From a9e372bb2c5f5f9bc1a93f25091cab754e023384 Mon Sep 17 00:00:00 2001 From: Kartik Suthar Date: Thu, 24 Jun 2021 17:44:13 +0530 Subject: [PATCH] api fixes and permission vulnerabilities fixes --- ...lass-bp-rest-activity-comment-endpoint.php | 41 +- ...lass-bp-rest-activity-details-endpoint.php | 20 +- .../class-bp-rest-activity-endpoint.php | 206 ++++----- ...bp-rest-activity-link-preview-endpoint.php | 26 +- .../class-bp-rest-components-endpoint.php | 20 +- .../class-bp-rest-mention-endpoint.php | 18 +- .../class-bp-rest-document-endpoint.php | 210 ++++------ ...class-bp-rest-document-folder-endpoint.php | 248 ++++++----- .../classes/class-bp-rest-forums-endpoint.php | 91 ++-- .../class-bp-rest-reply-actions-endpoint.php | 40 +- .../classes/class-bp-rest-reply-endpoint.php | 83 ++-- .../class-bp-rest-topics-actions-endpoint.php | 114 +++-- .../classes/class-bp-rest-topics-endpoint.php | 82 ++-- .../class-bp-rest-friends-endpoint.php | 36 +- ...rest-attachments-group-avatar-endpoint.php | 42 +- .../class-bp-rest-group-invites-endpoint.php | 390 +++++++++--------- ...lass-bp-rest-group-membership-endpoint.php | 272 ++++++------ ...rest-group-membership-request-endpoint.php | 378 +++++++++-------- .../class-bp-rest-group-settings-endpoint.php | 139 +++---- .../class-bp-rest-groups-details-endpoint.php | 18 +- .../classes/class-bp-rest-groups-endpoint.php | 169 ++++---- ...ass-bp-rest-learndash-courses-endpoint.php | 8 +- .../class-bp-rest-invites-endpoint.php | 183 ++++---- .../class-bp-rest-media-albums-endpoint.php | 218 +++++----- .../classes/class-bp-rest-media-endpoint.php | 264 ++++++------ ...class-bp-rest-members-actions-endpoint.php | 40 +- ...class-bp-rest-members-details-endpoint.php | 48 ++- .../class-bp-rest-members-endpoint.php | 129 +++--- ...s-bp-rest-members-permissions-endpoint.php | 18 +- .../classes/class-bp-rest-signup-endpoint.php | 139 +++---- .../class-bp-rest-group-messages-endpoint.php | 28 +- ...lass-bp-rest-messages-actions-endpoint.php | 28 +- .../class-bp-rest-messages-endpoint.php | 36 +- .../class-bp-rest-moderation-endpoint.php | 82 ++-- ...ass-bp-rest-moderation-report-endpoint.php | 56 +-- .../class-bp-rest-notifications-endpoint.php | 88 ++-- ...lass-bp-rest-account-settings-endpoint.php | 18 +- ...rest-account-settings-options-endpoint.php | 82 ++-- .../class-bp-rest-xprofile-data-endpoint.php | 18 +- ...bp-rest-xprofile-field-groups-endpoint.php | 18 +- ...class-bp-rest-xprofile-fields-endpoint.php | 83 ++-- ...ass-bp-rest-xprofile-repeater-endpoint.php | 204 ++++----- ...class-bp-rest-xprofile-update-endpoint.php | 41 +- src/endpoints/api_data.js | 156 +++---- src/endpoints/api_data.json | 156 +++---- src/endpoints/api_project.js | 2 +- src/endpoints/api_project.json | 2 +- 47 files changed, 2245 insertions(+), 2543 deletions(-) diff --git a/src/bp-activity/classes/class-bp-rest-activity-comment-endpoint.php b/src/bp-activity/classes/class-bp-rest-activity-comment-endpoint.php index 73e7939889..47d102113d 100644 --- a/src/bp-activity/classes/class-bp-rest-activity-comment-endpoint.php +++ b/src/bp-activity/classes/class-bp-rest-activity-comment-endpoint.php @@ -306,28 +306,27 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create an activity comment.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $activity = $this->get_activity_object( $request ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create an activity comment.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $activity ) || empty( $activity->id ) ) { - return new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid activity ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + $activity = $this->get_activity_object( $request ); + + if ( empty( $activity ) || empty( $activity->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid activity ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } } /** diff --git a/src/bp-activity/classes/class-bp-rest-activity-details-endpoint.php b/src/bp-activity/classes/class-bp-rest-activity-details-endpoint.php index 5f3fef5145..387ee1bd91 100644 --- a/src/bp-activity/classes/class-bp-rest-activity-details-endpoint.php +++ b/src/bp-activity/classes/class-bp-rest-activity-details-endpoint.php @@ -96,22 +96,22 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_component_required', + __( 'Sorry, Activity component was not enabled.', 'buddyboss' ), + array( + 'status' => '404', + ) + ); - if ( ! bp_is_active( 'activity' ) ) { - $retval = new WP_Error( - 'bp_rest_component_required', - __( 'Sorry, Activity component was not enabled.', 'buddyboss' ), - array( - 'status' => '404', - ) - ); + if ( bp_is_active( 'activity' ) ) { + $retval = true; } /** * Filter the activity details permissions check. * - * @param bool|WP_Error $retval Returned value. + * @param bool|WP_Error $retval Returned value. * @param WP_REST_Request $request The request sent to the API. * * @since 0.1.0 diff --git a/src/bp-activity/classes/class-bp-rest-activity-endpoint.php b/src/bp-activity/classes/class-bp-rest-activity-endpoint.php index 23919157bf..bf9f4b3f17 100644 --- a/src/bp-activity/classes/class-bp-rest-activity-endpoint.php +++ b/src/bp-activity/classes/class-bp-rest-activity-endpoint.php @@ -620,30 +620,31 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create activities.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create activities.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = $error; - $item_id = $request['primary_item_id']; - $component = $request['component']; + if ( is_user_logged_in() ) { + $user_id = $request->get_param( 'user_id' ); - if ( true === $retval && bp_is_active( 'groups' ) && buddypress()->groups->id === $component && ! is_null( $item_id ) ) { - if ( ! $this->show_hidden( $component, $item_id ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create activities.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $user_id ) || (int) bp_loggedin_user_id() === (int) $user_id ) { + $item_id = $request->get_param( 'primary_item_id' ); + $component = $request->get_param( 'component' ); + + // The current user can create an activity. + $retval = true; + + if ( bp_is_active( 'groups' ) && buddypress()->groups->id === $component && ! is_null( $item_id ) ) { + if ( ! $this->show_hidden( $component, $item_id ) ) { + $retval = $error; + } + } } } @@ -808,54 +809,41 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this activity.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $activity = $this->get_activity_object( $request ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update this activity.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $activity->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid activity ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $activity = $this->get_activity_object( $request ); - if ( true === $retval && ( + if ( empty( $activity->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid activity ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( function_exists( 'bp_is_activity_edit_enabled' ) && ! bp_is_activity_edit_enabled() && function_exists( 'bp_activity_user_can_edit' ) && ! bp_activity_user_can_edit( $activity ) - ) - ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this activity.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && ! bp_activity_user_can_delete( $activity ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this activity.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update this activity.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } elseif ( bp_activity_user_can_delete( $activity ) ) { + $retval = true; + } } /** @@ -945,38 +933,28 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this activity.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $activity = $this->get_activity_object( $request ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this activity.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $activity->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid activity ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $activity = $this->get_activity_object( $request ); - if ( true === $retval && ! bp_activity_user_can_delete( $activity ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this activity.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $activity->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid activity ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( bp_activity_user_can_delete( $activity ) ) { + $retval = true; + } } /** @@ -1100,19 +1078,19 @@ public function update_favorite( $request ) { * @since 0.1.0 */ public function update_favorite_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update favorites.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); if ( - ! ( is_user_logged_in() && bp_activity_can_favorite() ) - || function_exists( 'bp_is_activity_like_active' ) && true !== bp_is_activity_like_active() + is_user_logged_in() && bp_activity_can_favorite() + && ( ! function_exists( 'bp_is_activity_like_active' ) || true === bp_is_activity_like_active() ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update favorites.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + $retval = true; } /** @@ -1204,6 +1182,16 @@ public function prepare_item_for_response( $activity, $request ) { $activities_template = new \stdClass(); $activities_template->disable_blogforum_replies = (bool) bp_core_get_root_option( 'bp-disable-blogforum-comments' ); $activities_template->activity = $activity; + + // Remove feature image from content from the activity feed which added last in the content. + $blog_id = ''; + if ( 'blogs' === $activity->component && isset( $activity->secondary_item_id ) && 'new_blog_' . get_post_type( $activity->secondary_item_id ) === $activity->type ) { + $blog_post = get_post( $activity->secondary_item_id ); + if ( ! empty( $blog_post->ID ) ) { + $blog_id = $blog_post->ID; + remove_filter( 'bb_add_feature_image_blog_post_as_activity_content', 'bb_add_feature_image_blog_post_as_activity_content_callback' ); + } + } $data = array( 'user_id' => $activity->user_id, @@ -1241,8 +1229,14 @@ function_exists( 'bp_is_activity_edit_enabled' ) 'content_stripped' => html_entity_decode( wp_strip_all_tags( $activity->content ) ), 'privacy' => ( isset( $activity->privacy ) ? $activity->privacy : false ), 'activity_data' => $this->bp_rest_activitiy_edit_data( $activity ), + 'feature_media' => '', ); + // Add feature image as separate object which added last in the content. + if ( ! empty( $blog_id ) && ! empty( get_post_thumbnail_id( $blog_id ) ) ) { + $data['feature_media'] = wp_get_attachment_image_url( get_post_thumbnail_id( $blog_id ), 'full' ); + } + // Get item schema. $schema = $this->get_item_schema(); @@ -1790,6 +1784,12 @@ public function get_item_schema() { 'description' => __( 'Activity data for allow edit or not.', 'buddyboss' ), 'type' => 'object', ), + 'feature_media' => array( + 'context' => array( 'embed', 'view', 'edit' ), + 'description' => __( 'Feature media image which added last in the content for blog post as well as custom post type.', 'buddyboss' ), + 'type' => 'string', + 'format' => 'uri', + ), ), ); diff --git a/src/bp-activity/classes/class-bp-rest-activity-link-preview-endpoint.php b/src/bp-activity/classes/class-bp-rest-activity-link-preview-endpoint.php index 4f0cd0107c..b764cc8216 100644 --- a/src/bp-activity/classes/class-bp-rest-activity-link-preview-endpoint.php +++ b/src/bp-activity/classes/class-bp-rest-activity-link-preview-endpoint.php @@ -132,32 +132,32 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_component_required', + __( 'Sorry, Activity component was not enabled.', 'buddyboss' ), + array( + 'status' => '404', + ) + ); - if ( ! bp_is_active( 'activity' ) ) { - $retval = new WP_Error( - 'bp_rest_component_required', - __( 'Sorry, Activity component was not enabled.', 'buddyboss' ), - array( - 'status' => '404', - ) - ); + if ( bp_is_active( 'activity' ) ) { + $retval = true; } - if ( true === $retval && function_exists( 'bp_is_activity_link_preview_active' ) && true !== bp_is_activity_link_preview_active() ) { + if ( true === $retval && ! is_user_logged_in() ) { $retval = new WP_Error( 'bp_rest_authorization_required', - __( 'Sorry, Link Previews is disabled.', 'buddyboss' ), + __( 'Sorry, you are not allowed to generate link preview in the activity.', 'buddyboss' ), array( 'status' => rest_authorization_required_code(), ) ); } - if ( true === $retval && ! is_user_logged_in() ) { + if ( true === $retval && function_exists( 'bp_is_activity_link_preview_active' ) && true !== bp_is_activity_link_preview_active() ) { $retval = new WP_Error( 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to generate link preview in the activity.', 'buddyboss' ), + __( 'Sorry, Link Previews is disabled.', 'buddyboss' ), array( 'status' => rest_authorization_required_code(), ) diff --git a/src/bp-core/classes/class-bp-rest-components-endpoint.php b/src/bp-core/classes/class-bp-rest-components-endpoint.php index 4747385a3c..0a4e9882f0 100644 --- a/src/bp-core/classes/class-bp-rest-components-endpoint.php +++ b/src/bp-core/classes/class-bp-rest-components-endpoint.php @@ -170,22 +170,22 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you do not have access to list components.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! ( is_user_logged_in() && bp_current_user_can( 'bp_moderate' ) ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you do not have access to list components.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && bp_current_user_can( 'manage_options' ) ) { + $retval = true; } /** * Filter the components `get_items` permissions check. * - * @param bool|WP_Error $retval Returned value. + * @param bool|WP_Error $retval Returned value. * @param WP_REST_Request $request The request sent to the API. * * @since 0.1.0 diff --git a/src/bp-core/classes/class-bp-rest-mention-endpoint.php b/src/bp-core/classes/class-bp-rest-mention-endpoint.php index e0e0484e36..058cf1dcf1 100644 --- a/src/bp-core/classes/class-bp-rest-mention-endpoint.php +++ b/src/bp-core/classes/class-bp-rest-mention-endpoint.php @@ -131,16 +131,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you do not have access to list mentions.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you do not have access to list mentions.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-document/classes/class-bp-rest-document-endpoint.php b/src/bp-document/classes/class-bp-rest-document-endpoint.php index f405ce7b26..5451d36f7b 100644 --- a/src/bp-document/classes/class-bp-rest-document-endpoint.php +++ b/src/bp-document/classes/class-bp-rest-document-endpoint.php @@ -198,16 +198,16 @@ function_exists( 'bp_media_allowed_upload_document_size' ) && */ public function upload_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to upload document.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to upload document.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** @@ -366,9 +366,12 @@ public function get_items_permissions_check( $request ) { ); } - if ( true === $retval && ! empty( $request['group_id'] ) && bp_is_active( 'groups' ) ) { - $group = groups_get_group( $request['group_id'] ); - $user_id = ( ! empty( $request['user_id'] ) ? $request['user_id'] : bp_loggedin_user_id() ); + $group_id = $request->get_param( 'group_id' ); + $user_id = $request->get_param( 'user_id' ); + + if ( true === $retval && ! empty( $group_id ) && bp_is_active( 'groups' ) ) { + $group = groups_get_group( $group_id ); + $user_id = ( ! empty( $user_id ) ? $user_id : bp_loggedin_user_id() ); $user_groups = groups_get_user_groups( $user_id ); if ( empty( $group->id ) ) { @@ -475,7 +478,7 @@ public function get_item_permissions_check( $request ) { ); } - $document = new BP_Document( $request['id'] ); + $document = new BP_Document( $request->get_param( 'id' ) ); if ( true === $retval && empty( $document->id ) ) { $retval = new WP_Error( @@ -622,32 +625,25 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create a document.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( - ! is_user_logged_in() || - ( + $retval = $error; + + if ( is_user_logged_in() ) { + $retval = true; + + if ( function_exists( 'bb_document_user_can_upload' ) && ! bb_document_user_can_upload( bp_loggedin_user_id(), (int) $request->get_param( 'group_id' ) ) - ) - ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create a document.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create a folder.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + ) { + $retval = $error; + } } if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { @@ -915,73 +911,62 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to update this document.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update this document.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = $error; - $document = new BP_Document( $request['id'] ); + if ( is_user_logged_in() ) { + $retval = true; - if ( true === $retval && empty( $document->id ) ) { - $retval = new WP_Error( - 'bp_rest_document_invalid_id', - __( 'Invalid document ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $document = new BP_Document( $request->get_param( 'id' ) ); - if ( - true === $retval && - ( + if ( empty( $document->id ) ) { + $retval = new WP_Error( + 'bp_rest_document_invalid_id', + __( 'Invalid document ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_document_user_can_edit( $document ) || ( function_exists( 'bb_document_user_can_upload' ) && ! bb_document_user_can_upload( bp_loggedin_user_id(), (int) ( isset( $request['group_id'] ) ? $request['group_id'] : $document->group_id ) ) ) - ) - ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this document.