[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-posts-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Posts_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core class to access posts via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Controller
  16   */
  17  class WP_REST_Posts_Controller extends WP_REST_Controller {
  18      /**
  19       * Post type.
  20       *
  21       * @since 4.7.0
  22       * @var string
  23       */
  24      protected $post_type;
  25  
  26      /**
  27       * Instance of a post meta fields object.
  28       *
  29       * @since 4.7.0
  30       * @var WP_REST_Post_Meta_Fields
  31       */
  32      protected $meta;
  33  
  34      /**
  35       * Passwordless post access permitted.
  36       *
  37       * @since 5.7.1
  38       * @var int[]
  39       */
  40      protected $password_check_passed = array();
  41  
  42      /**
  43       * Whether the controller supports batching.
  44       *
  45       * @since 5.9.0
  46       * @var array
  47       */
  48      protected $allow_batch = array( 'v1' => true );
  49  
  50      /**
  51       * Constructor.
  52       *
  53       * @since 4.7.0
  54       *
  55       * @param string $post_type Post type.
  56       */
  57  	public function __construct( $post_type ) {
  58          $this->post_type = $post_type;
  59          $obj             = get_post_type_object( $post_type );
  60          $this->rest_base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name;
  61          $this->namespace = ! empty( $obj->rest_namespace ) ? $obj->rest_namespace : 'wp/v2';
  62  
  63          $this->meta = new WP_REST_Post_Meta_Fields( $this->post_type );
  64      }
  65  
  66      /**
  67       * Registers the routes for posts.
  68       *
  69       * @since 4.7.0
  70       *
  71       * @see register_rest_route()
  72       */
  73  	public function register_routes() {
  74  
  75          register_rest_route(
  76              $this->namespace,
  77              '/' . $this->rest_base,
  78              array(
  79                  array(
  80                      'methods'             => WP_REST_Server::READABLE,
  81                      'callback'            => array( $this, 'get_items' ),
  82                      'permission_callback' => array( $this, 'get_items_permissions_check' ),
  83                      'args'                => $this->get_collection_params(),
  84                  ),
  85                  array(
  86                      'methods'             => WP_REST_Server::CREATABLE,
  87                      'callback'            => array( $this, 'create_item' ),
  88                      'permission_callback' => array( $this, 'create_item_permissions_check' ),
  89                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
  90                  ),
  91                  'allow_batch' => $this->allow_batch,
  92                  'schema'      => array( $this, 'get_public_item_schema' ),
  93              )
  94          );
  95  
  96          $schema        = $this->get_item_schema();
  97          $get_item_args = array(
  98              'context' => $this->get_context_param( array( 'default' => 'view' ) ),
  99          );
 100          if ( isset( $schema['properties']['password'] ) ) {
 101              $get_item_args['password'] = array(
 102                  'description' => __( 'The password for the post if it is password protected.' ),
 103                  'type'        => 'string',
 104              );
 105          }
 106          register_rest_route(
 107              $this->namespace,
 108              '/' . $this->rest_base . '/(?P<id>[\d]+)',
 109              array(
 110                  'args'        => array(
 111                      'id' => array(
 112                          'description' => __( 'Unique identifier for the post.' ),
 113                          'type'        => 'integer',
 114                      ),
 115                  ),
 116                  array(
 117                      'methods'             => WP_REST_Server::READABLE,
 118                      'callback'            => array( $this, 'get_item' ),
 119                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
 120                      'args'                => $get_item_args,
 121                  ),
 122                  array(
 123                      'methods'             => WP_REST_Server::EDITABLE,
 124                      'callback'            => array( $this, 'update_item' ),
 125                      'permission_callback' => array( $this, 'update_item_permissions_check' ),
 126                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
 127                  ),
 128                  array(
 129                      'methods'             => WP_REST_Server::DELETABLE,
 130                      'callback'            => array( $this, 'delete_item' ),
 131                      'permission_callback' => array( $this, 'delete_item_permissions_check' ),
 132                      'args'                => array(
 133                          'force' => array(
 134                              'type'        => 'boolean',
 135                              'default'     => false,
 136                              'description' => __( 'Whether to bypass Trash and force deletion.' ),
 137                          ),
 138                      ),
 139                  ),
 140                  'allow_batch' => $this->allow_batch,
 141                  'schema'      => array( $this, 'get_public_item_schema' ),
 142              )
 143          );
 144      }
 145  
 146      /**
 147       * Checks if a given request has access to read posts.
