[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-users-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Users_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core class used to manage users via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Controller
  16   */
  17  class WP_REST_Users_Controller extends WP_REST_Controller {
  18  
  19      /**
  20       * Instance of a user meta fields object.
  21       *
  22       * @since 4.7.0
  23       * @var WP_REST_User_Meta_Fields
  24       */
  25      protected $meta;
  26  
  27      /**
  28       * Constructor.
  29       *
  30       * @since 4.7.0
  31       */
  32  	public function __construct() {
  33          $this->namespace = 'wp/v2';
  34          $this->rest_base = 'users';
  35  
  36          $this->meta = new WP_REST_User_Meta_Fields();
  37      }
  38  
  39      /**
  40       * Registers the routes for the objects of the controller.
  41       *
  42       * @since 4.7.0
  43       *
  44       * @see register_rest_route()
  45       */
  46  	public function register_routes() {
  47  
  48          register_rest_route(
  49              $this->namespace,
  50              '/' . $this->rest_base,
  51              array(
  52                  array(
  53                      'methods'             => WP_REST_Server::READABLE,
  54                      'callback'            => array( $this, 'get_items' ),
  55                      'permission_callback' => array( $this, 'get_items_permissions_check' ),
  56                      'args'                => $this->get_collection_params(),
  57                  ),
  58                  array(
  59                      'methods'             => WP_REST_Server::CREATABLE,
  60                      'callback'            => array( $this, 'create_item' ),
  61                      'permission_callback' => array( $this, 'create_item_permissions_check' ),
  62                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
  63                  ),
  64                  'schema' => array( $this, 'get_public_item_schema' ),
  65              )
  66          );
  67  
  68          register_rest_route(
  69              $this->namespace,
  70              '/' . $this->rest_base . '/(?P<id>[\d]+)',
  71              array(
  72                  'args'   => array(
  73                      'id' => array(
  74                          'description' => __( 'Unique identifier for the user.' ),
  75                          'type'        => 'integer',
  76                      ),
  77                  ),
  78                  array(
  79                      'methods'             => WP_REST_Server::READABLE,
  80                      'callback'            => array( $this, 'get_item' ),
  81                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  82                      'args'                => array(
  83                          'context' => $this->get_context_param( array( 'default' => 'view' ) ),
  84                      ),
  85                  ),
  86                  array(
  87                      'methods'             => WP_REST_Server::EDITABLE,
  88                      'callback'            => array( $this, 'update_item' ),
  89                      'permission_callback' => array( $this, 'update_item_permissions_check' ),
  90                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
  91                  ),
  92                  array(
  93                      'methods'             => WP_REST_Server::DELETABLE,
  94                      'callback'            => array( $this, 'delete_item' ),
  95                      'permission_callback' => array( $this, 'delete_item_permissions_check' ),
  96                      'args'                => array(
  97                          'force'    => array(
  98                              'type'        => 'boolean',
  99                              'default'     => false,
 100                              'description' => __( 'Required to be true, as users do not support trashing.' ),
 101                          ),
 102                          'reassign' => array(
 103                              'type'              => 'integer',
 104                              'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
 105                              'required'          => true,
 106                              'sanitize_callback' => array( $this, 'check_reassign' ),
 107                          ),
 108                      ),
 109                  ),
 110                  'schema' => array( $this, 'get_public_item_schema' ),
 111              )
 112          );
 113  
 114          register_rest_route(
 115              $this->namespace,
 116              '/' . $this->rest_base . '/me',
 117              array(
 118                  array(
 119                      'methods'  => WP_REST_Server::READABLE,
 120                      'callback' => array( $this, 'get_current_item' ),
 121                      'args'     => array(
 122                          'context' => $this->get_context_param( array( 'default' => 'view' ) ),
 123                      ),
 124                  ),
 125                  array(
 126                      'methods'             => WP_REST_Server::EDITABLE,
 127                      'callback'            => array( $this, 'update_current_item' ),
 128                      'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
 129                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
 130                  ),
 131                  array(
 132                      'methods'             => WP_REST_Server::DELETABLE,
 133                      'callback'            => array( $this, 'delete_current_item' ),
 134                      'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
 135                      'args'                => array(
 136                          'force'    => array(
 137                              'type'        => 'boolean',
 138                              'default'     => false,
 139                              'description' => __( 'Required to be true, as users do not support trashing.' ),
 140                          ),
 141                          'reassign' => array(
 142                              'type'              => 'integer',
 143                              'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
 144                              'required'          => true,
 145                              'sanitize_callback' => array( $this, 'check_reassign' ),
 146                          ),
 147                      ),
 148                  ),
 149                  'schema' => array( $this, 'get_public_item_schema' ),
 150              )
 151          );
 152      }
 153  
 154      /**
 155       * Checks for a valid value for the reassign parameter when deleting users.
 156       *
 157       * The value can be an integer, 'false', false, or ''.
 158       *
 159       * @since 4.7.0
 160       *
 161       * @param int|bool        $value   The value passed to the reassign parameter.
 162       * @param WP_REST_Request $request Full details about the request.
 163       * @param string          $param   The parameter that is being sanitized.
 164       *
 165       * @return int|bool|WP_Error
 166       */
 167  	public function check_reassign( $value, $request, $param ) {
 168          if ( is_numeric( $value ) ) {
 169              return $value;
 170          }
 171  
 172          if ( empty( $value ) || false === $value || 'false' === $value ) {
 173              return false;
 174          }
 175  
 176          return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
 177      }
 178  
 179      /**
 180       * Permissions check for getting all users.
 181       *
 182       * @since 4.7.0
 183       *
 184       * @param WP_REST_Request $request Full details about the request.
