix | Delete
*/
[15] Fix | Delete
class WP_REST_Users_Controller extends WP_REST_Controller {
[16] Fix | Delete
[17] Fix | Delete
/**
[18] Fix | Delete
* Instance of a user meta fields object.
[19] Fix | Delete
*
[20] Fix | Delete
* @since 4.7.0
[21] Fix | Delete
* @var WP_REST_User_Meta_Fields
[22] Fix | Delete
*/
[23] Fix | Delete
protected $meta;
[24] Fix | Delete
[25] Fix | Delete
/**
[26] Fix | Delete
* Whether the controller supports batching.
[27] Fix | Delete
*
[28] Fix | Delete
* @since 6.6.0
[29] Fix | Delete
* @var array
[30] Fix | Delete
*/
[31] Fix | Delete
protected $allow_batch = array( 'v1' => true );
[32] Fix | Delete
[33] Fix | Delete
/**
[34] Fix | Delete
* Constructor.
[35] Fix | Delete
*
[36] Fix | Delete
* @since 4.7.0
[37] Fix | Delete
*/
[38] Fix | Delete
public function __construct() {
[39] Fix | Delete
$this->namespace = 'wp/v2';
[40] Fix | Delete
$this->rest_base = 'users';
[41] Fix | Delete
[42] Fix | Delete
$this->meta = new WP_REST_User_Meta_Fields();
[43] Fix | Delete
}
[44] Fix | Delete
[45] Fix | Delete
/**
[46] Fix | Delete
* Registers the routes for users.
[47] Fix | Delete
*
[48] Fix | Delete
* @since 4.7.0
[49] Fix | Delete
*
[50] Fix | Delete
* @see register_rest_route()
[51] Fix | Delete
*/
[52] Fix | Delete
public function register_routes() {
[53] Fix | Delete
[54] Fix | Delete
register_rest_route(
[55] Fix | Delete
$this->namespace,
[56] Fix | Delete
'/' . $this->rest_base,
[57] Fix | Delete
array(
[58] Fix | Delete
array(
[59] Fix | Delete
'methods' => WP_REST_Server::READABLE,
[60] Fix | Delete
'callback' => array( $this, 'get_items' ),
[61] Fix | Delete
'permission_callback' => array( $this, 'get_items_permissions_check' ),
[62] Fix | Delete
'args' => $this->get_collection_params(),
[63] Fix | Delete
),
[64] Fix | Delete
array(
[65] Fix | Delete
'methods' => WP_REST_Server::CREATABLE,
[66] Fix | Delete
'callback' => array( $this, 'create_item' ),
[67] Fix | Delete
'permission_callback' => array( $this, 'create_item_permissions_check' ),
[68] Fix | Delete
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
[69] Fix | Delete
),
[70] Fix | Delete
'allow_batch' => $this->allow_batch,
[71] Fix | Delete
'schema' => array( $this, 'get_public_item_schema' ),
[72] Fix | Delete
)
[73] Fix | Delete
);
[74] Fix | Delete
[75] Fix | Delete
register_rest_route(
[76] Fix | Delete
$this->namespace,
[77] Fix | Delete
'/' . $this->rest_base . '/(?P<id>[\d]+)',
[78] Fix | Delete
array(
[79] Fix | Delete
'args' => array(
[80] Fix | Delete
'id' => array(
[81] Fix | Delete
'description' => __( 'Unique identifier for the user.' ),
[82] Fix | Delete
'type' => 'integer',
[83] Fix | Delete
),
[84] Fix | Delete
),
[85] Fix | Delete
array(
[86] Fix | Delete
'methods' => WP_REST_Server::READABLE,
[87] Fix | Delete
'callback' => array( $this, 'get_item' ),
[88] Fix | Delete
'permission_callback' => array( $this, 'get_item_permissions_check' ),
[89] Fix | Delete
'args' => array(
[90] Fix | Delete
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
[91] Fix | Delete
),
[92] Fix | Delete
),
[93] Fix | Delete
array(
[94] Fix | Delete
'methods' => WP_REST_Server::EDITABLE,
[95] Fix | Delete
'callback' => array( $this, 'update_item' ),
[96] Fix | Delete
'permission_callback' => array( $this, 'update_item_permissions_check' ),
[97] Fix | Delete
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
[98] Fix | Delete
),
[99] Fix | Delete
array(
