255 |
255 |
256 /** |
256 /** |
257 * Retrieves all users. |
257 * Retrieves all users. |
258 * |
258 * |
259 * @since 4.7.0 |
259 * @since 4.7.0 |
|
260 * @since 6.8.0 Added support for the search_columns query param. |
260 * |
261 * |
261 * @param WP_REST_Request $request Full details about the request. |
262 * @param WP_REST_Request $request Full details about the request. |
262 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. |
263 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. |
263 */ |
264 */ |
264 public function get_items( $request ) { |
265 public function get_items( $request ) { |
329 |
330 |
330 if ( ! empty( $prepared_args['search'] ) ) { |
331 if ( ! empty( $prepared_args['search'] ) ) { |
331 if ( ! current_user_can( 'list_users' ) ) { |
332 if ( ! current_user_can( 'list_users' ) ) { |
332 $prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' ); |
333 $prepared_args['search_columns'] = array( 'ID', 'user_login', 'user_nicename', 'display_name' ); |
333 } |
334 } |
|
335 $search_columns = $request->get_param( 'search_columns' ); |
|
336 $valid_columns = isset( $prepared_args['search_columns'] ) |
|
337 ? $prepared_args['search_columns'] |
|
338 : array( 'ID', 'user_login', 'user_nicename', 'user_email', 'display_name' ); |
|
339 $search_columns_mapping = array( |
|
340 'id' => 'ID', |
|
341 'username' => 'user_login', |
|
342 'slug' => 'user_nicename', |
|
343 'email' => 'user_email', |
|
344 'name' => 'display_name', |
|
345 ); |
|
346 $search_columns = array_map( |
|
347 static function ( $column ) use ( $search_columns_mapping ) { |
|
348 return $search_columns_mapping[ $column ]; |
|
349 }, |
|
350 $search_columns |
|
351 ); |
|
352 $search_columns = array_intersect( $search_columns, $valid_columns ); |
|
353 if ( ! empty( $search_columns ) ) { |
|
354 $prepared_args['search_columns'] = $search_columns; |
|
355 } |
334 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; |
356 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; |
|
357 } |
|
358 |
|
359 $is_head_request = $request->is_method( 'HEAD' ); |
|
360 if ( $is_head_request ) { |
|
361 // Force the 'fields' argument. For HEAD requests, only user IDs are required. |
|
362 $prepared_args['fields'] = 'id'; |
335 } |
363 } |
336 /** |
364 /** |
337 * Filters WP_User_Query arguments when querying users via the REST API. |
365 * Filters WP_User_Query arguments when querying users via the REST API. |
338 * |
366 * |
339 * @link https://developer.wordpress.org/reference/classes/wp_user_query/ |
367 * @link https://developer.wordpress.org/reference/classes/wp_user_query/ |
345 */ |
373 */ |
346 $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request ); |
374 $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request ); |
347 |
375 |
348 $query = new WP_User_Query( $prepared_args ); |
376 $query = new WP_User_Query( $prepared_args ); |
349 |
377 |
350 $users = array(); |
378 if ( ! $is_head_request ) { |
351 |
379 $users = array(); |
352 foreach ( $query->results as $user ) { |
380 |
353 $data = $this->prepare_item_for_response( $user, $request ); |
381 foreach ( $query->get_results() as $user ) { |
354 $users[] = $this->prepare_response_for_collection( $data ); |
382 $data = $this->prepare_item_for_response( $user, $request ); |
355 } |
383 $users[] = $this->prepare_response_for_collection( $data ); |
356 |
384 } |
357 $response = rest_ensure_response( $users ); |
385 } |
|
386 |
|
387 $response = $is_head_request ? new WP_REST_Response( array() ) : rest_ensure_response( $users ); |
358 |
388 |
359 // Store pagination values for headers then unset for count query. |
389 // Store pagination values for headers then unset for count query. |
360 $per_page = (int) $prepared_args['number']; |
390 $per_page = (int) $prepared_args['number']; |
361 $page = (int) ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); |
391 $page = (int) ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); |
362 |
392 |
996 * @return WP_REST_Response Response object. |
1026 * @return WP_REST_Response Response object. |
997 */ |
1027 */ |
998 public function prepare_item_for_response( $item, $request ) { |
1028 public function prepare_item_for_response( $item, $request ) { |
999 // Restores the more descriptive, specific name for use within this method. |
1029 // Restores the more descriptive, specific name for use within this method. |
1000 $user = $item; |
1030 $user = $item; |
|
1031 |
|
1032 // Don't prepare the response body for HEAD requests. |
|
1033 if ( $request->is_method( 'HEAD' ) ) { |
|
1034 /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ |
|
1035 return apply_filters( 'rest_prepare_user', new WP_REST_Response( array() ), $user, $request ); |
|
1036 } |
1001 |
1037 |
1002 $fields = $this->get_fields_for_response( $request ); |
1038 $fields = $this->get_fields_for_response( $request ); |
1003 $data = array(); |
1039 $data = array(); |
1004 |
1040 |
1005 if ( in_array( 'id', $fields, true ) ) { |
1041 if ( in_array( 'id', $fields, true ) ) { |
1308 * @param string $value The password submitted in the request. |
1344 * @param string $value The password submitted in the request. |
1309 * @param WP_REST_Request $request Full details about the request. |
1345 * @param WP_REST_Request $request Full details about the request. |
1310 * @param string $param The parameter name. |
1346 * @param string $param The parameter name. |
1311 * @return string|WP_Error The sanitized password, if valid, otherwise an error. |
1347 * @return string|WP_Error The sanitized password, if valid, otherwise an error. |
1312 */ |
1348 */ |
1313 public function check_user_password( $value, $request, $param ) { |
1349 public function check_user_password( |
|
1350 #[\SensitiveParameter] |
|
1351 $value, |
|
1352 $request, |
|
1353 $param |
|
1354 ) { |
1314 $password = (string) $value; |
1355 $password = (string) $value; |
1315 |
1356 |
1316 if ( empty( $password ) ) { |
1357 if ( empty( $password ) ) { |
1317 return new WP_Error( |
1358 return new WP_Error( |
1318 'rest_user_invalid_password', |
1359 'rest_user_invalid_password', |
1606 'type' => 'string', |
1647 'type' => 'string', |
1607 'enum' => get_post_types( array( 'show_in_rest' => true ), 'names' ), |
1648 'enum' => get_post_types( array( 'show_in_rest' => true ), 'names' ), |
1608 ), |
1649 ), |
1609 ); |
1650 ); |
1610 |
1651 |
|
1652 $query_params['search_columns'] = array( |
|
1653 'default' => array(), |
|
1654 'description' => __( 'Array of column names to be searched.' ), |
|
1655 'type' => 'array', |
|
1656 'items' => array( |
|
1657 'enum' => array( 'email', 'name', 'id', 'username', 'slug' ), |
|
1658 'type' => 'string', |
|
1659 ), |
|
1660 ); |
|
1661 |
1611 /** |
1662 /** |
1612 * Filters REST API collection parameters for the users controller. |
1663 * Filters REST API collection parameters for the users controller. |
1613 * |
1664 * |
1614 * This filter registers the collection parameter, but does not map the |
1665 * This filter registers the collection parameter, but does not map the |
1615 * collection parameter to an internal WP_User_Query parameter. Use the |
1666 * collection parameter to an internal WP_User_Query parameter. Use the |