Commit Graph

39 Commits

Author SHA1 Message Date
Felix Arntz eb8457d3f4 REST API: Do not allow access to users from a different site in multisite.
It has been unintendedly possible to both view and edit users from a different site than the current site in multisite environments. Moreover, when passing roles to a user in an update request, that user would implicitly be added to the current site.

This changeset removes the incorrect behavior for now in order to be able to provide a proper REST API workflow for managing multisite users in the near future. Related unit tests have been adjusted as well.

Props jnylen0, jeremyfelt, johnjamesjacoby.
Fixes #39701.

Built from https://develop.svn.wordpress.org/trunk@40106


git-svn-id: http://core.svn.wordpress.org/trunk@40043 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-02-23 22:37:44 +00:00
Joe Hoyle e357195ce3 REST API: Unify object access handling for simplicity.
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.

See #38792.
Built from https://develop.svn.wordpress.org/trunk@39954


git-svn-id: http://core.svn.wordpress.org/trunk@39891 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-26 13:39:41 +00:00
Aaron Campbell daf358983c REST API: Change which users are shown in the users endpoint.
Only show users that have authored a post of a post type that has `show_in_rest` set to true.

Props rachelbaker, jnylen0.
See #38878.


Built from https://develop.svn.wordpress.org/trunk@39843


git-svn-id: http://core.svn.wordpress.org/trunk@39781 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-11 14:14:42 +00:00
Sergey Biryukov fd78085a92 Docs: Correct `rest_insert_*` duplicate hook references in REST API.
Props keesiemeijer.
Fixes #39371.
Built from https://develop.svn.wordpress.org/trunk@39671


git-svn-id: http://core.svn.wordpress.org/trunk@39611 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-01-04 13:23:40 +00:00
John Blackbourn 80a839de13 Docs: Misc corrections and additions to inline documentation.
See #39130
Props keesiemeijer

Built from https://develop.svn.wordpress.org/trunk@39639


git-svn-id: http://core.svn.wordpress.org/trunk@39579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-27 09:28:40 +00:00
James Nylen 5b39869860 REST API: Improve the `rest_*_collection_params` filter docs and fix the terms filter.
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using
single quotes instead of double quotes, which means it is not working correctly
as a dynamic filter.  This fixes the quotes around the filter name, and also
updates the docblocks for the other 3 similar filters for better conformance to
the documentation standards.

Props shazahm1hotmailcom, JPry, jnylen0.
Fixes #39300.

Built from https://develop.svn.wordpress.org/trunk@39621


git-svn-id: http://core.svn.wordpress.org/trunk@39561 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-20 01:37:40 +00:00
Jeremy Felt 1797ea7098 REST API: Disable `DELETE` requests for users in multisite.
In wp-admin, users are removed from individual sites rather than deleted. A user can only be deleted from the network admin.

Until support for a `PUT` request that removes a user's site and content associations is available, `DELETE` requests are disabled to avoid possible issues with lost content.

Props jnylen0, rachelbaker.
Fixes #38962.

Built from https://develop.svn.wordpress.org/trunk@39438


git-svn-id: http://core.svn.wordpress.org/trunk@39378 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 22:10:42 +00:00
Gary Pendergast 161a41e44c REST API: Require the reassign parameter when deleting users.
When deleting a user through the WordPress admin, a specific decision is presented - whether to assign all of the user's posts to another user, or to delete all of the posts.

This change requires `reassign` as a parameter in the corresponding REST API endpoint, so that content isn't accidentally lost.

Props jeremyfelt.
Fixes #39000.


Built from https://develop.svn.wordpress.org/trunk@39426


git-svn-id: http://core.svn.wordpress.org/trunk@39366 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-02 06:54:42 +00:00
Rachel Baker 606c9905ef REST API: Fix incorrect uses of `rest_sanitize_value_from_schema()`.
In the `check_username()` and `check_password()` callbacks in the Users controller cast the provided request value to a string. The `rest_sanitize_value_from_schema()` function was being used incorrectly which was causing unintended request parsing. 
In `rest_sanitize_request_arg()` do not pass nonexistent third parameter for the `rest_sanitize_value_from_schema()` function.

Props jnylen0, joehoyle, rachelbaker, ocean90.
Fixes #38984.
Built from https://develop.svn.wordpress.org/trunk@39400


git-svn-id: http://core.svn.wordpress.org/trunk@39340 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-01 02:12:41 +00:00
Rachel Baker a985a4d126 REST API: Always fire the `rest_insert_*` actions after the related object is updated or inserted.
Brings consistency to the `rest_insert_*` actions. Also includes some shuffling and clean-up as well including:
- Ensure we are passing the most current `$post` and `$user` objects to the `update_additional_fields_for_object()` callbacks.
- Changes the function signature of `handle_status_param()` in the Comments controller to accept just the comment_id as the 2nd parameter, instead of a full WP_Comment object. Only the comment_id is needed in the method, this avoids having to include another `get_comment()` call. 
- Renames a variable in the `create_item()` method of the Posts controller from `$post` -> `$prepared_post` to be more explicit.
- Minor fixes/clarifications to the rest_insert_* hook docs

