From 25b892c1ca0f48595ec8b19d1e10e4d841d015b8 Mon Sep 17 00:00:00 2001 From: Joe Hoyle Date: Thu, 3 Nov 2016 01:45:48 +0000 Subject: [PATCH] REST API: Support querying for multiple post statuses. Multiple post statuses can be specified by the usual CSV or array-propper format. Props jnylen0, kadamwhite, websupporter. Fixes #38420. git-svn-id: https://develop.svn.wordpress.org/trunk@39104 602fd350-edb4-49c9-b593-d223f7449a82 --- .../rest-api/class-wp-rest-server.php | 6 ++ .../class-wp-rest-attachments-controller.php | 4 +- .../class-wp-rest-posts-controller.php | 52 +++++++++----- .../rest-api/rest-attachments-controller.php | 31 +++++++++ .../tests/rest-api/rest-posts-controller.php | 67 +++++++++++++++++++ .../rest-api/rest-schema-sanitization.php | 24 +++++++ .../tests/rest-api/rest-schema-validation.php | 24 +++++++ 7 files changed, 188 insertions(+), 20 deletions(-) diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php index c7026eb955..76f8b3fe02 100644 --- a/src/wp-includes/rest-api/class-wp-rest-server.php +++ b/src/wp-includes/rest-api/class-wp-rest-server.php @@ -1183,6 +1183,12 @@ class WP_REST_Server { if ( isset( $opts['description'] ) ) { $arg_data['description'] = $opts['description']; } + if ( isset( $opts['type'] ) ) { + $arg_data['type'] = $opts['type']; + } + if ( isset( $opts['items'] ) ) { + $arg_data['items'] = $opts['items']; + } $endpoint_data['args'][ $key ] = $arg_data; } } diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php index 2749b12d22..42187df05b 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php @@ -30,7 +30,7 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { protected function prepare_items_query( $prepared_args = array(), $request = null ) { $query_args = parent::prepare_items_query( $prepared_args, $request ); - if ( empty( $query_args['post_status'] ) || ! in_array( $query_args['post_status'], array( 'inherit', 'private', 'trash' ), true ) ) { + if ( empty( $query_args['post_status'] ) ) { $query_args['post_status'] = 'inherit'; } @@ -586,7 +586,7 @@ class WP_REST_Attachments_Controller extends WP_REST_Posts_Controller { public function get_collection_params() { $params = parent::get_collection_params(); $params['status']['default'] = 'inherit'; - $params['status']['enum'] = array( 'inherit', 'private', 'trash' ); + $params['status']['items']['enum'] = array( 'inherit', 'private', 'trash' ); $media_types = $this->get_media_types(); $params['media_type'] = array( diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index 0122f9a773..2eed29b69f 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -2120,11 +2120,13 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { $params['status'] = array( 'default' => 'publish', - 'description' => __( 'Limit result set to posts assigned a specific status; can be comma-delimited list of status types.' ), - 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), - 'sanitize_callback' => 'sanitize_key', - 'type' => 'string', - 'validate_callback' => array( $this, 'validate_user_can_query_private_statuses' ), + 'description' => __( 'Limit result set to posts assigned one or more statuses.' ), + 'type' => 'array', + 'items' => array( + 'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ), + 'type' => 'string', + ), + 'sanitize_callback' => array( $this, 'sanitize_post_statuses' ), ); $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); @@ -2152,27 +2154,41 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { } /** - * Validates whether the user can query private statuses. + * Sanitizes and validates the list of post statuses, including whether the + * user can query private statuses. * * @since 4.7.0 * @access public * - * @param mixed $value Post status. + * @param string|array $statuses One or more post statuses. * @param WP_REST_Request $request Full details about the request. * @param string $parameter Additional parameter to pass to validation. - * @return bool|WP_Error Whether the request can query private statuses, otherwise WP_Error object. + * @return array|WP_Error A list of valid statuses, otherwise WP_Error object. */ - public function validate_user_can_query_private_statuses( $value, $request, $parameter ) { - if ( 'publish' === $value ) { - return rest_validate_request_arg( $value, $request, $parameter ); + public function sanitize_post_statuses( $statuses, $request, $parameter ) { + $statuses = wp_parse_slug_list( $statuses ); + + // The