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); - } - - if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { - if ( - ! bp_is_active( 'groups' ) - || ! groups_can_user_manage_document( bp_loggedin_user_id(), (int) $request['group_id'] ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have a permission to edit a document inside this group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + $retval = $error; + } elseif ( isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { + if ( + ! bp_is_active( 'groups' ) + || ! groups_can_user_manage_document( bp_loggedin_user_id(), (int) $request['group_id'] ) + ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have a permission to edit a document inside this group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } - } - if ( true === $retval && isset( $request['folder_id'] ) && ! empty( $request['folder_id'] ) ) { - if ( ! bp_folder_user_can_edit( (int) $request['folder_id'] ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have permission to move/update a document inside the folder.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( true === $retval && isset( $request['folder_id'] ) && ! empty( $request['folder_id'] ) ) { + if ( ! bp_folder_user_can_edit( (int) $request['folder_id'] ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have permission to move/update a document inside the folder.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } } @@ -1078,38 +1063,20 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to delete this document.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to delete this document.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - $document = new BP_Document( $request['id'] ); + if ( is_user_logged_in() ) { + $document = new BP_Document( $request->get_param( 'id' ) ); - if ( true === $retval && empty( $document->id ) ) { - $retval = new WP_Error( - 'bp_rest_document_invalid_id', - __( 'Invalid document ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - if ( true === $retval && ! bp_document_user_can_delete( $document ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this document.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( ! empty( $document->id ) && bp_document_user_can_delete( $document ) ) { + $retval = true; + } } /** @@ -1322,7 +1289,6 @@ protected function prepare_links( $document ) { return apply_filters( 'bp_rest_document_prepare_links', $links, $document ); } - /** * Prepare object response for the document/folder. * diff --git a/src/bp-document/classes/class-bp-rest-document-folder-endpoint.php b/src/bp-document/classes/class-bp-rest-document-folder-endpoint.php index 9b5a6e218c..a73735a178 100644 --- a/src/bp-document/classes/class-bp-rest-document-folder-endpoint.php +++ b/src/bp-document/classes/class-bp-rest-document-folder-endpoint.php @@ -326,7 +326,7 @@ public function get_item_permissions_check( $request ) { ); } - $folder = new BP_Document_Folder( $request['id'] ); + $folder = new BP_Document_Folder( $request->get_param( 'id' ) ); if ( true === $retval && empty( $folder->id ) ) { $retval = new WP_Error( @@ -467,57 +467,58 @@ function_exists( 'bb_document_user_can_upload' ) && * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; - - if ( - ! is_user_logged_in() || - ( - function_exists( 'bb_document_user_can_upload' ) && - ! bb_document_user_can_upload( bp_loggedin_user_id(), (int) $request->get_param( 'group_id' ) ) + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create a folder.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), ) - ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create a folder.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + ); + + $retval = $error; + + if ( is_user_logged_in() ) { + $retval = true; - if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { if ( - ! bp_is_active( 'groups' ) - || ! groups_can_user_manage_document( bp_loggedin_user_id(), (int) $request['group_id'] ) + function_exists( 'bb_document_user_can_upload' ) && + ! bb_document_user_can_upload( bp_loggedin_user_id(), (int) $request->get_param( 'group_id' ) ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have a permission to create a folder inside this group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + $retval = $error; + } elseif ( isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { + if ( + ! bp_is_active( 'groups' ) + || ! groups_can_user_manage_document( bp_loggedin_user_id(), (int) $request['group_id'] ) + ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have a permission to create a folder inside this group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } - } - if ( true === $retval && isset( $request['parent'] ) && ! empty( $request['parent'] ) ) { - $parent_folder = new BP_Document_Folder( $request['parent'] ); - if ( empty( $parent_folder->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_parent_folder', - __( 'Invalid Parent Folder ID.', 'buddyboss' ), - array( - 'status' => 400, - ) - ); - } elseif ( ! bp_folder_user_can_edit( $parent_folder->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have a permission to create a folder inside this folder.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( true === $retval && isset( $request['parent'] ) && ! empty( $request['parent'] ) ) { + $parent_folder = new BP_Document_Folder( $request['parent'] ); + if ( empty( $parent_folder->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_parent_folder', + __( 'Invalid Parent Folder ID.', 'buddyboss' ), + array( + 'status' => 400, + ) + ); + } elseif ( ! bp_folder_user_can_edit( $parent_folder->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have a permission to create a folder inside this folder.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } } @@ -712,61 +713,49 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update this folder.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to update this folder.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - $folder = new BP_Document_Folder( $request['id'] ); + $retval = $error; - if ( true === $retval && empty( $folder->id ) ) { - $retval = new WP_Error( - 'bp_rest_folder_invalid_id', - __( 'Invalid Folder ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $folder = new BP_Document_Folder( $request->get_param( 'id' ) ); - if ( - true === $retval && - ( + if ( empty( $folder->id ) ) { + $retval = new WP_Error( + 'bp_rest_folder_invalid_id', + __( 'Invalid Folder ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_folder_user_can_edit( $folder ) || ( function_exists( 'bb_media_user_can_upload' ) && ! bb_media_user_can_upload( bp_loggedin_user_id(), (int) ( isset( $request['group_id'] ) ? $request['group_id'] : $folder->group_id ) ) ) - ) - ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this folder.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); - } - - if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { - if ( - ! bp_is_active( 'groups' ) - || ! groups_can_user_manage_document( bp_loggedin_user_id(), (int) $request['group_id'] ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have a permission to edit a folder inside this group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + $retval = $error; + } elseif ( isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { + if ( + ! bp_is_active( 'groups' ) + || ! groups_can_user_manage_document( bp_loggedin_user_id(), (int) $request['group_id'] ) + ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have a permission to edit a folder inside this group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } } @@ -863,38 +852,35 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to delete this folder.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $folder = new BP_Document_Folder( $request['id'] ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to delete this folder.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $folder->id ) ) { - $retval = new WP_Error( - 'bp_rest_folder_invalid_id', - __( 'Invalid Folder ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $folder = new BP_Document_Folder( $request->get_param( 'id' ) ); - if ( true === $retval && ! bp_folder_user_can_delete( $folder ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this folder.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $folder->id ) ) { + $retval = new WP_Error( + 'bp_rest_folder_invalid_id', + __( 'Invalid Folder ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_folder_user_can_delete( $folder ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this folder.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -998,16 +984,16 @@ public function folder_tree_items( $request ) { * @since 0.1.0 */ public function folder_tree_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to view folder tree.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to view folder tree.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-forums/classes/class-bp-rest-forums-endpoint.php b/src/bp-forums/classes/class-bp-rest-forums-endpoint.php index 2a051aa8f1..ab0a69291f 100644 --- a/src/bp-forums/classes/class-bp-rest-forums-endpoint.php +++ b/src/bp-forums/classes/class-bp-rest-forums-endpoint.php @@ -435,60 +435,51 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to subscribe/unsubscribe the forum.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && ! bbp_is_subscriptions_active() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Subscription was disabled.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - $forum = bbp_get_forum( $request['id'] ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to subscribe/unsubscribe the forum.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $forum->ID ) ) { - $retval = new WP_Error( - 'bp_rest_forum_invalid_id', - __( 'Invalid forum ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $forum = bbp_get_forum( $request->get_param( 'id' ) ); - if ( true === $retval && ( ! isset( $forum->post_type ) || 'forum' !== $forum->post_type ) ) { - $retval = new WP_Error( - 'bp_rest_forum_invalid_id', - __( 'Invalid forum ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( ! bbp_is_subscriptions_active() ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Subscription was disabled.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( + empty( $forum->ID ) || + ! isset( $forum->post_type ) || + 'forum' !== $forum->post_type + ) { + $retval = new WP_Error( + 'bp_rest_forum_invalid_id', + __( 'Invalid forum ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } - $user_id = bbp_get_user_id( 0, true, true ); + $user_id = bbp_get_user_id( 0, true, true ); - if ( true === $retval && ! current_user_can( 'edit_user', $user_id ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'You don\'t have the permission to update favorites.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( true === $retval && ! current_user_can( 'edit_user', $user_id ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'You don\'t have the permission to update favorites.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-forums/classes/class-bp-rest-reply-actions-endpoint.php b/src/bp-forums/classes/class-bp-rest-reply-actions-endpoint.php index d71f97e0db..0e7a0c4454 100644 --- a/src/bp-forums/classes/class-bp-rest-reply-actions-endpoint.php +++ b/src/bp-forums/classes/class-bp-rest-reply-actions-endpoint.php @@ -191,19 +191,15 @@ public function action_items( $request ) { * @since 0.1.0 */ public function action_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform the action on the reply.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform the action on the reply.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() ) { $retval = $this->get_item_permissions_check( $request ); } @@ -521,19 +517,15 @@ public function move_item( $request ) { * @since 0.1.0 */ public function move_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform the action on the reply.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform the action on the reply.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() ) { $retval = $this->get_item_permissions_check( $request ); } diff --git a/src/bp-forums/classes/class-bp-rest-reply-endpoint.php b/src/bp-forums/classes/class-bp-rest-reply-endpoint.php index 26cf709fd6..b8001ec929 100644 --- a/src/bp-forums/classes/class-bp-rest-reply-endpoint.php +++ b/src/bp-forums/classes/class-bp-rest-reply-endpoint.php @@ -484,7 +484,7 @@ public function get_item_permissions_check( $request ) { ); } - $reply = bbp_get_reply( $request['id'] ); + $reply = bbp_get_reply( $request->get_param( 'id' ) ); if ( true === $retval && empty( $reply->ID ) ) { $retval = new WP_Error( @@ -1138,16 +1138,16 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create a reply.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() && ! bbp_allow_anonymous() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to create a reply.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() || bbp_allow_anonymous() ) { + $retval = true; } /** @@ -1628,24 +1628,17 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() && ! bbp_allow_anonymous() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update a reply.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create a reply.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() || bbp_allow_anonymous() ) { $retval = $this->get_item_permissions_check( $request ); - } - - if ( true === $retval ) { - $reply = bbp_get_reply( $request['id'] ); + $reply = bbp_get_reply( $request->get_param( 'id' ) ); if ( bbp_get_user_id( 0, true, true ) !== $reply->post_author && ! current_user_can( 'edit_reply', $request['id'] ) ) { $retval = new WP_Error( 'bp_rest_authorization_required', @@ -1731,30 +1724,26 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() ) { $retval = $this->get_item_permissions_check( $request ); - } - if ( true === $retval && ! current_user_can( 'delete_reply', $request['id'] ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this reply.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( true === $retval && ! current_user_can( 'delete_reply', $request->get_param( 'id' ) ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this reply.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-forums/classes/class-bp-rest-topics-actions-endpoint.php b/src/bp-forums/classes/class-bp-rest-topics-actions-endpoint.php index 562b09fa2d..1bb415cc97 100644 --- a/src/bp-forums/classes/class-bp-rest-topics-actions-endpoint.php +++ b/src/bp-forums/classes/class-bp-rest-topics-actions-endpoint.php @@ -495,31 +495,21 @@ public function merge_item( $request ) { * @since 0.1.0 */ public function merge_item_permissions_check( $request ) { - $retval = true; + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to merge this topic.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update a topic.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = $error; - if ( true === $retval ) { + if ( is_user_logged_in() ) { $retval = $this->get_item_permissions_check( $request ); - } - if ( true === $retval ) { - if ( ! current_user_can( 'edit_topic', $request['id'] ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to merge this topic.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( true === $retval && ! current_user_can( 'edit_topic', $request->get_param( 'id' ) ) ) { + $retval = $error; } } @@ -939,24 +929,18 @@ public function split_item( $request ) { * @since 0.1.0 */ public function split_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to split a topic.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to split a topic.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() ) { $retval = $this->get_item_permissions_check( $request ); - } - if ( true === $retval ) { - if ( ! current_user_can( 'edit_topic', $request['id'] ) ) { + if ( true === $retval && ! current_user_can( 'edit_topic', $request->get_param( 'id' ) ) ) { $retval = new WP_Error( 'bp_rest_authorization_required', __( 'Sorry, you are not allowed to split this topic.', 'buddyboss' ), @@ -1047,19 +1031,15 @@ public function action_items( $request ) { * @since 0.1.0 */ public function action_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform the action on the topic.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform the action on the topic.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() ) { $retval = $this->get_item_permissions_check( $request ); } @@ -1159,27 +1139,27 @@ public function dropdown_items( $request ) { * @since 0.1.0 */ public function dropdown_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform the action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform the action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - $topic = bbp_get_topic( $request['id'] ); - if ( true === $retval && empty( $topic ) ) { - $retval = new WP_Error( - 'bp_rest_topic_invalid_id', - __( 'Invalid topic ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + $topic = bbp_get_topic( $request->get_param( 'id' ) ); + if ( empty( $topic ) ) { + $retval = new WP_Error( + 'bp_rest_topic_invalid_id', + __( 'Invalid topic ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } } /** diff --git a/src/bp-forums/classes/class-bp-rest-topics-endpoint.php b/src/bp-forums/classes/class-bp-rest-topics-endpoint.php index 51bf24f8ac..171e92b2ce 100644 --- a/src/bp-forums/classes/class-bp-rest-topics-endpoint.php +++ b/src/bp-forums/classes/class-bp-rest-topics-endpoint.php @@ -544,7 +544,7 @@ public function get_item_permissions_check( $request ) { ); } - $topic = bbp_get_topic( $request['id'] ); + $topic = bbp_get_topic( $request->get_param( 'id' ) ); if ( true === $retval && empty( $topic->ID ) ) { $retval = new WP_Error( @@ -1146,16 +1146,16 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create a topic.