 185       * @return true|WP_Error True if the request has read access, otherwise WP_Error object.
 186       */
 187  	public function get_items_permissions_check( $request ) {
 188          // Check if roles is specified in GET request and if user can list users.
 189          if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
 190              return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to filter users by role.' ), array( 'status' => rest_authorization_required_code() ) );
 191          }
 192  
 193          if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
 194              return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
 195          }
 196  
 197          if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
 198              return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
 199          }
 200  
 201          if ( 'authors' === $request['who'] ) {
 202              $can_view = false;
 203              $types    = get_post_types( array( 'show_in_rest' => true ), 'objects' );
 204              foreach ( $types as $type ) {
 205                  if ( post_type_supports( $type->name, 'author' )
 206                      && current_user_can( $type->cap->edit_posts ) ) {
 207                      $can_view = true;
 208                  }
 209              }
 210              if ( ! $can_view ) {
 211                  return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
 212              }
 213          }
 214  
 215          return true;
 216      }
 217  
 218      /**
 219       * Retrieves all users.
 220       *
 221       * @since 4.7.0
 222       *
 223       * @param WP_REST_Request $request Full details about the request.
 224       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 225       */
 226  	public function get_items( $request ) {
 227  
 228          // Retrieve the list of registered collection query parameters.
 229          $registered = $this->get_collection_params();
 230  
 231          /*
 232           * This array defines mappings between public API query parameters whose
 233           * values are accepted as-passed, and their internal WP_Query parameter
 234           * name equivalents (some are the same). Only values which are also
 235           * present in $registered will be set.
 236           */
 237          $parameter_mappings = array(
 238              'exclude'  => 'exclude',
 239              'include'  => 'include',
 240              'order'    => 'order',
 241              'per_page' => 'number',
 242              'search'   => 'search',
 243              'roles'    => 'role__in',
 244              'slug'     => 'nicename__in',
 245          );
 246  
 247          $prepared_args = array();
 248  
 249          /*
 250           * For each known parameter which is both registered and present in the request,
 251           * set the parameter's value on the query $prepared_args.
 252           */
 253          foreach ( $parameter_mappings as $api_param => $wp_param ) {
 254              if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
 255                  $prepared_args[ $wp_param ] = $request[ $api_param ];
 256              }
 257          }
 258  
 259          if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) {
 260              $prepared_args['offset'] = $request['offset'];
 261          } else {
 262              $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number'];
 263          }
 264  
 265          if ( isset( $registered['orderby'] ) ) {
 266              $orderby_possibles        = array(
 267                  'id'              => 'ID',
 268                  'include'         => 'include',
 269                  'name'            => 'display_name',
 270                  'registered_date' => 'registered',
 271                  'slug'            => 'user_nicename',
 272                  'include_slugs'   => 'nicename__in',
 273                  'email'           => 'user_email',
 274                  'url'             => 'user_url',
 275              );
 276              $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ];
 277          }
 278  
 279          if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) {
 280              $prepared_args['who'] = 'authors';
 281          } elseif ( ! current_user_can( 'list_users' ) ) {
 282              $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' );
 283          }
 284  
 285          if ( ! empty( $prepared_args['search'] ) ) {
 286              $prepared_args['search'] = '*' . $prepared_args['search'] . '*';
 287          }
 288          /**
 289           * Filters WP_User_Query arguments when querying users via the REST API.
 290           *
 291           * @link https://developer.wordpress.org/reference/classes/wp_user_query/
 292           *
 293           * @since 4.7.0
 294           *
 295           * @param array           $prepared_args Array of arguments for WP_User_Query.
 296           * @param WP_REST_Request $request       The current request.
 297           */
 298          $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request );
 299  
 300          $query = new WP_User_Query( $prepared_args );
 301  
 302          $users = array();
 303  
 304          foreach ( $query->results as $user ) {
 305              $data    = $this->prepare_item_for_response( $user, $request );
 306              $users[] = $this->prepare_response_for_collection( $data );
 307          }
 308  
 309          $response = rest_ensure_response( $users );
 310  
 311          // Store pagination values for headers then unset for count query.
 312          $per_page = (int) $prepared_args['number'];
 313          $page     = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
 314  
 315          $prepared_args['fields'] = 'ID';
 316  
 317          $total_users = $query->get_total();
 318  
 319          if ( $total_users < 1 ) {
 320              // Out-of-bounds, run the query again without LIMIT for total count.
 321              unset( $prepared_args['number'], $prepared_args['offset'] );
 322              $count_query = new WP_User_Query( $prepared_args );
 323              $total_users = $count_query->get_total();
 324          }
 325  
 326          $response->header( 'X-WP-Total', (int) $total_users );
 327  
 328          $max_pages = ceil( $total_users / $per_page );
 329  
 330          $response->header( 'X-WP-TotalPages', (int) $max_pages );
 331  
 332          $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
 333          if ( $page > 1 ) {
 334              $prev_page = $page - 1;
 335  
 336              if ( $prev_page > $max_pages ) {
 337                  $prev_page = $max_pages;
 338              }
 339  
 340              $prev_link = add_query_arg( 'page', $prev_page, $base );
 341              $response->link_header( 'prev', $prev_link );
 342          }
 343          if ( $max_pages > $page ) {
 344              $next_page = $page + 1;
 345              $next_link = add_query_arg( 'page', $next_page, $base );
 346  
 347              $response->link_header( 'next', $next_link );
 348          }
 349  
 350          return $response;
 351      }
 352  
 353      /**
 354       * Get the user, if the ID is valid.
 355       *
 356       * @since 4.7.2
 357       *
 358       * @param int $id Supplied ID.
