An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Moves [43694] from the 5.0 branch to trunk.
Fixes#43701.
git-svn-id: https://develop.svn.wordpress.org/trunk@43979 602fd350-edb4-49c9-b593-d223f7449a82
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema targetSchema provides an appropriate paradigm for doing so.
Merges [43682] to trunk.
Props timothyblynjacobs.
Fixes#45014.
git-svn-id: https://develop.svn.wordpress.org/trunk@43974 602fd350-edb4-49c9-b593-d223f7449a82
In [43437], the link definition implementation caused attachment links to be unexpectedly nested under an attributes key. This changeset restores the prior behavior.
Merges [43681] to trunk.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44750.
git-svn-id: https://develop.svn.wordpress.org/trunk@43973 602fd350-edb4-49c9-b593-d223f7449a82
A static variable contains an integer that is incremented with each call. This number is returned with the optional prefix.
As such the returned value is not universally unique, but it is unique across the life of the PHP process.
Props westonruter, dlh.
See #44883.
git-svn-id: https://develop.svn.wordpress.org/trunk@43658 602fd350-edb4-49c9-b593-d223f7449a82
This changeset makes the new CRUD API for sites introduced in [43548] usable for real-world sites. A new function `wp_initialize_site()`, which takes care of creating a site's database tables and populating them with initial values, is hooked into the site insertion process that is initiated when calling `wp_insert_site()`. Similarly, a new function `wp_uninitialize_site()`, which takes care of dropping a site's database tables, is hooked into the site deletion process that is initiated when calling `wp_delete_site()`.
A new function `wp_is_site_initialized()` completes the API, allowing to check whether a site is initialized. Since this function always makes a database request in its default behavior, it should be called with caution. Plugins that would like to use site initialization in special ways can leverage a `pre_wp_is_site_initialized` filter to alter that default behavior.
The separate handling of the site's row in the `wp_blogs` database table and the actual site setup allows for more flexibility in controlling whether or how a site's data is set up. For example, a unit test that only checks data from the site's database table row can unhook the site initialization process to improve performance. At the same time, developers consuming the new sites API only need to know about the CRUD functions, since the initialization and uninitialization processes happen internally.
With this changeset, the foundation for a sites REST API endpoint is fully available. The previously recommended functions `wpmu_create_blog()` and `wpmu_delete_blog()` now call the new respective function internally. Further follow-up work to this includes replacing calls to `wpmu_create_blog()` with `wp_insert_site()`, `update_blog_details()` with `wp_update_site()` and `wpmu_delete_blog()` with `wp_delete_blog()` throughout the codebase.
As a side-effect of this work, the `wpmu_new_blog`, `delete_blog`, and `deleted_blog` actions and the `install_blog()` function have been deprecated.
Fixes#41333. See #40364.
git-svn-id: https://develop.svn.wordpress.org/trunk@43654 602fd350-edb4-49c9-b593-d223f7449a82
The way this was implemented in [43630] caused the file to be excluded for all sniffs, since PHPCS does not support file-wide ignores of a specific sniff at this point.
Props jrf.
See #44896.
git-svn-id: https://develop.svn.wordpress.org/trunk@43641 602fd350-edb4-49c9-b593-d223f7449a82
* Add a `human_readable_duration` function including tests.
* Add 'pixels' after image width/height.
* Add screen reader text for durations.
Props Presskopp, kiranpotphode, milindmore22, stormrockwell, afercia.
Fixes#39667.
git-svn-id: https://develop.svn.wordpress.org/trunk@43633 602fd350-edb4-49c9-b593-d223f7449a82
Previously, UTC context was implied, but could be unreliable due to being affected by plugins.
Props Rarst, rahulsprajapati, marco.marsala.
Fixes#37440.
git-svn-id: https://develop.svn.wordpress.org/trunk@43594 602fd350-edb4-49c9-b593-d223f7449a82
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Fixes#40510.
git-svn-id: https://develop.svn.wordpress.org/trunk@43584 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
Introduce tests to validate that register_meta and register_term_meta work as expected in WP_REST_Terms_Controller.
props timmydcrawford.
