WP_REST_Controller

Core base controller for managing and interacting with REST API items.

Defined (1)

The class is defined in the following location(s).

/wp-includes/rest-api/endpoints/class-wp-rest-controller.php  
  1. abstract class WP_REST_Controller { 
  2.  
  3. /** 
  4. * The namespace of this controller's route. 
  5. * @since 4.7.0 
  6. * @access protected 
  7. * @var string 
  8. */ 
  9. protected $namespace; 
  10.  
  11. /** 
  12. * The base of this controller's route. 
  13. * @since 4.7.0 
  14. * @access protected 
  15. * @var string 
  16. */ 
  17. protected $rest_base; 
  18.  
  19. /** 
  20. * Registers the routes for the objects of the controller. 
  21. * @since 4.7.0 
  22. * @access public 
  23. */ 
  24. public function register_routes() { 
  25. _doing_it_wrong( 'WP_REST_Controller::register_routes', __( 'The register_routes() method must be overridden' ), '4.7' ); 
  26.  
  27. /** 
  28. * Checks if a given request has access to get items. 
  29. * @since 4.7.0 
  30. * @access public 
  31. * @param WP_REST_Request $request Full data about the request. 
  32. * @return WP_Error|bool True if the request has read access, WP_Error object otherwise. 
  33. */ 
  34. public function get_items_permissions_check( $request ) { 
  35. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  36.  
  37. /** 
  38. * Retrieves a collection of items. 
  39. * @since 4.7.0 
  40. * @access public 
  41. * @param WP_REST_Request $request Full data about the request. 
  42. * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. 
  43. */ 
  44. public function get_items( $request ) { 
  45. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  46.  
  47. /** 
  48. * Checks if a given request has access to get a specific item. 
  49. * @since 4.7.0 
  50. * @access public 
  51. * @param WP_REST_Request $request Full data about the request. 
  52. * @return WP_Error|bool True if the request has read access for the item, WP_Error object otherwise. 
  53. */ 
  54. public function get_item_permissions_check( $request ) { 
  55. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  56.  
  57. /** 
  58. * Retrieves one item from the collection. 
  59. * @since 4.7.0 
  60. * @access public 
  61. * @param WP_REST_Request $request Full data about the request. 
  62. * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. 
  63. */ 
  64. public function get_item( $request ) { 
  65. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  66.  
  67. /** 
  68. * Checks if a given request has access to create items. 
  69. * @since 4.7.0 
  70. * @access public 
  71. * @param WP_REST_Request $request Full data about the request. 
  72. * @return WP_Error|bool True if the request has access to create items, WP_Error object otherwise. 
  73. */ 
  74. public function create_item_permissions_check( $request ) { 
  75. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  76.  
  77. /** 
  78. * Creates one item from the collection. 
  79. * @since 4.7.0 
  80. * @access public 
  81. * @param WP_REST_Request $request Full data about the request. 
  82. * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. 
  83. */ 
  84. public function create_item( $request ) { 
  85. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  86.  
  87. /** 
  88. * Checks if a given request has access to update a specific item. 
  89. * @since 4.7.0 
  90. * @access public 
  91. * @param WP_REST_Request $request Full data about the request. 
  92. * @return WP_Error|bool True if the request has access to update the item, WP_Error object otherwise. 
  93. */ 
  94. public function update_item_permissions_check( $request ) { 
  95. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  96.  
  97. /** 
  98. * Updates one item from the collection. 
  99. * @since 4.7.0 
  100. * @access public 
  101. * @param WP_REST_Request $request Full data about the request. 
  102. * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. 
  103. */ 
  104. public function update_item( $request ) { 
  105. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  106.  
  107. /** 
  108. * Checks if a given request has access to delete a specific item. 
  109. * @since 4.7.0 
  110. * @access public 
  111. * @param WP_REST_Request $request Full data about the request. 
  112. * @return WP_Error|bool True if the request has access to delete the item, WP_Error object otherwise. 
  113. */ 
  114. public function delete_item_permissions_check( $request ) { 
  115. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  116.  
  117. /** 
  118. * Deletes one item from the collection. 
  119. * @since 4.7.0 
  120. * @access public 
  121. * @param WP_REST_Request $request Full data about the request. 
  122. * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. 
  123. */ 
  124. public function delete_item( $request ) { 
  125. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  126.  
  127. /** 
  128. * Prepares one item for create or update operation. 
  129. * @since 4.7.0 
  130. * @access public 
  131. * @param WP_REST_Request $request Request object. 
  132. * @return WP_Error|object The prepared item, or WP_Error object on failure. 
  133. */ 
  134. protected function prepare_item_for_database( $request ) { 
  135. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  136.  