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() && ! bbp_allow_anonymous() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to create a topic.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() || bbp_allow_anonymous() ) { + $retval = true; } /** @@ -1702,25 +1702,21 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() && ! bbp_allow_anonymous() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update a topic.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create a topic.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() || bbp_allow_anonymous() ) { $retval = $this->get_item_permissions_check( $request ); } if ( true === $retval ) { - $topic = bbp_get_topic( $request['id'] ); - if ( bbp_get_user_id( 0, true, true ) !== $topic->post_author && ! current_user_can( 'delete_topic', $request['id'] ) ) { + $topic = bbp_get_topic( $request->get_param( 'id' ) ); + if ( bbp_get_user_id( 0, true, true ) !== $topic->post_author && ! current_user_can( 'delete_topic', $request->get_param( 'id' ) ) ) { $retval = new WP_Error( 'bp_rest_authorization_required', __( 'Sorry, you are not allowed to update this topic.', 'buddyboss' ), @@ -1800,30 +1796,26 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval ) { + if ( is_user_logged_in() ) { $retval = $this->get_item_permissions_check( $request ); - } - if ( true === $retval && ! current_user_can( 'delete_topic', $request['id'] ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this topic.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( ! current_user_can( 'delete_topic', $request->get_param( 'id' ) ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this topic.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-friends/classes/class-bp-rest-friends-endpoint.php b/src/bp-friends/classes/class-bp-rest-friends-endpoint.php index 3785d03ec8..ed113bbc84 100644 --- a/src/bp-friends/classes/class-bp-rest-friends-endpoint.php +++ b/src/bp-friends/classes/class-bp-rest-friends-endpoint.php @@ -213,16 +213,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** @@ -296,16 +296,16 @@ public function get_item( $request ) { * @since 0.1.0 */ public function get_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-groups/classes/class-bp-rest-attachments-group-avatar-endpoint.php b/src/bp-groups/classes/class-bp-rest-attachments-group-avatar-endpoint.php index 73fb4847c4..41d93e7253 100644 --- a/src/bp-groups/classes/class-bp-rest-attachments-group-avatar-endpoint.php +++ b/src/bp-groups/classes/class-bp-rest-attachments-group-avatar-endpoint.php @@ -297,28 +297,26 @@ public function create_item( $request ) { public function create_item_permissions_check( $request ) { $retval = $this->get_item_permissions_check( $request ); - if ( true === $retval && ( bp_disable_group_avatar_uploads() || ! buddypress()->avatar->show_avatars ) ) { - $retval = new WP_Error( - 'bp_rest_attachments_group_avatar_disabled', - __( 'Sorry, group avatar upload is disabled.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); - } - - if ( - true === $retval - && ! groups_is_user_admin( bp_loggedin_user_id(), $this->group->id ) - && ! current_user_can( 'bp_moderate' ) - ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( ! is_wp_error( $retval ) ) { + if ( bp_disable_group_avatar_uploads() || false === buddypress()->avatar->show_avatars ) { + $retval = new WP_Error( + 'bp_rest_attachments_group_avatar_disabled', + __( 'Sorry, group avatar upload is disabled.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } elseif ( groups_is_user_admin( bp_loggedin_user_id(), $this->group->id ) || current_user_can( 'bp_moderate' ) ) { + $retval = true; + } else { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-groups/classes/class-bp-rest-group-invites-endpoint.php b/src/bp-groups/classes/class-bp-rest-group-invites-endpoint.php index 89591366b2..b73a87de38 100644 --- a/src/bp-groups/classes/class-bp-rest-group-invites-endpoint.php +++ b/src/bp-groups/classes/class-bp-rest-group-invites-endpoint.php @@ -210,7 +210,14 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $user_id = bp_loggedin_user_id(); $user_id_arg = $request['user_id']; $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); @@ -220,50 +227,42 @@ public function get_items_permissions_check( $request ) { if ( ! $request['group_id'] && ! $request['user_id'] && ! bp_current_user_can( 'bp_moderate' ) ) { $user_id_arg = $user_id; } - $user = bp_rest_get_user( $user_id_arg ); - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - // If a group ID has been passed, check that it is valid. - if ( true === $retval && $request['group_id'] && ! $group instanceof BP_Groups_Group ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $user = bp_rest_get_user( $user_id_arg ); - // If a user ID has been passed, check that it is valid. - if ( true === $retval && $user_id_arg && ! $user instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_member_invalid_id', - __( 'Invalid member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( $user_id ) { + $retval = true; + + // If a group ID has been passed, check that it is valid. + if ( $request['group_id'] && ! $group instanceof BP_Groups_Group ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); - // If an inviter ID has been passed, check that it is valid. - if ( true === $retval && $request['inviter_id'] && ! $inviter instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_member_invalid_id', - __( 'Invalid member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + // If a user ID has been passed, check that it is valid. + } elseif ( $user_id_arg && ! $user instanceof WP_User ) { + $retval = new WP_Error( + 'bp_rest_member_invalid_id', + __( 'Invalid member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + // If an inviter ID has been passed, check that it is valid. + } elseif ( $request['inviter_id'] && ! $inviter instanceof WP_User ) { + $retval = new WP_Error( + 'bp_rest_member_invalid_id', + __( 'Invalid member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } } /** @@ -326,26 +325,26 @@ public function get_item( $request ) { public function get_item_permissions_check( $request ) { $user_id = bp_loggedin_user_id(); $invite = $this->fetch_single_invite( $request['invite_id'] ); - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( $user_id ) { + $retval = true; - if ( true === $retval && ! $invite ) { - $retval = new WP_Error( - 'bp_rest_group_invite_invalid_id', - __( 'Invalid group invitation ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( ! $invite ) { + $retval = new WP_Error( + 'bp_rest_group_invite_invalid_id', + __( 'Invalid group invitation ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } } /** @@ -446,47 +445,43 @@ public function create_item_permissions_check( $request ) { $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); $user = bp_rest_get_user( $request['user_id'] ); $inviter = bp_rest_get_user( $inviter_id_arg ); - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to create an invitation.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && empty( $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create an invitation.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && ( empty( $user->ID ) || empty( $inviter->ID ) || $user->ID === $inviter->ID ) ) { - $retval = new WP_Error( - 'bp_rest_member_invalid_id', - __( 'Invalid member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - // Only a site admin or the user herself can extend invites. - if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) && bp_loggedin_user_id() !== $inviter_id_arg ) { - $retval = new WP_Error( - 'bp_rest_group_invite_cannot_create_item', - __( 'Sorry, you are not allowed to create the invitation as requested.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $group->id ) ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( empty( $user->ID ) || empty( $inviter->ID ) || $user->ID === $inviter->ID ) { + $retval = new WP_Error( + 'bp_rest_member_invalid_id', + __( 'Invalid member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + // Only a site admin or the user herself can extend invites. + } elseif ( ! bp_current_user_can( 'bp_moderate' ) && bp_loggedin_user_id() !== $inviter_id_arg ) { + $retval = new WP_Error( + 'bp_rest_group_invite_cannot_create_item', + __( 'Sorry, you are not allowed to create the invitation as requested.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -604,47 +599,44 @@ public function create_multiple_item_permissions_check( $request ) { $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); $inviter = bp_rest_get_user( $inviter_id_arg ); $user_ids = (array) $request['user_id']; - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create an invitation.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to create an invitation.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - if ( true === $retval && empty( $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - if ( true === $retval && ( empty( $user_ids ) || in_array( $inviter->ID, $user_ids, true ) ) ) { - $retval = new WP_Error( - 'bp_rest_member_invalid_id', - __( 'Invalid members ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( empty( $group->id ) ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( empty( $user_ids ) || in_array( $inviter->ID, $user_ids, true ) ) { + $retval = new WP_Error( + 'bp_rest_member_invalid_id', + __( 'Invalid members ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); - // Only a site admin or the user herself can extend invites. - if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) && bp_loggedin_user_id() !== $inviter_id_arg ) { - $retval = new WP_Error( - 'bp_rest_group_invite_cannot_create_item', - __( 'Sorry, you are not allowed to create the invitation as requested.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + // Only a site admin or the user herself can extend invites. + } elseif ( ! bp_current_user_can( 'bp_moderate' ) && bp_loggedin_user_id() !== $inviter_id_arg ) { + $retval = new WP_Error( + 'bp_rest_group_invite_cannot_create_item', + __( 'Sorry, you are not allowed to create the invitation as requested.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -723,43 +715,41 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); $user_id = bp_loggedin_user_id(); $invite = $this->fetch_single_invite( $request['invite_id'] ); - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( $user_id ) { + $retval = true; - if ( true === $retval && ! $invite ) { - $retval = new WP_Error( - 'bp_rest_group_invite_invalid_id', - __( 'Invalid group invitation ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( ! $invite ) { + $retval = new WP_Error( + 'bp_rest_group_invite_invalid_id', + __( 'Invalid group invitation ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); - // Only the invitee or a site admin should be able to accept an invitation. - if ( - true === $retval - && ! bp_current_user_can( 'bp_moderate' ) - && $user_id !== $invite->user_id - ) { - $retval = new WP_Error( - 'bp_rest_group_invite_cannot_update_item', - __( 'Sorry, you are not allowed to accept the invitation as requested.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + // Only the invitee or a site admin should be able to accept an invitation. + } elseif ( + ! bp_current_user_can( 'bp_moderate' ) && + $user_id !== $invite->user_id + ) { + $retval = new WP_Error( + 'bp_rest_group_invite_cannot_update_item', + __( 'Sorry, you are not allowed to accept the invitation as requested.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -858,44 +848,42 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); $user_id = bp_loggedin_user_id(); $invite = $this->fetch_single_invite( $request['invite_id'] ); - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( $user_id ) { + $retval = true; - if ( true === $retval && ! $invite ) { - $retval = new WP_Error( - 'bp_rest_group_invite_invalid_id', - __( 'Invalid group invitation ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( ! $invite ) { + $retval = new WP_Error( + 'bp_rest_group_invite_invalid_id', + __( 'Invalid group invitation ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); - // The inviter, the invitee, group admins, and site admins can all delete invites. - if ( - true === $retval - && ! bp_current_user_can( 'bp_moderate' ) - && ! in_array( $user_id, array( $invite->user_id, $invite->inviter_id ), true ) - && ! groups_is_user_admin( $user_id, $invite->item_id ) - ) { - $retval = new WP_Error( - 'bp_rest_group_invite_cannot_delete_item', - __( 'Sorry, you are not allowed to delete the invitation as requested.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + // The inviter, the invitee, group admins, and site admins can all delete invites. + } elseif ( + ! bp_current_user_can( 'bp_moderate' ) && + ! in_array( $user_id, array( $invite->user_id, $invite->inviter_id ), true ) && + ! groups_is_user_admin( $user_id, $invite->item_id ) + ) { + $retval = new WP_Error( + 'bp_rest_group_invite_cannot_delete_item', + __( 'Sorry, you are not allowed to delete the invitation as requested.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-groups/classes/class-bp-rest-group-membership-endpoint.php b/src/bp-groups/classes/class-bp-rest-group-membership-endpoint.php index cd1722e6e7..215a3dd9df 100644 --- a/src/bp-groups/classes/class-bp-rest-group-membership-endpoint.php +++ b/src/bp-groups/classes/class-bp-rest-group-membership-endpoint.php @@ -362,62 +362,54 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to join a group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $user = bp_rest_get_user( $request['user_id'] ); - - if ( true === $retval && ! $user instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_group_member_invalid_id', - __( 'Invalid group member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); - if ( true === $retval && ! $group instanceof BP_Groups_Group ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to join a group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - // Site administrators can do anything. - if ( true === $retval && bp_current_user_can( 'bp_moderate' ) ) { + if ( is_user_logged_in() || bp_current_user_can( 'bp_moderate' ) ) { $retval = true; - } else { + $user = bp_rest_get_user( $request['user_id'] ); + $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); - $loggedin_user_id = bp_loggedin_user_id(); + if ( ! $user instanceof WP_User ) { + $retval = new WP_Error( + 'bp_rest_group_member_invalid_id', + __( 'Invalid group member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! $group instanceof BP_Groups_Group ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_current_user_can( 'bp_moderate' ) ) { + + $loggedin_user_id = bp_loggedin_user_id(); - // Users may only freely join public groups. - if ( true === $retval && ( + // Users may only freely join public groups. + if ( ! bp_current_user_can( 'groups_join_group', array( 'group_id' => $group->id ) ) || groups_is_user_member( $loggedin_user_id, $group->id ) // As soon as they are not already members. || groups_is_user_banned( $loggedin_user_id, $group->id ) // And as soon as they are not banned from it. || $loggedin_user_id !== $user->ID // You can only add yourself to a group. - ) ) { - $retval = new WP_Error( - 'bp_rest_group_member_failed_to_join', - __( 'Could not join the group.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); + ) { + $retval = new WP_Error( + 'bp_rest_group_member_failed_to_join', + __( 'Could not join the group.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } } } @@ -555,7 +547,14 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $retval = $error; if ( ! is_user_logged_in() ) { $retval = new WP_Error( @@ -565,55 +564,60 @@ public function update_item_permissions_check( $request ) { 'status' => rest_authorization_required_code(), ) ); - } - - $user = bp_rest_get_user( $request['user_id'] ); - - if ( true === $retval && ! $user instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_group_member_invalid_id', - __( 'Invalid group member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); - if ( true === $retval && ! $group instanceof BP_Groups_Group ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - // Site administrators can do anything. - if ( true === $retval && bp_current_user_can( 'bp_moderate' ) ) { - $retval = true; } else { - + $user = bp_rest_get_user( $request['user_id'] ); $loggedin_user_id = bp_loggedin_user_id(); - if ( true === $retval && in_array( $request['action'], array( 'ban', 'unban', 'promote', 'demote' ), true ) ) { - if ( ! groups_is_user_admin( $loggedin_user_id, $group->id ) && ! groups_is_user_mod( $loggedin_user_id, $group->id ) ) { - $messages = array( - 'ban' => __( 'Sorry, you are not allowed to ban this group member.', 'buddyboss' ), - 'unban' => __( 'Sorry, you are not allowed to unban this group member.', 'buddyboss' ), - 'promote' => __( 'Sorry, you are not allowed to promote this group member.', 'buddyboss' ), - 'demote' => __( 'Sorry, you are not allowed to demote this group member.', 'buddyboss' ), - ); + if ( ! $user instanceof WP_User ) { + $retval = new WP_Error( + 'bp_rest_group_member_invalid_id', + __( 'Invalid group member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } else { + $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); + + if ( ! $group instanceof BP_Groups_Group ) { $retval = new WP_Error( - 'bp_rest_group_member_cannot_' . $request['action'], - $messages[ $request['action'] ], + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), array( - 'status' => rest_authorization_required_code(), + 'status' => 404, ) ); - } else { + } elseif ( bp_current_user_can( 'bp_moderate' ) ) { $retval = true; + } elseif ( in_array( $request['action'], array( 'ban', 'unban', 'promote', 'demote' ), true ) ) { + if ( groups_is_user_admin( $loggedin_user_id, $group->id ) || groups_is_user_mod( $loggedin_user_id, $group->id ) ) { + if ( $loggedin_user_id !