2019-03-12 09:27:46 +00:00
< ? php
/**
* REST API : WP_REST_Users_Controller class
*
* @ package WordPress
* @ subpackage REST_API
* @ since 4.7 . 0
*/
/**
* Core class used to manage users via the REST API .
*
* @ since 4.7 . 0
*
* @ see WP_REST_Controller
*/
class WP_REST_Users_Controller extends WP_REST_Controller {
/**
* Instance of a user meta fields object .
*
* @ since 4.7 . 0
* @ var WP_REST_User_Meta_Fields
*/
protected $meta ;
/**
* Constructor .
*
* @ since 4.7 . 0
*/
public function __construct () {
$this -> namespace = 'wp/v2' ;
$this -> rest_base = 'users' ;
$this -> meta = new WP_REST_User_Meta_Fields ();
}
/**
* Registers the routes for the objects of the controller .
*
* @ since 4.7 . 0
*
* @ see register_rest_route ()
*/
public function register_routes () {
2019-04-16 19:56:22 +00:00
register_rest_route (
$this -> namespace ,
'/' . $this -> rest_base ,
2019-03-12 09:27:46 +00:00
array (
2019-04-16 19:56:22 +00:00
array (
'methods' => WP_REST_Server :: READABLE ,
'callback' => array ( $this , 'get_items' ),
'permission_callback' => array ( $this , 'get_items_permissions_check' ),
'args' => $this -> get_collection_params (),
2019-03-12 09:27:46 +00:00
),
2019-04-16 19:56:22 +00:00
array (
'methods' => WP_REST_Server :: CREATABLE ,
'callback' => array ( $this , 'create_item' ),
'permission_callback' => array ( $this , 'create_item_permissions_check' ),
'args' => $this -> get_endpoint_args_for_item_schema ( WP_REST_Server :: CREATABLE ),
2019-03-12 09:27:46 +00:00
),
2019-04-16 19:56:22 +00:00
'schema' => array ( $this , 'get_public_item_schema' ),
)
);
register_rest_route (
$this -> namespace ,
'/' . $this -> rest_base . '/(?P<id>[\d]+)' ,
2019-03-12 09:27:46 +00:00
array (
2019-04-16 19:56:22 +00:00
'args' => array (
'id' => array (
'description' => __ ( 'Unique identifier for the user.' ),
2019-03-12 09:27:46 +00:00
'type' => 'integer' ,
),
),
2019-04-16 19:56:22 +00:00
array (
'methods' => WP_REST_Server :: READABLE ,
'callback' => array ( $this , 'get_item' ),
'permission_callback' => array ( $this , 'get_item_permissions_check' ),
'args' => array (
'context' => $this -> get_context_param ( array ( 'default' => 'view' ) ),
),
2019-03-12 09:27:46 +00:00
),
2019-04-16 19:56:22 +00:00
array (
'methods' => WP_REST_Server :: EDITABLE ,
'callback' => array ( $this , 'update_item' ),
'permission_callback' => array ( $this , 'update_item_permissions_check' ),
'args' => $this -> get_endpoint_args_for_item_schema ( WP_REST_Server :: EDITABLE ),
),
array (
'methods' => WP_REST_Server :: DELETABLE ,
'callback' => array ( $this , 'delete_item' ),
'permission_callback' => array ( $this , 'delete_item_permissions_check' ),
'args' => array (
'force' => array (
'type' => 'boolean' ,
'default' => false ,
'description' => __ ( 'Required to be true, as users do not support trashing.' ),
),
'reassign' => array (
'type' => 'integer' ,
'description' => __ ( 'Reassign the deleted user\'s posts and links to this user ID.' ),
'required' => true ,
'sanitize_callback' => array ( $this , 'check_reassign' ),
),
),
),
'schema' => array ( $this , 'get_public_item_schema' ),
)
);
register_rest_route (
$this -> namespace ,
'/' . $this -> rest_base . '/me' ,
2019-03-12 09:27:46 +00:00
array (
2019-04-16 19:56:22 +00:00
array (
'methods' => WP_REST_Server :: READABLE ,
'callback' => array ( $this , 'get_current_item' ),
'args' => array (
'context' => $this -> get_context_param ( array ( 'default' => 'view' ) ),
2019-03-12 09:27:46 +00:00
),
2019-04-16 19:56:22 +00:00
),
array (
'methods' => WP_REST_Server :: EDITABLE ,
'callback' => array ( $this , 'update_current_item' ),
'permission_callback' => array ( $this , 'update_current_item_permissions_check' ),
'args' => $this -> get_endpoint_args_for_item_schema ( WP_REST_Server :: EDITABLE ),
),
array (
'methods' => WP_REST_Server :: DELETABLE ,
'callback' => array ( $this , 'delete_current_item' ),
'permission_callback' => array ( $this , 'delete_current_item_permissions_check' ),
'args' => array (
'force' => array (
'type' => 'boolean' ,
'default' => false ,
'description' => __ ( 'Required to be true, as users do not support trashing.' ),
),
'reassign' => array (
'type' => 'integer' ,
'description' => __ ( 'Reassign the deleted user\'s posts and links to this user ID.' ),
'required' => true ,
'sanitize_callback' => array ( $this , 'check_reassign' ),
),
2019-03-12 09:27:46 +00:00
),
),
2019-04-16 19:56:22 +00:00
'schema' => array ( $this , 'get_public_item_schema' ),
)
);
2019-03-12 09:27:46 +00:00
}
/**
* Checks for a valid value for the reassign parameter when deleting users .
*
* The value can be an integer , 'false' , false , or '' .
*
* @ since 4.7 . 0
*
* @ param int | bool $value The value passed to the reassign parameter .
* @ param WP_REST_Request $request Full details about the request .
* @ param string $param The parameter that is being sanitized .
