enmi-conf.org: comparison wp/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

equal deleted inserted replaced

-:c7c34916027a
+:177826044cd9
 	 *
 	 * @see register_rest_route()
 	 */
 	public function register_routes() {
-		register_rest_route( $this->namespace, '/' . $this->rest_base, array(
+		register_rest_route(
+			$this->namespace,
+			'/' . $this->rest_base,
 			array(
-				'methods'             => WP_REST_Server::READABLE,
+				array(
-				'callback'            => array( $this, 'get_items' ),
+					'methods'             => WP_REST_Server::READABLE,
-				'permission_callback' => array( $this, 'get_items_permissions_check' ),
+					'callback'            => array( $this, 'get_items' ),
-				'args'                => $this->get_collection_params(),
+					'permission_callback' => array( $this, 'get_items_permissions_check' ),
-			),
+					'args'                => $this->get_collection_params(),
+				),
+				array(
+					'methods'             => WP_REST_Server::CREATABLE,
+					'callback'            => array( $this, 'create_item' ),
+					'permission_callback' => array( $this, 'create_item_permissions_check' ),
+					'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
+				),
+				'schema' => array( $this, 'get_public_item_schema' ),
+			)
+		);
+		register_rest_route(
+			$this->namespace,
+			'/' . $this->rest_base . '/(?P<id>[\d]+)',
 			array(
-				'methods'             => WP_REST_Server::CREATABLE,
+				'args'   => array(
-				'callback'            => array( $this, 'create_item' ),
+					'id' => array(
-				'permission_callback' => array( $this, 'create_item_permissions_check' ),
+						'description' => __( 'Unique identifier for the user.' ),
-				'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
+						'type'        => 'integer',
-			),
+					),
-			'schema' => array( $this, 'get_public_item_schema' ),
+				),
-		) );
+				array(
+					'methods'             => WP_REST_Server::READABLE,
-		register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
+					'callback'            => array( $this, 'get_item' ),
-			'args' => array(
+					'permission_callback' => array( $this, 'get_item_permissions_check' ),
-				'id' => array(
+					'args'                => array(
-					'description' => __( 'Unique identifier for the user.' ),
+						'context' => $this->get_context_param( array( 'default' => 'view' ) ),
-					'type'        => 'integer',
+					),
 				),
-			),
+				array(
+					'methods'             => WP_REST_Server::EDITABLE,
+					'callback'            => array( $this, 'update_item' ),
+					'permission_callback' => array( $this, 'update_item_permissions_check' ),
+					'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
+				),
+				array(
+					'methods'             => WP_REST_Server::DELETABLE,
+					'callback'            => array( $this, 'delete_item' ),
+					'permission_callback' => array( $this, 'delete_item_permissions_check' ),
+					'args'                => array(
+						'force'    => array(
+							'type'        => 'boolean',
+							'default'     => false,
+							'description' => __( 'Required to be true, as users do not support trashing.' ),
+						),
+						'reassign' => array(
+							'type'              => 'integer',
+							'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
+							'required'          => true,
+							'sanitize_callback' => array( $this, 'check_reassign' ),
+						),
+					),
+				),
+				'schema' => array( $this, 'get_public_item_schema' ),
+			)
+		);
+		register_rest_route(
+			$this->namespace,
+			'/' . $this->rest_base . '/me',
 			array(
-				'methods'             => WP_REST_Server::READABLE,
+				array(
-				'callback'            => array( $this, 'get_item' ),
+					'methods'  => WP_REST_Server::READABLE,
-				'permission_callback' => array( $this, 'get_item_permissions_check' ),
+					'callback' => array( $this, 'get_current_item' ),
-				'args'                => array(
+					'args'     => array(
-					'context' => $this->get_context_param( array( 'default' => 'view' ) ),
+						'context' => $this->get_context_param( array( 'default' => 'view' ) ),
-				),
-			),
-			array(
-				'methods'             => WP_REST_Server::EDITABLE,
-				'callback'            => array( $this, 'update_item' ),
-				'permission_callback' => array( $this, 'update_item_permissions_check' ),
-				'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
-			),
-			array(
-				'methods'             => WP_REST_Server::DELETABLE,
-				'callback'            => array( $this, 'delete_item' ),
-				'permission_callback' => array( $this, 'delete_item_permissions_check' ),
-				'args'                => array(
-					'force'    => array(
-						'type'        => 'boolean',
-						'default'     => false,
-						'description' => __( 'Required to be true, as users do not support trashing.' ),
 					),
-					'reassign' => array(
+				),
-						'type'        => 'integer',
+				array(
-						'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
