Skip to content
This repository was archived by the owner on Sep 24, 2018. It is now read-only.

Expose basic author details when user has published posts #838

Merged
rachelbaker merged 3 commits into from
Feb 5, 2015
Merged

Expose basic author details when user has published posts #838

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8c07f49
Basic details should be exposed about published authors
danielbachhuber Feb 4, 2015
cc24233
Expose basic author details when user has published posts
danielbachhuber Feb 5, 2015
015eb4b
Allow user to manage multisite in `test_get_user_with_edit_context()`
rachelbaker Feb 5, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions lib/class-wp-json-users-controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,25 @@ public function get_item( $request ) {
return new WP_Error( 'json_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
}

$can_view = false;

$current_user_id = get_current_user_id();
if ( $current_user_id !== $id && ! current_user_can( 'list_users' ) ) {
return new WP_Error( 'json_user_cannot_list', __( 'Sorry, you are not allowed to view this user.' ), array( 'status' => 403 ) );
if ( $current_user_id === $id || current_user_can( 'edit_user', $id ) ) {
$can_view = true;
} else if ( current_user_can( 'list_users' ) ) {
$can_view = true;
if ( empty( $request['context'] ) || 'edit' === $request['context'] ) {
$request->set_param( 'context', 'view' );
}
} else if ( count_user_posts( $id ) ) {
$can_view = true;
if ( empty( $request['context'] ) || in_array( $request['context'], array( 'edit', 'view' ) ) ) {
$request->set_param( 'context', 'embed' );
}
}

if ( ! $can_view ) {
return new WP_Error( 'json_user_cannot_view', __( 'Sorry, you are not allowed to view this user.' ), array( 'status' => 403 ) );
}

$user = $this->prepare_item_for_response( $user, $request );
Expand Down
17 changes: 15 additions & 2 deletions tests/test-json-users-controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,25 @@ public function test_get_item_without_permission() {
$request = new WP_JSON_Request( 'GET', sprintf( '/wp/users/%d', $this->user ) );
$response = $this->server->dispatch( $request );

$this->assertErrorResponse( 'json_user_cannot_list', $response, 403 );
$this->assertErrorResponse( 'json_user_cannot_view', $response, 403 );
}

public function test_get_item_published_author() {
$this->author_id = $this->factory->user->create( array(
'role' => 'author',
) );
$this->post_id = $this->factory->post->create( array(
'post_author' => $this->author_id
));
wp_set_current_user( 0 );
$request = new WP_JSON_Request( 'GET', sprintf( '/wp/users/%d', $this->author_id ) );
$response = $this->server->dispatch( $request );
$this->check_get_user_response( $response, 'embed' );
}

public function test_get_user_with_edit_context() {
$user_id = $this->factory->user->create();
wp_set_current_user( $this->user );
$this->allow_user_to_manage_multisite();

$request = new WP_JSON_Request( 'GET', sprintf( '/wp/users/%d', $user_id ) );
$request->set_param( 'context', 'edit' );
Expand Down