 148       *
 149       * @since 4.7.0
 150       *
 151       * @param WP_REST_Request $request Full details about the request.
 152       * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
 153       */
 154  	public function get_items_permissions_check( $request ) {
 155  
 156          $post_type = get_post_type_object( $this->post_type );
 157  
 158          if ( 'edit' === $request['context'] && ! current_user_can( $post_type->cap->edit_posts ) ) {
 159              return new WP_Error(
 160                  'rest_forbidden_context',
 161                  __( 'Sorry, you are not allowed to edit posts in this post type.' ),
 162                  array( 'status' => rest_authorization_required_code() )
 163              );
 164          }
 165  
 166          return true;
 167      }
 168  
 169      /**
 170       * Override the result of the post password check for REST requested posts.
 171       *
 172       * Allow users to read the content of password protected posts if they have
 173       * previously passed a permission check or if they have the `edit_post` capability
 174       * for the post being checked.
 175       *
 176       * @since 5.7.1
 177       *
 178       * @param bool    $required Whether the post requires a password check.
 179       * @param WP_Post $post     The post been password checked.
 180       * @return bool Result of password check taking in to account REST API considerations.
 181       */
 182  	public function check_password_required( $required, $post ) {
 183          if ( ! $required ) {
 184              return $required;
 185          }
 186  
 187          $post = get_post( $post );
 188  
 189          if ( ! $post ) {
 190              return $required;
 191          }
 192  
 193          if ( ! empty( $this->password_check_passed[ $post->ID ] ) ) {
 194              // Password previously checked and approved.
 195              return false;
 196          }
 197  
 198          return ! current_user_can( 'edit_post', $post->ID );
 199      }
 200  
 201      /**
 202       * Retrieves a collection of posts.
 203       *
 204       * @since 4.7.0
 205       *
 206       * @param WP_REST_Request $request Full details about the request.
 207       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 208       */
 209  	public function get_items( $request ) {
 210  
 211          // Ensure a search string is set in case the orderby is set to 'relevance'.
 212          if ( ! empty( $request['orderby'] ) && 'relevance' === $request['orderby'] && empty( $request['search'] ) ) {
 213              return new WP_Error(
 214                  'rest_no_search_term_defined',
 215                  __( 'You need to define a search term to order by relevance.' ),
 216                  array( 'status' => 400 )
 217              );
 218          }
 219  
 220          // Ensure an include parameter is set in case the orderby is set to 'include'.
 221          if ( ! empty( $request['orderby'] ) && 'include' === $request['orderby'] && empty( $request['include'] ) ) {
 222              return new WP_Error(
 223                  'rest_orderby_include_missing_include',
 224                  __( 'You need to define an include parameter to order by include.' ),
 225                  array( 'status' => 400 )
 226              );
 227          }
 228  
 229          // Retrieve the list of registered collection query parameters.
 230          $registered = $this->get_collection_params();
 231          $args       = array();
 232  
 233          /*
 234           * This array defines mappings between public API query parameters whose
 235           * values are accepted as-passed, and their internal WP_Query parameter
 236           * name equivalents (some are the same). Only values which are also
 237           * present in $registered will be set.
 238           */
 239          $parameter_mappings = array(
 240              'author'         => 'author__in',
 241              'author_exclude' => 'author__not_in',
 242              'exclude'        => 'post__not_in',
 243              'include'        => 'post__in',
 244              'menu_order'     => 'menu_order',
 245              'offset'         => 'offset',
 246              'order'          => 'order',
 247              'orderby'        => 'orderby',
 248              'page'           => 'paged',
 249              'parent'         => 'post_parent__in',
 250              'parent_exclude' => 'post_parent__not_in',
 251              'search'         => 's',
 252              'slug'           => 'post_name__in',
 253              'status'         => 'post_status',
 254          );
 255  
 256          /*
 257           * For each known parameter which is both registered and present in the request,
 258           * set the parameter's value on the query $args.