*
* @ return int | bool | WP_Error
*/
public function check_reassign ( $value , $request , $param ) {
if ( is_numeric ( $value ) ) {
return $value ;
}
if ( empty ( $value ) || false === $value || 'false' === $value ) {
return false ;
}
return new WP_Error ( 'rest_invalid_param' , __ ( 'Invalid user parameter(s).' ), array ( 'status' => 400 ) );
}
/**
* Permissions check for getting all users .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return true | WP_Error True if the request has read access , otherwise WP_Error object .
*/
public function get_items_permissions_check ( $request ) {
// Check if roles is specified in GET request and if user can list users.
if ( ! empty ( $request [ 'roles' ] ) && ! current_user_can ( 'list_users' ) ) {
return new WP_Error ( 'rest_user_cannot_view' , __ ( 'Sorry, you are not allowed to filter users by role.' ), array ( 'status' => rest_authorization_required_code () ) );
}
if ( 'edit' === $request [ 'context' ] && ! current_user_can ( 'list_users' ) ) {
return new WP_Error ( 'rest_forbidden_context' , __ ( 'Sorry, you are not allowed to list users.' ), array ( 'status' => rest_authorization_required_code () ) );
}
if ( in_array ( $request [ 'orderby' ], array ( 'email' , 'registered_date' ), true ) && ! current_user_can ( 'list_users' ) ) {
return new WP_Error ( 'rest_forbidden_orderby' , __ ( 'Sorry, you are not allowed to order users by this parameter.' ), array ( 'status' => rest_authorization_required_code () ) );
}
if ( 'authors' === $request [ 'who' ] ) {
$can_view = false ;
2019-04-16 19:56:22 +00:00
$types = get_post_types ( array ( 'show_in_rest' => true ), 'objects' );
2019-03-12 09:27:46 +00:00
foreach ( $types as $type ) {
if ( post_type_supports ( $type -> name , 'author' )
&& current_user_can ( $type -> cap -> edit_posts ) ) {
$can_view = true ;
}
}
if ( ! $can_view ) {
return new WP_Error ( 'rest_forbidden_who' , __ ( 'Sorry, you are not allowed to query users by this parameter.' ), array ( 'status' => rest_authorization_required_code () ) );
}
}
return true ;
}
/**
* Retrieves all users .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
public function get_items ( $request ) {
// Retrieve the list of registered collection query parameters.
$registered = $this -> get_collection_params ();
/*
* This array defines mappings between public API query parameters whose
* values are accepted as - passed , and their internal WP_Query parameter
* name equivalents ( some are the same ) . Only values which are also
* present in $registered will be set .
*/
$parameter_mappings = array (
'exclude' => 'exclude' ,
'include' => 'include' ,
'order' => 'order' ,
'per_page' => 'number' ,
'search' => 'search' ,
'roles' => 'role__in' ,
'slug' => 'nicename__in' ,
);
$prepared_args = array ();
/*
* For each known parameter which is both registered and present in the request ,
* set the parameter ' s value on the query $prepared_args .
*/
foreach ( $parameter_mappings as $api_param => $wp_param ) {
if ( isset ( $registered [ $api_param ], $request [ $api_param ] ) ) {
$prepared_args [ $wp_param ] = $request [ $api_param ];
}
}
if ( isset ( $registered [ 'offset' ] ) && ! empty ( $request [ 'offset' ] ) ) {
$prepared_args [ 'offset' ] = $request [ 'offset' ];
} else {
2019-04-16 19:56:22 +00:00
$prepared_args [ 'offset' ] = ( $request [ 'page' ] - 1 ) * $prepared_args [ 'number' ];
2019-03-12 09:27:46 +00:00
}
if ( isset ( $registered [ 'orderby' ] ) ) {
2019-04-16 19:56:22 +00:00
$orderby_possibles = array (
2019-03-12 09:27:46 +00:00
'id' => 'ID' ,
'include' => 'include' ,
'name' => 'display_name' ,
'registered_date' => 'registered' ,
'slug' => 'user_nicename' ,
'include_slugs' => 'nicename__in' ,
'email' => 'user_email' ,
'url' => 'user_url' ,
);
$prepared_args [ 'orderby' ] = $orderby_possibles [ $request [ 'orderby' ] ];
}
if ( isset ( $registered [ 'who' ] ) && ! empty ( $request [ 'who' ] ) && 'authors' === $request [ 'who' ] ) {
$prepared_args [ 'who' ] = 'authors' ;
} elseif ( ! current_user_can ( 'list_users' ) ) {
$prepared_args [ 'has_published_posts' ] = get_post_types ( array ( 'show_in_rest' => true ), 'names' );
}
if ( ! empty ( $prepared_args [ 'search' ] ) ) {
$prepared_args [ 'search' ] = '*' . $prepared_args [ 'search' ] . '*' ;
}
/**
* Filters WP_User_Query arguments when querying users via the REST API .
*
* @ link https :// developer . wordpress . org / reference / classes / wp_user_query /
*
* @ since 4.7 . 0
*
* @ param array $prepared_args Array of arguments for WP_User_Query .
* @ param WP_REST_Request $request The current request .
*/
$prepared_args = apply_filters ( 'rest_user_query' , $prepared_args , $request );
$query = new WP_User_Query ( $prepared_args );
$users = array ();
foreach ( $query -> results as $user ) {
2019-04-16 19:56:22 +00:00
$data = $this -> prepare_item_for_response ( $user , $request );
2019-03-12 09:27:46 +00:00
$users [] = $this -> prepare_response_for_collection ( $data );
}
$response = rest_ensure_response ( $users );
// Store pagination values for headers then unset for count query.