 359       * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
 360       */
 361  	protected function get_user( $id ) {
 362          $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
 363          if ( (int) $id <= 0 ) {
 364              return $error;
 365          }
 366  
 367          $user = get_userdata( (int) $id );
 368          if ( empty( $user ) || ! $user->exists() ) {
 369              return $error;
 370          }
 371  
 372          if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) {
 373              return $error;
 374          }
 375  
 376          return $user;
 377      }
 378  
 379      /**
 380       * Checks if a given request has access to read a user.
 381       *
 382       * @since 4.7.0
 383       *
 384       * @param WP_REST_Request $request Full details about the request.
 385       * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
 386       */
 387  	public function get_item_permissions_check( $request ) {
 388          $user = $this->get_user( $request['id'] );
 389          if ( is_wp_error( $user ) ) {
 390              return $user;
 391          }
 392  
 393          $types = get_post_types( array( 'show_in_rest' => true ), 'names' );
 394  
 395          if ( get_current_user_id() === $user->ID ) {
 396              return true;
 397          }
 398  
 399          if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
 400              return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
 401          } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) {
 402              return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
 403          }
 404  
 405          return true;
 406      }
 407  
 408      /**
 409       * Retrieves a single user.
 410       *
 411       * @since 4.7.0
 412       *
 413       * @param WP_REST_Request $request Full details about the request.
 414       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 415       */
 416  	public function get_item( $request ) {
 417          $user = $this->get_user( $request['id'] );
 418          if ( is_wp_error( $user ) ) {
 419              return $user;
 420          }
 421  
 422          $user     = $this->prepare_item_for_response( $user, $request );
 423          $response = rest_ensure_response( $user );
 424  
 425          return $response;
 426      }
 427  
 428      /**
 429       * Retrieves the current user.
 430       *
 431       * @since 4.7.0
 432       *
 433       * @param WP_REST_Request $request Full details about the request.
 434       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 435       */
 436  	public function get_current_item( $request ) {
 437          $current_user_id = get_current_user_id();
 438  
 439          if ( empty( $current_user_id ) ) {
 440              return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) );
 441          }
 442  
 443          $user     = wp_get_current_user();
 444          $response = $this->prepare_item_for_response( $user, $request );
 445          $response = rest_ensure_response( $response );
 446  
 447          return $response;
 448      }
 449  
 450      /**
 451       * Checks if a given request has access create users.
 452       *
 453       * @since 4.7.0
 454       *
 455       * @param WP_REST_Request $request Full details about the request.
 456       * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
 457       */
 458  	public function create_item_permissions_check( $request ) {
 459  
 460          if ( ! current_user_can( 'create_users' ) ) {
 461              return new WP_Error( 'rest_cannot_create_user', __( 'Sorry, you are not allowed to create new users.' ), array( 'status' => rest_authorization_required_code() ) );
 462          }
 463  
 464          return true;
 465      }
 466  
 467      /**
 468       * Creates a single user.
 469       *
 470       * @since 4.7.0
 471       *
 472       * @param WP_REST_Request $request Full details about the request.
 473       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 474       */
 475  	public function create_item( $request ) {
 476          if ( ! empty( $request['id'] ) ) {
 477              return new WP_Error( 'rest_user_exists', __( 'Cannot create existing user.' ), array( 'status' => 400 ) );
 478          }
 479  
 480          $schema = $this->get_item_schema();
 481  
 482          if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
 483              $check_permission = $this->check_role_update( $request['id'], $request['roles'] );
 484  
 485              if ( is_wp_error( $check_permission ) ) {
 486                  return $check_permission;
 487              }
 488          }
 489  
 490          $user = $this->prepare_item_for_database( $request );
 491  
 492          if ( is_multisite() ) {
 493              $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email );
 494  
 495              if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) {
 496                  $error = new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
 497                  foreach ( $ret['errors']->errors as $code => $messages ) {
 498                      foreach ( $messages as $message ) {
 499                          $error->add( $code, $message );
 500                      }
 501                      $error_data = $error->get_error_data( $code );
 502                      if ( $error_data ) {
 503                          $error->add_data( $error_data, $code );
 504                      }
 505                  }
 506                  return $error;
 507              }
 508          }
 509  
 510          if ( is_multisite() ) {
 511              $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email );
 512  
 513              if ( ! $user_id ) {
 514                  return new WP_Error( 'rest_user_create', __( 'Error creating new user.' ), array( 'status' => 500 ) );
 515              }
 516  
 517              $user->ID = $user_id;
 518              $user_id  = wp_update_user( wp_slash( (array) $user ) );
 519  
 520              if ( is_wp_error( $user_id ) ) {
 521                  return $user_id;
 522              }
 523  
 524              $result = add_user_to_blog( get_site()->id, $user_id, '' );
 525              if ( is_wp_error( $result ) ) {
 526                  return $result;
 527              }
 528          } else {
 529              $user_id = wp_insert_user( wp_slash( (array) $user ) );
 530  
 531              if ( is_wp_error( $user_id ) ) {
 532                  return $user_id;
 533              }
 534          }
 535  
 536          $user = get_user_by( 'id', $user_id );
 537  
 538          /**
 539           * Fires immediately after a user is created or updated via the REST API.
 540           *
 541           * @since 4.7.0
 542           *
 543           * @param WP_User         $user     Inserted or updated user object.
 544           * @param WP_REST_Request $request  Request object.
 545           * @param bool            $creating True when creating a user, false when updating.