[100] Fix | Delete
'methods' => WP_REST_Server::DELETABLE,
[101] Fix | Delete
'callback' => array( $this, 'delete_item' ),
[102] Fix | Delete
'permission_callback' => array( $this, 'delete_item_permissions_check' ),
[103] Fix | Delete
'args' => array(
[104] Fix | Delete
'force' => array(
[105] Fix | Delete
'type' => 'boolean',
[106] Fix | Delete
'default' => false,
[107] Fix | Delete
'description' => __( 'Required to be true, as users do not support trashing.' ),
[108] Fix | Delete
),
[109] Fix | Delete
'reassign' => array(
[110] Fix | Delete
'type' => 'integer',
[111] Fix | Delete
'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
[112] Fix | Delete
'required' => true,
[113] Fix | Delete
'sanitize_callback' => array( $this, 'check_reassign' ),
[114] Fix | Delete
),
[115] Fix | Delete
),
[116] Fix | Delete
),
[117] Fix | Delete
'allow_batch' => $this->allow_batch,
[118] Fix | Delete
'schema' => array( $this, 'get_public_item_schema' ),
[119] Fix | Delete
)
[120] Fix | Delete
);
[121] Fix | Delete
[122] Fix | Delete
register_rest_route(
[123] Fix | Delete
$this->namespace,
[124] Fix | Delete
'/' . $this->rest_base . '/me',
[125] Fix | Delete
array(
[126] Fix | Delete
array(
[127] Fix | Delete
'methods' => WP_REST_Server::READABLE,
[128] Fix | Delete
'permission_callback' => '__return_true',
[129] Fix | Delete
'callback' => array( $this, 'get_current_item' ),
[130] Fix | Delete
'args' => array(
[131] Fix | Delete
'context' => $this->get_context_param( array( 'default' => 'view' ) ),
[132] Fix | Delete
),
[133] Fix | Delete
),
[134] Fix | Delete
array(
[135] Fix | Delete
'methods' => WP_REST_Server::EDITABLE,
[136] Fix | Delete
'callback' => array( $this, 'update_current_item' ),
[137] Fix | Delete
'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
[138] Fix | Delete
'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
[139] Fix | Delete
),
[140] Fix | Delete
array(
[141] Fix | Delete
'methods' => WP_REST_Server::DELETABLE,
[142] Fix | Delete
'callback' => array( $this, 'delete_current_item' ),
[143] Fix | Delete
'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
[144] Fix | Delete
'args' => array(
[145] Fix | Delete
'force' => array(
[146] Fix | Delete
'type' => 'boolean',
[147] Fix | Delete
'default' => false,
[148] Fix | Delete
'description' => __( 'Required to be true, as users do not support trashing.' ),
[149] Fix | Delete
),
[150] Fix | Delete
'reassign' => array(
[151] Fix | Delete
'type' => 'integer',
[152] Fix | Delete
'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
[153] Fix | Delete
'required' => true,
[154] Fix | Delete
'sanitize_callback' => array( $this, 'check_reassign' ),
[155] Fix | Delete
),
[156] Fix | Delete
),
[157] Fix | Delete
),
[158] Fix | Delete
'schema' => array( $this, 'get_public_item_schema' ),
[159] Fix | Delete
)
[160] Fix | Delete
);
[161] Fix | Delete
}
[162] Fix | Delete
[163] Fix | Delete
/**
[164] Fix | Delete
* Checks for a valid value for the reassign parameter when deleting users.
[165] Fix | Delete
*
[166] Fix | Delete
* The value can be an integer, 'false', false, or ''.
[167] Fix | Delete
*
[168] Fix | Delete
* @since 4.7.0
[169] Fix | Delete
*
[170] Fix | Delete
* @param int|bool $value The value passed to the reassign parameter.
[171] Fix | Delete
* @param WP_REST_Request $request Full details about the request.
[172] Fix | Delete
* @param string $param The parameter that is being sanitized.