+					'methods'             => WP_REST_Server::EDITABLE,
-						'required'    => true,
+					'callback'            => array( $this, 'update_current_item' ),
-						'sanitize_callback' => array( $this, 'check_reassign' ),
+					'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
+					'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
+				),
+				array(
+					'methods'             => WP_REST_Server::DELETABLE,
+					'callback'            => array( $this, 'delete_current_item' ),
+					'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
+					'args'                => array(
+						'force'    => array(
+							'type'        => 'boolean',
+							'default'     => false,
+							'description' => __( 'Required to be true, as users do not support trashing.' ),
+						),
+						'reassign' => array(
+							'type'              => 'integer',
+							'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
+							'required'          => true,
+							'sanitize_callback' => array( $this, 'check_reassign' ),
+						),
 					),
 				),
-			),
+				'schema' => array( $this, 'get_public_item_schema' ),
-			'schema' => array( $this, 'get_public_item_schema' ),
+			)
-		) );
+		);
-		register_rest_route( $this->namespace, '/' . $this->rest_base . '/me', array(
-			array(
-				'methods'             => WP_REST_Server::READABLE,
-				'callback'            => array( $this, 'get_current_item' ),
-				'args'                => array(
-					'context' => $this->get_context_param( array( 'default' => 'view' ) ),
-				),
-			),
-			array(
-				'methods'             => WP_REST_Server::EDITABLE,
-				'callback'            => array( $this, 'update_current_item' ),
-				'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
-				'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
-			),
-			array(
-				'methods'             => WP_REST_Server::DELETABLE,
-				'callback'            => array( $this, 'delete_current_item' ),
-				'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
-				'args'                => array(
-					'force'    => array(
-						'type'        => 'boolean',
-						'default'     => false,
-						'description' => __( 'Required to be true, as users do not support trashing.' ),
-					),
-					'reassign' => array(
-						'type'        => 'integer',
-						'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
-						'required'    => true,
-						'sanitize_callback' => array( $this, 'check_reassign' ),
-					),
-				),
-			),
-			'schema' => array( $this, 'get_public_item_schema' ),
-		));
 	}
 	/**
 	 * Checks for a valid value for the reassign parameter when deleting users.
 	 *
 			return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 		if ( 'authors' === $request['who'] ) {
 			$can_view = false;
-			$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
+			$types    = get_post_types( array( 'show_in_rest' => true ), 'objects' );
 			foreach ( $types as $type ) {
 				if ( post_type_supports( $type->name, 'author' )
 					&& current_user_can( $type->cap->edit_posts ) ) {
 					$can_view = true;
 				}
 		}
 		if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) {
 			$prepared_args['offset'] = $request['offset'];
 		} else {
-			$prepared_args['offset']  = ( $request['page'] - 1 ) * $prepared_args['number'];
+			$prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number'];
 		}
 		if ( isset( $registered['orderby'] ) ) {
-			$orderby_possibles = array(
+			$orderby_possibles        = array(
 				'id'              => 'ID',
 				'include'         => 'include',
 				'name'            => 'display_name',
 				'registered_date' => 'registered',
 				'slug'            => 'user_nicename',
 		$query = new WP_User_Query( $prepared_args );
 		$users = array();
 		foreach ( $query->results as $user ) {
-			$data = $this->prepare_item_for_response( $user, $request );
+			$data    = $this->prepare_item_for_response( $user, $request );
 			$users[] = $this->prepare_response_for_collection( $data );
 		}
 		$response = rest_ensure_response( $users );
 		$max_pages = ceil( $total_users / $per_page );
 		$response->header( 'X-WP-TotalPages', (int) $max_pages );
-		$base = add_query_arg( $request->get_query_params(), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
+		$base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
 		if ( $page > 1 ) {
 			$prev_page = $page - 1;
 			if ( $prev_page > $max_pages ) {
 				$prev_page = $max_pages;
 		$user = $this->get_user( $request['id'] );
 		if ( is_wp_error( $user ) ) {
 			return $user;
 		}
-		$user = $this->prepare_item_for_response( $user, $request );
+		$user     = $this->prepare_item_for_response( $user, $request );
 		$response = rest_ensure_response( $user );
 		return $response;
 	}
 		$user     = wp_get_current_user();
 		$response = $this->prepare_item_for_response( $user, $request );
 		$response = rest_ensure_response( $response );
 		return $response;
 	}
 	/**
 	 * Checks if a given request has access create users.