 546           */
 547          do_action( 'rest_insert_user', $user, $request, true );
 548  
 549          if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
 550              array_map( array( $user, 'add_role' ), $request['roles'] );
 551          }
 552  
 553          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 554              $meta_update = $this->meta->update_value( $request['meta'], $user_id );
 555  
 556              if ( is_wp_error( $meta_update ) ) {
 557                  return $meta_update;
 558              }
 559          }
 560  
 561          $user          = get_user_by( 'id', $user_id );
 562          $fields_update = $this->update_additional_fields_for_object( $user, $request );
 563  
 564          if ( is_wp_error( $fields_update ) ) {
 565              return $fields_update;
 566          }
 567  
 568          $request->set_param( 'context', 'edit' );
 569  
 570          /**
 571           * Fires after a user is completely created or updated via the REST API.
 572           *
 573           * @since 5.0.0
 574           *
 575           * @param WP_User         $user     Inserted or updated user object.
 576           * @param WP_REST_Request $request  Request object.
 577           * @param bool            $creating True when creating a user, false when updating.
 578           */
 579          do_action( 'rest_after_insert_user', $user, $request, true );
 580  
 581          $response = $this->prepare_item_for_response( $user, $request );
 582          $response = rest_ensure_response( $response );
 583  
 584          $response->set_status( 201 );
 585          $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) );
 586  
 587          return $response;
 588      }
 589  
 590      /**
 591       * Checks if a given request has access to update a user.
 592       *
 593       * @since 4.7.0
 594       *
 595       * @param WP_REST_Request $request Full details about the request.
 596       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 597       */
 598  	public function update_item_permissions_check( $request ) {
 599          $user = $this->get_user( $request['id'] );
 600          if ( is_wp_error( $user ) ) {
 601              return $user;
 602          }
 603  
 604          if ( ! empty( $request['roles'] ) ) {
 605              if ( ! current_user_can( 'promote_user', $user->ID ) ) {
 606                  return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) );
 607              }
 608  
 609              $request_params = array_keys( $request->get_params() );
 610              sort( $request_params );
 611              // If only 'id' and 'roles' are specified (we are only trying to
 612              // edit roles), then only the 'promote_user' cap is required.
 613              if ( $request_params === array( 'id', 'roles' ) ) {
 614                  return true;
 615              }
 616          }
 617  
 618          if ( ! current_user_can( 'edit_user', $user->ID ) ) {
 619              return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
 620          }
 621  
 622          return true;
 623      }
 624  
 625      /**
 626       * Updates a single user.
 627       *
 628       * @since 4.7.0
 629       *
 630       * @param WP_REST_Request $request Full details about the request.
 631       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 632       */
 633  	public function update_item( $request ) {
 634          $user = $this->get_user( $request['id'] );
 635          if ( is_wp_error( $user ) ) {
 636              return $user;
 637          }
 638  
 639          $id = $user->ID;
 640  
 641          if ( ! $user ) {
 642              return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
 643          }
 644  
 645          $owner_id = email_exists( $request['email'] );
 646  
 647          if ( $owner_id && $owner_id !== $id ) {
 648              return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) );
 649          }
 650  
 651          if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) {
 652              return new WP_Error( 'rest_user_invalid_argument', __( "Username isn't editable." ), array( 'status' => 400 ) );
 653          }
 654  
 655          if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) {
 656              return new WP_Error( 'rest_user_invalid_slug', __( 'Invalid slug.' ), array( 'status' => 400 ) );
 657          }
 658  
 659          if ( ! empty( $request['roles'] ) ) {
 660              $check_permission = $this->check_role_update( $id, $request['roles'] );
 661  
 662              if ( is_wp_error( $check_permission ) ) {
 663                  return $check_permission;
 664              }
 665          }
 666  
 667          $user = $this->prepare_item_for_database( $request );
 668  
 669          // Ensure we're operating on the same user we already checked.
 670          $user->ID = $id;
 671  
 672          $user_id = wp_update_user( wp_slash( (array) $user ) );
 673  
 674          if ( is_wp_error( $user_id ) ) {
 675              return $user_id;
 676          }
 677  
 678          $user = get_user_by( 'id', $user_id );
 679  
 680          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
 681          do_action( 'rest_insert_user', $user, $request, false );
 682  
 683          if ( ! empty( $request['roles'] ) ) {
 684              array_map( array( $user, 'add_role' ), $request['roles'] );
 685          }
 686  
 687          $schema = $this->get_item_schema();
 688  
 689          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 690              $meta_update = $this->meta->update_value( $request['meta'], $id );
 691  
 692              if ( is_wp_error( $meta_update ) ) {
 693                  return $meta_update;
 694              }
 695          }
 696  
 697          $user          = get_user_by( 'id', $user_id );
 698          $fields_update = $this->update_additional_fields_for_object( $user, $request );
 699  
 700          if ( is_wp_error( $fields_update ) ) {
 701              return $fields_update;
 702          }
 703  
 704          $request->set_param( 'context', 'edit' );
 705  
 706          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
 707          do_action( 'rest_after_insert_user', $user, $request, false );
 708  
 709          $response = $this->prepare_item_for_response( $user, $request );
 710          $response = rest_ensure_response( $response );
 711  
 712          return $response;
 713      }
 714  
 715      /**
 716       * Checks if a given request has access to update the current user.
 717       *
 718       * @since 4.7.0
 719       *
 720       * @param WP_REST_Request $request Full details about the request.
 721       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 722       */
 723  	public function update_current_item_permissions_check( $request ) {
 724          $request['id'] = get_current_user_id();
 725  
 726          return $this->update_item_permissions_check( $request );
 727      }
 728  
 729      /**
 730       * Updates the current user.
 731       *
 732       * @since 4.7.0
 733       *
 734       * @param WP_REST_Request $request Full details about the request.
 735       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 736       */
 737  	public function update_current_item( $request ) {
 738          $request['id'] = get_current_user_id();
 739  
 740          return $this->update_item( $request );
 741      }
 742  
 743      /**
 744       * Checks if a given request has access delete a user.