== $user->ID ) { + $retval = true; + } else { + $group_admins = groups_get_group_admins( $group->id ); + + if ( 1 !== count( $group_admins ) ) { + $retval = true; + } else { + $retval = $error; + } + } + } else { + $messages = array( + 'ban' => __( 'Sorry, you are not allowed to ban this group member.', 'buddyboss' ), + 'unban' => __( 'Sorry, you are not allowed to unban this group member.', 'buddyboss' ), + 'promote' => __( 'Sorry, you are not allowed to promote this group member.', 'buddyboss' ), + 'demote' => __( 'Sorry, you are not allowed to demote this group member.', 'buddyboss' ), + ); + + $retval = new WP_Error( + 'bp_rest_group_member_cannot_' . $request['action'], + $messages[ $request['action'] ], + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } } } @@ -717,7 +721,14 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $retval = $error; if ( ! is_user_logged_in() ) { $retval = new WP_Error( @@ -727,63 +738,44 @@ public function delete_item_permissions_check( $request ) { 'status' => rest_authorization_required_code(), ) ); - } - - $user = bp_rest_get_user( $request['user_id'] ); - - if ( true === $retval && ! $user instanceof WP_User ) { - return new WP_Error( - 'bp_rest_group_member_invalid_id', - __( 'Invalid group member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); - if ( true === $retval && ! $group instanceof BP_Groups_Group ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - // Site administrators can do anything. - if ( true === $retval && bp_current_user_can( 'bp_moderate' ) ) { - $retval = true; - } elseif ( true === $retval ) { - + } else { + $user = bp_rest_get_user( $request['user_id'] ); $loggedin_user_id = bp_loggedin_user_id(); - if ( $user->ID !== $loggedin_user_id ) { - if ( true === $retval && ! groups_is_user_admin( $loggedin_user_id, $group->id ) && ! groups_is_user_mod( $loggedin_user_id, $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view a group membership.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( ! $user instanceof WP_User ) { + return new WP_Error( + 'bp_rest_group_member_invalid_id', + __( 'Invalid group member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); } else { - // Special case for self-removal: don't allow if it'd leave a group with no admins. - $user = bp_rest_get_user( $request['user_id'] ); - $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); - $loggedin_user_id = bp_loggedin_user_id(); + $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); - $group_admins = groups_get_group_admins( $group->id ); - if ( true === $retval && 1 === count( $group_admins ) && $loggedin_user_id === $group_admins[0]->user_id && $user->ID === $loggedin_user_id ) { + if ( ! $group instanceof BP_Groups_Group ) { $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view a group membership.', 'buddyboss' ), + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), array( - 'status' => rest_authorization_required_code(), + 'status' => 404, ) ); + } elseif ( bp_current_user_can( 'bp_moderate' ) || ( $user->ID !== $loggedin_user_id && groups_is_user_admin( $loggedin_user_id, $group->id ) ) ) { + $retval = true; + } elseif ( $user->ID === $loggedin_user_id && ! groups_is_user_banned( $user->ID, $group->id ) ) { + $group_admins = groups_get_group_admins( $group->id ); + + // Special case for self-removal: don't allow if it'd leave a group with no admins. + if ( in_array( $loggedin_user_id, wp_list_pluck( $group_admins, 'user_id' ), true ) ) { + if ( 1 !== count( $group_admins ) ) { + $retval = true; + } else { + $retval = $error; + } + } else { + $retval = true; + } } } } diff --git a/src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php b/src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php index c01751d025..690200a368 100644 --- a/src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php +++ b/src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php @@ -190,7 +190,14 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to view membership requests.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $user_id = bp_loggedin_user_id(); $user_id_arg = $request['user_id']; $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); @@ -199,54 +206,46 @@ public function get_items_permissions_check( $request ) { if ( ! $request['group_id'] && ! $request['user_id'] && ! bp_current_user_can( 'bp_moderate' ) ) { $user_id_arg = $user_id; } - $user = bp_rest_get_user( $user_id_arg ); - - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view membership requests.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - // If a group ID has been passed, check that it is valid. - if ( true === $retval && $request['group_id'] && ! $group instanceof BP_Groups_Group ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - // If a user ID has been passed, check that it is valid. - if ( true === $retval && $user_id_arg && ! $user instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_member_invalid_id', - __( 'Invalid member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $user = bp_rest_get_user( $user_id_arg ); - // Site administrators can do anything. Otherwise, the user must manage the subject group or be the requester. - if ( - true === $retval - && ! bp_current_user_can( 'bp_moderate' ) - && ! ( $request['group_id'] && groups_is_user_admin( $user_id, $request['group_id'] ) ) - && $user_id_arg !== $user_id - ) { - $retval = new WP_Error( - 'bp_rest_group_membership_requests_cannot_get_items', - __( 'Sorry, you are not allowed to view membership requests.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); + if ( $user_id ) { + $retval = true; + + // If a group ID has been passed, check that it is valid. + if ( $request['group_id'] && ! $group instanceof BP_Groups_Group ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + + // If a user ID has been passed, check that it is valid. + } elseif ( $user_id_arg && ! $user instanceof WP_User ) { + $retval = new WP_Error( + 'bp_rest_member_invalid_id', + __( 'Invalid member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + + // Site administrators can do anything. Otherwise, the user must manage the subject group or be the requester. + } elseif ( + ! bp_current_user_can( 'bp_moderate' ) && + ! ( $request['group_id'] && groups_is_user_admin( $user_id, $request['group_id'] ) ) && + $user_id_arg !== $user_id + ) { + $retval = new WP_Error( + 'bp_rest_group_membership_requests_cannot_get_items', + __( 'Sorry, you are not allowed to view membership requests.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } } /** @@ -307,43 +306,41 @@ public function get_item( $request ) { * @since 0.1.0 */ public function get_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to get a membership.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $user_id = bp_loggedin_user_id(); $group_request = $this->fetch_single_membership_request( $request['request_id'] ); - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to get a membership.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && ! $group_request ) { - $retval = new WP_Error( - 'bp_rest_group_membership_requests_invalid_id', - __( 'Invalid group membership request ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - if ( - true === $retval - && ! bp_current_user_can( 'bp_moderate' ) - && $user_id !== $group_request->user_id - && ! groups_is_user_admin( $user_id, $group_request->item_id ) - ) { - $retval = new WP_Error( - 'bp_rest_group_membership_requests_cannot_get_item', - __( 'Sorry, you are not allowed to view a membership request.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); + if ( $user_id ) { + $retval = true; + + if ( ! $group_request ) { + $retval = new WP_Error( + 'bp_rest_group_membership_requests_invalid_id', + __( 'Invalid group membership request ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( + ! bp_current_user_can( 'bp_moderate' ) && + $user_id !== $group_request->user_id && + ! groups_is_user_admin( $user_id, $group_request->item_id ) + ) { + $retval = new WP_Error( + 'bp_rest_group_membership_requests_cannot_get_item', + __( 'Sorry, you are not allowed to view a membership request.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } } /** @@ -445,59 +442,58 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create a membership request.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $user_id = bp_loggedin_user_id(); $user_id_arg = $request['user_id'] ? $request['user_id'] : bp_loggedin_user_id(); $user = bp_rest_get_user( $user_id_arg ); $group = $this->groups_endpoint->get_group_object( $request['group_id'] ); // User must be logged in. - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to create a membership request.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + + // Check for valid user. + if ( ! $user instanceof WP_User ) { + $retval = new WP_Error( + 'bp_rest_group_member_invalid_id', + __( 'Invalid member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + + // Check for valid group. + } elseif ( ! $group instanceof BP_Groups_Group ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + + // Normal users can only extend invitations on their own behalf. + } elseif ( + ! bp_current_user_can( 'bp_moderate' ) && + $user_id !== $user_id_arg + ) { + $retval = new WP_Error( + 'bp_rest_group_membership_requests_cannot_create_item', + __( 'User may not extend requests on behalf of another user.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } } - // Check for valid user. - if ( true === $retval && ! $user instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_group_member_invalid_id', - __( 'Invalid member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - // Check for valid group. - if ( true === $retval && ! $group instanceof BP_Groups_Group ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - // Normal users can only extend invitations on their own behalf. - if ( - true === $retval - && ! bp_current_user_can( 'bp_moderate' ) - && $user_id !== $user_id_arg - ) { - $retval = new WP_Error( - 'bp_rest_group_membership_requests_cannot_create_item', - __( 'User may not extend requests on behalf of another user.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); - } /** * Filter the group membership request `create_item` permissions check. @@ -575,42 +571,40 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to make an update.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $user_id = bp_loggedin_user_id(); $group_request = $this->fetch_single_membership_request( $request['request_id'] ); - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to make an update.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && ! $group_request ) { - $retval = new WP_Error( - 'bp_rest_group_membership_requests_invalid_id', - __( 'Invalid group membership request ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - if ( - true === $retval - && ! bp_current_user_can( 'bp_moderate' ) - && ! groups_is_user_admin( $user_id, $group_request->item_id ) - ) { - $retval = new WP_Error( - 'bp_rest_group_member_request_cannot_update_item', - __( 'User is not allowed to approve membership requests to this group.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); + if ( $user_id ) { + $retval = true; + + if ( ! $group_request ) { + $retval = new WP_Error( + 'bp_rest_group_membership_requests_invalid_id', + __( 'Invalid group membership request ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( + ! bp_current_user_can( 'bp_moderate' ) && + ! groups_is_user_admin( $user_id, $group_request->item_id ) + ) { + $retval = new WP_Error( + 'bp_rest_group_member_request_cannot_update_item', + __( 'User is not allowed to approve membership requests to this group.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } } /** @@ -711,43 +705,41 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to delete a request.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $user_id = bp_loggedin_user_id(); $group_request = $this->fetch_single_membership_request( $request['request_id'] ); - if ( ! $user_id ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to delete a request.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && ! $group_request ) { - $retval = new WP_Error( - 'bp_rest_group_membership_requests_invalid_id', - __( 'Invalid group membership request ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - if ( - true === $retval - && ! bp_current_user_can( 'bp_moderate' ) - && $user_id !== $group_request->user_id - && ! groups_is_user_admin( $user_id, $group_request->item_id ) - ) { - $retval = new WP_Error( - 'bp_rest_group_membership_requests_cannot_delete_item', - __( 'User is not allowed to delete this membership request.', 'buddyboss' ), - array( - 'status' => 500, - ) - ); + if ( $user_id ) { + $retval = true; + + if ( ! $group_request ) { + $retval = new WP_Error( + 'bp_rest_group_membership_requests_invalid_id', + __( 'Invalid group membership request ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( + ! bp_current_user_can( 'bp_moderate' ) && + $user_id !== $group_request->user_id && + ! groups_is_user_admin( $user_id, $group_request->item_id ) + ) { + $retval = new WP_Error( + 'bp_rest_group_membership_requests_cannot_delete_item', + __( 'User is not allowed to delete this membership request.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } } /** diff --git a/src/bp-groups/classes/class-bp-rest-group-settings-endpoint.php b/src/bp-groups/classes/class-bp-rest-group-settings-endpoint.php index fe3c569530..9f123cdcd4 100644 --- a/src/bp-groups/classes/class-bp-rest-group-settings-endpoint.php +++ b/src/bp-groups/classes/class-bp-rest-group-settings-endpoint.php @@ -189,48 +189,34 @@ public function get_item( $request ) { * @since 0.1.0 */ public function get_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to see the group settings.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && ! bp_is_active( 'groups' ) ) { - $retval = new WP_Error( - 'bp_rest_component_required', - __( 'Sorry, Groups component was not enabled.', 'buddyboss' ), - array( - 'status' => '404', - ) - ); - } - - $group = $this->groups_endpoint->get_group_object( $request ); - if ( true === $retval && empty( $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the group settings.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - // If group author does not match logged_in user, block update. - if ( true === $retval && ! $this->groups_endpoint->can_see( $group ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to see the group settings.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && bp_is_active( 'groups' ) ) { + $group = $this->groups_endpoint->get_group_object( $request ); + $retval = true; + if ( empty( $group->id ) ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! $this->groups_endpoint->can_see( $group ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the group settings.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -334,50 +320,35 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update the group settings.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && ! bp_is_active( 'groups' ) ) { - $retval = new WP_Error( - 'bp_rest_component_required', - __( 'Sorry, Groups component was not enabled.', 'buddyboss' ), - array( - 'status' => '404', - ) - ); - } - - $group = $this->groups_endpoint->get_group_object( $request ); - if ( true === $retval && empty( $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update the group settings.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - // If group author does not match logged_in user, block update. - if ( true === $retval && ! $this->groups_endpoint->can_user_delete_or_update( $group ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update the group settings.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && bp_is_active( 'groups' ) ) { + $retval = true; + $group = $this->groups_endpoint->get_group_object( $request ); + if ( empty( $group->id ) ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + // If group author does not match logged_in user, block update. + } elseif ( ! $this->groups_endpoint->can_user_delete_or_update( $group ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update the group settings.