$per_page = ( int ) $prepared_args [ 'number' ];
$page = ceil ( ( ( ( int ) $prepared_args [ 'offset' ] ) / $per_page ) + 1 );
$prepared_args [ 'fields' ] = 'ID' ;
$total_users = $query -> get_total ();
if ( $total_users < 1 ) {
// Out-of-bounds, run the query again without LIMIT for total count.
unset ( $prepared_args [ 'number' ], $prepared_args [ 'offset' ] );
$count_query = new WP_User_Query ( $prepared_args );
$total_users = $count_query -> get_total ();
}
$response -> header ( 'X-WP-Total' , ( int ) $total_users );
$max_pages = ceil ( $total_users / $per_page );
$response -> header ( 'X-WP-TotalPages' , ( int ) $max_pages );
2019-05-08 07:05:39 +00:00
$base = add_query_arg ( urlencode_deep ( $request -> get_query_params () ), rest_url ( sprintf ( '%s/%s' , $this -> namespace , $this -> rest_base ) ) );
2019-03-12 09:27:46 +00:00
if ( $page > 1 ) {
$prev_page = $page - 1 ;
if ( $prev_page > $max_pages ) {
$prev_page = $max_pages ;
}
$prev_link = add_query_arg ( 'page' , $prev_page , $base );
$response -> link_header ( 'prev' , $prev_link );
}
if ( $max_pages > $page ) {
$next_page = $page + 1 ;
$next_link = add_query_arg ( 'page' , $next_page , $base );
$response -> link_header ( 'next' , $next_link );
}
return $response ;
}
/**
* Get the user , if the ID is valid .
*
* @ since 4.7 . 2
*
* @ param int $id Supplied ID .
* @ return WP_User | WP_Error True if ID is valid , WP_Error otherwise .
*/
protected function get_user ( $id ) {
$error = new WP_Error ( 'rest_user_invalid_id' , __ ( 'Invalid user ID.' ), array ( 'status' => 404 ) );
if ( ( int ) $id <= 0 ) {
return $error ;
}
$user = get_userdata ( ( int ) $id );
if ( empty ( $user ) || ! $user -> exists () ) {
return $error ;
}
if ( is_multisite () && ! is_user_member_of_blog ( $user -> ID ) ) {
return $error ;
}
return $user ;
}
/**
* Checks if a given request has access to read a user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return true | WP_Error True if the request has read access for the item , otherwise WP_Error object .
*/
public function get_item_permissions_check ( $request ) {
$user = $this -> get_user ( $request [ 'id' ] );
if ( is_wp_error ( $user ) ) {
return $user ;
}
$types = get_post_types ( array ( 'show_in_rest' => true ), 'names' );
if ( get_current_user_id () === $user -> ID ) {
return true ;
}
if ( 'edit' === $request [ 'context' ] && ! current_user_can ( 'list_users' ) ) {
return new WP_Error ( 'rest_user_cannot_view' , __ ( 'Sorry, you are not allowed to list users.' ), array ( 'status' => rest_authorization_required_code () ) );
} elseif ( ! count_user_posts ( $user -> ID , $types ) && ! current_user_can ( 'edit_user' , $user -> ID ) && ! current_user_can ( 'list_users' ) ) {
return new WP_Error ( 'rest_user_cannot_view' , __ ( 'Sorry, you are not allowed to list users.' ), array ( 'status' => rest_authorization_required_code () ) );
}
return true ;
}
/**
* Retrieves a single user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
public function get_item ( $request ) {
$user = $this -> get_user ( $request [ 'id' ] );
if ( is_wp_error ( $user ) ) {
return $user ;
}
2019-04-16 19:56:22 +00:00
$user = $this -> prepare_item_for_response ( $user , $request );
2019-03-12 09:27:46 +00:00
$response = rest_ensure_response ( $user );
return $response ;
}
/**
* Retrieves the current user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
public function get_current_item ( $request ) {
$current_user_id = get_current_user_id ();
if ( empty ( $current_user_id ) ) {
return new WP_Error ( 'rest_not_logged_in' , __ ( 'You are not currently logged in.' ), array ( 'status' => 401 ) );
}
$user = wp_get_current_user ();
$response = $this -> prepare_item_for_response ( $user , $request );
$response = rest_ensure_response ( $response );
return $response ;
}
/**
* Checks if a given request has access create users .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return true | WP_Error True if the request has access to create items , WP_Error object otherwise .
*/
public function create_item_permissions_check ( $request ) {
if ( ! current_user_can ( 'create_users' ) ) {
return new WP_Error ( 'rest_cannot_create_user' , __ ( 'Sorry, you are not allowed to create new users.' ), array ( 'status' => rest_authorization_required_code () ) );
}
return true ;
}
/**
* Creates a single user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
public function create_item ( $request ) {
if ( ! empty ( $request [ 'id' ] ) ) {
return new WP_Error ( 'rest_user_exists' , __ ( 'Cannot create existing user.' ), array ( 'status' => 400 ) );
}
$schema = $this -> get_item_schema ();
if ( ! empty ( $request [ 'roles' ] ) && ! empty ( $schema [ 'properties' ][ 'roles' ] ) ) {
$check_permission = $this -> check_role_update ( $request [ 'id' ], $request [ 'roles' ] );
if ( is_wp_error ( $check_permission ) ) {
return $check_permission ;
}
}
$user = $this -> prepare_item_for_database ( $request );
if ( is_multisite () ) {
$ret = wpmu_validate_user_signup ( $user -> user_login , $user -> user_email );
2019-04-16 19:56:22 +00:00
if ( is_wp_error ( $ret [ 'errors' ] ) && $ret [ 'errors' ] -> has_errors () ) {
2019-03-12 09:27:46 +00:00
$error = new WP_Error ( 'rest_invalid_param' , __ ( 'Invalid user parameter(s).' ), array ( 'status' => 400 ) );
foreach ( $ret [ 'errors' ] -> errors as $code => $messages ) {
foreach ( $messages as $message ) {
$error -> add ( $code , $message );
}
if ( $error_data = $error -> get_error_data ( $code ) ) {
$error -> add_data ( $error_data , $code );
}
}
return $error ;
}
}
if ( is_multisite () ) {
$user_id = wpmu_create_user ( $user -> user_login , $user -> user_pass , $user -> user_email );
if ( ! $user_id ) {
return new WP_Error ( 'rest_user_create' , __ ( 'Error creating new user.' ), array ( 'status' => 500 ) );
}
$user -> ID = $user_id ;
$user_id = wp_update_user ( wp_slash ( ( array ) $user ) );
if ( is_wp_error ( $user_id ) ) {
return $user_id ;
}
2019-04-16 19:56:22 +00:00
$result = add_user_to_blog ( get_site () -> id , $user_id , '' );
2019-03-12 09:27:46 +00:00
if ( is_wp_error ( $result ) ) {
return $result ;
}
} else {
$user_id = wp_insert_user ( wp_slash ( ( array ) $user ) );
if ( is_wp_error ( $user_id ) ) {
return $user_id ;
}
}
$user = get_user_by ( 'id' , $user_id );
/**
* Fires immediately after a user is created or updated via the REST API .