 745       *
 746       * @since 4.7.0
 747       *
 748       * @param WP_REST_Request $request Full details about the request.
 749       * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
 750       */
 751  	public function delete_item_permissions_check( $request ) {
 752          $user = $this->get_user( $request['id'] );
 753          if ( is_wp_error( $user ) ) {
 754              return $user;
 755          }
 756  
 757          if ( ! current_user_can( 'delete_user', $user->ID ) ) {
 758              return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) );
 759          }
 760  
 761          return true;
 762      }
 763  
 764      /**
 765       * Deletes a single user.
 766       *
 767       * @since 4.7.0
 768       *
 769       * @param WP_REST_Request $request Full details about the request.
 770       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 771       */
 772  	public function delete_item( $request ) {
 773          // We don't support delete requests in multisite.
 774          if ( is_multisite() ) {
 775              return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
 776          }
 777          $user = $this->get_user( $request['id'] );
 778          if ( is_wp_error( $user ) ) {
 779              return $user;
 780          }
 781  
 782          $id       = $user->ID;
 783          $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
 784          $force    = isset( $request['force'] ) ? (bool) $request['force'] : false;
 785  
 786          // We don't support trashing for users.
 787          if ( ! $force ) {
 788              /* translators: %s: force=true */
 789              return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) );
 790          }
 791  
 792          if ( ! empty( $reassign ) ) {
 793              if ( $reassign === $id || ! get_userdata( $reassign ) ) {
 794                  return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) );
 795              }
 796          }
 797  
 798          $request->set_param( 'context', 'edit' );
 799  
 800          $previous = $this->prepare_item_for_response( $user, $request );
 801  
 802          /** Include admin user functions to get access to wp_delete_user() */
 803          require_once  ABSPATH . 'wp-admin/includes/user.php';
 804  
 805          $result = wp_delete_user( $id, $reassign );
 806  
 807          if ( ! $result ) {
 808              return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) );
 809          }
 810  
 811          $response = new WP_REST_Response();
 812          $response->set_data(
 813              array(
 814                  'deleted'  => true,
 815                  'previous' => $previous->get_data(),
 816              )
 817          );
 818  
 819          /**
 820           * Fires immediately after a user is deleted via the REST API.
 821           *
 822           * @since 4.7.0
 823           *
 824           * @param WP_User          $user     The user data.
 825           * @param WP_REST_Response $response The response returned from the API.
 826           * @param WP_REST_Request  $request  The request sent to the API.
 827           */
 828          do_action( 'rest_delete_user', $user, $response, $request );
 829  
 830          return $response;
 831      }
 832  
 833      /**
 834       * Checks if a given request has access to delete the current user.
 835       *
 836       * @since 4.7.0
 837       *
 838       * @param WP_REST_Request $request Full details about the request.
 839       * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
 840       */
 841  	public function delete_current_item_permissions_check( $request ) {
 842          $request['id'] = get_current_user_id();
 843  
 844          return $this->delete_item_permissions_check( $request );
 845      }
 846  
 847      /**
 848       * Deletes the current user.
 849       *
 850       * @since 4.7.0
 851       *
 852       * @param WP_REST_Request $request Full details about the request.
 853       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 854       */
 855  	public function delete_current_item( $request ) {
 856          $request['id'] = get_current_user_id();
 857  
 858          return $this->delete_item( $request );
 859      }
 860  
 861      /**
 862       * Prepares a single user output for response.
 863       *
 864       * @since 4.7.0
 865       *
 866       * @param WP_User         $user    User object.
 867       * @param WP_REST_Request $request Request object.
 868       * @return WP_REST_Response Response object.
 869       */
 870  	public function prepare_item_for_response( $user, $request ) {
 871  
 872          $data   = array();
 873          $fields = $this->get_fields_for_response( $request );
 874  
 875          if ( in_array( 'id', $fields, true ) ) {
 876              $data['id'] = $user->ID;
 877          }
 878  
 879          if ( in_array( 'username', $fields, true ) ) {
 880              $data['username'] = $user->user_login;
 881          }
 882  
 883          if ( in_array( 'name', $fields, true ) ) {
 884              $data['name'] = $user->display_name;
 885          }
 886  
 887          if ( in_array( 'first_name', $fields, true ) ) {
 888              $data['first_name'] = $user->first_name;
 889          }
 890  
 891          if ( in_array( 'last_name', $fields, true ) ) {
 892              $data['last_name'] = $user->last_name;
 893          }
 894  
 895          if ( in_array( 'email', $fields, true ) ) {
 896              $data['email'] = $user->user_email;
 897          }
 898  
 899          if ( in_array( 'url', $fields, true ) ) {
 900              $data['url'] = $user->user_url;
 901          }
 902  
 903          if ( in_array( 'description', $fields, true ) ) {
 904              $data['description'] = $user->description;
 905          }
 906  
 907          if ( in_array( 'link', $fields, true ) ) {
 908              $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename );
 909          }
 910  
 911          if ( in_array( 'locale', $fields, true ) ) {
 912              $data['locale'] = get_user_locale( $user );
 913          }
 914  
 915          if ( in_array( 'nickname', $fields, true ) ) {
 916              $data['nickname'] = $user->nickname;
 917          }
 918  
 919          if ( in_array( 'slug', $fields, true ) ) {
 920              $data['slug'] = $user->user_nicename;
 921          }
 922  
 923          if ( in_array( 'roles', $fields, true ) ) {
 924              // Defensively call array_values() to ensure an array is returned.