[173] Fix | Delete
* @return int|bool|WP_Error
[174] Fix | Delete
*/
[175] Fix | Delete
public function check_reassign( $value, $request, $param ) {
[176] Fix | Delete
if ( is_numeric( $value ) ) {
[177] Fix | Delete
return $value;
[178] Fix | Delete
}
[179] Fix | Delete
[180] Fix | Delete
if ( empty( $value ) || false === $value || 'false' === $value ) {
[181] Fix | Delete
return false;
[182] Fix | Delete
}
[183] Fix | Delete
[184] Fix | Delete
return new WP_Error(
[185] Fix | Delete
'rest_invalid_param',
[186] Fix | Delete
__( 'Invalid user parameter(s).' ),
[187] Fix | Delete
array( 'status' => 400 )
[188] Fix | Delete
);
[189] Fix | Delete
}
[190] Fix | Delete
[191] Fix | Delete
/**
[192] Fix | Delete
* Permissions check for getting all users.
[193] Fix | Delete
*
[194] Fix | Delete
* @since 4.7.0
[195] Fix | Delete
*
[196] Fix | Delete
* @param WP_REST_Request $request Full details about the request.
[197] Fix | Delete
* @return true|WP_Error True if the request has read access, otherwise WP_Error object.
[198] Fix | Delete
*/
[199] Fix | Delete
public function get_items_permissions_check( $request ) {
[200] Fix | Delete
// Check if roles is specified in GET request and if user can list users.
[201] Fix | Delete
if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
[202] Fix | Delete
return new WP_Error(
[203] Fix | Delete
'rest_user_cannot_view',
[204] Fix | Delete
__( 'Sorry, you are not allowed to filter users by role.' ),
[205] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[206] Fix | Delete
);
[207] Fix | Delete
}
[208] Fix | Delete
[209] Fix | Delete
// Check if capabilities is specified in GET request and if user can list users.
[210] Fix | Delete
if ( ! empty( $request['capabilities'] ) && ! current_user_can( 'list_users' ) ) {
[211] Fix | Delete
return new WP_Error(
[212] Fix | Delete
'rest_user_cannot_view',
[213] Fix | Delete
__( 'Sorry, you are not allowed to filter users by capability.' ),
[214] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[215] Fix | Delete
);
[216] Fix | Delete
}
[217] Fix | Delete
[218] Fix | Delete
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
[219] Fix | Delete
return new WP_Error(
[220] Fix | Delete
'rest_forbidden_context',
[221] Fix | Delete
__( 'Sorry, you are not allowed to edit users.' ),
[222] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[223] Fix | Delete
);
[224] Fix | Delete
}
[225] Fix | Delete
[226] Fix | Delete
if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
[227] Fix | Delete
return new WP_Error(
[228] Fix | Delete
'rest_forbidden_orderby',
[229] Fix | Delete
__( 'Sorry, you are not allowed to order users by this parameter.' ),
[230] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[231] Fix | Delete
);
[232] Fix | Delete
}
[233] Fix | Delete
[234] Fix | Delete
if ( 'authors' === $request['who'] ) {
[235] Fix | Delete
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
[236] Fix | Delete
[237] Fix | Delete
foreach ( $types as $type ) {
[238] Fix | Delete
if ( post_type_supports( $type->name, 'author' )
[239] Fix | Delete
&& current_user_can( $type->cap->edit_posts ) ) {
[240] Fix | Delete
return true;
[241] Fix | Delete
}
[242] Fix | Delete
}
[243] Fix | Delete
[244] Fix | Delete
return new WP_Error(
[245] Fix | Delete
'rest_forbidden_who',
[246] Fix | Delete
__( 'Sorry, you are not allowed to query users by this parameter.' ),
[247] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[248] Fix | Delete
);
[249] Fix | Delete
}
[250] Fix | Delete
[251] Fix | Delete
return true;
[252] Fix | Delete
}
[253] Fix | Delete
[254] Fix | Delete
/**
[255] Fix | Delete
* Retrieves all users.
[256] Fix | Delete
*
[257] Fix | Delete
* @since 4.7.0
[258] Fix | Delete
*
[259] Fix | Delete
* @param WP_REST_Request $request Full details about the request.
