Skip to content
This repository was archived by the owner on Sep 24, 2018. It is now read-only.

Commit fe77343

Browse files
danielbachhuberdanielbachhuber
committed
Merge pull request #2035 from WP-API/move-permissions-checks-terms
Move permission check methods in `WP_REST_Terms_Controller`
2 parents 70b97c7 + e4bd2e1 commit fe77343

File tree

1 file changed

+86
-91
lines changed

1 file changed

+86
-91
lines changed

lib/endpoints/class-wp-rest-terms-controller.php

Lines changed: 86 additions & 91 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,16 @@ public function register_routes() {
6767
) );
6868
}
6969

70+
/**
71+
* Check if a given request has access to read the terms.
72+
*
73+
* @param WP_REST_Request $request Full details about the request.
74+
* @return bool|WP_Error
75+
*/
76+
public function get_items_permissions_check( $request ) {
77+
return $this->check_is_taxonomy_allowed( $this->taxonomy );
78+
}
79+
7080
/**
7181
* Get terms associated with a taxonomy
7282
*
@@ -157,6 +167,16 @@ public function get_items( $request ) {
157167
return $response;
158168
}
159169

170+
/**
171+
* Check if a given request has access to read a term.
172+
*
173+
* @param WP_REST_Request $request Full details about the request.
174+
* @return bool|WP_Error
175+
*/
176+
public function get_item_permissions_check( $request ) {
177+
return $this->check_is_taxonomy_allowed( $this->taxonomy );
178+
}
179+
160180
/**
161181
* Get a single term from a taxonomy
162182
*
@@ -178,6 +198,26 @@ public function get_item( $request ) {
178198
return rest_ensure_response( $response );
179199
}
180200

201+
/**
202+
* Check if a given request has access to create a term
203+
*
204+
* @param WP_REST_Request $request Full details about the request.
205+
* @return bool|WP_Error
206+
*/
207+
public function create_item_permissions_check( $request ) {
208+
209+
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
210+
return false;
211+
}
212+
213+
$taxonomy_obj = get_taxonomy( $this->taxonomy );
214+
if ( ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) {
215+
return new WP_Error( 'rest_cannot_create', __( 'Sorry, you cannot create new terms.' ), array( 'status' => rest_authorization_required_code() ) );
216+
}
217+
218+
return true;
219+
}
220+
181221
/**
182222
* Create a single term for a taxonomy
183223
*
@@ -236,6 +276,31 @@ public function create_item( $request ) {
236276
return $response;
237277
}
238278

279+
/**
280+
* Check if a given request has access to update a term
281+
*
282+
* @param WP_REST_Request $request Full details about the request.
283+
* @return bool|WP_Error
284+
*/
285+
public function update_item_permissions_check( $request ) {
286+
287+
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
288+
return false;
289+
}
290+
291+
$term = get_term( (int) $request['id'], $this->taxonomy );
292+
if ( ! $term ) {
293+
return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
294+
}
295+
296+
$taxonomy_obj = get_taxonomy( $this->taxonomy );
297+
if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) {
298+
return new WP_Error( 'rest_cannot_update', __( 'Sorry, you cannot update terms.' ), array( 'status' => rest_authorization_required_code() ) );
299+
}
300+
301+
return true;
302+
}
303+
239304
/**
240305
* Update a single term from a taxonomy
241306
*
@@ -288,6 +353,27 @@ public function update_item( $request ) {
288353
return rest_ensure_response( $response );
289354
}
290355

356+
/**
357+
* Check if a given request has access to delete a term
358+
*
359+
* @param WP_REST_Request $request Full details about the request.
360+
* @return bool|WP_Error
361+
*/
362+
public function delete_item_permissions_check( $request ) {
363+
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
364+
return false;
365+
}
366+
$term = get_term( (int) $request['id'], $this->taxonomy );
367+
if ( ! $term ) {
368+
return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
369+
}
370+
$taxonomy_obj = get_taxonomy( $this->taxonomy );
371+
if ( ! current_user_can( $taxonomy_obj->cap->delete_terms ) ) {
372+
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you cannot delete terms.' ), array( 'status' => rest_authorization_required_code() ) );
373+
}
374+
return true;
375+
}
376+
291377
/**
292378
* Delete a single term from a taxonomy
293379
*
@@ -325,97 +411,6 @@ public function delete_item( $request ) {
325411
return $response;
326412
}
327413

328-
/**
329-
* Check if a given request has access to read the terms.
330-
*
331-
* @param WP_REST_Request $request Full details about the request.
332-
* @return bool|WP_Error
333-
*/
334-
public function get_items_permissions_check( $request ) {
335-
return $this->check_is_taxonomy_allowed( $this->taxonomy );
336-
}
337-
338-
/**
339-
* Check if a given request has access to read a term.
340-
*
341-
* @param WP_REST_Request $request Full details about the request.
342-
* @return bool|WP_Error
343-
*/
344-
public function get_item_permissions_check( $request ) {
345-
return $this->check_is_taxonomy_allowed( $this->taxonomy );
346-
}
347-
348-
349-
/**
350-
* Check if a given request has access to create a term
351-
*
352-
* @param WP_REST_Request $request Full details about the request.
353-
* @return bool|WP_Error
354-
*/
355-
public function create_item_permissions_check( $request ) {
356-
357-
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
358-
return false;
359-
}
360-
361-
$taxonomy_obj = get_taxonomy( $this->taxonomy );
362-
if ( ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) {
363-
return new WP_Error( 'rest_cannot_create', __( 'Sorry, you cannot create new terms.' ), array( 'status' => rest_authorization_required_code() ) );
364-
}
365-
366-
return true;
367-
}
368-
369-
/**
370-
* Check if a given request has access to update a term
371-
*
372-
* @param WP_REST_Request $request Full details about the request.
373-
* @return bool|WP_Error
374-
*/
375-
public function update_item_permissions_check( $request ) {
376-
377-
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
378-
return false;
379-
}
380-
381-
$term = get_term( (int) $request['id'], $this->taxonomy );
382-
if ( ! $term ) {
383-
return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
384-
}
385-
386-
$taxonomy_obj = get_taxonomy( $this->taxonomy );
387-
if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) {
388-
return new WP_Error( 'rest_cannot_update', __( 'Sorry, you cannot update terms.' ), array( 'status' => rest_authorization_required_code() ) );
389-
}
390-
391-
return true;
392-
}
393-
394-
/**
395-
* Check if a given request has access to delete a term
396-
*
397-
* @param WP_REST_Request $request Full details about the request.
398-
* @return bool|WP_Error
399-
*/
400-
public function delete_item_permissions_check( $request ) {
401-
402-
if ( ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
403-
return false;
404-
}
405-
406-
$term = get_term( (int) $request['id'], $this->taxonomy );
407-
if ( ! $term ) {
408-
return new WP_Error( 'rest_term_invalid', __( "Term doesn't exist." ), array( 'status' => 404 ) );
409-
}
410-
411-
$taxonomy_obj = get_taxonomy( $this->taxonomy );
412-
if ( ! current_user_can( $taxonomy_obj->cap->delete_terms ) ) {
413-
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you cannot delete terms.' ), array( 'status' => rest_authorization_required_code() ) );
414-
}
415-
416-
return true;
417-
}
418-
419414
/**
420415
* Get the base path for a term's taxonomy endpoints.
421416
*

0 commit comments

Comments
 (0)