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-groups/classes/class-bp-rest-groups-details-endpoint.php b/src/bp-groups/classes/class-bp-rest-groups-details-endpoint.php index 232e7f529d..6631de986a 100644 --- a/src/bp-groups/classes/class-bp-rest-groups-details-endpoint.php +++ b/src/bp-groups/classes/class-bp-rest-groups-details-endpoint.php @@ -119,16 +119,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_component_required', + __( 'Sorry, Groups component was not enabled.', 'buddyboss' ), + array( + 'status' => '404', + ) + ); - if ( ! bp_is_active( 'groups' ) ) { - $retval = new WP_Error( - 'bp_rest_component_required', - __( 'Sorry, Groups component was not enabled.', 'buddyboss' ), - array( - 'status' => '404', - ) - ); + if ( bp_is_active( 'groups' ) ) { + $retval = true; } /** diff --git a/src/bp-groups/classes/class-bp-rest-groups-endpoint.php b/src/bp-groups/classes/class-bp-rest-groups-endpoint.php index a733295bf7..d6ff7ee379 100644 --- a/src/bp-groups/classes/class-bp-rest-groups-endpoint.php +++ b/src/bp-groups/classes/class-bp-rest-groups-endpoint.php @@ -306,24 +306,24 @@ public function get_item_permissions_check( $request ) { $group = $this->get_group_object( $request ); - if ( true === $retval && empty( $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - if ( true === $retval && ! $this->can_see( $group ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you cannot view the group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( true === $retval ) { + if ( empty( $group->id ) ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! $this->can_see( $group ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you cannot view the group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -429,16 +429,16 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create groups.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! ( is_user_logged_in() && bp_user_can_create_groups() ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create groups.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && bp_user_can_create_groups() ) { + $retval = true; } /** @@ -529,39 +529,37 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update this group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to update this group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - $group = $this->get_group_object( $request ); + if ( is_user_logged_in() ) { + $retval = true; + $group = $this->get_group_object( $request ); - if ( true === $retval && empty( $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( empty( $group->id ) ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); - // If group author does not match logged_in user, block update. - if ( true === $retval && ! $this->can_user_delete_or_update( $group ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + // If group author does not match logged_in user, block update. + } elseif ( ! $this->can_user_delete_or_update( $group ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update this group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -650,38 +648,35 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to delete this group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $group = $this->get_group_object( $request ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to delete this group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $group->id ) ) { - $retval = new WP_Error( - 'bp_rest_group_invalid_id', - __( 'Invalid group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $group = $this->get_group_object( $request ); - if ( true === $retval && ! $this->can_user_delete_or_update( $group ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $group->id ) ) { + $retval = new WP_Error( + 'bp_rest_group_invalid_id', + __( 'Invalid group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! $this->can_user_delete_or_update( $group ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-integrations/learndash/classes/class-bp-rest-learndash-courses-endpoint.php b/src/bp-integrations/learndash/classes/class-bp-rest-learndash-courses-endpoint.php index 95cd8fed1a..6cefe5ec27 100644 --- a/src/bp-integrations/learndash/classes/class-bp-rest-learndash-courses-endpoint.php +++ b/src/bp-integrations/learndash/classes/class-bp-rest-learndash-courses-endpoint.php @@ -236,16 +236,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( + $retval = new WP_Error( 'bp_rest_authorization_required', __( 'Sorry, you are not allowed to view courses.', 'buddyboss' ), array( 'status' => rest_authorization_required_code(), ) ); + + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-invites/classes/class-bp-rest-invites-endpoint.php b/src/bp-invites/classes/class-bp-rest-invites-endpoint.php index 2e42ac3ca9..e476a93502 100644 --- a/src/bp-invites/classes/class-bp-rest-invites-endpoint.php +++ b/src/bp-invites/classes/class-bp-rest-invites-endpoint.php @@ -154,26 +154,26 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to view invites.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view invites.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - if ( true === $retval && function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you don\'t have permission to view invites.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you don\'t have permission to view invites.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -421,26 +421,26 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create invites.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to create invites.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - if ( true === $retval && function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you don\'t have permission to create invites.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you don\'t have permission to create invites.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -514,48 +514,43 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to revoke invite.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - if ( true === $retval && function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you don\'t have permission to revoke invite.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to revoke invite.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - $invite = get_post( $request['id'] ); + if ( is_user_logged_in() ) { + $retval = true; + $invite = get_post( $request['id'] ); - if ( true === $retval && empty( $invite->ID ) ) { - $retval = new WP_Error( - 'bp_rest_invite_invalid_id', - __( 'Invalid invite ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - if ( true === $retval && ( ! isset( $invite->post_type ) || 'bp-invite' !== $invite->post_type ) ) { - $retval = new WP_Error( - 'bp_rest_invite_invalid_id', - __( 'Invalid invite ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you don\'t have permission to revoke invite.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } elseif ( empty( $invite->ID ) ) { + $retval = new WP_Error( + 'bp_rest_invite_invalid_id', + __( 'Invalid invite ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! isset( $invite->post_type ) || 'bp-invite' !== $invite->post_type ) { + $retval = new WP_Error( + 'bp_rest_invite_invalid_id', + __( 'Invalid invite ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } } /** @@ -641,26 +636,26 @@ public function get_invite_profile_type( $request ) { * @since 0.1.0 */ public function get_invite_profile_type_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to view invites profile type.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view invites profile type.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - if ( true === $retval && function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you don\'t have permission to view invites profile type.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( function_exists( 'bp_allow_user_to_send_invites' ) && false === bp_allow_user_to_send_invites() ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you don\'t have permission to view invites profile type.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-media/classes/class-bp-rest-media-albums-endpoint.php b/src/bp-media/classes/class-bp-rest-media-albums-endpoint.php index c6379f48f9..3b0a3fac76 100644 --- a/src/bp-media/classes/class-bp-rest-media-albums-endpoint.php +++ b/src/bp-media/classes/class-bp-rest-media-albums-endpoint.php @@ -468,23 +468,25 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create a media.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create a media.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { if ( - ! bp_is_active( 'groups' ) - || ! groups_can_user_manage_albums( bp_loggedin_user_id(), (int) $request['group_id'] ) - || ! bp_is_group_albums_support_enabled() + isset( $request['group_id'] ) && + ! empty( $request['group_id'] ) && + ( + ! bp_is_active( 'groups' ) + || ! groups_can_user_manage_albums( bp_loggedin_user_id(), (int) $request['group_id'] ) + || ! bp_is_group_albums_support_enabled() + ) ) { $retval = new WP_Error( 'bp_rest_invalid_permission', @@ -493,26 +495,23 @@ public function create_item_permissions_check( $request ) { 'status' => rest_authorization_required_code(), ) ); + } elseif ( + ( + ! isset( $request['group_id'] ) || + empty( $request['group_id'] ) + ) && + ! bp_is_profile_albums_support_enabled() + ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have a permission to create an album.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); } } - if ( - true === $retval && - ( - ! isset( $request['group_id'] ) || - empty( $request['group_id'] ) - ) && - ! bp_is_profile_albums_support_enabled() - ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have a permission to create an album.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - /** * Filter the Media `create_item` permissions check. * @@ -627,45 +626,42 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update this album.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $album = new BP_Media_Album( $request['id'] ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to update this album.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $album->id ) ) { - $retval = new WP_Error( - 'bp_rest_album_invalid_id', - __( 'Invalid Album ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $album = new BP_Media_Album( $request['id'] ); - if ( true === $retval && ! bp_album_user_can_delete( $album ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this album.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), + if ( empty( $album->id ) ) { + $retval = new WP_Error( + 'bp_rest_album_invalid_id', + __( 'Invalid Album ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_album_user_can_delete( $album ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update this album.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } elseif ( + isset( $request['group_id'] ) && + ! empty( $request['group_id'] ) && + ( + ! bp_is_active( 'groups' ) + || ! groups_can_user_manage_albums( bp_loggedin_user_id(), (int) $request['group_id'] ) + || ! bp_is_group_albums_support_enabled() ) - ); - } - - if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { - if ( - ! bp_is_active( 'groups' ) - || ! groups_can_user_manage_albums( bp_loggedin_user_id(), (int) $request['group_id'] ) - || ! bp_is_group_albums_support_enabled() ) { $retval = new WP_Error( 'bp_rest_invalid_permission', @@ -674,26 +670,23 @@ public function update_item_permissions_check( $request ) { 'status' => rest_authorization_required_code(), ) ); + } elseif ( + ( + ! isset( $request['group_id'] ) || + empty( $request['group_id'] ) + ) && + ! bp_is_profile_albums_support_enabled() + ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have a permission to update an album.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); } } - if ( - true === $retval && - ( - ! isset( $request['group_id'] ) || - empty( $request['group_id'] ) - ) && - ! bp_is_profile_albums_support_enabled() - ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have a permission to update an album.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - /** * Filter the album `update_item` permissions check. * @@ -785,38 +778,35 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to delete this album.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $album = new BP_Media_Album( $request['id'] ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to delete this album.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $album->id ) ) { - $retval = new WP_Error( - 'bp_rest_album_invalid_id', - __( 'Invalid Album ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $album = new BP_Media_Album( $request['id'] ); - if ( true === $retval && ! bp_album_user_can_delete( $album ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this album.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $album->id ) ) { + $retval = new WP_Error( + 'bp_rest_album_invalid_id', + __( 'Invalid Album ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_album_user_can_delete( $album ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this album.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-media/classes/class-bp-rest-media-endpoint.php b/src/bp-media/classes/class-bp-rest-media-endpoint.php index c2fbdbd097..ee7ee5616e 100644 --- a/src/bp-media/classes/class-bp-rest-media-endpoint.php +++ b/src/bp-media/classes/class-bp-rest-media-endpoint.php @@ -542,30 +542,35 @@ function_exists( 'bb_media_user_can_upload' ) && * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create a media.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); if ( - ! is_user_logged_in() || + is_user_logged_in() && ( - function_exists( 'bb_media_user_can_upload' ) && - ! bb_media_user_can_upload( bp_loggedin_user_id(), $request->get_param( 'group_id' ) ) + ! function_exists( 'bb_media_user_can_upload' ) || + ( + function_exists( 'bb_media_user_can_upload' ) && + bb_media_user_can_upload( bp_loggedin_user_id(), $request->get_param( 'group_id' ) ) + ) ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create a media.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = true; - if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { if ( - ! bp_is_active( 'groups' ) - || ! groups_can_user_manage_media( bp_loggedin_user_id(), (int) $request['group_id'] ) - || ! function_exists( 'bp_is_group_media_support_enabled' ) - || ( function_exists( 'bp_is_group_media_support_enabled' ) && false === bp_is_group_media_support_enabled() ) + isset( $request['group_id'] ) && + ! empty( $request['group_id'] ) && + ( + ! bp_is_active( 'groups' ) + || ! groups_can_user_manage_media( bp_loggedin_user_id(), (int) $request['group_id'] ) + || ! function_exists( 'bp_is_group_media_support_enabled' ) + || ( function_exists( 'bp_is_group_media_support_enabled' ) && false === bp_is_group_media_support_enabled() ) + ) ) { $retval = new WP_Error( 'bp_rest_invalid_permission', @@ -574,30 +579,28 @@ function_exists( 'bb_media_user_can_upload' ) && 'status' => rest_authorization_required_code(), ) ); - } - } - - if ( true === $retval && isset( $request['album_id'] ) && ! empty( $request['album_id'] ) ) { - $parent_album = new BP_Media_Album( $request['album_id'] ); - if ( empty( $parent_album->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_album_id', - __( 'Invalid Album ID.', 'buddyboss' ), - array( - 'status' => 400, - ) - ); - } + } elseif ( isset( $request['album_id'] ) && ! empty( $request['album_id'] ) ) { + $parent_album = new BP_Media_Album( $request['album_id'] ); + if ( empty( $parent_album->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_album_id', + __( 'Invalid Album ID.', 'buddyboss' ), + array( + 'status' => 400, + ) + ); + } - $album_privacy = bp_media_user_can_manage_album( $parent_album->id, bp_loggedin_user_id() ); - if ( true === $retval && true !== (bool) $album_privacy['can_add'] ) { - $retval = new WP_Error( - 'bp_rest_invalid_permission', - __( 'You don\'t have a permission to create a media inside this album.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + $album_privacy = bp_media_user_can_manage_album( $parent_album->id, bp_loggedin_user_id() ); + if ( true === $retval && true !== (bool) $album_privacy['can_add'] ) { + $retval = new WP_Error( + 'bp_rest_invalid_permission', + __( 'You don\'t have a permission to create a media inside this album.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } } @@ -614,7 +617,7 @@ function_exists( 'bb_media_user_can_upload' ) && $retval = new WP_Error( 'bp_rest_invalid_upload_id', sprintf( - /* translators: Attachment ID. */ + /* translators: Attachment ID. */ __( 'Invalid attachment id: %d', 'buddyboss' ), $attachment_id ), @@ -626,7 +629,7 @@ function_exists( 'bb_media_user_can_upload' ) && $retval = new WP_Error( 'bp_rest_invalid_media_author', sprintf( - /* translators: Attachment ID. */ + /* translators: Attachment ID. */ __( 'You are not a valid author for attachment id: %d', 'buddyboss' ), $attachment_id ), @@ -638,7 +641,7 @@ function_exists( 'bb_media_user_can_upload' ) && $retval = new WP_Error( 'bp_rest_duplicate_media_upload_id', sprintf( - /* translators: Attachment ID. */ + /* translators: Attachment ID. */ __( 'Media already exists for attachment id: %d', 'buddyboss' ), $attachment_id ), @@ -807,53 +810,47 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to update this media.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $media = new BP_Media( $request['id'] ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to update this media.