Props rachelbaker, joehoyle
Fixes #38905.
Built from https://develop.svn.wordpress.org/trunk@39348


git-svn-id: http://core.svn.wordpress.org/trunk@39288 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 15:33:31 +00:00
Joe Hoyle d711f2c18d REST API: Update “resource” strings to use the appropriate nouns.
Props ramiy.
Fixes #38811.
Built from https://develop.svn.wordpress.org/trunk@39342


git-svn-id: http://core.svn.wordpress.org/trunk@39282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-23 02:42:30 +00:00
Sergey Biryukov 4811484433 REST API: Merge some more permission error strings missed in [39309].
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39313


git-svn-id: http://core.svn.wordpress.org/trunk@39253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:21:31 +00:00
Sergey Biryukov dca7d8d0ea Text Changes: Merge strings referring to `list_users` capability.
See #38857.
Built from https://develop.svn.wordpress.org/trunk@39312


git-svn-id: http://core.svn.wordpress.org/trunk@39252 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 02:16:30 +00:00
Sergey Biryukov 5ded4db04c REST API: Merge and clarify some permission error strings.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39309


git-svn-id: http://core.svn.wordpress.org/trunk@39249 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-19 01:46:32 +00:00
Sergey Biryukov 9cb0a09d1f REST API: Merge two similar permission error strings.
Props ramiy.
Fixes #38857.
Built from https://develop.svn.wordpress.org/trunk@39304


git-svn-id: http://core.svn.wordpress.org/trunk@39244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-18 23:53:30 +00:00
Sergey Biryukov acc30b09d7 Text Changes: Merge some duplicate strings with the same meaning in error messages, adjust some other strings for consistency and accuracy.
Props ramiy, SergeyBiryukov.
Fixes #38808.
Built from https://develop.svn.wordpress.org/trunk@39278


git-svn-id: http://core.svn.wordpress.org/trunk@39218 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-17 15:53:33 +00:00
Sergey Biryukov b92266a72b REST API: After [39252] and [39264], uppercase some more 'ID' references in translatable strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39266


git-svn-id: http://core.svn.wordpress.org/trunk@39206 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 13:28:37 +00:00
Sergey Biryukov ce74afdae2 REST API: Uppercase 'ID' in endpoint descriptions and error messages for consistency with other strings.
See #38791.
Built from https://develop.svn.wordpress.org/trunk@39264


git-svn-id: http://core.svn.wordpress.org/trunk@39204 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-16 12:18:33 +00:00
Sergey Biryukov 07cf16f7ba REST API: Unify permission error messages.
Props ramiy.
Fixes #38803.
Built from https://develop.svn.wordpress.org/trunk@39257


git-svn-id: http://core.svn.wordpress.org/trunk@39197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 22:23:30 +00:00
Joe Hoyle d049f72459 REST API: Clean up argument and property types.
There's a couple of places where we were missing type notes for arguments, which mainly affects documentation.

Props jnylen0.
Fixes #38792.

Built from https://develop.svn.wordpress.org/trunk@39250


git-svn-id: http://core.svn.wordpress.org/trunk@39190 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 18:16:30 +00:00
Ryan McCue 0f5a44e093 REST API: Move translator comments to preceding line.
Inline translator comments break POT file generation.

Props dd32.
See #38791.

Built from https://develop.svn.wordpress.org/trunk@39239


git-svn-id: http://core.svn.wordpress.org/trunk@39179 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 05:39:32 +00:00
Ryan McCue 705f17cea2 REST API: Add translator comments to text with placeholders.
Props dimadin.
Fixes #38791.

Built from https://develop.svn.wordpress.org/trunk@39238


git-svn-id: http://core.svn.wordpress.org/trunk@39178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-15 04:28:31 +00:00
Joe Hoyle a4fa8c528f REST API: Make all collection params filterable.
For developers wanting to add their own registered collection parameters, they can now use the `rest_$type_collection_params` filter. This brings consistency with the already existing `rest_$post_type_collection_params`.

Fixes #38710.
Props jnylen0.

Built from https://develop.svn.wordpress.org/trunk@39223


git-svn-id: http://core.svn.wordpress.org/trunk@39163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 16:42:31 +00:00
Ryan McCue 65664731e9 REST API: Improve validation for usernames and passwords.
Also improves the slashing of user data in the REST API to avoid data loss.

Props jnylen0.
Fixes #38739.

Built from https://develop.svn.wordpress.org/trunk@39219


git-svn-id: http://core.svn.wordpress.org/trunk@39159 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-14 07:13:31 +00:00
Ryan McCue 4060c68f85 REST API: Fire correct hooks when creating users on multiste.
`add_user_to_blog()` is now called, ensuring the correct hooks are called, along with setting the primary blog and clearing relevant caches.

Props jeremyfelt.
Fixes #38526.

Built from https://develop.svn.wordpress.org/trunk@39177


git-svn-id: http://core.svn.wordpress.org/trunk@39117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 01:35:30 +00:00
Pascal Birchler 548ac82b06 I18N: Add ability to change user's locale back to site's locale.
Previously there was no way to remove the user locale setting again, even though that might be desirable.

