diff -r 3d4e9c994f10 -r a86126ab1dd4 wp/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php --- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php Tue Oct 22 16:11:46 2019 +0200 +++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php Tue Dec 15 13:49:49 2020 +0100 @@ -49,15 +49,19 @@ */ public function __construct( $parent_post_type ) { $this->parent_post_type = $parent_post_type; - $this->parent_controller = new WP_REST_Posts_Controller( $parent_post_type ); $this->namespace = 'wp/v2'; $this->rest_base = 'revisions'; $post_type_object = get_post_type_object( $parent_post_type ); $this->parent_base = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name; + $this->parent_controller = $post_type_object->get_rest_controller(); + + if ( ! $this->parent_controller ) { + $this->parent_controller = new WP_REST_Posts_Controller( $parent_post_type ); + } } /** - * Registers routes for revisions based on post types supporting revisions. + * Registers the routes for revisions based on post types supporting revisions. * * @since 4.7.0 * @@ -130,11 +134,15 @@ * * @since 4.7.2 * - * @param int $id Supplied ID. + * @param int $parent Supplied ID. * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise. */ protected function get_parent( $parent ) { - $error = new WP_Error( 'rest_post_invalid_parent', __( 'Invalid post parent ID.' ), array( 'status' => 404 ) ); + $error = new WP_Error( + 'rest_post_invalid_parent', + __( 'Invalid post parent ID.' ), + array( 'status' => 404 ) + ); if ( (int) $parent <= 0 ) { return $error; } @@ -152,7 +160,7 @@ * * @since 4.7.0 * - * @param WP_REST_Request $request Full data about the request. + * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_items_permissions_check( $request ) { @@ -161,9 +169,12 @@ return $parent; } - $parent_post_type_obj = get_post_type_object( $parent->post_type ); - if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { - return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) ); + if ( ! current_user_can( 'edit_post', $parent->ID ) ) { + return new WP_Error( + 'rest_cannot_read', + __( 'Sorry, you are not allowed to view revisions of this post.' ), + array( 'status' => rest_authorization_required_code() ) + ); } return true; @@ -178,7 +189,12 @@ * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise. */ protected function get_revision( $id ) { - $error = new WP_Error( 'rest_post_invalid_id', __( 'Invalid revision ID.' ), array( 'status' => 404 ) ); + $error = new WP_Error( + 'rest_post_invalid_id', + __( 'Invalid revision ID.' ), + array( 'status' => 404 ) + ); + if ( (int) $id <= 0 ) { return $error; } @@ -196,7 +212,7 @@ * * @since 4.7.0 * - * @param WP_REST_Request $request Full data about the request. + * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function get_items( $request ) { @@ -207,12 +223,20 @@ // Ensure a search string is set in case the orderby is set to 'relevance'. if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) { - return new WP_Error( 'rest_no_search_term_defined', __( 'You need to define a search term to order by relevance.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_no_search_term_defined', + __( 'You need to define a search term to order by relevance.' ), + array( 'status' => 400 ) + ); } // Ensure an include parameter is set in case the orderby is set to 'include'. if ( ! empty( $request['orderby'] ) && 'include' === $request['orderby'] && empty( $request['include'] ) ) { - return new WP_Error( 'rest_orderby_include_missing_include', __( 'You need to define an include parameter to order by include.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_orderby_include_missing_include', + __( 'You need to define an include parameter to order by include.' ), + array( 'status' => 400 ) + ); } if ( wp_revisions_enabled( $parent ) ) { @@ -277,9 +301,17 @@ if ( $total_revisions > 0 ) { if ( $offset >= $total_revisions ) { - return new WP_Error( 'rest_revision_invalid_offset_number', __( 'The offset number requested is larger than or equal to the number of available revisions.