[260] Fix | Delete
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
[261] Fix | Delete
*/
[262] Fix | Delete
public function get_items( $request ) {
[263] Fix | Delete
[264] Fix | Delete
// Retrieve the list of registered collection query parameters.
[265] Fix | Delete
$registered = $this->get_collection_params();
[266] Fix | Delete
[267] Fix | Delete
/*
[268] Fix | Delete
* This array defines mappings between public API query parameters whose
[269] Fix | Delete
* values are accepted as-passed, and their internal WP_Query parameter
[270] Fix | Delete
* name equivalents (some are the same). Only values which are also
[271] Fix | Delete
* present in $registered will be set.
[272] Fix | Delete
*/
[273] Fix | Delete
$parameter_mappings = array(
[274] Fix | Delete
'exclude' => 'exclude',
[275] Fix | Delete
'include' => 'include',
[276] Fix | Delete
'order' => 'order',
[277] Fix | Delete
'per_page' => 'number',
[278] Fix | Delete
'search' => 'search',
[279] Fix | Delete
'roles' => 'role__in',
[280] Fix | Delete
'capabilities' => 'capability__in',
[281] Fix | Delete
'slug' => 'nicename__in',
[282] Fix | Delete
);
[283] Fix | Delete
[284] Fix | Delete
$prepared_args = array();
[285] Fix | Delete
[286] Fix | Delete
/*
[287] Fix | Delete
* For each known parameter which is both registered and present in the request,
[288] Fix | Delete
* set the parameter's value on the query $prepared_args.
[289] Fix | Delete
*/
[290] Fix | Delete
foreach ( $parameter_mappings as $api_param => $wp_param ) {
[291] Fix | Delete
if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
[292] Fix | Delete
$prepared_args[ $wp_param ] = $request[ $api_param ];
[293] Fix | Delete
}
[294] Fix | Delete
}
[295] Fix | Delete
[296] Fix | Delete
if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) {
[297] Fix | Delete
$prepared_args['offset'] = $request['offset'];
[298] Fix | Delete
} else {
[299] Fix | Delete
$prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number'];
[300] Fix | Delete
}
[301] Fix | Delete
[302] Fix | Delete
if ( isset( $registered['orderby'] ) ) {
[303] Fix | Delete
$orderby_possibles = array(
[304] Fix | Delete
'id' => 'ID',
[305] Fix | Delete
'include' => 'include',
[306] Fix | Delete
'name' => 'display_name',
[307] Fix | Delete
'registered_date' => 'registered',
[308] Fix | Delete
'slug' => 'user_nicename',
[309] Fix | Delete
'include_slugs' => 'nicename__in',
[310] Fix | Delete
'email' => 'user_email',
[311] Fix | Delete
'url' => 'user_url',
[312] Fix | Delete
);
[313] Fix | Delete
$prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ];
[314] Fix | Delete
}
[315] Fix | Delete
[316] Fix | Delete
if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) {
[317] Fix | Delete
$prepared_args['who'] = 'authors';
[318] Fix | Delete
} elseif ( ! current_user_can( 'list_users' ) ) {
[319] Fix | Delete
$prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' );
[320] Fix | Delete
}
[321] Fix | Delete
[322] Fix | Delete
if ( ! empty( $request['has_published_posts'] ) ) {
[323] Fix | Delete
$prepared_args['has_published_posts'] = ( true === $request['has_published_posts'] )
[324] Fix | Delete
? get_post_types( array( 'show_in_rest' => true ), 'names' )
[325] Fix | Delete
: (array) $request['has_published_posts'];
[326] Fix | Delete
}
[327] Fix | Delete
[328] Fix | Delete
if ( ! empty( $prepared_args['search'] ) ) {
[329] Fix | Delete
if ( ! current_user_can( 'list_users' ) ) {
[330] Fix | Delete
$prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' );
[331] Fix | Delete
}
[332] Fix | Delete
$prepared_args['search'] = '*' . $prepared_args['search'] . '*';
[333] Fix | Delete
}
[334] Fix | Delete
/**
[335] Fix | Delete
* Filters WP_User_Query arguments when querying users via the REST API.