*
* @ since 4.7 . 0
*
* @ param WP_User $user Inserted or updated user object .
* @ param WP_REST_Request $request Request object .
* @ param bool $creating True when creating a user , false when updating .
*/
do_action ( 'rest_insert_user' , $user , $request , true );
if ( ! empty ( $request [ 'roles' ] ) && ! empty ( $schema [ 'properties' ][ 'roles' ] ) ) {
array_map ( array ( $user , 'add_role' ), $request [ 'roles' ] );
}
if ( ! empty ( $schema [ 'properties' ][ 'meta' ] ) && isset ( $request [ 'meta' ] ) ) {
$meta_update = $this -> meta -> update_value ( $request [ 'meta' ], $user_id );
if ( is_wp_error ( $meta_update ) ) {
return $meta_update ;
}
}
2019-04-16 19:56:22 +00:00
$user = get_user_by ( 'id' , $user_id );
2019-03-12 09:27:46 +00:00
$fields_update = $this -> update_additional_fields_for_object ( $user , $request );
if ( is_wp_error ( $fields_update ) ) {
return $fields_update ;
}
$request -> set_param ( 'context' , 'edit' );
/**
* Fires after a user is completely created or updated via the REST API .
*
* @ since 5.0 . 0
*
* @ param WP_User $user Inserted or updated user object .
* @ param WP_REST_Request $request Request object .
* @ param bool $creating True when creating a user , false when updating .
*/
do_action ( 'rest_after_insert_user' , $user , $request , true );
$response = $this -> prepare_item_for_response ( $user , $request );
$response = rest_ensure_response ( $response );
$response -> set_status ( 201 );
$response -> header ( 'Location' , rest_url ( sprintf ( '%s/%s/%d' , $this -> namespace , $this -> rest_base , $user_id ) ) );
return $response ;
}
/**
* Checks if a given request has access to update a user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return true | WP_Error True if the request has access to update the item , WP_Error object otherwise .
*/
public function update_item_permissions_check ( $request ) {
$user = $this -> get_user ( $request [ 'id' ] );
if ( is_wp_error ( $user ) ) {
return $user ;
}
if ( ! empty ( $request [ 'roles' ] ) ) {
if ( ! current_user_can ( 'promote_user' , $user -> ID ) ) {
return new WP_Error ( 'rest_cannot_edit_roles' , __ ( 'Sorry, you are not allowed to edit roles of this user.' ), array ( 'status' => rest_authorization_required_code () ) );
}
$request_params = array_keys ( $request -> get_params () );
sort ( $request_params );
// If only 'id' and 'roles' are specified (we are only trying to
// edit roles), then only the 'promote_user' cap is required.
if ( $request_params === array ( 'id' , 'roles' ) ) {
return true ;
}
}
if ( ! current_user_can ( 'edit_user' , $user -> ID ) ) {
return new WP_Error ( 'rest_cannot_edit' , __ ( 'Sorry, you are not allowed to edit this user.' ), array ( 'status' => rest_authorization_required_code () ) );
}
return true ;
}
/**
* Updates a single user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
public function update_item ( $request ) {
$user = $this -> get_user ( $request [ 'id' ] );
if ( is_wp_error ( $user ) ) {
return $user ;
}
$id = $user -> ID ;
if ( ! $user ) {
return new WP_Error ( 'rest_user_invalid_id' , __ ( 'Invalid user ID.' ), array ( 'status' => 404 ) );
}
2019-04-16 19:56:22 +00:00
$owner_id = email_exists ( $request [ 'email' ] );
if ( $owner_id && $owner_id !== $id ) {
2019-03-12 09:27:46 +00:00
return new WP_Error ( 'rest_user_invalid_email' , __ ( 'Invalid email address.' ), array ( 'status' => 400 ) );
}
if ( ! empty ( $request [ 'username' ] ) && $request [ 'username' ] !== $user -> user_login ) {
return new WP_Error ( 'rest_user_invalid_argument' , __ ( " Username isn't editable. " ), array ( 'status' => 400 ) );
}
if ( ! empty ( $request [ 'slug' ] ) && $request [ 'slug' ] !== $user -> user_nicename && get_user_by ( 'slug' , $request [ 'slug' ] ) ) {
return new WP_Error ( 'rest_user_invalid_slug' , __ ( 'Invalid slug.' ), array ( 'status' => 400 ) );
}
if ( ! empty ( $request [ 'roles' ] ) ) {
$check_permission = $this -> check_role_update ( $id , $request [ 'roles' ] );
if ( is_wp_error ( $check_permission ) ) {
return $check_permission ;
}
}
$user = $this -> prepare_item_for_database ( $request );
// Ensure we're operating on the same user we already checked.