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $media->id ) ) { - $retval = new WP_Error( - 'bp_rest_media_invalid_id', - __( 'Invalid media ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $media = new BP_Media( $request['id'] ); - if ( - true === $retval && - ( + if ( empty( $media->id ) ) { + $retval = new WP_Error( + 'bp_rest_media_invalid_id', + __( 'Invalid media ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_media_user_can_edit( $media ) || ( function_exists( 'bb_media_user_can_upload' ) && ! bb_media_user_can_upload( bp_loggedin_user_id(), (int) ( isset( $request['group_id'] ) ? $request['group_id'] : $media->group_id ) ) ) - ) - ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update this media.', 'buddyboss' ), - array( - 'status' => 500, + ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update this media.', 'buddyboss' ), + array( + 'status' => 500, + ) + ); + } elseif ( + isset( $request['group_id'] ) && + ! empty( $request['group_id'] ) && + ( + ! bp_is_active( 'groups' ) + || ! groups_can_user_manage_media( bp_loggedin_user_id(), (int) $request['group_id'] ) ) - ); - } - - if ( true === $retval && isset( $request['group_id'] ) && ! empty( $request['group_id'] ) ) { - if ( - ! bp_is_active( 'groups' ) - || ! groups_can_user_manage_media( bp_loggedin_user_id(), (int) $request['group_id'] ) ) { $retval = new WP_Error( 'bp_rest_invalid_permission', @@ -989,26 +986,16 @@ public function delete_items( $request ) { * @since 0.1.0 */ public function delete_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to delete this media.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to delete this media.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $request['media_ids'] ) ) { - $retval = new WP_Error( - 'bp_rest_media_invalid_ids', - __( 'Invalid media IDs.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( is_user_logged_in() && ! empty( $request['media_ids'] ) ) { + $retval = true; } /** @@ -1104,38 +1091,35 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to delete this media.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $media = new BP_Media( $request['id'] ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to delete this media.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $media->id ) ) { - $retval = new WP_Error( - 'bp_rest_media_invalid_id', - __( 'Invalid media ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $media = new BP_Media( $request['id'] ); - if ( true === $retval && ! bp_media_user_can_delete( $media ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this media.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $media->id ) ) { + $retval = new WP_Error( + 'bp_rest_media_invalid_id', + __( 'Invalid media ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_media_user_can_delete( $media ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this media.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -1245,16 +1229,16 @@ function_exists( 'bp_media_allowed_upload_media_size' ) && */ public function upload_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to upload media.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to upload media.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-members/classes/class-bp-rest-members-actions-endpoint.php b/src/bp-members/classes/class-bp-rest-members-actions-endpoint.php index 6b3fc89dec..e92d4666d3 100644 --- a/src/bp-members/classes/class-bp-rest-members-actions-endpoint.php +++ b/src/bp-members/classes/class-bp-rest-members-actions-endpoint.php @@ -163,27 +163,27 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - $user = bp_rest_get_user( $request['id'] ); - - if ( ! $user instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_member_invalid_id', - __( 'Invalid member ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you do not have access to list components.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you do not have access to list components.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + $user = bp_rest_get_user( $request['id'] ); + + if ( ! $user instanceof WP_User ) { + $retval = new WP_Error( + 'bp_rest_member_invalid_id', + __( 'Invalid member ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } } /** diff --git a/src/bp-members/classes/class-bp-rest-members-details-endpoint.php b/src/bp-members/classes/class-bp-rest-members-details-endpoint.php index e9d5809975..0144c9629f 100644 --- a/src/bp-members/classes/class-bp-rest-members-details-endpoint.php +++ b/src/bp-members/classes/class-bp-rest-members-details-endpoint.php @@ -135,16 +135,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_component_required', + __( 'Sorry, Members component was not enabled.', 'buddyboss' ), + array( + 'status' => '404', + ) + ); - if ( ! bp_is_active( 'members' ) ) { - $retval = new WP_Error( - 'bp_rest_component_required', - __( 'Sorry, Members component was not enabled.', 'buddyboss' ), - array( - 'status' => '404', - ) - ); + if ( bp_is_active( 'members' ) ) { + $retval = true; } /** @@ -179,6 +179,8 @@ public function get_item( $request ) { global $bp; $tmp_bp = $bp; + $logged_user_id = get_current_user_id(); + $current_user_id = $request->get_param( 'id' ); if ( empty( $current_user_id ) ) { $current_user_id = bp_loggedin_user_id(); @@ -275,8 +277,14 @@ public function get_item( $request ) { 'profile' => 'xprofile', ); - if ( ! empty( $navs->get_primary( array( 'show_for_displayed_user' => true ) ) ) ) { - foreach ( $navs->get_primary( array( 'show_for_displayed_user' => true ) ) as $nav ) { + $args = array(); + + if ( ! ( ! empty( $logged_user_id ) && (int) $logged_user_id === (int) $current_user_id ) ) { + $args = array( 'show_for_displayed_user' => true ); + } + + if ( ! empty( $navs->get_primary( $args ) ) ) { + foreach ( $navs->get_primary( $args ) as $nav ) { $name = $nav['name']; $id = $nav['slug']; @@ -458,16 +466,16 @@ public function get_profile_dropdown_items( $request ) { * @since 0.1.0 */ public function get_profile_dropdown_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, Restrict access to only logged-in members.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, Restrict access to only logged-in members.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-members/classes/class-bp-rest-members-endpoint.php b/src/bp-members/classes/class-bp-rest-members-endpoint.php index 9f057dd733..43570977f9 100644 --- a/src/bp-members/classes/class-bp-rest-members-endpoint.php +++ b/src/bp-members/classes/class-bp-rest-members-endpoint.php @@ -390,16 +390,16 @@ public function get_item_permissions_check( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to view members.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! ( is_user_logged_in() && current_user_can( 'bp_moderate' ) ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to view members.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( ( is_user_logged_in() && current_user_can( 'bp_moderate' ) ) ) { + $retval = true; } /** @@ -422,8 +422,17 @@ public function create_item_permissions_check( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - $user = bp_rest_get_user( $request['id'] ); + $error = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + $retval = $error; + + $user = bp_rest_get_user( $request['id'] ); + $member_type_edit = isset( $request['member_type'] ); if ( ! $user instanceof WP_User ) { $retval = new WP_Error( @@ -433,21 +442,30 @@ public function update_item_permissions_check( $request ) { 'status' => 404, ) ); - } + } else { + $action = 'delete'; - $action = 'delete'; - if ( 'DELETE' !== $request->get_method() ) { - $action = 'update'; - } + if ( 'DELETE' !== $request->get_method() ) { + $action = 'update'; + } - if ( true === $retval && ! $this->can_manage_member( $user, $action ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to view members.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( get_current_user_id() === $user->ID ) { + if ( $member_type_edit && ! bp_current_user_can( 'bp_moderate' ) ) { + $retval = $error; + } else { + $retval = parent::update_item_permissions_check( $request ); + } + } elseif ( ! $this->can_manage_member( $user, $action ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to view members.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } else { + $retval = true; + } } /** @@ -543,41 +561,38 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $user_id = (int) $request['id']; - if ( empty( $user_id ) ) { - $user_id = bp_loggedin_user_id(); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && bp_loggedin_user_id() !== absint( $user_id ) && ! bp_current_user_can( 'delete_users' ) ) { - $retval = new WP_Error( - 'bp_rest_user_cannot_delete', - __( 'Sorry, you are not allowed to delete this user.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $user_id = (int) $request['id']; + if ( empty( $user_id ) ) { + $user_id = bp_loggedin_user_id(); + } - if ( true === $retval && function_exists( 'bp_disable_account_deletion' ) && bp_disable_account_deletion() ) { - $retval = new WP_Error( - 'bp_rest_user_cannot_delete', - __( 'Sorry, you are not allowed to delete this user.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( bp_loggedin_user_id() !== absint( $user_id ) && ! bp_current_user_can( 'delete_users' ) ) { + $retval = new WP_Error( + 'bp_rest_user_cannot_delete', + __( 'Sorry, you are not allowed to delete this user.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } elseif ( function_exists( 'bp_disable_account_deletion' ) && bp_disable_account_deletion() ) { + $retval = new WP_Error( + 'bp_rest_user_cannot_delete', + __( 'Sorry, you are not allowed to delete this user.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-members/classes/class-bp-rest-members-permissions-endpoint.php b/src/bp-members/classes/class-bp-rest-members-permissions-endpoint.php index 542eaa22bd..b7deb0ef2f 100644 --- a/src/bp-members/classes/class-bp-rest-members-permissions-endpoint.php +++ b/src/bp-members/classes/class-bp-rest-members-permissions-endpoint.php @@ -137,16 +137,16 @@ function_exists( 'bb_user_has_access_upload_document' ) * @since 1.5.7 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, Restrict access to only logged-in members.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, Restrict access to only logged-in members.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-members/classes/class-bp-rest-signup-endpoint.php b/src/bp-members/classes/class-bp-rest-signup-endpoint.php index 3da6702fff..e375efcdf8 100644 --- a/src/bp-members/classes/class-bp-rest-signup-endpoint.php +++ b/src/bp-members/classes/class-bp-rest-signup-endpoint.php @@ -361,16 +361,16 @@ public function signup_form_items( $request ) { * @since 0.1.0 */ public function signup_form_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not able to view the register form fields.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not able to view the register form fields.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( ! is_user_logged_in() ) { + $retval = true; } /** @@ -465,26 +465,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && bp_current_user_can( 'bp_moderate' ) ) { + $retval = true; } /** @@ -547,37 +537,35 @@ public function get_item( $request ) { * @since 0.1.0 */ public function get_item_permissions_check( $request ) { - $retval = true; - $signup = $this->get_signup_object( $request['id'] ); - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $signup ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid signup id.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; + $signup = $this->get_signup_object( $request['id'] ); - if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( empty( $signup ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid signup id.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! bp_current_user_can( 'bp_moderate' ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -985,16 +973,16 @@ function ( $v ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( is_user_logged_in() && ! bp_current_user_can( 'bp_moderate' ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not authorized to perform this action.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( ! is_user_logged_in() || bp_current_user_can( 'bp_moderate' ) ) { + $retval = true; } /** @@ -1148,17 +1136,18 @@ public function activate_item( $request ) { * @since 0.1.0 */ public function activate_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid signup id.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + $signup = $this->get_signup_object( $request['id'] ); - if ( empty( $signup ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid signup id.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( ! empty( $signup ) ) { + $retval = true; } /** diff --git a/src/bp-messages/classes/class-bp-rest-group-messages-endpoint.php b/src/bp-messages/classes/class-bp-rest-group-messages-endpoint.php index 7083f9d358..4195aa69d4 100644 --- a/src/bp-messages/classes/class-bp-rest-group-messages-endpoint.php +++ b/src/bp-messages/classes/class-bp-rest-group-messages-endpoint.php @@ -1111,26 +1111,16 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to create a group message.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to create a group message.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && function_exists( 'bp_disable_group_messages' ) && false === bp_disable_group_messages() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create a group message.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && function_exists( 'bp_disable_group_messages' ) && true === bp_disable_group_messages() ) { + $retval = true; } /** diff --git a/src/bp-messages/classes/class-bp-rest-messages-actions-endpoint.php b/src/bp-messages/classes/class-bp-rest-messages-actions-endpoint.php index da0f90f41f..2e2c1b9f2e 100644 --- a/src/bp-messages/classes/class-bp-rest-messages-actions-endpoint.php +++ b/src/bp-messages/classes/class-bp-rest-messages-actions-endpoint.php @@ -154,28 +154,18 @@ public function action_items( $request ) { * @since 0.1.0 */ public function action_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to perform action on messages.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to perform action on messages.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); $thread = $this->message_endppoint->get_thread_object( $request['id'] ); - if ( true === $retval && empty( $thread->thread_id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Sorry, this thread does not exist.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( is_user_logged_in() && ! empty( $thread->thread_id ) ) { + $retval = true; } if ( true === $retval && bp_current_user_can( 'bp_moderate' ) ) { diff --git a/src/bp-messages/classes/class-bp-rest-messages-endpoint.php b/src/bp-messages/classes/class-bp-rest-messages-endpoint.php index 9d0fe9266f..0423536125 100644 --- a/src/bp-messages/classes/class-bp-rest-messages-endpoint.php +++ b/src/bp-messages/classes/class-bp-rest-messages-endpoint.php @@ -671,16 +671,16 @@ function ( $result ) { * @since 0.1.0 */ public function search_recipients_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to search recipients.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to search recipients.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** @@ -758,16 +758,16 @@ public function search_thread_items( $request ) { * @since 0.1.0 */ public function search_thread_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to search thread.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to search thread.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-moderation/classes/class-bp-rest-moderation-endpoint.php b/src/bp-moderation/classes/class-bp-rest-moderation-endpoint.php index 7834ce0062..a4377c3fbf 100644 --- a/src/bp-moderation/classes/class-bp-rest-moderation-endpoint.php +++ b/src/bp-moderation/classes/class-bp-rest-moderation-endpoint.php @@ -232,16 +232,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to view the block members.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view the block members.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** @@ -314,16 +314,16 @@ public function get_item( $request ) { * @since 0.1.0 */ public function get_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to view the block member.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view the block member.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** @@ -461,29 +461,19 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to block member.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to block member.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); $item_id = $request->get_param( 'item_id' ); $user = bp_rest_get_user( $item_id ); - if ( true === $retval && ! $user instanceof WP_User ) { - $retval = new WP_Error( - 'bp_rest_invalid_item_id', - __( 'Invalid Member Item ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( is_user_logged_in() && $user instanceof WP_User ) { + $retval = true; } if ( true === $retval && ! empty( $user->roles ) && in_array( 'administrator', $user->roles, true ) ) { @@ -624,16 +614,16 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to unblock member.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to unblock member.