This adds a new 'Site Default' option to the user-specific language setting by introducing a new `show_site_locale_default` argument to `wp_dropdown_languages()`.

Props ocean90.
See #29783.
Fixes #38632.
Built from https://develop.svn.wordpress.org/trunk@39169


git-svn-id: http://core.svn.wordpress.org/trunk@39109 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-08 23:01:31 +00:00
Rachel Baker 5564716a07 REST API: Modify the structure of our DELETE responses to be more explicit.
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property.  As a result DELETE responses are now structured like so:
 `{ deleted: true, previous: { ... } }`

Also includes helpful information to DELETE requests for resources that are not trashable.

Props timmydcrawford, rmccue, jnylen0.
Fixes #38494.
Built from https://develop.svn.wordpress.org/trunk@39126


git-svn-id: http://core.svn.wordpress.org/trunk@39066 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-04 17:11:29 +00:00
Joe Hoyle d544c6ddd0 REST API: Switch to stable version of JSON Schema.
Props danielbachhuber.
Fixes #38635.

Built from https://develop.svn.wordpress.org/trunk@39106


git-svn-id: http://core.svn.wordpress.org/trunk@39048 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 02:22:29 +00:00
Rachel Baker dcb12c35cf REST API: Clean-up our validation callbacks and add missing array `items` properties in our endpoint schemas.
Props joehoyle, jnylen0.
Fixes #38617.
Built from https://develop.svn.wordpress.org/trunk@39105


git-svn-id: http://core.svn.wordpress.org/trunk@39047 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-03 02:18:29 +00:00
Joe Hoyle 37858faf96 REST API: Add en_US to the locales enum.
Props ocean90.
Fixes #38528. 

Built from https://develop.svn.wordpress.org/trunk@39096


git-svn-id: http://core.svn.wordpress.org/trunk@39038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 21:21:32 +00:00
Ryan McCue 624def0ec3 REST API: Add update and delete endpoints to /users/me
Now that /users/me is a standalone resource, it should have all the standard endpoints for a resource.

Props pento.
Fixes #38521 (hopefully).

Built from https://develop.svn.wordpress.org/trunk@39092


git-svn-id: http://core.svn.wordpress.org/trunk@39034 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:53:32 +00:00
Ryan McCue 862724274e REST API: Add locale to user resource.
Props ocean90, joehoyle.
Fixes #38528.

Built from https://develop.svn.wordpress.org/trunk@39090


git-svn-id: http://core.svn.wordpress.org/trunk@39032 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 06:24:29 +00:00
Ryan McCue ba039f7546 REST API: Remove the Location redirect for the /users/me endpoint.
This is a re-commit of [38980], which was reverted in [38990].

Props youknowriad, jnylen0, pento.
Fixes #38521.

Built from https://develop.svn.wordpress.org/trunk@39085


git-svn-id: http://core.svn.wordpress.org/trunk@39027 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-02 03:44:30 +00:00
Gary Pendergast 03e34ab461 REST API: Allow a CSV list of user roles to be passed to `/users`.
After [39048], this changes explicitly parses the list of user roles as slugs, and adds tests.

Props jnylen0.
Fixes #38557.


Built from https://develop.svn.wordpress.org/trunk@39056


git-svn-id: http://core.svn.wordpress.org/trunk@38998 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 11:11:29 +00:00
Gary Pendergast 6c1e98d1fb REST API: Add support for arrays in schema validation and sanitization.
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.

This can easily be extended to support new data types, such as CSV fields or objects.

Props joehoyle, rachelbaker, pento.
Fixes #38531.


Built from https://develop.svn.wordpress.org/trunk@39046


git-svn-id: http://core.svn.wordpress.org/trunk@38988 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-31 01:48:41 +00:00
Drew Jaynes 993b3a5c6e Docs: Add much more complete and syntactically correct documentation throughout the `WP_REST_Users_Controller` class.
Props Soean, mrahmadawais, flixos90.
See #38398.

Built from https://develop.svn.wordpress.org/trunk@39036


git-svn-id: http://core.svn.wordpress.org/trunk@38978 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 18:52:30 +00:00
Gary Pendergast 60eb1ddc5c REST API: Revert [38980].
`/users/me` still needs attention, but this change wasn't quite ready.

See #38521.


Built from https://develop.svn.wordpress.org/trunk@38990


git-svn-id: http://core.svn.wordpress.org/trunk@38933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-28 02:07:35 +00:00
Rachel Baker d42acc530c REST API: Remove the Location header redirect for the /users/me endpoint.
Props youknowriad jnylen0.
Fixes #38521.
Built from https://develop.svn.wordpress.org/trunk@38980


git-svn-id: http://core.svn.wordpress.org/trunk@38923 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-27 14:37:36 +00:00
Rachel Baker e4a7c0a397 REST API: Introduce the Content API endpoints.
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

Love your REST API, WordPress!  The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"

Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes #38373.
Built from https://develop.svn.wordpress.org/trunk@38832


git-svn-id: http://core.svn.wordpress.org/trunk@38775 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-20 02:55:32 +00:00