  137. /** 
  138. * Prepares the item for the REST response. 
  139. * @since 4.7.0 
  140. * @access public 
  141. * @param mixed $item WordPress representation of the item. 
  142. * @param WP_REST_Request $request Request object. 
  143. * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. 
  144. */ 
  145. public function prepare_item_for_response( $item, $request ) { 
  146. return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass." ), __METHOD__ ), array( 'status' => 405 ) ); 
  147.  
  148. /** 
  149. * Prepares a response for insertion into a collection. 
  150. * @since 4.7.0 
  151. * @access public 
  152. * @param WP_REST_Response $response Response object. 
  153. * @return array|mixed Response data, ready for insertion into collection data. 
  154. */ 
  155. public function prepare_response_for_collection( $response ) { 
  156. if ( ! ( $response instanceof WP_REST_Response ) ) { 
  157. return $response; 
  158.  
  159. $data = (array) $response->get_data(); 
  160. $server = rest_get_server(); 
  161.  
  162. if ( method_exists( $server, 'get_compact_response_links' ) ) { 
  163. $links = call_user_func( array( $server, 'get_compact_response_links' ), $response ); 
  164. } else { 
  165. $links = call_user_func( array( $server, 'get_response_links' ), $response ); 
  166.  
  167. if ( ! empty( $links ) ) { 
  168. $data['_links'] = $links; 
  169.  
  170. return $data; 
  171.  
  172. /** 
  173. * Filters a response based on the context defined in the schema. 
  174. * @since 4.7.0 
  175. * @access public 
  176. * @param array $data Response data to fiter. 
  177. * @param string $context Context defined in the schema. 
  178. * @return array Filtered response. 
  179. */ 
  180. public function filter_response_by_context( $data, $context ) { 
  181.  
  182. $schema = $this->get_item_schema(); 
  183.  
  184. foreach ( $data as $key => $value ) { 
  185. if ( empty( $schema['properties'][ $key ] ) || empty( $schema['properties'][ $key ]['context'] ) ) { 
  186. continue; 
  187.  
  188. if ( ! in_array( $context, $schema['properties'][ $key ]['context'], true ) ) { 
  189. unset( $data[ $key ] ); 
  190. continue; 
  191.  
  192. if ( 'object' === $schema['properties'][ $key ]['type'] && ! empty( $schema['properties'][ $key ]['properties'] ) ) { 
  193. foreach ( $schema['properties'][ $key ]['properties'] as $attribute => $details ) { 
  194. if ( empty( $details['context'] ) ) { 
  195. continue; 
  196.  
  197. if ( ! in_array( $context, $details['context'], true ) ) { 
  198. if ( isset( $data[ $key ][ $attribute ] ) ) { 
  199. unset( $data[ $key ][ $attribute ] ); 
  200.  
  201. return $data; 
  202.  
  203. /** 
  204. * Retrieves the item's schema, conforming to JSON Schema. 
  205. * @since 4.7.0 
  206. * @access public 
  207. * @return array Item schema data. 
  208. */ 
  209. public function get_item_schema() { 
  210. return $this->add_additional_fields_schema( array() ); 
  211.  
  212. /** 
  213. * Retrieves the item's schema for display / public consumption purposes. 
  214. * @since 4.7.0 
  215. * @access public 
  216. * @return array Public item schema data. 
  217. */ 
  218. public function get_public_item_schema() { 
  219.  
  220. $schema = $this->get_item_schema(); 
  221.  
  222. foreach ( $schema['properties'] as &$property ) { 
  223. unset( $property['arg_options'] ); 
  224.  
  225. return $schema; 
  226.  
  227. /** 
  228. * Retrieves the query params for the collections. 
  229. * @since 4.7.0 
  230. * @access public 
  231. * @return array Query parameters for the collection. 
  232. */ 
  233. public function get_collection_params() { 
  234. return array( 
  235. 'context' => $this->get_context_param(),  
  236. 'page' => array( 
  237. 'description' => __( 'Current page of the collection.' ),  
  238. 'type' => 'integer',  
  239. 'default' => 1,  
  240. 'sanitize_callback' => 'absint',  
  241. 'validate_callback' => 'rest_validate_request_arg',  
  242. 'minimum' => 1,  
  243. ),  
  244. 'per_page' => array( 
  245. 'description' => __( 'Maximum number of items to be returned in result set.' ),  
  246. 'type' => 'integer',  
  247. 'default' => 10,  
  248. 'minimum' => 1,  
  249. 'maximum' => 100,  
  250. 'sanitize_callback' => 'absint',  
  251. 'validate_callback' => 'rest_validate_request_arg',  
  252. ),  
  253. 'search' => array( 
  254. 'description' => __( 'Limit results to those matching a string.' ),  
  255. 'type' => 'string',  
  256. 'sanitize_callback' => 'sanitize_text_field',  
  257. 'validate_callback' => 'rest_validate_request_arg',  
  258. ),  
  259. ); 
  260.  
