From 4a4f57f3f2f5ff932f49012c2f7bcc07c162950f Mon Sep 17 00:00:00 2001 From: hughdevore Date: Wed, 9 Aug 2017 11:17:18 -0600 Subject: [PATCH] #17 Adding code review changes. --- src/Type/MediaItem/MediaItemCreate.php | 56 +++++++++++++++++++----- src/Type/MediaItem/MediaItemDelete.php | 9 +++- src/Type/MediaItem/MediaItemMutation.php | 8 ++-- 3 files changed, 57 insertions(+), 16 deletions(-) diff --git a/src/Type/MediaItem/MediaItemCreate.php b/src/Type/MediaItem/MediaItemCreate.php index 8cd790d56..e835abdd9 100644 --- a/src/Type/MediaItem/MediaItemCreate.php +++ b/src/Type/MediaItem/MediaItemCreate.php @@ -55,10 +55,27 @@ public static function mutate( \WP_Post_Type $post_type_object ) { } /** - * Stop now if a user isn't allowed to create a mediaItem + * Stop now if a user isn't allowed to upload a mediaItem */ - if ( ! current_user_can( $post_type_object->cap->create_posts ) ) { - throw new \Exception( __( 'Sorry, you are not allowed to create mediaItems', 'wp-graphql' ) ); + if ( ! current_user_can( 'upload_files' ) ) { + return new \Exception( __( 'Sorry, you are not allowed to upload mediaItems', 'wp-graphql' ) ); + } + + /** + * Get the post parent and if it's not set, set it to false + */ + $attachment_parent_id = ( ! empty( $media_item_args['post_parent'] ) ? $media_item_args['post_parent'] : false ); + + /** + * Stop now if a user isn't allowed to edit the parent post + */ + // Attaching media to a post requires ability to edit said post. + if ( ! empty( $attachment_parent_id ) ) { + $parent = get_post( $attachment_parent_id ); + $post_parent_type = get_post_type_object( $parent->post_type ); + if ( ! current_user_can( $post_parent_type->cap->edit_post, $attachment_parent_id ) ) { + return new \Exception( __( 'Sorry, you are not allowed to upload mediaItems to this post', 'wp-graphql' ) ); + } } /** @@ -85,7 +102,7 @@ public static function mutate( \WP_Post_Type $post_type_object ) { /** * If the mediaItem file is from a local server, use wp_upload_bits before saving it to the uploads folder */ - if ( 'false' === filter_var( $input['filePath'], FILTER_VALIDATE_URL ) ) { + if ( false === filter_var( $input['filePath'], FILTER_VALIDATE_URL ) ) { $uploaded_file = wp_upload_bits( $file_name, null, file_get_contents( $input['filePath'] ) ); $uploaded_file_url = $uploaded_file['url']; } else { @@ -98,6 +115,12 @@ public static function mutate( \WP_Post_Type $post_type_object ) { */ $timeout_seconds = 300; $temp_file = download_url( $uploaded_file_url, $timeout_seconds ); + /** + * Handle the error from download_url if it occurs + */ + if ( is_wp_error( $temp_file ) ) { + throw new \Exception( __( 'Sorry, the URL for this file is invalid, it must be a path to the mediaItem file', 'wp-graphql' ) ); + } /** * Build the file data for side loading @@ -123,21 +146,28 @@ public static function mutate( \WP_Post_Type $post_type_object ) { * Insert the mediaItem and retrieve it's data */ $file = wp_handle_sideload( $file_data, $overrides ); - /** - * Insert the mediIitem object and get the ID + * Handle the error from wp_handle_sideload if it occurs */ - $media_item_args = MediaItemMutation::prepare_media_item( $input, $post_type_object, $mutation_name, $file ); + if ( ! empty( $file['error'] ) ) { + throw new \Exception( __( 'Sorry, there was an error uploading the mediaItem', 'wp-graphql' ) ); + } /** - * Get the post parent and if it's not set, set it to false + * Insert the mediaItem object and get the ID */ - $attachment_parent_id = ( ! empty( $media_item_args['post_parent'] ) ? $media_item_args['post_parent'] : false ); + $media_item_args = MediaItemMutation::prepare_media_item( $input, $post_type_object, $mutation_name, $file ); /** * Insert the mediaItem */ $attachment_id = wp_insert_attachment( $media_item_args, $file['file'], $attachment_parent_id ); + /** + * Handle the error from wp_insert_attachment if it