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_revision_invalid_offset_number', + __( 'The offset number requested is larger than or equal to the number of available revisions.' ), + array( 'status' => 400 ) + ); } elseif ( ! $offset && $page > $max_pages ) { - return new WP_Error( 'rest_revision_invalid_page_number', __( 'The page number requested is larger than the number of pages available.' ), array( 'status' => 400 ) ); + return new WP_Error( + 'rest_revision_invalid_page_number', + __( 'The page number requested is larger than the number of pages available.' ), + array( 'status' => 400 ) + ); } } } else { @@ -290,6 +322,7 @@ } $response = array(); + foreach ( $revisions as $revision ) { $data = $this->prepare_item_for_response( $revision, $request ); $response[] = $this->prepare_response_for_collection( $data ); @@ -328,7 +361,7 @@ * * @since 4.7.0 * - * @param WP_REST_Request $request Full data about the request. + * @param WP_REST_Request $request Full details about the request. * @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise. */ public function get_item_permissions_check( $request ) { @@ -340,7 +373,7 @@ * * @since 4.7.0 * - * @param WP_REST_Request $request Full data about the request. + * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function get_item( $request ) { @@ -363,7 +396,7 @@ * * @since 4.7.0 * - * @param WP_REST_Request $request Full details about the request. + * @param WP_REST_Request $request Full details about the request. * @return bool|WP_Error True if the request has access to delete the item, WP_Error object otherwise. */ public function delete_item_permissions_check( $request ) { @@ -372,6 +405,16 @@ return $parent; } + $parent_post_type = get_post_type_object( $parent->post_type ); + + if ( ! current_user_can( 'delete_post', $parent->ID ) ) { + return new WP_Error( + 'rest_cannot_delete', + __( 'Sorry, you are not allowed to delete revisions of this post.' ), + array( 'status' => rest_authorization_required_code() ) + ); + } + $revision = $this->get_revision( $request['id'] ); if ( is_wp_error( $revision ) ) { return $revision; @@ -382,8 +425,15 @@ return $response; } - $post_type = get_post_type_object( 'revision' ); - return current_user_can( $post_type->cap->delete_post, $revision->ID ); + if ( ! current_user_can( 'delete_post', $revision->ID ) ) { + return new WP_Error( + 'rest_cannot_delete', + __( 'Sorry, you are not allowed to delete this revision.' ), + array( 'status' => rest_authorization_required_code() ) + ); + } + + return true; } /** @@ -392,7 +442,7 @@ * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. - * @return true|WP_Error True on success, or WP_Error object on failure. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */ public function delete_item( $request ) { $revision = $this->get_revision( $request['id'] ); @@ -404,8 +454,12 @@ // We don't support trashing for revisions. if ( ! $force ) { - /* translators: %s: force=true */ - return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Revisions do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); + return new WP_Error( + 'rest_trash_not_supported', + /* translators: %s: force=true */ + sprintf( __( "Revisions do not support trashing. Set '%s' to delete." ), 'force=true' ), + array( 'status' => 501 ) + ); } $previous = $this->prepare_item_for_response( $revision, $request ); @@ -417,15 +471,19 @@ * * @since 4.7.0 * - * @param (mixed) $result The revision object (if it was deleted or moved to the trash successfully) - * or false (failure). If the revision was moved to the trash, $result represents - * its new state; if it was deleted, $result represents its state before deletion. + * @param WP_Post|false|null $result The revision object (if it was deleted or moved to the Trash successfully) + * or false or null (failure). If the revision was moved to the Trash, $result represents + * its new state; if it was deleted, $result represents its state before deletion. * @param WP_REST_Request $request The request sent to the API. */ do_action( 'rest_delete_revision', $result, $request ); if ( ! $result ) { - return new WP_Error( 'rest_cannot_delete', __( 'The post cannot be deleted.' ), array( 'status' => 500 ) ); + return new WP_Error( + 'rest_cannot_delete', + __( 'The post cannot be deleted.' ), + array( 'status' => 500 ) + ); } $response = new WP_REST_Response(); @@ -606,6 +664,10 @@ * @return array Item schema data. */ public function get_item_schema() { + if ( $this->schema ) { + return $this->add_additional_fields_schema( $this->schema ); + } + $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => "{$this->parent_post_type}-revision", @@ -682,7 +744,9 @@ $schema['properties']['guid'] = $parent_schema['properties']['guid']; } - return $this->add_additional_fields_schema( $schema ); + $this->schema = $schema; + + return $this->add_additional_fields_schema( $this->schema ); } /**