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-moderation/classes/class-bp-rest-moderation-report-endpoint.php b/src/bp-moderation/classes/class-bp-rest-moderation-report-endpoint.php index 30f700b7a8..cca5d6b5c2 100644 --- a/src/bp-moderation/classes/class-bp-rest-moderation-report-endpoint.php +++ b/src/bp-moderation/classes/class-bp-rest-moderation-report-endpoint.php @@ -192,16 +192,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to view the block members.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to view the block members.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** @@ -323,28 +323,28 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to report a moderation.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to report a moderation.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } + if ( is_user_logged_in() ) { + $retval = true; - $content_type = $request['item_type']; + $content_type = $request['item_type']; - if ( true === $retval && ! bp_moderation_user_can( (int) $request['item_id'], $content_type ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_item', - __( 'Sorry, you are not allowed to report this item.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( ! bp_moderation_user_can( (int) $request['item_id'], $content_type ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_item', + __( 'Sorry, you are not allowed to report this item.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-notifications/classes/class-bp-rest-notifications-endpoint.php b/src/bp-notifications/classes/class-bp-rest-notifications-endpoint.php index aeef393363..04600c10d1 100644 --- a/src/bp-notifications/classes/class-bp-rest-notifications-endpoint.php +++ b/src/bp-notifications/classes/class-bp-rest-notifications-endpoint.php @@ -181,16 +181,25 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() || ( bp_loggedin_user_id() !== $request['user_id'] && ! $this->can_see() ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to see the notifications.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the notifications.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + if ( is_user_logged_in() ) { + $retval = true; + + if ( bp_loggedin_user_id() !== $request['user_id'] && ! $this->can_see() ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the notifications.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** @@ -252,38 +261,35 @@ public function get_item( $request ) { * @since 0.1.0 */ public function get_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to see the notification.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $notification = $this->get_notification_object( $request ); - - if ( true === $retval && is_null( $notification->item_id ) ) { - $retval = new WP_Error( - 'bp_rest_notification_invalid_id', - __( 'Invalid notification ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the notification.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && ! $this->can_see( $notification->id ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you cannot view this notification.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + $notification = $this->get_notification_object( $request ); + + if ( is_null( $notification->item_id ) ) { + $retval = new WP_Error( + 'bp_rest_notification_invalid_id', + __( 'Invalid notification ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( ! $this->can_see( $notification->id ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you cannot view this notification.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-settings/classes/class-bp-rest-account-settings-endpoint.php b/src/bp-settings/classes/class-bp-rest-account-settings-endpoint.php index ce8990e38b..8ad8ad9bf8 100644 --- a/src/bp-settings/classes/class-bp-rest-account-settings-endpoint.php +++ b/src/bp-settings/classes/class-bp-rest-account-settings-endpoint.php @@ -126,16 +126,16 @@ public function get_items( $request ) { * @since 0.1.0 */ public function get_items_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the account settings.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to see the account settings.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } /** diff --git a/src/bp-settings/classes/class-bp-rest-account-settings-options-endpoint.php b/src/bp-settings/classes/class-bp-rest-account-settings-options-endpoint.php index ff5133296e..c6724c13f3 100644 --- a/src/bp-settings/classes/class-bp-rest-account-settings-options-endpoint.php +++ b/src/bp-settings/classes/class-bp-rest-account-settings-options-endpoint.php @@ -153,28 +153,27 @@ public function get_item( $request ) { * @since 0.1.0 */ public function get_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to see the account settings options.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $nav = $request->get_param( 'nav' ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the account settings options.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $nav ) ) { - return new WP_Error( - 'bp_rest_invalid_setting_nav', - __( 'Sorry, you are not allowed to see the account settings options.', 'buddyboss' ), - array( - 'status' => 400, - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + $nav = $request->get_param( 'nav' ); + + if ( empty( $nav ) ) { + return new WP_Error( + 'bp_rest_invalid_setting_nav', + __( 'Sorry, you are not allowed to see the account settings options.', 'buddyboss' ), + array( + 'status' => 400, + ) + ); + } } /** @@ -291,28 +290,27 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to see the account settings options.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $nav = $request->get_param( 'nav' ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to see the account settings options.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && empty( $nav ) ) { - return new WP_Error( - 'bp_rest_invalid_setting_nav', - __( 'Sorry, you are not allowed to update the account settings options.', 'buddyboss' ), - array( - 'status' => 400, - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + $nav = $request->get_param( 'nav' ); + + if ( empty( $nav ) ) { + return new WP_Error( + 'bp_rest_invalid_setting_nav', + __( 'Sorry, you are not allowed to update the account settings options.', 'buddyboss' ), + array( + 'status' => 400, + ) + ); + } } /** diff --git a/src/bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php b/src/bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php index abdfea6004..336a9b67b2 100644 --- a/src/bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php +++ b/src/bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php @@ -334,16 +334,16 @@ public function update_item( $request ) { * @since 0.1.0 */ public function update_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you need to be logged in to save XProfile data.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you need to be logged in to save XProfile data.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; } $user = bp_rest_get_user( $request->get_param( 'user_id' ) ); diff --git a/src/bp-xprofile/classes/class-bp-rest-xprofile-field-groups-endpoint.php b/src/bp-xprofile/classes/class-bp-rest-xprofile-field-groups-endpoint.php index 02fbc5e712..07c808e699 100644 --- a/src/bp-xprofile/classes/class-bp-rest-xprofile-field-groups-endpoint.php +++ b/src/bp-xprofile/classes/class-bp-rest-xprofile-field-groups-endpoint.php @@ -430,16 +430,16 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to view this XProfile field group.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! ( is_user_logged_in() && bp_current_user_can( 'bp_moderate' ) ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to view this XProfile field group.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && bp_current_user_can( 'bp_moderate' ) ) { + $retval = true; } /** diff --git a/src/bp-xprofile/classes/class-bp-rest-xprofile-fields-endpoint.php b/src/bp-xprofile/classes/class-bp-rest-xprofile-fields-endpoint.php index 0b5dca5b20..0cb1f370c1 100644 --- a/src/bp-xprofile/classes/class-bp-rest-xprofile-fields-endpoint.php +++ b/src/bp-xprofile/classes/class-bp-rest-xprofile-fields-endpoint.php @@ -528,16 +528,16 @@ public function create_item( $request ) { * @since 0.1.0 */ public function create_item_permissions_check( $request ) { - $retval = true; + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to create a XProfile field.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( ! is_user_logged_in() || ! bp_current_user_can( 'bp_moderate' ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to create a XProfile field.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() && bp_current_user_can( 'bp_moderate' ) ) { + $retval = true; } /** @@ -760,42 +760,39 @@ public function delete_item( $request ) { * @since 0.1.0 */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this field.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $field = $this->get_xprofile_field_object( $request ); - - if ( true === $retval && empty( $field->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid field ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this field.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) { - $retval = $this->get_xprofile_field_display_permission( $retval, $field->id ); - } + if ( is_user_logged_in() ) { + $retval = true; + $field = $this->get_xprofile_field_object( $request ); + + if ( empty( $field->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid field ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } elseif ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) { + $retval = $this->get_xprofile_field_display_permission( $retval, $field->id ); + } - if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this field.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) { + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this field.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/bp-xprofile/classes/class-bp-rest-xprofile-repeater-endpoint.php b/src/bp-xprofile/classes/class-bp-rest-xprofile-repeater-endpoint.php index 0cfd3c76bd..c9b8ba3ef3 100644 --- a/src/bp-xprofile/classes/class-bp-rest-xprofile-repeater-endpoint.php +++ b/src/bp-xprofile/classes/class-bp-rest-xprofile-repeater-endpoint.php @@ -209,41 +209,41 @@ public function create_item( $request ) { * @return WP_Error|bool */ public function create_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update your profile repeater fields.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - // Get the field group before it's deleted. - $field_group = xprofile_get_field_group( (int) $request['id'] ); - - if ( true === $retval && empty( $field_group->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid Group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - $repeater_enabled = bp_xprofile_get_meta( $field_group->id, 'group', 'is_repeater_enabled', true ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update your profile repeater fields.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $field_group ) || 'on' !== $repeater_enabled ) { - $retval = new WP_Error( - 'bp_rest_invalid_repeater_id', - __( 'Invalid Repeater Group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + + // Get the field group before it's deleted. + $field_group = xprofile_get_field_group( (int) $request->get_param( 'id' ) ); + + if ( empty( $field_group->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid Group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } else { + $repeater_enabled = bp_xprofile_get_meta( $field_group->id, 'group', 'is_repeater_enabled', true ); + + if ( empty( $field_group ) || 'on' !== $repeater_enabled ) { + $retval = new WP_Error( + 'bp_rest_invalid_repeater_id', + __( 'Invalid Repeater Group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } + } } /** @@ -469,41 +469,41 @@ function( $a ) use ( &$return ) { * @return WP_Error|bool */ public function update_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update your profile repeater fields.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - // Get the field group before it's deleted. - $field_group = xprofile_get_field_group( (int) $request['id'] ); - - if ( true === $retval && empty( $field_group->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid Group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - $repeater_enabled = bp_xprofile_get_meta( $field_group->id, 'group', 'is_repeater_enabled', true ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update your profile repeater fields.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $field_group ) || 'on' !== $repeater_enabled ) { - $retval = new WP_Error( - 'bp_rest_invalid_repeater_id', - __( 'Invalid Repeater Group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + + // Get the field group before it's deleted. + $field_group = xprofile_get_field_group( (int) $request['id'] ); + + if ( empty( $field_group->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid Group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } else { + $repeater_enabled = bp_xprofile_get_meta( $field_group->id, 'group', 'is_repeater_enabled', true ); + + if ( empty( $field_group ) || 'on' !== $repeater_enabled ) { + $retval = new WP_Error( + 'bp_rest_invalid_repeater_id', + __( 'Invalid Repeater Group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } + } } /** @@ -672,41 +672,41 @@ public function delete_item( $request ) { * @return WP_Error|bool */ public function delete_item_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to delete this field.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - // Get the field group before it's deleted. - $field_group = xprofile_get_field_group( (int) $request['id'] ); - - if ( true === $retval && empty( $field_group->id ) ) { - $retval = new WP_Error( - 'bp_rest_invalid_id', - __( 'Invalid Group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); - } - - $repeater_enabled = bp_xprofile_get_meta( $field_group->id, 'group', 'is_repeater_enabled', true ); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to delete this field.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $field_group ) || 'on' !== $repeater_enabled ) { - $retval = new WP_Error( - 'bp_rest_invalid_repeater_id', - __( 'Invalid Repeater Group ID.', 'buddyboss' ), - array( - 'status' => 404, - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + + // Get the field group before it's deleted. + $field_group = xprofile_get_field_group( (int) $request['id'] ); + + if ( empty( $field_group->id ) ) { + $retval = new WP_Error( + 'bp_rest_invalid_id', + __( 'Invalid Group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } else { + $repeater_enabled = bp_xprofile_get_meta( $field_group->id, 'group', 'is_repeater_enabled', true ); + + if ( empty( $field_group ) || 'on' !== $repeater_enabled ) { + $retval = new WP_Error( + 'bp_rest_invalid_repeater_id', + __( 'Invalid Repeater Group ID.', 'buddyboss' ), + array( + 'status' => 404, + ) + ); + } + } } /** diff --git a/src/bp-xprofile/classes/class-bp-rest-xprofile-update-endpoint.php b/src/bp-xprofile/classes/class-bp-rest-xprofile-update-endpoint.php index 702974d05d..bf7b1f68d4 100644 --- a/src/bp-xprofile/classes/class-bp-rest-xprofile-update-endpoint.php +++ b/src/bp-xprofile/classes/class-bp-rest-xprofile-update-endpoint.php @@ -229,28 +229,27 @@ public function update_items( $request ) { * @since 0.1.0 */ public function update_items_permissions_check( $request ) { - $retval = true; - - if ( ! is_user_logged_in() ) { - $retval = new WP_Error( - 'bp_rest_authorization_required', - __( 'Sorry, you are not allowed to update your profile fields.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - $user_id = bp_loggedin_user_id(); + $retval = new WP_Error( + 'bp_rest_authorization_required', + __( 'Sorry, you are not allowed to update your profile fields.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); - if ( empty( $user_id ) ) { - $retval = new WP_Error( - 'bp_rest_login_required', - __( 'Sorry, you are not logged in to update fields.', 'buddyboss' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( is_user_logged_in() ) { + $retval = true; + $user_id = bp_loggedin_user_id(); + + if ( empty( $user_id ) ) { + $retval = new WP_Error( + 'bp_rest_login_required', + __( 'Sorry, you are not logged in to update fields.', 'buddyboss' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); + } } /** diff --git a/src/endpoints/api_data.js b/src/endpoints/api_data.js index 85d2c75bf8..8e061b45f6 100644 --- a/src/endpoints/api_data.js +++ b/src/endpoints/api_data.js @@ -1,44 +1,4 @@ define({ "api": [ - { - "type": "", - "url": "Checks", - "title": "wether the given `$pathfile` is considered a valid media file.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Checks" - }, - { - "type": "", - "url": "Creates", - "title": "an FFProbe.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Creates" - }, - { - "type": "", - "url": "Probes", - "title": "the streams contained in a given file.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Probes" - }, - { - "type": "", - "url": "Probes", - "title": "the format of a given file.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Probes" - }, { "type": "GET", "url": "/wp-json/buddyboss/v1/account-settings", @@ -4715,35 +4675,6 @@ define({ "api": [ "filename": "src/bp-groups/classes/class-bp-rest-group-membership-endpoint.php", "groupTitle": "Groups" }, - { - "type": "GET", - "url": "/wp-json/buddyboss/v1/groups/membership-requests/:request_id", - "title": "Get Membership Request", - "name": "GetBBGroupsMembershipsRequest", - "group": "Groups", - "description": "