default status is different in WP_REST_Attachments_Controller + $attributes = $request->get_attributes(); + $default_status = $attributes['args']['status']['default']; + + foreach ( $statuses as $status ) { + if ( $status === $default_status ) { + continue; + } + + $post_type_obj = get_post_type_object( $this->post_type ); + + if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { + $result = rest_validate_request_arg( $status, $request, $parameter ); + if ( is_wp_error( $result ) ) { + return $result; + } + } else { + return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); + } } - $post_type_obj = get_post_type_object( $this->post_type ); - - if ( current_user_can( $post_type_obj->cap->edit_posts ) ) { - return rest_validate_request_arg( $value, $request, $parameter ); - } - - return new WP_Error( 'rest_forbidden_status', __( 'Status is forbidden.' ), array( 'status' => rest_authorization_required_code() ) ); + return $statuses; } } diff --git a/tests/phpunit/tests/rest-api/rest-attachments-controller.php b/tests/phpunit/tests/rest-api/rest-attachments-controller.php index 79603127f0..40148a07ba 100644 --- a/tests/phpunit/tests/rest-api/rest-attachments-controller.php +++ b/tests/phpunit/tests/rest-api/rest-attachments-controller.php @@ -327,6 +327,37 @@ class WP_Test_REST_Attachments_Controller extends WP_Test_REST_Post_Type_Control $this->assertEquals( $attachment_id1, $data[0]['id'] ); } + public function test_get_items_multiple_statuses() { + // Logged out users can't make the request + wp_set_current_user( 0 ); + $attachment_id1 = $this->factory->attachment->create_object( $this->test_file, 0, array( + 'post_mime_type' => 'image/jpeg', + 'post_excerpt' => 'A sample caption', + 'post_status' => 'private', + ) ); + $attachment_id2 = $this->factory->attachment->create_object( $this->test_file, 0, array( + 'post_mime_type' => 'image/jpeg', + 'post_excerpt' => 'A sample caption', + 'post_status' => 'trash', + ) ); + $request = new WP_REST_Request( 'GET', '/wp/v2/media' ); + $request->set_param( 'status', array( 'private', 'trash' ) ); + $response = $this->server->dispatch( $request ); + $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); + // Properly authorized users can make the request + wp_set_current_user( self::$editor_id ); + $response = $this->server->dispatch( $request ); + $this->assertEquals( 200, $response->get_status() ); + $data = $response->get_data(); + $this->assertEquals( 2, count( $data ) ); + $ids = array( + $data[0]['id'], + $data[1]['id'], + ); + sort( $ids ); + $this->assertEquals( array( $attachment_id1, $attachment_id2 ), $ids ); + } + public function test_get_items_invalid_date() { $request = new WP_REST_Request( 'GET', '/wp/v2/media' ); $request->set_param( 'after', rand_str() ); diff --git a/tests/phpunit/tests/rest-api/rest-posts-controller.php b/tests/phpunit/tests/rest-api/rest-posts-controller.php index dcebfe8422..9b7206ffcb 100644 --- a/tests/phpunit/tests/rest-api/rest-posts-controller.php +++ b/tests/phpunit/tests/rest-api/rest-posts-controller.php @@ -310,6 +310,60 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertEquals( 1, count( $response->get_data() ) ); } + public function test_get_items_multiple_statuses_string_query() { + wp_set_current_user( self::$editor_id ); + + $this->factory->post->create( array( 'post_status' => 'draft' ) ); + $this->factory->post->create( array( 'post_status' => 'private' ) ); + $this->factory->post->create( array( 'post_status' => 'publish' ) ); + + $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); + $request->set_param( 'context', 'edit' ); + $request->set_param( 'status', 'draft,private' ); + + $response = $this->server->dispatch( $request ); + $this->assertEquals( 200, $response->get_status() ); + $data = $response->get_data(); + $this->assertEquals( 2, count( $data ) ); + $statuses = array( + $data[0]['status'], + $data[1]['status'], + ); + sort( $statuses ); + $this->assertEquals( array( 'draft', 'private' ), $statuses ); + } + + public function test_get_items_multiple_statuses_array_query() { + wp_set_current_user( self::$editor_id ); + + $this->factory->post->create( array( 'post_status' => 'draft' ) ); + $this->factory->post->create( array( 'post_status' => 'pending' ) ); + $this->factory->post->create( array( 'post_status' => 'publish' ) ); + + $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); + $request->set_param( 'context', 'edit' ); + $request->set_param( 