$user -> ID = $id ;
$user_id = wp_update_user ( wp_slash ( ( array ) $user ) );
if ( is_wp_error ( $user_id ) ) {
return $user_id ;
}
$user = get_user_by ( 'id' , $user_id );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
do_action ( 'rest_insert_user' , $user , $request , false );
if ( ! empty ( $request [ 'roles' ] ) ) {
array_map ( array ( $user , 'add_role' ), $request [ 'roles' ] );
}
$schema = $this -> get_item_schema ();
if ( ! empty ( $schema [ 'properties' ][ 'meta' ] ) && isset ( $request [ 'meta' ] ) ) {
$meta_update = $this -> meta -> update_value ( $request [ 'meta' ], $id );
if ( is_wp_error ( $meta_update ) ) {
return $meta_update ;
}
}
2019-04-16 19:56:22 +00:00
$user = get_user_by ( 'id' , $user_id );
2019-03-12 09:27:46 +00:00
$fields_update = $this -> update_additional_fields_for_object ( $user , $request );
if ( is_wp_error ( $fields_update ) ) {
return $fields_update ;
}
$request -> set_param ( 'context' , 'edit' );
/** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
do_action ( 'rest_after_insert_user' , $user , $request , false );
$response = $this -> prepare_item_for_response ( $user , $request );
$response = rest_ensure_response ( $response );
return $response ;
}
/**
* Checks if a given request has access to update the current user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return true | WP_Error True if the request has access to update the item , WP_Error object otherwise .
*/
public function update_current_item_permissions_check ( $request ) {
$request [ 'id' ] = get_current_user_id ();
return $this -> update_item_permissions_check ( $request );
}
/**
* Updates the current user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
function update_current_item ( $request ) {
$request [ 'id' ] = get_current_user_id ();
return $this -> update_item ( $request );
}
/**
* Checks if a given request has access delete a user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return true | WP_Error True if the request has access to delete the item , WP_Error object otherwise .
*/
public function delete_item_permissions_check ( $request ) {
$user = $this -> get_user ( $request [ 'id' ] );
if ( is_wp_error ( $user ) ) {
return $user ;
}
if ( ! current_user_can ( 'delete_user' , $user -> ID ) ) {
return new WP_Error ( 'rest_user_cannot_delete' , __ ( 'Sorry, you are not allowed to delete this user.' ), array ( 'status' => rest_authorization_required_code () ) );
}
return true ;
}
/**
* Deletes a single user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
public function delete_item ( $request ) {
// We don't support delete requests in multisite.
if ( is_multisite () ) {
return new WP_Error ( 'rest_cannot_delete' , __ ( 'The user cannot be deleted.' ), array ( 'status' => 501 ) );
}
$user = $this -> get_user ( $request [ 'id' ] );
if ( is_wp_error ( $user ) ) {
return $user ;
}
$id = $user -> ID ;
$reassign = false === $request [ 'reassign' ] ? null : absint ( $request [ 'reassign' ] );
$force = isset ( $request [ 'force' ] ) ? ( bool ) $request [ 'force' ] : false ;
// We don't support trashing for users.
if ( ! $force ) {
/* translators: %s: force=true */
return new WP_Error ( 'rest_trash_not_supported' , sprintf ( __ ( " Users do not support trashing. Set '%s' to delete. " ), 'force=true' ), array ( 'status' => 501 ) );
}
if ( ! empty ( $reassign ) ) {
if ( $reassign === $id || ! get_userdata ( $reassign ) ) {
return new WP_Error ( 'rest_user_invalid_reassign' , __ ( 'Invalid user ID for reassignment.' ), array ( 'status' => 400 ) );
}
}
$request -> set_param ( 'context' , 'edit' );
$previous = $this -> prepare_item_for_response ( $user , $request );
/** Include admin user functions to get access to wp_delete_user() */
require_once ABSPATH . 'wp-admin/includes/user.php' ;
$result = wp_delete_user ( $id , $reassign );
if ( ! $result ) {
return new WP_Error ( 'rest_cannot_delete' , __ ( 'The user cannot be deleted.' ), array ( 'status' => 500 ) );
}
$response = new WP_REST_Response ();
2019-04-16 19:56:22 +00:00
$response -> set_data (
array (
'deleted' => true ,
'previous' => $previous -> get_data (),
)
);
2019-03-12 09:27:46 +00:00
/**
* Fires immediately after a user is deleted via the REST API .
*
* @ since 4.7 . 0
*
* @ param WP_User $user The user data .
* @ param WP_REST_Response $response The response returned from the API .
* @ param WP_REST_Request $request The request sent to the API .
*/
do_action ( 'rest_delete_user' , $user , $response , $request );
return $response ;
}
/**
* Checks if a given request has access to delete the current user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return true | WP_Error True if the request has access to delete the item , WP_Error object otherwise .
*/
public function delete_current_item_permissions_check ( $request ) {
$request [ 'id' ] = get_current_user_id ();
return $this -> delete_item_permissions_check ( $request );
}
/**
* Deletes the current user .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Full details about the request .
* @ return WP_REST_Response | WP_Error Response object on success , or WP_Error object on failure .
*/
function delete_current_item ( $request ) {
$request [ 'id' ] = get_current_user_id ();
return $this -> delete_item ( $request );
}
/**
* Prepares a single user output for response .
*
* @ since 4.7 . 0
*
* @ param WP_User $user User object .
* @ param WP_REST_Request $request Request object .
* @ return WP_REST_Response Response object .
*/
public function prepare_item_for_response ( $user , $request ) {
$data = array ();
$fields = $this -> get_fields_for_response ( $request );
if ( in_array ( 'id' , $fields , true ) ) {
$data [ 'id' ] = $user -> ID ;
}
if ( in_array ( 'username' , $fields , true ) ) {
$data [ 'username' ] = $user -> user_login ;
}
if ( in_array ( 'name' , $fields , true ) ) {
$data [ 'name' ] = $user -> display_name ;
}
if ( in_array ( 'first_name' , $fields , true ) ) {
$data [ 'first_name' ] = $user -> first_name ;
}
if ( in_array ( 'last_name' , $fields , true ) ) {
$data [ 'last_name' ] = $user -> last_name ;
}
if ( in_array ( 'email' , $fields , true ) ) {
$data [ 'email' ] = $user -> user_email ;
}
if ( in_array ( 'url' , $fields , true ) ) {
$data [ 'url' ] = $user -> user_url ;
}
if ( in_array ( 'description' , $fields , true ) ) {
$data [ 'description' ] = $user -> description ;
}
if ( in_array ( 'link' , $fields , true ) ) {
$data [ 'link' ] = get_author_posts_url ( $user -> ID , $user -> user_nicename );
}
if ( in_array ( 'locale' , $fields , true ) ) {
$data [ 'locale' ] = get_user_locale ( $user );
}
if ( in_array ( 'nickname' , $fields , true ) ) {
$data [ 'nickname' ] = $user -> nickname ;
}
if ( in_array ( 'slug' , $fields , true ) ) {
$data [ 'slug' ] = $user -> user_nicename ;
}
if ( in_array ( 'roles' , $fields , true ) ) {
// Defensively call array_values() to ensure an array is returned.