  261. /** 
  262. * Retrieves the magical context param. 
  263. * Ensures consistent descriptions between endpoints, and populates enum from schema. 
  264. * @since 4.7.0 
  265. * @access public 
  266. * @param array $args Optional. Additional arguments for context parameter. Default empty array. 
  267. * @return array Context parameter details. 
  268. */ 
  269. public function get_context_param( $args = array() ) { 
  270. $param_details = array( 
  271. 'description' => __( 'Scope under which the request is made; determines fields present in response.' ),  
  272. 'type' => 'string',  
  273. 'sanitize_callback' => 'sanitize_key',  
  274. 'validate_callback' => 'rest_validate_request_arg',  
  275. ); 
  276.  
  277. $schema = $this->get_item_schema(); 
  278.  
  279. if ( empty( $schema['properties'] ) ) { 
  280. return array_merge( $param_details, $args ); 
  281.  
  282. $contexts = array(); 
  283.  
  284. foreach ( $schema['properties'] as $attributes ) { 
  285. if ( ! empty( $attributes['context'] ) ) { 
  286. $contexts = array_merge( $contexts, $attributes['context'] ); 
  287.  
  288. if ( ! empty( $contexts ) ) { 
  289. $param_details['enum'] = array_unique( $contexts ); 
  290. rsort( $param_details['enum'] ); 
  291.  
  292. return array_merge( $param_details, $args ); 
  293.  
  294. /** 
  295. * Adds the values from additional fields to a data object. 
  296. * @since 4.7.0 
  297. * @access protected 
  298. * @param array $object Data object. 
  299. * @param WP_REST_Request $request Full details about the request. 
  300. * @return array Modified data object with additional fields. 
  301. */ 
  302. protected function add_additional_fields_to_object( $object, $request ) { 
  303.  
  304. $additional_fields = $this->get_additional_fields(); 
  305.  
  306. foreach ( $additional_fields as $field_name => $field_options ) { 
  307.  
  308. if ( ! $field_options['get_callback'] ) { 
  309. continue; 
  310.  
  311. $object[ $field_name ] = call_user_func( $field_options['get_callback'], $object, $field_name, $request, $this->get_object_type() ); 
  312.  
  313. return $object; 
  314.  
  315. /** 
  316. * Updates the values of additional fields added to a data object. 
  317. * @since 4.7.0 
  318. * @access protected 
  319. * @param array $object Data Object. 
  320. * @param WP_REST_Request $request Full details about the request. 
  321. * @return bool|WP_Error True on success, WP_Error object if a field cannot be updated. 
  322. */ 
  323. protected function update_additional_fields_for_object( $object, $request ) { 
  324. $additional_fields = $this->get_additional_fields(); 
  325.  
  326. foreach ( $additional_fields as $field_name => $field_options ) { 
  327. if ( ! $field_options['update_callback'] ) { 
  328. continue; 
  329.  
  330. // Don't run the update callbacks if the data wasn't passed in the request. 
  331. if ( ! isset( $request[ $field_name ] ) ) { 
  332. continue; 
  333.  
  334. $result = call_user_func( $field_options['update_callback'], $request[ $field_name ], $object, $field_name, $request, $this->get_object_type() ); 
  335.  
  336. if ( is_wp_error( $result ) ) { 
  337. return $result; 
  338.  
  339. return true; 
  340.  
  341. /** 
  342. * Adds the schema from additional fields to a schema array. 
  343. * The type of object is inferred from the passed schema. 
  344. * @since 4.7.0 
  345. * @access protected 
  346. * @param array $schema Schema array. 
  347. * @return array Modified Schema array. 
  348. */ 
  349. protected function add_additional_fields_schema( $schema ) { 
  350. if ( empty( $schema['title'] ) ) { 
  351. return $schema; 
  352.  
  353. // Can't use $this->get_object_type otherwise we cause an inf loop. 
  354. $object_type = $schema['title']; 
  355.  
  356. $additional_fields = $this->get_additional_fields( $object_type ); 
  357.  
  358. foreach ( $additional_fields as $field_name => $field_options ) { 
  359. if ( ! $field_options['schema'] ) { 
  360. continue; 
  361.  
  362. $schema['properties'][ $field_name ] = $field_options['schema']; 
  363.  
  364. return $schema; 
  365.  
  366. /** 
  367. * Retrieves all of the registered additional fields for a given object-type. 