 925              $data['roles'] = array_values( $user->roles );
 926          }
 927  
 928          if ( in_array( 'registered_date', $fields, true ) ) {
 929              $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) );
 930          }
 931  
 932          if ( in_array( 'capabilities', $fields, true ) ) {
 933              $data['capabilities'] = (object) $user->allcaps;
 934          }
 935  
 936          if ( in_array( 'extra_capabilities', $fields, true ) ) {
 937              $data['extra_capabilities'] = (object) $user->caps;
 938          }
 939  
 940          if ( in_array( 'avatar_urls', $fields, true ) ) {
 941              $data['avatar_urls'] = rest_get_avatar_urls( $user );
 942          }
 943  
 944          if ( in_array( 'meta', $fields, true ) ) {
 945              $data['meta'] = $this->meta->get_value( $user->ID, $request );
 946          }
 947  
 948          $context = ! empty( $request['context'] ) ? $request['context'] : 'embed';
 949  
 950          $data = $this->add_additional_fields_to_object( $data, $request );
 951          $data = $this->filter_response_by_context( $data, $context );
 952  
 953          // Wrap the data in a response object.
 954          $response = rest_ensure_response( $data );
 955  
 956          $response->add_links( $this->prepare_links( $user ) );
 957  
 958          /**
 959           * Filters user data returned from the REST API.
 960           *
 961           * @since 4.7.0
 962           *
 963           * @param WP_REST_Response $response The response object.
 964           * @param object           $user     User object used to create response.
 965           * @param WP_REST_Request  $request  Request object.
 966           */
 967          return apply_filters( 'rest_prepare_user', $response, $user, $request );
 968      }
 969  
 970      /**
 971       * Prepares links for the user request.
 972       *
 973       * @since 4.7.0
 974       *
 975       * @param WP_Post $user User object.
 976       * @return array Links for the given user.
 977       */
 978  	protected function prepare_links( $user ) {
 979          $links = array(
 980              'self'       => array(
 981                  'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ),
 982              ),
 983              'collection' => array(
 984                  'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
 985              ),
 986          );
 987  
 988          return $links;
 989      }
 990  
 991      /**
 992       * Prepares a single user for creation or update.
 993       *
 994       * @since 4.7.0
 995       *
 996       * @param WP_REST_Request $request Request object.
 997       * @return object $prepared_user User object.
 998       */
 999  	protected function prepare_item_for_database( $request ) {
1000          $prepared_user = new stdClass;
1001  
1002          $schema = $this->get_item_schema();
1003  
1004          // required arguments.
1005          if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) {
1006              $prepared_user->user_email = $request['email'];
1007          }
1008  
1009          if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) {
1010              $prepared_user->user_login = $request['username'];
1011          }
1012  
1013          if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) {
1014              $prepared_user->user_pass = $request['password'];
1015          }
1016  
1017          // optional arguments.
1018          if ( isset( $request['id'] ) ) {
1019              $prepared_user->ID = absint( $request['id'] );
1020          }
1021  
1022          if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) {
1023              $prepared_user->display_name = $request['name'];
1024          }
1025  
1026          if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) {
1027              $prepared_user->first_name = $request['first_name'];
1028          }
1029  
1030          if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) {
1031              $prepared_user->last_name = $request['last_name'];
1032          }
1033  
1034          if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) {
1035              $prepared_user->nickname = $request['nickname'];
1036          }
1037  
1038          if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) {
1039              $prepared_user->user_nicename = $request['slug'];
1040          }
1041  
1042          if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) {
1043              $prepared_user->description = $request['description'];
1044          }
1045  
1046          if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) {
1047              $prepared_user->user_url = $request['url'];
1048          }
1049  
1050          if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) {
1051              $prepared_user->locale = $request['locale'];
1052          }
1053  
1054          // setting roles will be handled outside of this function.
1055          if ( isset( $request['roles'] ) ) {
1056              $prepared_user->role = false;
1057          }
1058  
1059          /**
1060           * Filters user data before insertion via the REST API.
1061           *
1062           * @since 4.7.0
1063           *
1064           * @param object          $prepared_user User object.
1065           * @param WP_REST_Request $request       Request object.
1066           */
1067          return apply_filters( 'rest_pre_insert_user', $prepared_user, $request );
1068      }
1069  
1070      /**
1071       * Determines if the current user is allowed to make the desired roles change.
1072       *
1073       * @since 4.7.0
1074       *
1075       * @param integer $user_id User ID.
1076       * @param array   $roles   New user roles.
1077       * @return true|WP_Error True if the current user is allowed to make the role change,
1078       *                       otherwise a WP_Error object.
1079       */
1080  	protected function check_role_update( $user_id, $roles ) {
1081          global $wp_roles;
1082  
1083          foreach ( $roles as $role ) {
1084  
1085              if ( ! isset( $wp_roles->role_objects[ $role ] ) ) {
1086                  /* translators: %s: Role key. */
1087                  return new WP_Error( 'rest_user_invalid_role', sprintf( __( 'The role %s does not exist.' ), $role ), array( 'status' => 400 ) );
1088              }
1089  
1090              $potential_role = $wp_roles->role_objects[ $role ];
1091  
1092              /*
1093               * Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
1094               * Multisite super admins can freely edit their blog roles -- they possess all caps.
1095               */
1096              if ( ! ( is_multisite()
1097                  && current_user_can( 'manage_sites' ) )
1098                  && get_current_user_id() === $user_id
1099                  && ! $potential_role->has_cap( 'edit_users' )
1100              ) {
1101                  return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => rest_authorization_required_code() ) );
1102              }
1103  
1104              /** Include admin functions to get access to get_editable_roles() */
1105              require_once  ABSPATH . 'wp-admin/includes/admin.php';
1106  
1107              // The new role must be editable by the logged-in user.