occurs + */ + if ( 0 === $attachment_id ) { + throw new \Exception( __( 'Sorry, the mediaItem failed to create', 'wp-graphql' ) ); + } /** * Check if the wp_generate_attachment_metadata method exists and include it if not @@ -150,7 +180,13 @@ public static function mutate( \WP_Post_Type $post_type_object ) { * Generate and update the mediaItem's metadata */ $attachment_data = wp_generate_attachment_metadata( $attachment_id, $file['file'] ); - wp_update_attachment_metadata( $attachment_id, $attachment_data ); + $attachment_data_update = wp_update_attachment_metadata( $attachment_id, $attachment_data ); + /** + * Handle the error from wp_update_attachment_metadata if it occurs + */ + if ( false === $attachment_data_update ) { + throw new \Exception( __( 'Sorry, the mediaItem metadata failed to update', 'wp-graphql' ) ); + } /** * Update alt text postmeta for mediaItem diff --git a/src/Type/MediaItem/MediaItemDelete.php b/src/Type/MediaItem/MediaItemDelete.php index 79a9aa860..1858d5a54 100644 --- a/src/Type/MediaItem/MediaItemDelete.php +++ b/src/Type/MediaItem/MediaItemDelete.php @@ -35,12 +35,10 @@ public static function mutate( \WP_Post_Type $post_type_object ) { self::$mutation['mediaItem'] = Relay::mutationWithClientMutationId( [ 'name' => esc_html( $mutation_name ), - // translators: The placeholder is the name of the object type 'description' => __( 'Delete mediaItem objects. By default mediaItem objects will be moved to the trash unless the forceDelete is used', 'wp-graphql' ), 'inputFields' => [ 'id' => [ 'type' => Types::non_null( Types::id() ), - // translators: The placeholder is the name of the post's post_type being deleted 'description' => __( 'The ID of the mediaItem to delete', 'wp-graphql' ), ], 'forceDelete' => [ @@ -113,6 +111,13 @@ public static function mutate( \WP_Post_Type $post_type_object ) { * Delete the mediaItem */ $deleted = wp_delete_attachment( $id_parts['id'], $force_delete ); + /** + * Handle the error from wp_delete_attachment if it occurs + */ + if ( false === $deleted ) { + throw new \Exception( __( 'Sorry, the mediaItem failed to delete', 'wp-graphql' ) ); + } + /** * If the post was moved to the trash, spoof the object's status before returning it diff --git a/src/Type/MediaItem/MediaItemMutation.php b/src/Type/MediaItem/MediaItemMutation.php index 0d2a35a4c..2f59bd647 100644 --- a/src/Type/MediaItem/MediaItemMutation.php +++ b/src/Type/MediaItem/MediaItemMutation.php @@ -122,11 +122,11 @@ public static function prepare_media_item( $input, $post_type_object, $mutation_ * NOTE: These are organized in the same order as: http://v2.wp-api.org/reference/media/#schema-meta */ if ( ! empty( $input['date'] ) && false !== strtotime( $input['date'] ) ) { - $insert_post_args['post_date'] = date("Y-m-d H:i:s", strtotime( $input['date'] ) ); + $insert_post_args['post_date'] = date( 'Y-m-d H:i:s', strtotime( $input['date'] ) ); } if ( ! empty( $input['dateGmt'] ) && false !== strtotime( $input['dateGmt'] ) ) { - $insert_post_args['post_date_gmt'] = date("Y-m-d H:i:s", strtotime( $input['dateGmt'] ) ); + $insert_post_args['post_date_gmt'] = date( 'Y-m-d H:i:s', strtotime( $input['dateGmt'] ) ); } if ( ! empty( $input['slug'] ) ) { @@ -141,7 +141,7 @@ public static function prepare_media_item( $input, $post_type_object, $mutation_ if ( ! empty( $input['title'] ) ) { $insert_post_args['post_title'] = $input['title']; - } else if ( ! empty( $file['file'] ) ) { + } elseif ( ! empty( $file['file'] ) ) { $insert_post_args['post_title'] = basename( $file['file'] ); } @@ -168,7 +168,7 @@ public static function prepare_media_item( $input, $post_type_object, $mutation_ if ( ! empty( $file['type'] ) ) { $insert_post_args['post_mime_type'] = $file['type']; - } else if ( ! empty( $input['fileType'] ) ) { + } elseif ( ! empty( $input['fileType'] ) ) { $insert_post_args['post_mime_type'] = $input['fileType']; }