class-wpml-rest-base.php
2.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
/**
* Class WPML_REST_Base
*
* @author OnTheGo Systems
*/
abstract class WPML_REST_Base {
const CAPABILITY_EXTERNAL = 'external';
const REST_NAMESPACE = 'wpml/v1';
/**
* @var string
*/
protected $namespace;
/**
* WPML_REST_Base constructor.
*
* @param string|null $namespace Defaults to `\WPML_REST_Base::REST_NAMESPACE`.
*/
public function __construct( $namespace = null ) {
if ( ! $namespace ) {
$namespace = self::REST_NAMESPACE;
}
$this->namespace = $namespace;
}
abstract public function add_hooks();
public function validate_permission( WP_REST_Request $request ) {
$user_can = $this->user_has_matching_capabilities( $request );
if ( ! $user_can ) {
return false;
}
$nonce = $this->get_nonce( $request );
return $user_can && wp_verify_nonce( $nonce, 'wp_rest' );
}
abstract public function get_allowed_capabilities( WP_REST_Request $request );
/**
* @param string $route
* @param array $args
*/
protected function register_route( $route, array $args ) {
$args = $this->ensure_permission( $args );
register_rest_route( $this->namespace, $route, $args );
}
/**
* @param array $args
*
* @return array
*/
private function ensure_permission( array $args ) {
if ( ! array_key_exists( 'permission_callback', $args ) || ! $args['permission_callback'] ) {
$args['permission_callback'] = array( $this, 'validate_permission' );
}
return $args;
}
/**
* @param \WP_REST_Request $request
*
* @return bool
*/
private function user_has_matching_capabilities( WP_REST_Request $request ) {
$capabilities = $this->get_allowed_capabilities( $request );
$user_can = false;
if ( self::CAPABILITY_EXTERNAL === $capabilities ) {
$user_can = true;
} elseif ( is_string( $capabilities ) ) {
$user_can = current_user_can( $capabilities );
} elseif ( is_array( $capabilities ) ) {
foreach ( $capabilities as $capability ) {
$user_can = $user_can || current_user_can( $capability );
}
}
return $user_can;
}
/**
* @param \WP_REST_Request $request
*
* @return mixed|string|null
*/
private function get_nonce( WP_REST_Request $request ) {
$nonce = $request->get_header( 'x_wp_nonce' );
if ( ! $nonce ) {
$nonce = $request->get_param( '_wpnonce' );
}
return $nonce;
}
}