Fixes#39122.
git-svn-id: https://develop.svn.wordpress.org/trunk@43567 602fd350-edb4-49c9-b593-d223f7449a82
New functions `wp_insert_site( $data )`, `wp_update_site( $id, $data )` and `wp_delete_site( $id )` are introduced to manage site rows in the `wp_blogs` table, forming the new CRUD API together with the existing `get_site()` / `get_sites()`. The new API provides various benefits over the previously existing API, fixing several cache invalidation issues and being hook-driven so that normalization and validation of the passed data can be fully customized.
New hooks introduced as part of this are the actions `wp_insert_site`, `wp_update_site`, `wp_delete_site`, `wp_validate_site_data` and the filter `wp_normalize_site_data`.
At this point, `wp_insert_site()` does not handle setting up the site's database tables, and `wp_delete_site()` does not handle dropping the site's database tables, so the two can not yet be used directly as full replacements of `wpmu_create_blog()` and `wpmu_delete_blog()`. Managing the site's database tables will be added via hooks as part of the follow-up ticket #41333.
The existing functions `wpmu_create_blog()`, `update_blog_details()`, and `wpmu_delete_blog()` make use of the respective new counterpart and will be obsolete once #41333 has been completed.
Props flixos90, jeremyfelt, spacedmonkey.
Fixes#40364.
git-svn-id: https://develop.svn.wordpress.org/trunk@43548 602fd350-edb4-49c9-b593-d223f7449a82
This allows sites with a large cron option or a custom cron implementation to hijack the cron option to store cron data using custom functionality.
`wp_get_scheduled_event()` is new function to retrieve the event object for a given event based on the hook name, arguments and timestamp. If no timestamp is specified the next occurence is returned.
Preflight filters are added to all functions that read from or modify the cron option: `pre_schedule_event`, `pre_reschedule_event`, `pre_unschedule_event`, `pre_clear_scheduled_hook`, `pre_unschedule_hook`, `pre_get_scheduled_event` and `pre_next_scheduled`.
Additionally, the post scheduling hooks `next_scheduled` and `get_schedule` to allow plugins to modify an event after retrieving it from WordPress.
Props rmccue, DavidAnderson, ethitter, peterwilsoncc.
Fixes#32656.
git-svn-id: https://develop.svn.wordpress.org/trunk@43540 602fd350-edb4-49c9-b593-d223f7449a82
The `comment_form_default_fields` filter can be used to remove the checkbox.
Props pross, SergeyBiryukov.
Fixes#44126.
git-svn-id: https://develop.svn.wordpress.org/trunk@43518 602fd350-edb4-49c9-b593-d223f7449a82
When the REST API is in use on WordPress multisite, the `WP_REST_Attachments_Controller` should respect the "Max upload file size" and "Site upload space" site options.
Props flixos90, danielbachhuber.
Fixes#43751.
git-svn-id: https://develop.svn.wordpress.org/trunk@43462 602fd350-edb4-49c9-b593-d223f7449a82
As [43439] added data that contains object IDs, it can cause `wp-api-generated.js` to be unnecessarily regenerated.
Regenerating our list of fixtures that need normalising rectifies this.
See #44321.
git-svn-id: https://develop.svn.wordpress.org/trunk@43441 602fd350-edb4-49c9-b593-d223f7449a82
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.
Props danielbachhuber.
Fixes#44096.
git-svn-id: https://develop.svn.wordpress.org/trunk@43440 602fd350-edb4-49c9-b593-d223f7449a82
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs.
Fixes#44321.
git-svn-id: https://develop.svn.wordpress.org/trunk@43439 602fd350-edb4-49c9-b593-d223f7449a82
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
git-svn-id: https://develop.svn.wordpress.org/trunk@43437 602fd350-edb4-49c9-b593-d223f7449a82