1108              $editable_roles = get_editable_roles();
1109  
1110              if ( empty( $editable_roles[ $role ] ) ) {
1111                  return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => 403 ) );
1112              }
1113          }
1114  
1115          return true;
1116      }
1117  
1118      /**
1119       * Check a username for the REST API.
1120       *
1121       * Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
1122       *
1123       * @since 4.7.0
1124       *
1125       * @param mixed           $value   The username submitted in the request.
1126       * @param WP_REST_Request $request Full details about the request.
1127       * @param string          $param   The parameter name.
1128       * @return WP_Error|string The sanitized username, if valid, otherwise an error.
1129       */
1130  	public function check_username( $value, $request, $param ) {
1131          $username = (string) $value;
1132  
1133          if ( ! validate_username( $username ) ) {
1134              return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) );
1135          }
1136  
1137          /** This filter is documented in wp-includes/user.php */
1138          $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
1139  
1140          if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ) ) ) {
1141              return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) );
1142          }
1143  
1144          return $username;
1145      }
1146  
1147      /**
1148       * Check a user password for the REST API.
1149       *
1150       * Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
1151       *
1152       * @since 4.7.0
1153       *
1154       * @param mixed           $value   The password submitted in the request.
1155       * @param WP_REST_Request $request Full details about the request.
1156       * @param string          $param   The parameter name.
1157       * @return WP_Error|string The sanitized password, if valid, otherwise an error.
1158       */
1159  	public function check_user_password( $value, $request, $param ) {
1160          $password = (string) $value;
1161  
1162          if ( empty( $password ) ) {
1163              return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );
1164          }
1165  
1166          if ( false !== strpos( $password, '\\' ) ) {
1167              return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot contain the "\\" character.' ), array( 'status' => 400 ) );
1168          }
1169  
1170          return $password;
1171      }
1172  
1173      /**
1174       * Retrieves the user's schema, conforming to JSON Schema.
1175       *
1176       * @since 4.7.0
1177       *
1178       * @return array Item schema data.
1179       */
1180  	public function get_item_schema() {
1181          if ( $this->schema ) {
1182              return $this->add_additional_fields_schema( $this->schema );
1183          }
1184  
1185          $schema = array(
1186              '$schema'    => 'http://json-schema.org/draft-04/schema#',
1187              'title'      => 'user',
1188              'type'       => 'object',
1189              'properties' => array(
1190                  'id'                 => array(
1191                      'description' => __( 'Unique identifier for the user.' ),
1192                      'type'        => 'integer',
1193                      'context'     => array( 'embed', 'view', 'edit' ),
1194                      'readonly'    => true,
1195                  ),
1196                  'username'           => array(
1197                      'description' => __( 'Login name for the user.' ),
1198                      'type'        => 'string',
1199                      'context'     => array( 'edit' ),
1200                      'required'    => true,
1201                      'arg_options' => array(
1202                          'sanitize_callback' => array( $this, 'check_username' ),
1203                      ),
1204                  ),
1205                  'name'               => array(
1206                      'description' => __( 'Display name for the user.' ),
1207                      'type'        => 'string',
1208                      'context'     => array( 'embed', 'view', 'edit' ),
1209                      'arg_options' => array(
1210                          'sanitize_callback' => 'sanitize_text_field',
1211                      ),
1212                  ),
1213                  'first_name'         => array(
1214                      'description' => __( 'First name for the user.' ),
1215                      'type'        => 'string',
1216                      'context'     => array( 'edit' ),
1217                      'arg_options' => array(
1218                          'sanitize_callback' => 'sanitize_text_field',
1219                      ),
1220                  ),
1221                  'last_name'          => array(
1222                      'description' => __( 'Last name for the user.' ),
1223                      'type'        => 'string',
1224                      'context'     => array( 'edit' ),
1225                      'arg_options' => array(
1226                          'sanitize_callback' => 'sanitize_text_field',
1227                      ),
1228                  ),
1229                  'email'              => array(
1230                      'description' => __( 'The email address for the user.' ),
1231                      'type'        => 'string',
1232                      'format'      => 'email',
1233                      'context'     => array( 'edit' ),
1234                      'required'    => true,
1235                  ),
1236                  'url'                => array(
1237                      'description' => __( 'URL of the user.' ),
1238                      'type'        => 'string',
1239                      'format'      => 'uri',
1240                      'context'     => array( 'embed', 'view', 'edit' ),
1241                  ),
1242                  'description'        => array(
1243                      'description' => __( 'Description of the user.' ),
1244                      'type'        => 'string',
1245                      'context'     => array( 'embed', 'view', 'edit' ),
1246                  ),
1247                  'link'               => array(
1248                      'description' => __( 'Author URL of the user.' ),
1249                      'type'        => 'string',
1250                      'format'      => 'uri',
1251                      'context'     => array( 'embed', 'view', 'edit' ),
1252                      'readonly'    => true,
1253                  ),
1254                  'locale'             => array(
1255                      'description' => __( 'Locale for the user.' ),
1256                      'type'        => 'string',
1257                      'enum'        => array_merge( array( '', 'en_US' ), get_available_languages() ),
1258                      'context'     => array( 'edit' ),
1259                  ),
1260                  'nickname'           => array(
1261                      'description' => __( 'The nickname for the user.' ),
1262                      'type'        => 'string',
1263                      'context'     => array( 'edit' ),
1264                      'arg_options' => array(
1265                          'sanitize_callback' => 'sanitize_text_field',
1266                      ),
1267                  ),
1268                  'slug'               => array(
1269                      'description' => __( 'An alphanumeric identifier for the user.' ),
1270                      'type'        => 'string',
1271                      'context'     => array( 'embed', 'view', 'edit' ),
1272                      'arg_options' => array(
1273                          'sanitize_callback' => array( $this, 'sanitize_slug' ),
1274                      ),
1275                  ),
1276                  'registered_date'    => array(
1277                      'description' => __( 'Registration date for the user.' ),
1278                      'type'        => 'string',
1279                      'format'      => 'date-time',
1280                      'context'     => array( 'edit' ),
1281                      'readonly'    => true,
1282                  ),
1283                  'roles'              => array(
1284                      'description' => __( 'Roles assigned to the user.' ),
1285                      'type'        => 'array',
1286                      'items'       => array(
1287                          'type' => 'string',
1288                      ),
1289                      'context'     => array( 'edit' ),
1290                  ),
1291                  'password'           => array(
1292                      'description' => __( 'Password for the user (never included).' ),
1293                      'type'        => 'string',
1294                      'context'     => array(), // Password is never displayed.
