196 __( 'Sorry, you are not allowed to filter users by role.' ), |
196 __( 'Sorry, you are not allowed to filter users by role.' ), |
197 array( 'status' => rest_authorization_required_code() ) |
197 array( 'status' => rest_authorization_required_code() ) |
198 ); |
198 ); |
199 } |
199 } |
200 |
200 |
|
201 // Check if capabilities is specified in GET request and if user can list users. |
|
202 if ( ! empty( $request['capabilities'] ) && ! current_user_can( 'list_users' ) ) { |
|
203 return new WP_Error( |
|
204 'rest_user_cannot_view', |
|
205 __( 'Sorry, you are not allowed to filter users by capability.' ), |
|
206 array( 'status' => rest_authorization_required_code() ) |
|
207 ); |
|
208 } |
|
209 |
201 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { |
210 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { |
202 return new WP_Error( |
211 return new WP_Error( |
203 'rest_forbidden_context', |
212 'rest_forbidden_context', |
204 __( 'Sorry, you are not allowed to list users.' ), |
213 __( 'Sorry, you are not allowed to list users.' ), |
205 array( 'status' => rest_authorization_required_code() ) |
214 array( 'status' => rest_authorization_required_code() ) |
252 * values are accepted as-passed, and their internal WP_Query parameter |
261 * values are accepted as-passed, and their internal WP_Query parameter |
253 * name equivalents (some are the same). Only values which are also |
262 * name equivalents (some are the same). Only values which are also |
254 * present in $registered will be set. |
263 * present in $registered will be set. |
255 */ |
264 */ |
256 $parameter_mappings = array( |
265 $parameter_mappings = array( |
257 'exclude' => 'exclude', |
266 'exclude' => 'exclude', |
258 'include' => 'include', |
267 'include' => 'include', |
259 'order' => 'order', |
268 'order' => 'order', |
260 'per_page' => 'number', |
269 'per_page' => 'number', |
261 'search' => 'search', |
270 'search' => 'search', |
262 'roles' => 'role__in', |
271 'roles' => 'role__in', |
263 'slug' => 'nicename__in', |
272 'capabilities' => 'capability__in', |
|
273 'slug' => 'nicename__in', |
264 ); |
274 ); |
265 |
275 |
266 $prepared_args = array(); |
276 $prepared_args = array(); |
267 |
277 |
268 /* |
278 /* |
297 |
307 |
298 if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { |
308 if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { |
299 $prepared_args['who'] = 'authors'; |
309 $prepared_args['who'] = 'authors'; |
300 } elseif ( ! current_user_can( 'list_users' ) ) { |
310 } elseif ( ! current_user_can( 'list_users' ) ) { |
301 $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); |
311 $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); |
|
312 } |
|
313 |
|
314 if ( ! empty( $request['has_published_posts'] ) ) { |
|
315 $prepared_args['has_published_posts'] = ( true === $request['has_published_posts'] ) |
|
316 ? get_post_types( array( 'show_in_rest' => true ), 'names' ) |
|
317 : (array) $request['has_published_posts']; |
302 } |
318 } |
303 |
319 |
304 if ( ! empty( $prepared_args['search'] ) ) { |
320 if ( ! empty( $prepared_args['search'] ) ) { |
305 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; |
321 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; |
306 } |
322 } |
720 } |
736 } |
721 |
737 |
722 if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { |
738 if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { |
723 return new WP_Error( |
739 return new WP_Error( |
724 'rest_user_invalid_argument', |
740 'rest_user_invalid_argument', |
725 __( "Username isn't editable." ), |
741 __( 'Username is not editable.' ), |
726 array( 'status' => 400 ) |
742 array( 'status' => 400 ) |
727 ); |
743 ); |
728 } |
744 } |
729 |
745 |
730 if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { |
746 if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { |
961 |
977 |
962 /** |
978 /** |
963 * Prepares a single user output for response. |
979 * Prepares a single user output for response. |
964 * |
980 * |
965 * @since 4.7.0 |
981 * @since 4.7.0 |
966 * |
982 * @since 5.9.0 Renamed `$user` to `$item` to match parent class for PHP 8 named parameter support. |
967 * @param WP_User $user User object. |
983 * |
|
984 * @param WP_User $item User object. |
968 * @param WP_REST_Request $request Request object. |
985 * @param WP_REST_Request $request Request object. |
969 * @return WP_REST_Response Response object. |
986 * @return WP_REST_Response Response object. |
970 */ |
987 */ |
971 public function prepare_item_for_response( $user, $request ) { |
988 public function prepare_item_for_response( $item, $request ) { |
972 |
989 // Restores the more descriptive, specific name for use within this method. |
|
990 $user = $item; |
973 $data = array(); |
991 $data = array(); |
974 $fields = $this->get_fields_for_response( $request ); |
992 $fields = $this->get_fields_for_response( $request ); |
975 |
993 |
976 if ( in_array( 'id', $fields, true ) ) { |
994 if ( in_array( 'id', $fields, true ) ) { |
977 $data['id'] = $user->ID; |
995 $data['id'] = $user->ID; |
1170 |
1188 |
1171 /** |
1189 /** |
1172 * Determines if the current user is allowed to make the desired roles change. |
1190 * Determines if the current user is allowed to make the desired roles change. |
1173 * |
1191 * |
1174 * @since 4.7.0 |
1192 * @since 4.7.0 |
|
1193 * |
|
1194 * @global WP_Roles $wp_roles WordPress role management object. |
1175 * |
1195 * |
1176 * @param int $user_id User ID. |
1196 * @param int $user_id User ID. |
1177 * @param array $roles New user roles. |
1197 * @param array $roles New user roles. |
1178 * @return true|WP_Error True if the current user is allowed to make the role change, |
1198 * @return true|WP_Error True if the current user is allowed to make the role change, |
1179 * otherwise a WP_Error object. |
1199 * otherwise a WP_Error object. |
1548 'items' => array( |
1568 'items' => array( |
1549 'type' => 'string', |
1569 'type' => 'string', |
1550 ), |
1570 ), |
1551 ); |
1571 ); |
1552 |
1572 |
|
1573 $query_params['capabilities'] = array( |
|
1574 'description' => __( 'Limit result set to users matching at least one specific capability provided. Accepts csv list or single capability.' ), |
|
1575 'type' => 'array', |
|
1576 'items' => array( |
|
1577 'type' => 'string', |
|
1578 ), |
|
1579 ); |
|
1580 |
1553 $query_params['who'] = array( |
1581 $query_params['who'] = array( |
1554 'description' => __( 'Limit result set to users who are considered authors.' ), |
1582 'description' => __( 'Limit result set to users who are considered authors.' ), |
1555 'type' => 'string', |
1583 'type' => 'string', |
1556 'enum' => array( |
1584 'enum' => array( |
1557 'authors', |
1585 'authors', |
|
1586 ), |
|
1587 ); |
|
1588 |
|
1589 $query_params['has_published_posts'] = array( |
|
1590 'description' => __( 'Limit result set to users who have published posts.' ), |
|
1591 'type' => array( 'boolean', 'array' ), |
|
1592 'items' => array( |
|
1593 'type' => 'string', |
|
1594 'enum' => get_post_types( array( 'show_in_rest' => true ), 'names' ), |
1558 ), |
1595 ), |
1559 ); |
1596 ); |
1560 |
1597 |
1561 /** |
1598 /** |
1562 * Filters REST API collection parameters for the users controller. |
1599 * Filters REST API collection parameters for the users controller. |