-
Notifications
You must be signed in to change notification settings - Fork 134
/
class-llms-rest-instructors-controller.php
263 lines (208 loc) · 6.44 KB
/
class-llms-rest-instructors-controller.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
<?php
/**
* REST Resource Controller for Instructors
*
* @package LifterLMS_REST/Classes/Controllers
*
* @since 1.0.0-beta.1
* @version 1.0.0-beta.14
*/
defined( 'ABSPATH' ) || exit;
/**
* LLMS_REST_Instructors_Controller class
*
* @since 1.0.0-beta.1
* @since 1.0.0-beta.13 Fixed authentication error messages referring to 'students' or 'users' rather than 'instructors'.
* @since 1.0.0-beta.14 Update `prepare_links()` to accept a second parameter, `WP_REST_Request`.
*/
class LLMS_REST_Instructors_Controller extends LLMS_REST_Users_Controller {
/**
* Resource ID or Name.
*
* @var string
*/
protected $resource_name = 'instructor';
/**
* Route base.
*
* @var string
*/
protected $rest_base = 'instructors';
/**
* Determine if the current user can view the requested student.
*
* @since 1.0.0-beta.1
*
* @param int $item_id WP_User id.
* @return bool
*/
protected function check_read_item_permissions( $item_id ) {
if ( get_current_user_id() === $item_id ) {
return true;
}
return current_user_can( 'list_users', $item_id );
}
/**
* Determine if current user has permission to create a user.
*
* @since 1.0.0-beta.1
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function create_item_permissions_check( $request ) {
if ( ! current_user_can( 'create_users' ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to create new instructors.', 'lifterlms' ) );
}
return $this->check_roles_permissions( $request );
}
/**
* Determine if current user has permission to delete a user.
*
* @since 1.0.0-beta.1
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function delete_item_permissions_check( $request ) {
if ( ! current_user_can( 'delete_users', $request['id'] ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to delete this instructor.', 'lifterlms' ) );
}
return true;
}
/**
* Retrieves the query params for the objects collection.
*
* @since 1.0.0-beta.1
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$params = parent::get_collection_params();
$params['post_in'] = array(
'description' => __( 'Retrieve only instructors for the specified course(s) and/or membership(s). Accepts a single WP Post ID or a comma separated list of IDs.', 'lifterlms' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$params['post_not_in'] = array(
'description' => __( 'Exclude instructors who do not have permissions for the specified course(s) and/or membership(s). Accepts a single WP Post ID or a comma separated list of IDs.', 'lifterlms' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
return $params;
}
/**
* Determine if current user has permission to get a user.
*
* @since 1.0.0-beta.1
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function get_item_permissions_check( $request ) {
if ( ! $this->check_read_item_permissions( $request['id'] ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to view this instructor.', 'lifterlms' ) );
}
return true;
}
/**
* Get the item schema.
*
* @since 1.0.0-beta.1
*
* @return array
*/
public function get_item_schema() {
$schema = parent::get_item_schema();
$schema['properties']['roles']['default'] = array( 'instructor' );
return $schema;
}
/**
* Determine if current user has permission to list users.
*
* @since 1.0.0-beta.1
* @since 1.0.0-beta.13 Fixed authentication error message referring to 'students' rather than 'instructors'.
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function get_items_permissions_check( $request ) {
if ( ! current_user_can( 'list_users' ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to list instructors.', 'lifterlms' ) );
}
return true;
}
/**
* Get object.
*
* @since 1.0.0-beta.1
*
* @param int $id Object ID.
* @return LLMS_Instructor|WP_Error
*/
protected function get_object( $id ) {
$instructor = llms_get_instructor( $id );
return $instructor ? $instructor : llms_rest_not_found_error();
}
/**
* Prepare links for the request.
*
* @since 1.0.0-beta.1
* @since 1.0.0-beta.14 Added the `$request` parameter.
*
* @param obj $object Item object.
* @param WP_REST_Request $request Request object.
* @return array
*/
protected function prepare_links( $object, $request ) {
$links = parent::prepare_links( $object, $request );
$links['content'] = array(
'href' => sprintf( '%s/content', $links['self']['href'] ),
);
return $links;
}
/**
* Updates additional information not handled by WP Core insert/update user functions.
*
* @since 1.0.0-beta.1
*
* @param int $object_id WP User id.
* @param array $prepared Prepared item data.
* @param WP_REST_Request $request Request object.
* @return LLMS_Abstract_User_Data|WP_error
*/
protected function update_additional_data( $object_id, $prepared, $request ) {
$object = parent::update_additional_data( $object_id, $prepared, $request );
if ( is_wp_error( $object ) ) {
return $object;
}
// Add a parent_id of the current user when creating an instructors_assistant.
// @todo: this should actually be handled by a `parent_ids` create/update arg required when assistant is a supplied role.
if ( get_current_user_id() !== $object_id && ! empty( $prepared['roles'] ) && in_array( 'instructors_assistant', $prepared['roles'], true ) ) {
$object->add_parents( get_current_user_id() );
}
return $object;
}
/**
* Determine if current user has permission to update a user.
*
* @since 1.0.0-beta.1
* @since 1.0.0-beta.13 Refer to the instructor role on the authorization error message rather than the generic 'user'.
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function update_item_permissions_check( $request ) {
if ( get_current_user_id() === $request['id'] ) {
return true;
}
if ( ! current_user_can( 'edit_users', $request['id'] ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to edit this instructor.', 'lifterlms' ) );
}
return $this->check_roles_permissions( $request );
}
}