'status', array( 'draft', 'pending' ) ); + + $response = $this->server->dispatch( $request ); + $this->assertEquals( 200, $response->get_status() ); + $data = $response->get_data(); + $this->assertEquals( 2, count( $data ) ); + $statuses = array( + $data[0]['status'], + $data[1]['status'], + ); + sort( $statuses ); + $this->assertEquals( array( 'draft', 'pending' ), $statuses ); + } + + public function test_get_items_multiple_statuses_one_invalid_query() { + $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); + $request->set_param( 'context', 'edit' ); + $request->set_param( 'status', array( 'draft', 'nonsense' ) ); + $response = $this->server->dispatch( $request ); + $this->assertErrorResponse( 'rest_invalid_param', $response, 400 ); + } + public function test_get_items_invalid_status_query() { wp_set_current_user( 0 ); $request = new WP_REST_Request( 'GET', '/wp/v2/posts' ); @@ -1963,6 +2017,19 @@ class WP_Test_REST_Posts_Controller extends WP_Test_REST_Post_Type_Controller_Te $this->assertArrayHasKey( 'categories_exclude', $properties ); } + public function test_status_array_enum_args() { + $request = new WP_REST_Request( 'GET', '/wp/v2' ); + $response = $this->server->dispatch( $request ); + $data = $response->get_data(); + $list_posts_args = $data['routes']['/wp/v2/posts']['endpoints'][0]['args']; + $status_arg = $list_posts_args['status']; + $this->assertEquals( 'array', $status_arg['type'] ); + $this->assertEquals( array( + 'type' => 'string', + 'enum' => array( 'publish', 'future', 'draft', 'pending', 'private', 'trash', 'auto-draft', 'inherit', 'any' ), + ), $status_arg['items'] ); + } + public function test_get_additional_field_registration() { $schema = array( diff --git a/tests/phpunit/tests/rest-api/rest-schema-sanitization.php b/tests/phpunit/tests/rest-api/rest-schema-sanitization.php index 875a2aafc5..77b60d615f 100644 --- a/tests/phpunit/tests/rest-api/rest-schema-sanitization.php +++ b/tests/phpunit/tests/rest-api/rest-schema-sanitization.php @@ -86,4 +86,28 @@ class WP_Test_REST_Schema_Sanitization extends WP_UnitTestCase { $this->assertEquals( array( 1, 2 ), rest_sanitize_value_from_schema( '1,2', $schema ) ); $this->assertEquals( array( 1, 2, 0 ), rest_sanitize_value_from_schema( '1,2,a', $schema ) ); } + + public function test_type_array_with_enum() { + $schema = array( + 'type' => 'array', + 'items' => array( + 'enum' => array( 'chicken', 'ribs', 'brisket' ), + 'type' => 'string', + ), + ); + $this->assertEquals( array( 'ribs', 'brisket' ), rest_sanitize_value_from_schema( array( 'ribs', 'brisket' ), $schema ) ); + $this->assertEquals( array( 'coleslaw' ), rest_sanitize_value_from_schema( array( 'coleslaw' ), $schema ) ); + } + + public function test_type_array_with_enum_as_csv() { + $schema = array( + 'type' => 'array', + 'items' => array( + 'enum' => array( 'chicken', 'ribs', 'brisket' ), + 'type' => 'string', + ), + ); + $this->assertEquals( array( 'ribs', 'chicken' ), rest_sanitize_value_from_schema( 'ribs,chicken', $schema ) ); + $this->assertEquals( array( 'chicken', 'coleslaw' ), rest_sanitize_value_from_schema( 'chicken,coleslaw', $schema ) ); + } } diff --git a/tests/phpunit/tests/rest-api/rest-schema-validation.php b/tests/phpunit/tests/rest-api/rest-schema-validation.php index 1d8500882d..20696a2cb4 100644 --- a/tests/phpunit/tests/rest-api/rest-schema-validation.php +++ b/tests/phpunit/tests/rest-api/rest-schema-validation.php @@ -115,4 +115,28 @@ class WP_Test_REST_Schema_Validation extends WP_UnitTestCase { $this->assertTrue( rest_validate_value_from_schema( '1,2,3', $schema ) ); $this->assertWPError( rest_validate_value_from_schema( 'lol', $schema ) ); } + + public function test_type_array_with_enum() { + $schema = array( + 'type' => 'array', + 'items' => array( + 'enum' => array( 'chicken', 'ribs', 'brisket' ), + 'type' => 'string', + ), + ); + $this->assertTrue( rest_validate_value_from_schema( array( 'ribs', 'brisket' ), $schema ) ); + $this->assertWPError( rest_validate_value_from_schema( array( 'coleslaw' ), $schema ) ); + } + + public function test_type_array_with_enum_as_csv() { + $schema = array( + 'type' => 'array', + 'items' => array( + 'enum' => array( 'chicken', 'ribs', 'brisket' ), + 'type' => 'string', + ), + ); + $this->assertTrue( rest_validate_value_from_schema( 'ribs,chicken', $schema ) ); + $this->assertWPError( rest_validate_value_from_schema( 'chicken,coleslaw', $schema ) ); + } }