diff options
Diffstat (limited to '')
-rw-r--r-- | wp-includes/rest-api/endpoints/class-wp-rest-controller.php | 681 |
1 files changed, 681 insertions, 0 deletions
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-controller.php new file mode 100644 index 0000000..4b960d6 --- /dev/null +++ b/wp-includes/rest-api/endpoints/class-wp-rest-controller.php @@ -0,0 +1,681 @@ +<?php +/** + * REST API: WP_REST_Controller class + * + * @package WordPress + * @subpackage REST_API + * @since 4.7.0 + */ + +/** + * Core base controller for managing and interacting with REST API items. + * + * @since 4.7.0 + */ +#[AllowDynamicProperties] +abstract class WP_REST_Controller { + + /** + * The namespace of this controller's route. + * + * @since 4.7.0 + * @var string + */ + protected $namespace; + + /** + * The base of this controller's route. + * + * @since 4.7.0 + * @var string + */ + protected $rest_base; + + /** + * Cached results of get_item_schema. + * + * @since 5.3.0 + * @var array + */ + protected $schema; + + /** + * Registers the routes for the objects of the controller. + * + * @since 4.7.0 + * + * @see register_rest_route() + */ + public function register_routes() { + _doing_it_wrong( + 'WP_REST_Controller::register_routes', + /* translators: %s: register_routes() */ + sprintf( __( "Method '%s' must be overridden." ), __METHOD__ ), + '4.7.0' + ); + } + + /** + * Checks if a given request has access to get items. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True if the request has read access, WP_Error object otherwise. + */ + public function get_items_permissions_check( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Retrieves a collection of items. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function get_items( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Checks if a given request has access to get a specific item. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. + */ + public function get_item_permissions_check( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Retrieves one item from the collection. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function get_item( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Checks if a given request has access to create items. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. + */ + public function create_item_permissions_check( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Creates one item from the collection. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function create_item( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Checks if a given request has access to update a specific item. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. + */ + public function update_item_permissions_check( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Updates one item from the collection. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function update_item( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Checks if a given request has access to delete a specific item. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. + */ + public function delete_item_permissions_check( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Deletes one item from the collection. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function delete_item( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Prepares one item for create or update operation. + * + * @since 4.7.0 + * + * @param WP_REST_Request $request Request object. + * @return object|WP_Error The prepared item, or WP_Error object on failure. + */ + protected function prepare_item_for_database( $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Prepares the item for the REST response. + * + * @since 4.7.0 + * + * @param mixed $item WordPress representation of the item. + * @param WP_REST_Request $request Request object. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function prepare_item_for_response( $item, $request ) { + return new WP_Error( + 'invalid-method', + /* translators: %s: Method name. */ + sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), + array( 'status' => 405 ) + ); + } + + /** + * Prepares a response for insertion into a collection. + * + * @since 4.7.0 + * + * @param WP_REST_Response $response Response object. + * @return array|mixed Response data, ready for insertion into collection data. + */ + public function prepare_response_for_collection( $response ) { + if ( ! ( $response instanceof WP_REST_Response ) ) { + return $response; + } + + $data = (array) $response->get_data(); + $server = rest_get_server(); + $links = $server::get_compact_response_links( $response ); + + if ( ! empty( $links ) ) { + $data['_links'] = $links; + } + + return $data; + } + + /** + * Filters a response based on the context defined in the schema. + * + * @since 4.7.0 + * + * @param array $response_data Response data to filter. + * @param string $context Context defined in the schema. + * @return array Filtered response. + */ + public function filter_response_by_context( $response_data, $context ) { + + $schema = $this->get_item_schema(); + + return rest_filter_response_by_context( $response_data, $schema, $context ); + } + + /** + * Retrieves