1295                      'required'    => true,
1296                      'arg_options' => array(
1297                          'sanitize_callback' => array( $this, 'check_user_password' ),
1298                      ),
1299                  ),
1300                  'capabilities'       => array(
1301                      'description' => __( 'All capabilities assigned to the user.' ),
1302                      'type'        => 'object',
1303                      'context'     => array( 'edit' ),
1304                      'readonly'    => true,
1305                  ),
1306                  'extra_capabilities' => array(
1307                      'description' => __( 'Any extra capabilities assigned to the user.' ),
1308                      'type'        => 'object',
1309                      'context'     => array( 'edit' ),
1310                      'readonly'    => true,
1311                  ),
1312              ),
1313          );
1314  
1315          if ( get_option( 'show_avatars' ) ) {
1316              $avatar_properties = array();
1317  
1318              $avatar_sizes = rest_get_avatar_sizes();
1319  
1320              foreach ( $avatar_sizes as $size ) {
1321                  $avatar_properties[ $size ] = array(
1322                      /* translators: %d: Avatar image size in pixels. */
1323                      'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ),
1324                      'type'        => 'string',
1325                      'format'      => 'uri',
1326                      'context'     => array( 'embed', 'view', 'edit' ),
1327                  );
1328              }
1329  
1330              $schema['properties']['avatar_urls'] = array(
1331                  'description' => __( 'Avatar URLs for the user.' ),
1332                  'type'        => 'object',
1333                  'context'     => array( 'embed', 'view', 'edit' ),
1334                  'readonly'    => true,
1335                  'properties'  => $avatar_properties,
1336              );
1337          }
1338  
1339          $schema['properties']['meta'] = $this->meta->get_field_schema();
1340  
1341          $this->schema = $schema;
1342          return $this->add_additional_fields_schema( $this->schema );
1343      }
1344  
1345      /**
1346       * Retrieves the query params for collections.
1347       *
1348       * @since 4.7.0
1349       *
1350       * @return array Collection parameters.
1351       */
1352  	public function get_collection_params() {
1353          $query_params = parent::get_collection_params();
1354  
1355          $query_params['context']['default'] = 'view';
1356  
1357          $query_params['exclude'] = array(
1358              'description' => __( 'Ensure result set excludes specific IDs.' ),
1359              'type'        => 'array',
1360              'items'       => array(
1361                  'type' => 'integer',
1362              ),
1363              'default'     => array(),
1364          );
1365  
1366          $query_params['include'] = array(
1367              'description' => __( 'Limit result set to specific IDs.' ),
1368              'type'        => 'array',
1369              'items'       => array(
1370                  'type' => 'integer',
1371              ),
1372              'default'     => array(),
1373          );
1374  
1375          $query_params['offset'] = array(
1376              'description' => __( 'Offset the result set by a specific number of items.' ),
1377              'type'        => 'integer',
1378          );
1379  
1380          $query_params['order'] = array(
1381              'default'     => 'asc',
1382              'description' => __( 'Order sort attribute ascending or descending.' ),
1383              'enum'        => array( 'asc', 'desc' ),
1384              'type'        => 'string',
1385          );
1386  
1387          $query_params['orderby'] = array(
1388              'default'     => 'name',
1389              'description' => __( 'Sort collection by object attribute.' ),
1390              'enum'        => array(
1391                  'id',
1392                  'include',
1393                  'name',
1394                  'registered_date',
1395                  'slug',
1396                  'include_slugs',
1397                  'email',
1398                  'url',
1399              ),
1400              'type'        => 'string',
1401          );
1402  
1403          $query_params['slug'] = array(
1404              'description' => __( 'Limit result set to users with one or more specific slugs.' ),
1405              'type'        => 'array',
1406              'items'       => array(
1407                  'type' => 'string',
1408              ),
1409          );
1410  
1411          $query_params['roles'] = array(
1412              'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ),
1413              'type'        => 'array',
1414              'items'       => array(
1415                  'type' => 'string',
1416              ),
1417          );
1418  
1419          $query_params['who'] = array(
1420              'description' => __( 'Limit result set to users who are considered authors.' ),
1421              'type'        => 'string',
1422              'enum'        => array(
1423                  'authors',
1424              ),
1425          );
1426  
1427          /**
1428           * Filter collection parameters for the users controller.
1429           *
1430           * This filter registers the collection parameter, but does not map the
1431           * collection parameter to an internal WP_User_Query parameter.  Use the
1432           * `rest_user_query` filter to set WP_User_Query arguments.
1433           *
1434           * @since 4.7.0
1435           *
1436           * @param array $query_params JSON Schema-formatted collection parameters.
1437           */
1438          return apply_filters( 'rest_user_collection_params', $query_params );
1439      }
1440  }


Generated: Tue Oct 22 08:20:01 2019 Cross-referenced by PHPXref 0.7