Jetpack_JSON_API_Endpoint

Base class for Jetpack Endpoints, has the validate_call helper function.

Defined (1)

The class is defined in the following location(s).

/json-endpoints/jetpack/class.jetpack-json-api-endpoint.php  
  1. abstract class Jetpack_JSON_API_Endpoint extends WPCOM_JSON_API_Endpoint { 
  2.  
  3. protected $needed_capabilities; 
  4. protected $expected_actions = array(); 
  5. protected $action; 
  6.  
  7.  
  8. public function callback( $path = '', $blog_id = 0, $object = null ) { 
  9. if ( is_wp_error( $error = $this->validate_call( $blog_id, $this->needed_capabilities ) ) ) { 
  10. return $error; 
  11.  
  12. if ( is_wp_error( $error = $this->validate_input( $object ) ) ) { 
  13. return $error; 
  14.  
  15. if ( ! empty( $this->action ) ) { 
  16. if( is_wp_error( $error = call_user_func( array( $this, $this->action ) ) ) ) { 
  17. return $error; 
  18.  
  19. return $this->result(); 
  20.  
  21. abstract protected function result(); 
  22.  
  23. protected function validate_input( $object ) { 
  24. $args = $this->input(); 
  25.  
  26. if( isset( $args['action'] ) && $args['action'] == 'update' ) { 
  27. $this->action = 'update'; 
  28.  
  29. if ( preg_match( "/\/update\/?$/", $this->path ) ) { 
  30. $this->action = 'update'; 
  31.  
  32. } elseif( preg_match( "/\/install\/?$/", $this->path ) ) { 
  33. $this->action = 'install'; 
  34.  
  35. } elseif( ! empty( $args['action'] ) ) { 
  36. if( ! in_array( $args['action'], $this->expected_actions ) ) { 
  37. return new WP_Error( 'invalid_action', __( 'You must specify a valid action', 'jetpack' ) ); 
  38. $this->action = $args['action']; 
  39. return true; 
  40.  
  41. /** 
  42. * Switches to the blog and checks current user capabilities. 
  43. * @return bool|WP_Error a WP_Error object or true if things are good. 
  44. */ 
  45. protected function validate_call( $_blog_id, $capability, $check_manage_active = true ) { 
  46. $blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $_blog_id ) ); 
  47. if ( is_wp_error( $blog_id ) ) { 
  48. return $blog_id; 
  49.  
  50. if ( is_wp_error( $error = $this->check_capability( $capability ) ) ) { 
  51. return $error; 
  52.  
  53. if ( $check_manage_active && 'GET' !== $this->method && ! Jetpack::is_module_active( 'manage' ) ) { 
  54. return new WP_Error( 'unauthorized_full_access', __( 'Full management mode is off for this site.', 'jetpack' ), 403 ); 
  55.  
  56. return true; 
  57.  
  58. /** 
  59. * @param $capability 
  60. * @return bool|WP_Error 
  61. */ 
  62. protected function check_capability( $capability ) { 
  63. if ( is_array( $capability ) ) { 
  64. // the idea is that the we can pass in an array of capabilitie that the user needs to have before we allowing them to do something 
  65. $capabilities = ( isset( $capability['capabilities'] ) ? $capability['capabilities'] : $capability ); 
  66.  
  67. // We can pass in the number of conditions we must pass by default it is all. 
  68. $must_pass = ( isset( $capability['must_pass'] ) && is_int( $capability['must_pass'] ) ? $capability['must_pass'] : count( $capabilities ) ); 
  69.  
  70. $failed = array(); // store the failed capabilities 
  71. $passed = 0; // 
  72.   
  73. foreach ( $capabilities as $cap ) { 
  74. if ( current_user_can( $cap ) ) { 
  75. $passed ++; 
  76. } else { 
  77. $failed[] = $cap; 
  78. // Check that must have conditions is less then 
  79. if ( $passed < $must_pass ) { 
  80. return new WP_Error( 'unauthorized', sprintf( __( 'This user is not authorized to %s on this blog.', 'jetpack' ), implode( ', ', $failed ), 403 ) ); 
  81.  
  82. } else { 
  83. if ( !current_user_can( $capability ) ) { 
  84. return new WP_Error( 'unauthorized', sprintf( __( 'This user is not authorized to %s on this blog.', 'jetpack' ), $capability ), 403 ); 
  85.  
  86. return true; 
  87.