Skip to content
This repository has been archived by the owner. It is now read-only.

Add user endpoints #146

Merged
merged 45 commits into from Apr 30, 2014
Merged

Add user endpoints #146

merged 45 commits into from Apr 30, 2014

Conversation

@rmccue
Copy link
Member

rmccue commented Apr 20, 2014

This is a continuation of #128 with some cleanups, and adding extra functionality.

Insanely huge props to @tobych on this one; he's done almost all of the heavy lifting here.

Things left to do:

  • Implement /users/me
  • Unify user update/insertion code
  • Add missing fields to update_user
  • Audit everything for security
  • Replace Posts::prepare_author()

Will fix #20.

tobych and others added 29 commits Mar 29, 2014
Also updates some error messages
Also, make error messages less apologetic. Sorry about that.
This brings permissions error messages in line with the post endpoints.
get_userdata will check if the user ID is valid, let's not second guess
this ourselves.
I like the concept, but it doesn't belong in this PR.
return new WP_Error( 'json_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) );
}
else {
// "TODO: return a HTTP 202 here instead"... says the Post endpoint... really? Inappropriate (says tobych)?

This comment has been minimized.

Copy link
@rmccue

rmccue Apr 20, 2014

Author Member

@tobych Just FYI: the reason the comment is here in the post endpoint is because it's a different check there. In Post::delete_post, this branch is for trashed posts; a 202 would indicate that the request to delete has been received, but the post is still available, just in a trashed state.

*/
protected function update_user( $user, $data ) {

// Won't let them update these fields: ID, login, pass, registered (silently ignored)

This comment has been minimized.

Copy link
@rmccue

rmccue Apr 20, 2014

Author Member

To be removed.

protected function update_user( $user, $data ) {

// Won't let them update these fields: ID, login, pass, registered (silently ignored)
// TODO: Raise an exception if they try to update those? Always ignore ID though.

This comment has been minimized.

Copy link
@rmccue

rmccue Apr 20, 2014

Author Member

Good thinking; we've had this problem with people using the content field on Posts::edit_post because it's silently ignored.


// Note that you can pass wp_update_user() an array of fields to
// update; we won't bother using it as they don't match the User entity
// and it's just one more level of indirection to maintain.

This comment has been minimized.

Copy link
@rmccue

rmccue Apr 20, 2014

Author Member

Will probably need to in order to keep code consistent between insert/update.

// ignore avatar - read-only
// ignore username - can't change this
if ( ! empty( $data['email'] ) ) {
$user->user_email = $data['email'];

This comment has been minimized.

Copy link
@rmccue

rmccue Apr 20, 2014

Author Member

This should be validated for is_email

$user->user_nicename = $data[ 'slug' ];
}
if ( ! empty( $data['URL'] ) ) {
$user->user_url = $data[ 'URL' ];

This comment has been minimized.

Copy link
@rmccue

rmccue Apr 20, 2014

Author Member

This should be validated using parse_url

rmccue added 2 commits Apr 29, 2014
This returns the data for the current user, and also issues a 302
redirect to the current user's endpoint permalink (e.g. /users/42)
@rmccue
Copy link
Member Author

rmccue commented Apr 29, 2014

@rachelbaker #reviewmerge :)

@rachelbaker
Copy link
Member

rachelbaker commented Apr 30, 2014

@rmccue This all works great! Merging into trunk.

rachelbaker added a commit that referenced this pull request Apr 30, 2014
Add endpoints to handle user management.  Closes #20.
@rachelbaker rachelbaker merged commit b3b79d3 into master Apr 30, 2014
1 check passed
1 check passed
continuous-integration/travis-ci The Travis CI build passed
Details
@rachelbaker rachelbaker deleted the user-endpoints branch May 1, 2014
kellbot pushed a commit to kellbot/WP-API that referenced this pull request Aug 1, 2014
Add endpoints to handle user management.  Closes WP-API#20.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.