  368. * @since 4.7.0 
  369. * @access protected 
  370. * @param string $object_type Optional. The object type. 
  371. * @return array Registered additional fields (if any), empty array if none or if the object type could 
  372. * not be inferred. 
  373. */ 
  374. protected function get_additional_fields( $object_type = null ) { 
  375.  
  376. if ( ! $object_type ) { 
  377. $object_type = $this->get_object_type(); 
  378.  
  379. if ( ! $object_type ) { 
  380. return array(); 
  381.  
  382. global $wp_rest_additional_fields; 
  383.  
  384. if ( ! $wp_rest_additional_fields || ! isset( $wp_rest_additional_fields[ $object_type ] ) ) { 
  385. return array(); 
  386.  
  387. return $wp_rest_additional_fields[ $object_type ]; 
  388.  
  389. /** 
  390. * Retrieves the object type this controller is responsible for managing. 
  391. * @since 4.7.0 
  392. * @access protected 
  393. * @return string Object type for the controller. 
  394. */ 
  395. protected function get_object_type() { 
  396. $schema = $this->get_item_schema(); 
  397.  
  398. if ( ! $schema || ! isset( $schema['title'] ) ) { 
  399. return null; 
  400.  
  401. return $schema['title']; 
  402.  
  403. /** 
  404. * Retrieves an array of endpoint arguments from the item schema for the controller. 
  405. * @since 4.7.0 
  406. * @access public 
  407. * @param string $method Optional. HTTP method of the request. The arguments for `CREATABLE` requests are 
  408. * checked for required values and may fall-back to a given default, this is not done 
  409. * on `EDITABLE` requests. Default WP_REST_Server::CREATABLE. 
  410. * @return array Endpoint arguments. 
  411. */ 
  412. public function get_endpoint_args_for_item_schema( $method = WP_REST_Server::CREATABLE ) { 
  413.  
  414. $schema = $this->get_item_schema(); 
  415. $schema_properties = ! empty( $schema['properties'] ) ? $schema['properties'] : array(); 
  416. $endpoint_args = array(); 
  417.  
  418. foreach ( $schema_properties as $field_id => $params ) { 
  419.  
  420. // Arguments specified as `readonly` are not allowed to be set. 
  421. if ( ! empty( $params['readonly'] ) ) { 
  422. continue; 
  423.  
  424. $endpoint_args[ $field_id ] = array( 
  425. 'validate_callback' => 'rest_validate_request_arg',  
  426. 'sanitize_callback' => 'rest_sanitize_request_arg',  
  427. ); 
  428.  
  429. if ( isset( $params['description'] ) ) { 
  430. $endpoint_args[ $field_id ]['description'] = $params['description']; 
  431.  
  432. if ( WP_REST_Server::CREATABLE === $method && isset( $params['default'] ) ) { 
  433. $endpoint_args[ $field_id ]['default'] = $params['default']; 
  434.  
  435. if ( WP_REST_Server::CREATABLE === $method && ! empty( $params['required'] ) ) { 
  436. $endpoint_args[ $field_id ]['required'] = true; 
  437.  
  438. foreach ( array( 'type', 'format', 'enum', 'items' ) as $schema_prop ) { 
  439. if ( isset( $params[ $schema_prop ] ) ) { 
  440. $endpoint_args[ $field_id ][ $schema_prop ] = $params[ $schema_prop ]; 
  441.  
  442. // Merge in any options provided by the schema property. 
  443. if ( isset( $params['arg_options'] ) ) { 
  444.  
  445. // Only use required / default from arg_options on CREATABLE endpoints. 
  446. if ( WP_REST_Server::CREATABLE !== $method ) { 
  447. $params['arg_options'] = array_diff_key( $params['arg_options'], array( 'required' => '', 'default' => '' ) ); 
  448.  
  449. $endpoint_args[ $field_id ] = array_merge( $endpoint_args[ $field_id ], $params['arg_options'] ); 
  450.  
  451. return $endpoint_args; 
  452.  
  453. /** 
  454. * Sanitizes the slug value. 
  455. * @since 4.7.0 
  456. * @access public 
  457. * @internal We can't use sanitize_title() directly, as the second 
  458. * parameter is the fallback title, which would end up being set to the 
  459. * request object. 
  460. * @see https://github.com/WP-API/WP-API/issues/1585 
  461. * @todo Remove this in favour of https://core.trac.wordpress.org/ticket/34659 
  462. * @param string $slug Slug value passed in request. 
  463. * @return string Sanitized value for the slug. 
  464. */ 
  465. public function sanitize_slug( $slug ) { 
  466. return sanitize_title( $slug );