[336] Fix | Delete
*
[337] Fix | Delete
* @link https://developer.wordpress.org/reference/classes/wp_user_query/
[338] Fix | Delete
*
[339] Fix | Delete
* @since 4.7.0
[340] Fix | Delete
*
[341] Fix | Delete
* @param array $prepared_args Array of arguments for WP_User_Query.
[342] Fix | Delete
* @param WP_REST_Request $request The REST API request.
[343] Fix | Delete
*/
[344] Fix | Delete
$prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request );
[345] Fix | Delete
[346] Fix | Delete
$query = new WP_User_Query( $prepared_args );
[347] Fix | Delete
[348] Fix | Delete
$users = array();
[349] Fix | Delete
[350] Fix | Delete
foreach ( $query->results as $user ) {
[351] Fix | Delete
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_user', $user->ID ) ) {
[352] Fix | Delete
continue;
[353] Fix | Delete
}
[354] Fix | Delete
[355] Fix | Delete
$data = $this->prepare_item_for_response( $user, $request );
[356] Fix | Delete
$users[] = $this->prepare_response_for_collection( $data );
[357] Fix | Delete
}
[358] Fix | Delete
[359] Fix | Delete
$response = rest_ensure_response( $users );
[360] Fix | Delete
[361] Fix | Delete
// Store pagination values for headers then unset for count query.
[362] Fix | Delete
$per_page = (int) $prepared_args['number'];
[363] Fix | Delete
$page = (int) ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
[364] Fix | Delete
[365] Fix | Delete
$prepared_args['fields'] = 'ID';
[366] Fix | Delete
[367] Fix | Delete
$total_users = $query->get_total();
[368] Fix | Delete
[369] Fix | Delete
if ( $total_users < 1 ) {
[370] Fix | Delete
// Out-of-bounds, run the query again without LIMIT for total count.
[371] Fix | Delete
unset( $prepared_args['number'], $prepared_args['offset'] );
[372] Fix | Delete
$count_query = new WP_User_Query( $prepared_args );
[373] Fix | Delete
$total_users = $count_query->get_total();
[374] Fix | Delete
}
[375] Fix | Delete
[376] Fix | Delete
$response->header( 'X-WP-Total', (int) $total_users );
[377] Fix | Delete
[378] Fix | Delete
$max_pages = (int) ceil( $total_users / $per_page );
[379] Fix | Delete
[380] Fix | Delete
$response->header( 'X-WP-TotalPages', $max_pages );
[381] Fix | Delete
[382] Fix | Delete
$base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
[383] Fix | Delete
if ( $page > 1 ) {
[384] Fix | Delete
$prev_page = $page - 1;
[385] Fix | Delete
[386] Fix | Delete
if ( $prev_page > $max_pages ) {
[387] Fix | Delete
$prev_page = $max_pages;
[388] Fix | Delete
}
[389] Fix | Delete
[390] Fix | Delete
$prev_link = add_query_arg( 'page', $prev_page, $base );
[391] Fix | Delete
$response->link_header( 'prev', $prev_link );
[392] Fix | Delete
}
[393] Fix | Delete
if ( $max_pages > $page ) {
[394] Fix | Delete
$next_page = $page + 1;
[395] Fix | Delete
$next_link = add_query_arg( 'page', $next_page, $base );
[396] Fix | Delete
[397] Fix | Delete
$response->link_header( 'next', $next_link );
[398] Fix | Delete
}
[399] Fix | Delete
[400] Fix | Delete
return $response;
[401] Fix | Delete
}
[402] Fix | Delete
[403] Fix | Delete
/**
[404] Fix | Delete
* Get the user, if the ID is valid.
[405] Fix | Delete
*
[406] Fix | Delete
* @since 4.7.2
[407] Fix | Delete
*
[408] Fix | Delete
* @param int $id Supplied ID.
