LLMS_REST_Instructors_Controller
Source Source
File: libraries/lifterlms-rest/includes/server/class-llms-rest-instructors-controller.php
class LLMS_REST_Instructors_Controller extends LLMS_REST_Users_Controller {
/**
* Resource ID or Name.
*
* @var string
*/
protected $resource_name = 'instructor';
/**
* Route base.
*
* @var string
*/
protected $rest_base = 'instructors';
/**
* Determine if the current user can view the requested student.
*
* @since 1.0.0-beta.1
*
* @param int $item_id WP_User id.
* @return bool
*/
protected function check_read_item_permissions( $item_id ) {
if ( get_current_user_id() === $item_id ) {
return true;
}
if ( ! current_user_can( 'list_users', $item_id ) ) {
return false;
}
return $this->is_instructor( $item_id );
}
/**
* Retrieve the list of roles considered instructors for this endpoint.
*
* @since 1.0.6
*
* @return string[]
*/
protected function get_instructor_roles() {
/**
* Filters the list of user roles served by the instructors REST endpoint.
*
* @since 1.0.6
*
* @param string[] $roles List of role keys treated as instructors.
*/
return apply_filters(
'llms_rest_instructor_roles',
array( 'instructor', 'instructors_assistant' )
);
}
/**
* Determine if a given user has an instructor role.
*
* @since 1.0.6
*
* @param int $user_id WP_User id.
* @return bool
*/
protected function is_instructor( $user_id ) {
$user = get_userdata( $user_id );
return $user ? (bool) array_intersect( $this->get_instructor_roles(), (array) $user->roles ) : false;
}
/**
* Format query arguments to retrieve a collection of objects
*
* @since 1.0.2
*
* @param WP_REST_Request $request Full details about the request.
* @return array|WP_Error
*/
protected function prepare_collection_query_args( $request ) {
$query_args = parent::prepare_collection_query_args( $request );
if ( is_wp_error( $query_args ) ) {
return $query_args;
}
$instructor_roles = $this->get_instructor_roles();
$default = $this->get_item_schema_base()['properties']['roles']['default'];
if ( empty( $request['roles'] ) ) {
$roles = $default;
} else {
$roles = array_values( array_intersect( (array) $request['roles'], $instructor_roles ) );
// Requested only non-instructor roles: return instructors only, never the requested role.
if ( empty( $roles ) ) {
$roles = $default;
}
}
$query_args['roles'] = $roles;
return $query_args;
}
/**
* Determine if current user has permission to create a user.
*
* @since 1.0.0-beta.1
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function create_item_permissions_check( $request ) {
if ( ! current_user_can( 'create_users' ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to create new instructors.', 'lifterlms' ) );
}
return $this->check_roles_permissions( $request );
}
/**
* Determine if current user has permission to delete a user.
*
* @since 1.0.0-beta.1
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function delete_item_permissions_check( $request ) {
if ( ! current_user_can( 'delete_users', $request['id'] ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to delete this instructor.', 'lifterlms' ) );
}
return true;
}
/**
* Retrieves the query params for the objects collection.
*
* @since 1.0.0-beta.1
*
* @return array Collection parameters.
*/
public function get_collection_params() {
$params = parent::get_collection_params();
$params['post_in'] = array(
'description' => __( 'Retrieve only instructors for the specified course(s) and/or membership(s). Accepts a single WP Post ID or a comma separated list of IDs.', 'lifterlms' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
$params['post_not_in'] = array(
'description' => __( 'Exclude instructors who do not have permissions for the specified course(s) and/or membership(s). Accepts a single WP Post ID or a comma separated list of IDs.', 'lifterlms' ),
'type' => 'array',
'items' => array(
'type' => 'integer',
),
);
return $params;
}
/**
* Determine if current user has permission to get a user.
*
* @since 1.0.0-beta.1
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function get_item_permissions_check( $request ) {
if ( ! $this->check_read_item_permissions( $request['id'] ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to view this instructor.', 'lifterlms' ) );
}
return true;
}
/**
* Get the item schema base.