$data [ 'roles' ] = array_values ( $user -> roles );
}
if ( in_array ( 'registered_date' , $fields , true ) ) {
$data [ 'registered_date' ] = date ( 'c' , strtotime ( $user -> user_registered ) );
}
if ( in_array ( 'capabilities' , $fields , true ) ) {
$data [ 'capabilities' ] = ( object ) $user -> allcaps ;
}
if ( in_array ( 'extra_capabilities' , $fields , true ) ) {
$data [ 'extra_capabilities' ] = ( object ) $user -> caps ;
}
if ( in_array ( 'avatar_urls' , $fields , true ) ) {
$data [ 'avatar_urls' ] = rest_get_avatar_urls ( $user -> user_email );
}
if ( in_array ( 'meta' , $fields , true ) ) {
$data [ 'meta' ] = $this -> meta -> get_value ( $user -> ID , $request );
}
$context = ! empty ( $request [ 'context' ] ) ? $request [ 'context' ] : 'embed' ;
$data = $this -> add_additional_fields_to_object ( $data , $request );
$data = $this -> filter_response_by_context ( $data , $context );
// Wrap the data in a response object.
$response = rest_ensure_response ( $data );
$response -> add_links ( $this -> prepare_links ( $user ) );
/**
* Filters user data returned from the REST API .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Response $response The response object .
* @ param object $user User object used to create response .
* @ param WP_REST_Request $request Request object .
*/
return apply_filters ( 'rest_prepare_user' , $response , $user , $request );
}
/**
* Prepares links for the user request .
*
* @ since 4.7 . 0
*
* @ param WP_Post $user User object .
* @ return array Links for the given user .
*/
protected function prepare_links ( $user ) {
$links = array (
2019-04-16 19:56:22 +00:00
'self' => array (
2019-03-12 09:27:46 +00:00
'href' => rest_url ( sprintf ( '%s/%s/%d' , $this -> namespace , $this -> rest_base , $user -> ID ) ),
),
'collection' => array (
'href' => rest_url ( sprintf ( '%s/%s' , $this -> namespace , $this -> rest_base ) ),
),
);
return $links ;
}
/**
* Prepares a single user for creation or update .
*
* @ since 4.7 . 0
*
* @ param WP_REST_Request $request Request object .
* @ return object $prepared_user User object .
*/
protected function prepare_item_for_database ( $request ) {
$prepared_user = new stdClass ;
$schema = $this -> get_item_schema ();
// required arguments.
if ( isset ( $request [ 'email' ] ) && ! empty ( $schema [ 'properties' ][ 'email' ] ) ) {
$prepared_user -> user_email = $request [ 'email' ];
}
if ( isset ( $request [ 'username' ] ) && ! empty ( $schema [ 'properties' ][ 'username' ] ) ) {
$prepared_user -> user_login = $request [ 'username' ];
}
if ( isset ( $request [ 'password' ] ) && ! empty ( $schema [ 'properties' ][ 'password' ] ) ) {
$prepared_user -> user_pass = $request [ 'password' ];
}
// optional arguments.
if ( isset ( $request [ 'id' ] ) ) {
$prepared_user -> ID = absint ( $request [ 'id' ] );
}
if ( isset ( $request [ 'name' ] ) && ! empty ( $schema [ 'properties' ][ 'name' ] ) ) {
$prepared_user -> display_name = $request [ 'name' ];
}
if ( isset ( $request [ 'first_name' ] ) && ! empty ( $schema [ 'properties' ][ 'first_name' ] ) ) {
$prepared_user -> first_name = $request [ 'first_name' ];
}
if ( isset ( $request [ 'last_name' ] ) && ! empty ( $schema [ 'properties' ][ 'last_name' ] ) ) {
$prepared_user -> last_name = $request [ 'last_name' ];
}
if ( isset ( $request [ 'nickname' ] ) && ! empty ( $schema [ 'properties' ][ 'nickname' ] ) ) {
$prepared_user -> nickname = $request [ 'nickname' ];
}
if ( isset ( $request [ 'slug' ] ) && ! empty ( $schema [ 'properties' ][ 'slug' ] ) ) {
$prepared_user -> user_nicename = $request [ 'slug' ];
}
if ( isset ( $request [ 'description' ] ) && ! empty ( $schema [ 'properties' ][ 'description' ] ) ) {
$prepared_user -> description = $request [ 'description' ];
}
if ( isset ( $request [ 'url' ] ) && ! empty ( $schema [ 'properties' ][ 'url' ] ) ) {
$prepared_user -> user_url = $request [ 'url' ];
}
if ( isset ( $request [ 'locale' ] ) && ! empty ( $schema [ 'properties' ][ 'locale' ] ) ) {
$prepared_user -> locale = $request [ 'locale' ];
}
// setting roles will be handled outside of this function.
if ( isset ( $request [ 'roles' ] ) ) {
$prepared_user -> role = false ;
}
/**
* Filters user data before insertion via the REST API .
*
* @ since 4.7 . 0
*
* @ param object $prepared_user User object .
* @ param WP_REST_Request $request Request object .
*/
return apply_filters ( 'rest_pre_insert_user' , $prepared_user , $request );
}
/**
* Determines if the current user is allowed to make the desired roles change .
*
* @ since 4.7 . 0
*
* @ param integer $user_id User ID .
* @ param array $roles New user roles .