[409] Fix | Delete
* @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
[410] Fix | Delete
*/
[411] Fix | Delete
protected function get_user( $id ) {
[412] Fix | Delete
$error = new WP_Error(
[413] Fix | Delete
'rest_user_invalid_id',
[414] Fix | Delete
__( 'Invalid user ID.' ),
[415] Fix | Delete
array( 'status' => 404 )
[416] Fix | Delete
);
[417] Fix | Delete
[418] Fix | Delete
if ( (int) $id <= 0 ) {
[419] Fix | Delete
return $error;
[420] Fix | Delete
}
[421] Fix | Delete
[422] Fix | Delete
$user = get_userdata( (int) $id );
[423] Fix | Delete
if ( empty( $user ) || ! $user->exists() ) {
[424] Fix | Delete
return $error;
[425] Fix | Delete
}
[426] Fix | Delete
[427] Fix | Delete
if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) {
[428] Fix | Delete
return $error;
[429] Fix | Delete
}
[430] Fix | Delete
[431] Fix | Delete
return $user;
[432] Fix | Delete
}
[433] Fix | Delete
[434] Fix | Delete
/**
[435] Fix | Delete
* Checks if a given request has access to read a user.
[436] Fix | Delete
*
[437] Fix | Delete
* @since 4.7.0
[438] Fix | Delete
*
[439] Fix | Delete
* @param WP_REST_Request $request Full details about the request.
[440] Fix | Delete
* @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
[441] Fix | Delete
*/
[442] Fix | Delete
public function get_item_permissions_check( $request ) {
[443] Fix | Delete
$user = $this->get_user( $request['id'] );
[444] Fix | Delete
if ( is_wp_error( $user ) ) {
[445] Fix | Delete
return $user;
[446] Fix | Delete
}
[447] Fix | Delete
[448] Fix | Delete
$types = get_post_types( array( 'show_in_rest' => true ), 'names' );
[449] Fix | Delete
[450] Fix | Delete
if ( get_current_user_id() === $user->ID ) {
[451] Fix | Delete
return true;
[452] Fix | Delete
}
[453] Fix | Delete
[454] Fix | Delete
if ( 'edit' === $request['context'] && ! current_user_can( 'edit_user', $user->ID ) ) {
[455] Fix | Delete
return new WP_Error(
[456] Fix | Delete
'rest_forbidden_context',
[457] Fix | Delete
__( 'Sorry, you are not allowed to edit this user.' ),
[458] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[459] Fix | Delete
);
[460] Fix | Delete
}
[461] Fix | Delete
[462] Fix | Delete
if ( ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) && ! count_user_posts( $user->ID, $types ) ) {
[463] Fix | Delete
return new WP_Error(
[464] Fix | Delete
'rest_user_cannot_view',
[465] Fix | Delete
__( 'Sorry, you are not allowed to list users.' ),
[466] Fix | Delete
array( 'status' => rest_authorization_required_code() )
[467] Fix | Delete
);
[468] Fix | Delete
}
[469] Fix | Delete
[470] Fix | Delete
return true;
[471] Fix | Delete
}
[472] Fix | Delete
[473] Fix | Delete
/**
[474] Fix | Delete
* Retrieves a single user.
[475] Fix | Delete
*
[476] Fix | Delete
* @since 4.7.0
[477] Fix | Delete
*
[478] Fix | Delete
* @param WP_REST_Request $request Full details about the request.
[479] Fix | Delete
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
[480] Fix | Delete
*/
[481] Fix | Delete
public function get_item( $request ) {
[482] Fix | Delete
$user = $this->get_user( $request['id'] );
[483] Fix | Delete
if ( is_wp_error( $user ) ) {
[484] Fix | Delete
return $user;
[485] Fix | Delete
}
[486] Fix | Delete
[487] Fix | Delete
$user = $this->prepare_item_for_response( $user, $request );
[488] Fix | Delete
$response = rest_ensure_response( $user );
[489] Fix | Delete
[490] Fix | Delete
return $response;
[491] Fix | Delete
}
[492] Fix | Delete
[493] Fix | Delete
/**
[494] Fix | Delete
* Retrieves the current user.
[495] Fix | Delete
*
[496] Fix | Delete
* @since 4.7.0
[497] Fix | Delete
*
[498] Fix | Delete
* @param WP_REST_Request $request Full details about the request.
[499] Fix | Delete
1234
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function