Retrieve group membership request by ID.

", - "version": "1.0.0", - "permission": [ - { - "name": "LoggedInUser" - } - ], - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "Number", - "optional": false, - "field": "request_id", - "description": "

A unique numeric ID for the group membership request.

" - } - ] - } - }, - "filename": "src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php", - "groupTitle": "Groups" - }, { "type": "GET", "url": "/wp-json/buddyboss/v1/groups/membership-requests", @@ -4798,6 +4729,35 @@ define({ "api": [ "filename": "src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php", "groupTitle": "Groups" }, + { + "type": "GET", + "url": "/wp-json/buddyboss/v1/groups/membership-requests/:request_id", + "title": "Get Membership Request", + "name": "GetBBGroupsMembershipsRequest", + "group": "Groups", + "description": "

Retrieve group membership request by ID.

", + "version": "1.0.0", + "permission": [ + { + "name": "LoggedInUser" + } + ], + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "Number", + "optional": false, + "field": "request_id", + "description": "

A unique numeric ID for the group membership request.

" + } + ] + } + }, + "filename": "src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php", + "groupTitle": "Groups" + }, { "type": "GET", "url": "/wp-json/buddyboss/v1/groups/:id/settings", @@ -8883,35 +8843,6 @@ define({ "api": [ "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", "groupTitle": "Signups" }, - { - "type": "GET", - "url": "/wp-json/buddyboss/v1/signup/:id", - "title": "Signup", - "name": "GetBBSignups", - "group": "Signups", - "description": "

Retrieve signup

", - "version": "1.0.0", - "permission": [ - { - "name": "LoggedInUser" - } - ], - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "id", - "description": "

Identifier for the signup. Can be a signup ID, an email address, or a user_login.

" - } - ] - } - }, - "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", - "groupTitle": "Signups" - }, { "type": "GET", "url": "/wp-json/buddyboss/v1/signup", @@ -8980,5 +8911,34 @@ define({ "api": [ }, "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", "groupTitle": "Signups" + }, + { + "type": "GET", + "url": "/wp-json/buddyboss/v1/signup/:id", + "title": "Signup", + "name": "GetBBSignups", + "group": "Signups", + "description": "

Retrieve signup

", + "version": "1.0.0", + "permission": [ + { + "name": "LoggedInUser" + } + ], + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "id", + "description": "

Identifier for the signup. Can be a signup ID, an email address, or a user_login.

" + } + ] + } + }, + "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", + "groupTitle": "Signups" } ] }); diff --git a/src/endpoints/api_data.json b/src/endpoints/api_data.json index e7dd442952..1b60e9f1d3 100644 --- a/src/endpoints/api_data.json +++ b/src/endpoints/api_data.json @@ -1,44 +1,4 @@ [ - { - "type": "", - "url": "Checks", - "title": "wether the given `$pathfile` is considered a valid media file.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Checks" - }, - { - "type": "", - "url": "Creates", - "title": "an FFProbe.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Creates" - }, - { - "type": "", - "url": "Probes", - "title": "the streams contained in a given file.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Probes" - }, - { - "type": "", - "url": "Probes", - "title": "the format of a given file.", - "version": "0.0.0", - "filename": "src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "group": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "groupTitle": "/Applications/MAMP/htdocs/buddyboss-platform/wp-content/plugins/buddyboss-platform/src/vendor/php-ffmpeg/php-ffmpeg/src/FFMpeg/FFProbe.php", - "name": "Probes" - }, { "type": "GET", "url": "/wp-json/buddyboss/v1/account-settings", @@ -4715,35 +4675,6 @@ "filename": "src/bp-groups/classes/class-bp-rest-group-membership-endpoint.php", "groupTitle": "Groups" }, - { - "type": "GET", - "url": "/wp-json/buddyboss/v1/groups/membership-requests/:request_id", - "title": "Get Membership Request", - "name": "GetBBGroupsMembershipsRequest", - "group": "Groups", - "description": "

Retrieve group membership request by ID.

", - "version": "1.0.0", - "permission": [ - { - "name": "LoggedInUser" - } - ], - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "Number", - "optional": false, - "field": "request_id", - "description": "

A unique numeric ID for the group membership request.

" - } - ] - } - }, - "filename": "src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php", - "groupTitle": "Groups" - }, { "type": "GET", "url": "/wp-json/buddyboss/v1/groups/membership-requests", @@ -4798,6 +4729,35 @@ "filename": "src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php", "groupTitle": "Groups" }, + { + "type": "GET", + "url": "/wp-json/buddyboss/v1/groups/membership-requests/:request_id", + "title": "Get Membership Request", + "name": "GetBBGroupsMembershipsRequest", + "group": "Groups", + "description": "

Retrieve group membership request by ID.

", + "version": "1.0.0", + "permission": [ + { + "name": "LoggedInUser" + } + ], + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "Number", + "optional": false, + "field": "request_id", + "description": "

A unique numeric ID for the group membership request.

" + } + ] + } + }, + "filename": "src/bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php", + "groupTitle": "Groups" + }, { "type": "GET", "url": "/wp-json/buddyboss/v1/groups/:id/settings", @@ -8883,35 +8843,6 @@ "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", "groupTitle": "Signups" }, - { - "type": "GET", - "url": "/wp-json/buddyboss/v1/signup/:id", - "title": "Signup", - "name": "GetBBSignups", - "group": "Signups", - "description": "

Retrieve signup

", - "version": "1.0.0", - "permission": [ - { - "name": "LoggedInUser" - } - ], - "parameter": { - "fields": { - "Parameter": [ - { - "group": "Parameter", - "type": "String", - "optional": false, - "field": "id", - "description": "

Identifier for the signup. Can be a signup ID, an email address, or a user_login.

" - } - ] - } - }, - "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", - "groupTitle": "Signups" - }, { "type": "GET", "url": "/wp-json/buddyboss/v1/signup", @@ -8980,5 +8911,34 @@ }, "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", "groupTitle": "Signups" + }, + { + "type": "GET", + "url": "/wp-json/buddyboss/v1/signup/:id", + "title": "Signup", + "name": "GetBBSignups", + "group": "Signups", + "description": "

Retrieve signup

", + "version": "1.0.0", + "permission": [ + { + "name": "LoggedInUser" + } + ], + "parameter": { + "fields": { + "Parameter": [ + { + "group": "Parameter", + "type": "String", + "optional": false, + "field": "id", + "description": "

Identifier for the signup. Can be a signup ID, an email address, or a user_login.

" + } + ] + } + }, + "filename": "src/bp-members/classes/class-bp-rest-signup-endpoint.php", + "groupTitle": "Signups" } ] diff --git a/src/endpoints/api_project.js b/src/endpoints/api_project.js index bb8d7cc146..ea803816f5 100644 --- a/src/endpoints/api_project.js +++ b/src/endpoints/api_project.js @@ -13,7 +13,7 @@ define({ "apidoc": "0.3.0", "generator": { "name": "apidoc", - "time": "2021-06-17T16:29:58.560Z", + "time": "2021-06-24T12:11:11.862Z", "url": "http://apidocjs.com", "version": "0.22.0" } diff --git a/src/endpoints/api_project.json b/src/endpoints/api_project.json index 4e5dd09d92..8869e91019 100644 --- a/src/endpoints/api_project.json +++ b/src/endpoints/api_project.json @@ -13,7 +13,7 @@ "apidoc": "0.3.0", "generator": { "name": "apidoc", - "time": "2021-06-17T16:29:58.560Z", + "time": "2021-06-24T12:11:11.862Z", "url": "http://apidocjs.com", "version": "0.22.0" }