* @ return true | WP_Error True if the current user is allowed to make the role change ,
* otherwise a WP_Error object .
*/
protected function check_role_update ( $user_id , $roles ) {
global $wp_roles ;
foreach ( $roles as $role ) {
if ( ! isset ( $wp_roles -> role_objects [ $role ] ) ) {
/* translators: %s: role key */
return new WP_Error ( 'rest_user_invalid_role' , sprintf ( __ ( 'The role %s does not exist.' ), $role ), array ( 'status' => 400 ) );
}
$potential_role = $wp_roles -> role_objects [ $role ];
/*
* Don 't let anyone with ' edit_users ' ( admins ) edit their own role to something without it .
* Multisite super admins can freely edit their blog roles -- they possess all caps .
*/
if ( ! ( is_multisite ()
&& current_user_can ( 'manage_sites' ) )
&& get_current_user_id () === $user_id
&& ! $potential_role -> has_cap ( 'edit_users' )
) {
return new WP_Error ( 'rest_user_invalid_role' , __ ( 'Sorry, you are not allowed to give users that role.' ), array ( 'status' => rest_authorization_required_code () ) );
}
/** Include admin functions to get access to get_editable_roles() */
require_once ABSPATH . 'wp-admin/includes/admin.php' ;
// The new role must be editable by the logged-in user.
$editable_roles = get_editable_roles ();
if ( empty ( $editable_roles [ $role ] ) ) {
return new WP_Error ( 'rest_user_invalid_role' , __ ( 'Sorry, you are not allowed to give users that role.' ), array ( 'status' => 403 ) );
}
}
return true ;
}
/**
* Check a username for the REST API .
*
* Performs a couple of checks like edit_user () in wp - admin / includes / user . php .
*
* @ since 4.7 . 0
*
* @ param mixed $value The username submitted in the request .
* @ param WP_REST_Request $request Full details about the request .
* @ param string $param The parameter name .
* @ return WP_Error | string The sanitized username , if valid , otherwise an error .
*/
public function check_username ( $value , $request , $param ) {
$username = ( string ) $value ;
if ( ! validate_username ( $username ) ) {
return new WP_Error ( 'rest_user_invalid_username' , __ ( 'Username contains invalid characters.' ), array ( 'status' => 400 ) );
}
/** This filter is documented in wp-includes/user.php */
$illegal_logins = ( array ) apply_filters ( 'illegal_user_logins' , array () );
if ( in_array ( strtolower ( $username ), array_map ( 'strtolower' , $illegal_logins ) ) ) {
return new WP_Error ( 'rest_user_invalid_username' , __ ( 'Sorry, that username is not allowed.' ), array ( 'status' => 400 ) );
}
return $username ;
}
/**
* Check a user password for the REST API .
*
* Performs a couple of checks like edit_user () in wp - admin / includes / user . php .
*
* @ since 4.7 . 0
*
* @ param mixed $value The password submitted in the request .
* @ param WP_REST_Request $request Full details about the request .
* @ param string $param The parameter name .
* @ return WP_Error | string The sanitized password , if valid , otherwise an error .
*/
public function check_user_password ( $value , $request , $param ) {
$password = ( string ) $value ;
if ( empty ( $password ) ) {
return new WP_Error ( 'rest_user_invalid_password' , __ ( 'Passwords cannot be empty.' ), array ( 'status' => 400 ) );
}
2019-04-16 19:56:22 +00:00
if ( false !== strpos ( $password , '\\' ) ) {
2019-03-12 09:27:46 +00:00
return new WP_Error ( 'rest_user_invalid_password' , __ ( 'Passwords cannot contain the "\\" character.' ), array ( 'status' => 400 ) );
}
return $password ;
}
/**
* Retrieves the user ' s schema , conforming to JSON Schema .
*
* @ since 4.7 . 0
*
* @ return array Item schema data .
*/
public function get_item_schema () {
$schema = array (
'$schema' => 'http://json-schema.org/draft-04/schema#' ,
'title' => 'user' ,
'type' => 'object' ,
'properties' => array (
2019-04-16 19:56:22 +00:00
'id' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Unique identifier for the user.' ),
'type' => 'integer' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
'readonly' => true ,
),
2019-04-16 19:56:22 +00:00
'username' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Login name for the user.' ),
'type' => 'string' ,
'context' => array ( 'edit' ),
'required' => true ,
'arg_options' => array (
'sanitize_callback' => array ( $this , 'check_username' ),
),
),
2019-04-16 19:56:22 +00:00
'name' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Display name for the user.' ),
'type' => 'string' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
'arg_options' => array (
'sanitize_callback' => 'sanitize_text_field' ,
),
),
2019-04-16 19:56:22 +00:00
'first_name' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'First name for the user.' ),
'type' => 'string' ,
'context' => array ( 'edit' ),
'arg_options' => array (
'sanitize_callback' => 'sanitize_text_field' ,
),
),
2019-04-16 19:56:22 +00:00
'last_name' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Last name for the user.' ),
'type' => 'string' ,
'context' => array ( 'edit' ),
'arg_options' => array (
'sanitize_callback' => 'sanitize_text_field' ,
),
),
2019-04-16 19:56:22 +00:00
'email' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'The email address for the user.' ),
'type' => 'string' ,
'format' => 'email' ,
'context' => array ( 'edit' ),
'required' => true ,
),
2019-04-16 19:56:22 +00:00
'url' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'URL of the user.' ),
'type' => 'string' ,
'format' => 'uri' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
),
2019-04-16 19:56:22 +00:00
'description' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Description of the user.' ),
'type' => 'string' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
),
2019-04-16 19:56:22 +00:00
'link' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Author URL of the user.' ),
'type' => 'string' ,
'format' => 'uri' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
'readonly' => true ,
),
2019-04-16 19:56:22 +00:00
'locale' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Locale for the user.' ),
'type' => 'string' ,
'enum' => array_merge ( array ( '' , 'en_US' ), get_available_languages () ),
'context' => array ( 'edit' ),
),
2019-04-16 19:56:22 +00:00
'nickname' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'The nickname for the user.' ),
'type' => 'string' ,
'context' => array ( 'edit' ),
'arg_options' => array (
'sanitize_callback' => 'sanitize_text_field' ,
),
),
2019-04-16 19:56:22 +00:00
'slug' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'An alphanumeric identifier for the user.' ),
'type' => 'string' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
'arg_options' => array (
'sanitize_callback' => array ( $this , 'sanitize_slug' ),
),
),
2019-04-16 19:56:22 +00:00
'registered_date' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Registration date for the user.' ),
'type' => 'string' ,
'format' => 'date-time' ,
'context' => array ( 'edit' ),
'readonly' => true ,
),
2019-04-16 19:56:22 +00:00
'roles' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Roles assigned to the user.' ),
'type' => 'array' ,
'items' => array (
2019-04-16 19:56:22 +00:00
'type' => 'string' ,
2019-03-12 09:27:46 +00:00
),
'context' => array ( 'edit' ),
),
2019-04-16 19:56:22 +00:00
'password' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Password for the user (never included).' ),
'type' => 'string' ,
'context' => array (), // Password is never displayed.