the item's schema, conforming to JSON Schema. + * + * @since 4.7.0 + * + * @return array Item schema data. + */ + public function get_item_schema() { + return $this->add_additional_fields_schema( array() ); + } + + /** + * Retrieves the item's schema for display / public consumption purposes. + * + * @since 4.7.0 + * + * @return array Public item schema data. + */ + public function get_public_item_schema() { + + $schema = $this->get_item_schema(); + + if ( ! empty( $schema['properties'] ) ) { + foreach ( $schema['properties'] as &$property ) { + unset( $property['arg_options'] ); + } + } + + return $schema; + } + + /** + * Retrieves the query params for the collections. + * + * @since 4.7.0 + * + * @return array Query parameters for the collection. + */ + public function get_collection_params() { + return array( + 'context' => $this->get_context_param(), + 'page' => array( + 'description' => __( 'Current page of the collection.' ), + 'type' => 'integer', + 'default' => 1, + 'sanitize_callback' => 'absint', + 'validate_callback' => 'rest_validate_request_arg', + 'minimum' => 1, + ), + 'per_page' => array( + 'description' => __( 'Maximum number of items to be returned in result set.' ), + 'type' => 'integer', + 'default' => 10, + 'minimum' => 1, + 'maximum' => 100, + 'sanitize_callback' => 'absint', + 'validate_callback' => 'rest_validate_request_arg', + ), + 'search' => array( + 'description' => __( 'Limit results to those matching a string.' ), + 'type' => 'string', + 'sanitize_callback' => 'sanitize_text_field', + 'validate_callback' => 'rest_validate_request_arg', + ), + ); + } + + /** + * Retrieves the magical context param. + * + * Ensures consistent descriptions between endpoints, and populates enum from schema. + * + * @since 4.7.0 + * + * @param array $args Optional. Additional arguments for context parameter. Default empty array. + * @return array Context parameter details. + */ + public function get_context_param( $args = array() ) { + $param_details = array( + 'description' => __( 'Scope under which the request is made; determines fields present in response.' ), + 'type' => 'string', + 'sanitize_callback' => 'sanitize_key', + 'validate_callback' => 'rest_validate_request_arg', + ); + + $schema = $this->get_item_schema(); + + if ( empty( $schema['properties'] ) ) { + return array_merge( $param_details, $args ); + } + + $contexts = array(); + + foreach ( $schema['properties'] as $attributes ) { + if ( ! empty( $attributes['context'] ) ) { + $contexts = array_merge( $contexts, $attributes['context'] ); + } + } + + if ( ! empty( $contexts ) ) { + $param_details['enum'] = array_unique( $contexts ); + rsort( $param_details['enum'] ); + } + + return array_merge( $param_details, $args ); + } + + /** + * Adds the values from additional fields to a data object. + * + * @since 4.7.0 + * + * @param array $response_data Prepared response array. + * @param WP_REST_Request $request Full details about the request. + * @return array Modified data object with additional fields. + */ + protected function add_additional_fields_to_object( $response_data, $request ) { + + $additional_fields = $this->get_additional_fields(); + + $requested_fields = $this->get_fields_for_response( $request ); + + foreach ( $additional_fields as $field_name => $field_options ) { + if ( ! $field_options['get_callback'] ) { + continue; + } + + if ( ! rest_is_field_included( $field_name, $requested_fields ) ) { + continue; + } + + $response_data[ $field_name ] = call_user_func( + $field_options['get_callback'], + $response_data, + $field_name, + $request, + $this->get_object_type() + ); + } + + return $response_data; + } + + /** + * Updates the values of additional fields added to a data object. + * + * @since 4.7.0 + * + * @param object $data_object Data model like WP_Term or WP_Post. + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True on success, WP_Error object if a field cannot be updated. + */ + protected function update_additional_fields_for_object( $data_object, $request ) { + $additional_fields = $this->get_additional_fields(); + + foreach ( $additional_fields as $field_name => $field_options ) { + if ( ! $field_options['update_callback'] ) { + continue; + } + + // Don't run the update callbacks if the data wasn't passed in the request. + if ( ! isset( $request[ $field_name ] ) ) { + continue; + } + + $result = call_user_func( + $field_options['update_callback'], + $request[ $field_name ], + $data_object, + $field_name, + $request, + $this->get_object_type() + ); + + if ( is_wp_error( $result ) ) { + return $result; + } + } + + return true; + } + + /** + * Adds the schema from additional fields to a schema array. + * + * The type of object is inferred from the passed schema. + * + * @since 4.7.0 + * + * @param array $schema Schema array. + * @return array Modified Schema array. + */ + protected function add_additional_fields_schema( $schema ) { + if ( empty( $schema['title'] ) ) { + return $schema; + } + + // Can't use $this->get_object_type otherwise we cause an inf loop. + $object_type = $schema['title']; + + $additional_fields = $this->get_additional_fields( $object_type ); + + foreach ( $additional_fields as $field_name => $field_options ) { + if ( ! $field_options['schema'] ) { + continue; + } + + $schema['properties'][ $field_name ] = $field_options['schema']; + } + + return $schema; + } + + /** + * Retrieves all of the registered additional fields for a given object-type. + * + * @since 4.7.0 + * + * @global array $wp_rest_additional_fields Holds registered fields, organized by object type. + * + * @param string $object_type Optional. The object type. + * @return array Registered additional fields (if any), empty array if none or if the object type + * could not be inferred. + */ + protected function get_additional_fields( $object_type = null ) { + global $wp_rest_additional_fields; + + if ( ! $object_type ) { + $object_type = $this->get_object_type(); + } + + if ( ! $object_type ) { + return array(); + } + + if ( ! $wp_rest_additional_fields || ! isset( $wp_rest_additional_fields[ $object_type ] ) ) { + return array(); + } + + return $wp_rest_additional_fields[ $object_type ]; + } + + /** + * Retrieves the object type this controller is responsible for managing. + * + * @since 4.7.0 + * + * @return string Object type for the controller. + */ + protected function get_object_type() { + $schema = $this->get_item_schema(); + + if ( ! $schema || ! isset( $schema['title'] ) ) { + return null; + } + + return $schema['title']; + } + + /** + * Gets an array of fields to be included on the response. + * + * Included fields are based on item schema and `_fields=` request argument. + * + * @since 4.9.6 + * + * @param WP_REST_Request $request Full details about the request. + * @return string[] Fields to be included in the response. + */ + public function get_fields_for_response( $request ) { + $schema = $this->get_item_schema(); + $properties = isset( $schema['properties'] ) ? $schema['properties'] : array(); + + $additional_fields = $this->get_additional_fields(); + + foreach ( $additional_fields as $field_name => $field_options ) { + /* + * For back-compat, include any field with an empty schema + * because it won't be present in $this->get_item_schema(). + */ + if ( is_null( $field_options['schema'] ) ) { + $properties[ $field_name ] = $field_options; + } + } + + // Exclude fields that specify a different context than the request context. + $context = $request['context']; + if ( $context ) { + foreach ( $properties as $name => $options ) { + if ( ! empty( $options['context'] ) && ! in_array( $context, $options['context'], true ) ) { + unset( $properties[ $name ] ); + } + } + } + + $fields = array_keys( $properties ); + + /* + * '_links' and '_embedded' are not typically part of the item schema, + * but they can be specified in '_fields', so they are added here as a + * convenience for checking with rest_is_field_included(). + */ + $fields[] = '_links'; + if ( $request->has_param( '_embed' ) ) { + $fields[] = '_embedded'; + } + + $fields = array_unique( $fields ); + + if ( ! isset( $request['_fields'] ) ) { + return $fields; + } + $requested_fields = wp_parse_list( $request['_fields'] ); + if ( 0 === count( $requested_fields ) ) { + return $fields; + } + // Trim off outside whitespace from the comma delimited list. + $requested_fields = array_map( 'trim', $requested_fields ); + // Always persist 'id', because it can be needed for add_additional_fields_to_object(). + if ( in_array( 'id', $fields, true ) ) { + $requested_fields[] = 'id'; + } + // Return the list of all requested fields which appear in the schema. + return array_reduce( + $requested_fields, + static function ( $response_fields, $field ) use ( $fields ) { + if ( in_array( $field, $fields, true ) ) { + $response_fields[] = $field; + return $response_fields; + } + // Check for nested fields if $field is not a direct match. + $nested_fields = explode( '.', $field ); + /* + * A nested field is included so long as its top-level property + * is present in the schema. + */ + if ( in_array( $nested_fields[0], $fields, true ) ) { + $response_fields[] = $field; + } + return $response_fields; + }, + array() + ); + } + + /** + * Retrieves an array of endpoint arguments from the item schema for the controller. + * + * @since 4.7.0 + * + * @param string $method Optional. HTTP method of the request. The arguments for `CREATABLE` requests are + * checked for required values and may fall-back to a given default, this is not done + * on `EDITABLE` requests. Default WP_REST_Server::CREATABLE. + * @return array Endpoint arguments. + */ + public function get_endpoint_args_for_item_schema( $method = WP_REST_Server::CREATABLE ) { + return rest_get_endpoint_args_for_schema( $this->get_item_schema(), $method ); + } + + /** + * Sanitizes the slug value. + * + * @since 4.7.0 + * + * @internal We can't use sanitize_title() directly, as the second + * parameter is the fallback title, which would end up being set to the + * request object. + * + * @see https://github.com/WP-API/WP-API/issues/1585 + * + * @todo Remove this in favour of https://core.trac.wordpress.org/ticket/34659 + * + * @param string $slug Slug value passed in request. + * @return string Sanitized value for the slug. + */ + public function sanitize_slug( $slug ) { + return sanitize_title( $slug ); + } +} |