*
* @since 1.0.0-beta.27
*
* @return array
*/
public function get_item_schema_base() {
$schema = parent::get_item_schema_base();
$schema['properties']['roles']['default'] = array( 'instructor' );
return $schema;
}
/**
* Determine if current user has permission to list users.
*
* @since 1.0.0-beta.1
* @since 1.0.0-beta.13 Fixed authentication error message referring to 'students' rather than 'instructors'.
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function get_items_permissions_check( $request ) {
if ( ! current_user_can( 'list_users' ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to list instructors.', 'lifterlms' ) );
}
return true;
}
/**
* Get object.
*
* @since 1.0.0-beta.1
*
* @param int $id Object ID.
* @return LLMS_Instructor|WP_Error
*/
protected function get_object( $id ) {
$instructor = llms_get_instructor( $id );
return $instructor ? $instructor : llms_rest_not_found_error();
}
/**
* Prepare links for the request.
*
* @since 1.0.0-beta.1
* @since 1.0.0-beta.14 Added the `$request` parameter.
*
* @param obj $object Item object.
* @param WP_REST_Request $request Request object.
* @return array
*/
protected function prepare_links( $object, $request ) {
$links = parent::prepare_links( $object, $request );
$links['content'] = array(
'href' => sprintf( '%s/content', $links['self']['href'] ),
);
return $links;
}
/**
* Updates additional information not handled by WP Core insert/update user functions.
*
* @since 1.0.0-beta.1
*
* @param int $object_id WP User id.
* @param array $prepared Prepared item data.
* @param WP_REST_Request $request Request object.
* @return LLMS_Abstract_User_Data|WP_error
*/
protected function update_additional_data( $object_id, $prepared, $request ) {
$object = parent::update_additional_data( $object_id, $prepared, $request );
if ( is_wp_error( $object ) ) {
return $object;
}
// Add a parent_id of the current user when creating an instructors_assistant.
// @todo: this should actually be handled by a `parent_ids` create/update arg required when assistant is a supplied role.
if ( get_current_user_id() !== $object_id && ! empty( $prepared['roles'] ) && in_array( 'instructors_assistant', $prepared['roles'], true ) ) {
$object->add_parents( get_current_user_id() );
}
return $object;
}
/**
* Determine if current user has permission to update a user.
*
* @since 1.0.0-beta.1
* @since 1.0.0-beta.13 Refer to the instructor role on the authorization error message rather than the generic 'user'.
*
* @param WP_REST_Request $request Request object.
* @return true|WP_Error
*/
public function update_item_permissions_check( $request ) {
if ( is_wp_error( ( new WP_REST_Users_Controller() )->update_item_permissions_check( $request ) ) ) {
return llms_rest_authorization_required_error( __( 'You are not allowed to edit this user.', 'lifterlms' ) );
}
if ( ! empty( $request['roles'] ) ) {
return $this->check_roles_permissions( $request );
}
return true;
}
}
Expand full source code Collapse full source code View on GitHub
Methods Methods
- check_read_item_permissions — Determine if the current user can view the requested student.
- create_item_permissions_check — Determine if current user has permission to create a user.
- delete_item_permissions_check — Determine if current user has permission to delete a user.
- get_collection_params — Retrieves the query params for the objects collection.
- get_instructor_roles — Retrieve the list of roles considered instructors for this endpoint.
- get_item_permissions_check — Determine if current user has permission to get a user.
- get_item_schema — Get the item schema.
- get_item_schema_base — Get the item schema base.
- get_items_permissions_check — Determine if current user has permission to list users.
- get_object — Get object.
- is_instructor — Determine if a given user has an instructor role.
- prepare_collection_query_args — Format query arguments to retrieve a collection of objects
- prepare_links — Prepare links for the request.
- update_additional_data — Updates additional information not handled by WP Core insert/update user functions.
- update_item_permissions_check — Determine if current user has permission to update a user.
Changelog Changelog
| Version | Description |
|---|---|
| 1.0.0-beta.14 | Update prepare_links() to accept a second parameter, WP_REST_Request. |
| 1.0.0-beta.13 | Fixed authentication error messages referring to 'students' or 'users' rather than 'instructors'. |
| 1.0.0-beta.1 | Introduced. |