'required' => true ,
'arg_options' => array (
'sanitize_callback' => array ( $this , 'check_user_password' ),
),
),
2019-04-16 19:56:22 +00:00
'capabilities' => array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'All capabilities assigned to the user.' ),
'type' => 'object' ,
'context' => array ( 'edit' ),
'readonly' => true ,
),
'extra_capabilities' => array (
'description' => __ ( 'Any extra capabilities assigned to the user.' ),
'type' => 'object' ,
'context' => array ( 'edit' ),
'readonly' => true ,
),
),
);
if ( get_option ( 'show_avatars' ) ) {
$avatar_properties = array ();
$avatar_sizes = rest_get_avatar_sizes ();
foreach ( $avatar_sizes as $size ) {
$avatar_properties [ $size ] = array (
/* translators: %d: avatar image size in pixels */
'description' => sprintf ( __ ( 'Avatar URL with image size of %d pixels.' ), $size ),
'type' => 'string' ,
'format' => 'uri' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
);
}
2019-04-16 19:56:22 +00:00
$schema [ 'properties' ][ 'avatar_urls' ] = array (
2019-03-12 09:27:46 +00:00
'description' => __ ( 'Avatar URLs for the user.' ),
'type' => 'object' ,
'context' => array ( 'embed' , 'view' , 'edit' ),
'readonly' => true ,
'properties' => $avatar_properties ,
);
}
$schema [ 'properties' ][ 'meta' ] = $this -> meta -> get_field_schema ();
return $this -> add_additional_fields_schema ( $schema );
}
/**
* Retrieves the query params for collections .
*
* @ since 4.7 . 0
*
* @ return array Collection parameters .
*/
public function get_collection_params () {
$query_params = parent :: get_collection_params ();
$query_params [ 'context' ][ 'default' ] = 'view' ;
$query_params [ 'exclude' ] = array (
2019-04-16 19:56:22 +00:00
'description' => __ ( 'Ensure result set excludes specific IDs.' ),
'type' => 'array' ,
'items' => array (
'type' => 'integer' ,
2019-03-12 09:27:46 +00:00
),
2019-04-16 19:56:22 +00:00
'default' => array (),
2019-03-12 09:27:46 +00:00
);
$query_params [ 'include' ] = array (
2019-04-16 19:56:22 +00:00
'description' => __ ( 'Limit result set to specific IDs.' ),
'type' => 'array' ,
'items' => array (
'type' => 'integer' ,
2019-03-12 09:27:46 +00:00
),
2019-04-16 19:56:22 +00:00
'default' => array (),
2019-03-12 09:27:46 +00:00
);
$query_params [ 'offset' ] = array (
2019-04-16 19:56:22 +00:00
'description' => __ ( 'Offset the result set by a specific number of items.' ),
'type' => 'integer' ,
2019-03-12 09:27:46 +00:00
);
$query_params [ 'order' ] = array (
2019-04-16 19:56:22 +00:00
'default' => 'asc' ,
'description' => __ ( 'Order sort attribute ascending or descending.' ),
'enum' => array ( 'asc' , 'desc' ),
'type' => 'string' ,
2019-03-12 09:27:46 +00:00
);
$query_params [ 'orderby' ] = array (
2019-04-16 19:56:22 +00:00
'default' => 'name' ,
'description' => __ ( 'Sort collection by object attribute.' ),
'enum' => array (
2019-03-12 09:27:46 +00:00
'id' ,
'include' ,
'name' ,
'registered_date' ,
'slug' ,
'include_slugs' ,
'email' ,
'url' ,
),
2019-04-16 19:56:22 +00:00
'type' => 'string' ,
2019-03-12 09:27:46 +00:00
);
2019-04-16 19:56:22 +00:00
$query_params [ 'slug' ] = array (
'description' => __ ( 'Limit result set to users with one or more specific slugs.' ),
'type' => 'array' ,
'items' => array (
'type' => 'string' ,
2019-03-12 09:27:46 +00:00
),
);
2019-04-16 19:56:22 +00:00
$query_params [ 'roles' ] = array (
'description' => __ ( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ),
'type' => 'array' ,
'items' => array (
'type' => 'string' ,
2019-03-12 09:27:46 +00:00
),
);
$query_params [ 'who' ] = array (
'description' => __ ( 'Limit result set to users who are considered authors.' ),
'type' => 'string' ,
'enum' => array (
'authors' ,
),
);
/**
* Filter collection parameters for the users controller .
*
* This filter registers the collection parameter , but does not map the
* collection parameter to an internal WP_User_Query parameter . Use the
* `rest_user_query` filter to set WP_User_Query arguments .
*
* @ since 4.7 . 0
*
* @ param array $query_params JSON Schema - formatted collection parameters .
*/
return apply_filters ( 'rest_user_collection_params' , $query_params );
}
}