 		$user = $this->prepare_item_for_database( $request );
 		if ( is_multisite() ) {
 			$ret = wpmu_validate_user_signup( $user->user_login, $user->user_email );
-			if ( is_wp_error( $ret['errors'] ) && ! empty( $ret['errors']->errors ) ) {
+			if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) {
 				$error = new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
 				foreach ( $ret['errors']->errors as $code => $messages ) {
 					foreach ( $messages as $message ) {
 						$error->add( $code, $message );
 					}
 			if ( is_wp_error( $user_id ) ) {
 				return $user_id;
 			}
-			$result= add_user_to_blog( get_site()->id, $user_id, '' );
+			$result = add_user_to_blog( get_site()->id, $user_id, '' );
 			if ( is_wp_error( $result ) ) {
 				return $result;
 			}
 		} else {
 			$user_id = wp_insert_user( wp_slash( (array) $user ) );
 			if ( is_wp_error( $meta_update ) ) {
 				return $meta_update;
 			}
 		}
-		$user = get_user_by( 'id', $user_id );
+		$user          = get_user_by( 'id', $user_id );
 		$fields_update = $this->update_additional_fields_for_object( $user, $request );
 		if ( is_wp_error( $fields_update ) ) {
 			return $fields_update;
 		}
 		$request->set_param( 'context', 'edit' );
+		/**
+		 * Fires after a user is completely created or updated via the REST API.
+		 *
+		 * @since 5.0.0
+		 *
+		 * @param WP_User         $user     Inserted or updated user object.
+		 * @param WP_REST_Request $request  Request object.
+		 * @param bool            $creating True when creating a user, false when updating.
+		 */
+		do_action( 'rest_after_insert_user', $user, $request, true );
 		$response = $this->prepare_item_for_response( $user, $request );
 		$response = rest_ensure_response( $response );
 		$response->set_status( 201 );
 		if ( ! $user ) {
 			return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
 		}
-		if ( email_exists( $request['email'] ) && $request['email'] !== $user->user_email ) {
+		$owner_id = email_exists( $request['email'] );
+		if ( $owner_id && $owner_id !== $id ) {
 			return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) );
 		}
 		if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) {
 			return new WP_Error( 'rest_user_invalid_argument', __( "Username isn't editable." ), array( 'status' => 400 ) );
 			if ( is_wp_error( $meta_update ) ) {
 				return $meta_update;
 			}
 		}
-		$user = get_user_by( 'id', $user_id );
+		$user          = get_user_by( 'id', $user_id );
 		$fields_update = $this->update_additional_fields_for_object( $user, $request );
 		if ( is_wp_error( $fields_update ) ) {
 			return $fields_update;
 		}
 		$request->set_param( 'context', 'edit' );
+		/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
+		do_action( 'rest_after_insert_user', $user, $request, false );
 		$response = $this->prepare_item_for_response( $user, $request );
 		$response = rest_ensure_response( $response );
 		return $response;
 		if ( ! $result ) {
 			return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) );
 		}
 		$response = new WP_REST_Response();
-		$response->set_data( array( 'deleted' => true, 'previous' => $previous->get_data() ) );
+		$response->set_data(
+			array(
+				'deleted'  => true,
+				'previous' => $previous->get_data(),
+			)
+		);
 		/**
 		 * Fires immediately after a user is deleted via the REST API.
 		 *
 		 * @since 4.7.0
 	 * @param WP_Post $user User object.
 	 * @return array Links for the given user.
 	 */
 	protected function prepare_links( $user ) {
 		$links = array(
-			'self' => array(
+			'self'       => array(
 				'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ),
 			),
 			'collection' => array(
 				'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
 			),
 		if ( empty( $password ) ) {
 			return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );
 		}
-		if ( false !== strpos( $password, "\\" ) ) {
+		if ( false !== strpos( $password, '\\' ) ) {
 			return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot contain the "\\" character.' ), array( 'status' => 400 ) );
 		}
 		return $password;
 	}
 		$schema = array(
 			'$schema'    => 'http://json-schema.org/draft-04/schema#',
 			'title'      => 'user',
 			'type'       => 'object',
 			'properties' => array(
-				'id'          => array(
+				'id'                 => array(
 					'description' => __( 'Unique identifier for the user.' ),
 					'type'        => 'integer',
 					'context'     => array( 'embed', 'view', 'edit' ),
 					'readonly'    => true,
 				),
-				'username'    => array(
+				'username'           => array(
 					'description' => __( 'Login name for the user.' ),
 					'type'        => 'string',
 					'context'     => array( 'edit' ),
 					'required'    => true,
 					'arg_options' => array(
 						'sanitize_callback' => array( $this, 'check_username' ),
 					),
 				),
-				'name'        => array(
+				'name'               => array(
 					'description' => __( 'Display name for the user.' ),
 					'type'        => 'string',
 					'context'     => array( 'embed', 'view', 'edit' ),
 					'arg_options' => array(
 						'sanitize_callback' => 'sanitize_text_field',
 					),
 				),
-				'first_name'  => array(
+				'first_name'         => array(
 					'description' => __( 'First name for the user.' ),
 					'type'        => 'string',
 					'context'     => array( 'edit' ),
 					'arg_options' => array(
 						'sanitize_callback' => 'sanitize_text_field',
 					),
 				),
-				'last_name'   => array(
+				'last_name'          => array(
 					'description' => __( 'Last name for the user.' ),
 					'type'        => 'string',
 					'context'     => array( 'edit' ),
 					'arg_options' => array(
 						'sanitize_callback' => 'sanitize_text_field',
 					),
 				),
-				'email'       => array(
+				'email'              => array(
 					'description' => __( 'The email address for the user.' ),
 					'type'        => 'string',
 					'format'      => 'email',
 					'context'     => array( 'edit' ),
 					'required'    => true,
 				),
-				'url'         => array(
+				'url'                => array(
 					'description' => __( 'URL of the user.' ),
 					'type'        => 'string',
 					'format'      => 'uri',
 					'context'     => array( 'embed', 'view', 'edit' ),
 				),
-				'description' => array(
+				'description'        => array(
 					'description' => __( 'Description of the user.' ),
 					'type'        => 'string',
 					'context'     => array( 'embed', 'view', 'edit' ),
 				),
-				'link'        => array(
+				'link'               => array(
 					'description' => __( 'Author URL of the user.' ),
 					'type'        => 'string',
 					'format'      => 'uri',
 					'context'     => array( 'embed', 'view', 'edit' ),
 					'readonly'    => true,
 				),
-				'locale'    => array(
+				'locale'             => array(
 					'description' => __( 'Locale for the user.' ),
 					'type'        => 'string',
 					'enum'        => array_merge( array( '', 'en_US' ), get_available_languages() ),
 					'context'     => array( 'edit' ),
 				),
-				'nickname'    => array(
+				'nickname'           => array(
 					'description' => __( 'The nickname for the user.' ),
 					'type'        => 'string',
 					'context'     => array( 'edit' ),
 					'arg_options' => array(
 						'sanitize_callback' => 'sanitize_text_field',
 					),
 				),
-				'slug'        => array(
+				'slug'               => array(
 					'description' => __( 'An alphanumeric identifier for the user.' ),
 					'type'        => 'string',
 					'context'     => array( 'embed', 'view', 'edit' ),
 					'arg_options' => array(
 						'sanitize_callback' => array( $this, 'sanitize_slug' ),
 					),
 				),
-				'registered_date' => array(
+				'registered_date'    => array(
 					'description' => __( 'Registration date for the user.' ),
 					'type'        => 'string',
 					'format'      => 'date-time',
 					'context'     => array( 'edit' ),
 					'readonly'    => true,
 				),
-				'roles'           => array(
+				'roles'              => array(
 					'description' => __( 'Roles assigned to the user.' ),
 					'type'        => 'array',
 					'items'       => array(
-						'type'    => 'string',
+						'type' => 'string',
 					),
 					'context'     => array( 'edit' ),
 				),
-				'password'        => array(
+				'password'           => array(
 					'description' => __( 'Password for the user (never included).' ),
 					'type'        => 'string',
 					'context'     => array(), // Password is never displayed.
 					'required'    => true,
 					'arg_options' => array(
 						'sanitize_callback' => array( $this, 'check_user_password' ),
 					),
 				),
-				'capabilities'    => array(
+				'capabilities'       => array(
 					'description' => __( 'All capabilities assigned to the user.' ),
 					'type'        => 'object',
 					'context'     => array( 'edit' ),
 					'readonly'    => true,
 				),
 					'format'      => 'uri',
 					'context'     => array( 'embed', 'view', 'edit' ),
 				);
 			}
-			$schema['properties']['avatar_urls']  = array(
+			$schema['properties']['avatar_urls'] = array(
 				'description' => __( 'Avatar URLs for the user.' ),
 				'type'        => 'object',
 				'context'     => array( 'embed', 'view', 'edit' ),
 				'readonly'    => true,
 				'properties'  => $avatar_properties,
 		$query_params = parent::get_collection_params();
 		$query_params['context']['default'] = 'view';
 		$query_params['exclude'] = array(
-			'description'        => __( 'Ensure result set excludes specific IDs.' ),
+			'description' => __( 'Ensure result set excludes specific IDs.' ),
-			'type'               => 'array',
+			'type'        => 'array',
-			'items'              => array(
+			'items'       => array(
-				'type'           => 'integer',
+				'type' => 'integer',
 			),
-			'default'            => array(),
+			'default'     => array(),
 		);
 		$query_params['include'] = array(
-			'description'        => __( 'Limit result set to specific IDs.' ),
+			'description' => __( 'Limit result set to specific IDs.' ),
-			'type'               => 'array',
+			'type'        => 'array',
-			'items'              => array(
+			'items'       => array(
-				'type'           => 'integer',
+				'type' => 'integer',
 			),
-			'default'            => array(),
+			'default'     => array(),
 		);
 		$query_params['offset'] = array(
-			'description'        => __( 'Offset the result set by a specific number of items.' ),
+			'description' => __( 'Offset the result set by a specific number of items.' ),
-			'type'               => 'integer',
+			'type'        => 'integer',
 		);
 		$query_params['order'] = array(
-			'default'            => 'asc',
+			'default'     => 'asc',
-			'description'        => __( 'Order sort attribute ascending or descending.' ),
+			'description' => __( 'Order sort attribute ascending or descending.' ),
-			'enum'               => array( 'asc', 'desc' ),
+			'enum'        => array( 'asc', 'desc' ),
-			'type'               => 'string',
+			'type'        => 'string',
 		);
 		$query_params['orderby'] = array(
-			'default'            => 'name',
+			'default'     => 'name',
-			'description'        => __( 'Sort collection by object attribute.' ),
+			'description' => __( 'Sort collection by object attribute.' ),
-			'enum'               => array(
+			'enum'        => array(
 				'id',
 				'include',
 				'name',
 				'registered_date',
 				'slug',
 				'include_slugs',
 				'email',
 				'url',
 			),
-			'type'               => 'string',
+			'type'        => 'string',
 		);
-		$query_params['slug']    = array(
+		$query_params['slug'] = array(
-			'description'        => __( 'Limit result set to users with one or more specific slugs.' ),
+			'description' => __( 'Limit result set to users with one or more specific slugs.' ),
-			'type'               => 'array',
+			'type'        => 'array',
-			'items'              => array(
+			'items'       => array(
-				'type'               => 'string',
+				'type' => 'string',
 			),
 		);
-		$query_params['roles']   = array(
+		$query_params['roles'] = array(
-			'description'        => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ),
+			'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ),
-			'type'               => 'array',
+			'type'        => 'array',
-			'items'              => array(
+			'items'       => array(
-				'type'           => 'string',
+				'type' => 'string',
 			),
 		);
 		$query_params['who'] = array(
 			'description' => __( 'Limit result set to users who are considered authors.' ),

changeset 9	177826044cd9
parent 7	cf61fcea0001
child 16	a86126ab1dd4