 259           */
 260          foreach ( $parameter_mappings as $api_param => $wp_param ) {
 261              if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
 262                  $args[ $wp_param ] = $request[ $api_param ];
 263              }
 264          }
 265  
 266          // Check for & assign any parameters which require special handling or setting.
 267          $args['date_query'] = array();
 268  
 269          if ( isset( $registered['before'], $request['before'] ) ) {
 270              $args['date_query'][] = array(
 271                  'before' => $request['before'],
 272                  'column' => 'post_date',
 273              );
 274          }
 275  
 276          if ( isset( $registered['modified_before'], $request['modified_before'] ) ) {
 277              $args['date_query'][] = array(
 278                  'before' => $request['modified_before'],
 279                  'column' => 'post_modified',
 280              );
 281          }
 282  
 283          if ( isset( $registered['after'], $request['after'] ) ) {
 284              $args['date_query'][] = array(
 285                  'after'  => $request['after'],
 286                  'column' => 'post_date',
 287              );
 288          }
 289  
 290          if ( isset( $registered['modified_after'], $request['modified_after'] ) ) {
 291              $args['date_query'][] = array(
 292                  'after'  => $request['modified_after'],
 293                  'column' => 'post_modified',
 294              );
 295          }
 296  
 297          // Ensure our per_page parameter overrides any provided posts_per_page filter.
 298          if ( isset( $registered['per_page'] ) ) {
 299              $args['posts_per_page'] = $request['per_page'];
 300          }
 301  
 302          if ( isset( $registered['sticky'], $request['sticky'] ) ) {
 303              $sticky_posts = get_option( 'sticky_posts', array() );
 304              if ( ! is_array( $sticky_posts ) ) {
 305                  $sticky_posts = array();
 306              }
 307              if ( $request['sticky'] ) {
 308                  /*
 309                   * As post__in will be used to only get sticky posts,
 310                   * we have to support the case where post__in was already
 311                   * specified.
 312                   */
 313                  $args['post__in'] = $args['post__in'] ? array_intersect( $sticky_posts, $args['post__in'] ) : $sticky_posts;
 314  
 315                  /*
 316                   * If we intersected, but there are no post IDs in common,
 317                   * WP_Query won't return "no posts" for post__in = array()
 318                   * so we have to fake it a bit.
 319                   */
 320                  if ( ! $args['post__in'] ) {
 321                      $args['post__in'] = array( 0 );
 322                  }
 323              } elseif ( $sticky_posts ) {
 324                  /*
 325                   * As post___not_in will be used to only get posts that
 326                   * are not sticky, we have to support the case where post__not_in
 327                   * was already specified.
 328                   */
 329                  $args['post__not_in'] = array_merge( $args['post__not_in'], $sticky_posts );
 330              }
 331          }
 332  
 333          $args = $this->prepare_tax_query( $args, $request );
 334  
 335          // Force the post_type argument, since it's not a user input variable.
 336          $args['post_type'] = $this->post_type;
 337  
 338          /**
 339           * Filters WP_Query arguments when querying posts via the REST API.
 340           *
 341           * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
 342           *
 343           * Possible hook names include:
 344           *
 345           *  - `rest_post_query`
 346           *  - `rest_page_query`
 347           *  - `rest_attachment_query`
 348           *
 349           * Enables adding extra arguments or setting defaults for a post collection request.
 350           *
 351           * @since 4.7.0
 352           * @since 5.7.0 Moved after the `tax_query` query arg is generated.
 353           *
 354           * @link https://developer.wordpress.org/reference/classes/wp_query/
 355           *
 356           * @param array           $args    Array of arguments for WP_Query.
 357           * @param WP_REST_Request $request The REST API request.
 358           */
 359          $args       = apply_filters( "rest_{$this->post_type}_query", $args, $request );
 360          $query_args = $this->prepare_items_query( $args, $request );
 361  
 362          $posts_query  = new WP_Query();
 363          $query_result = $posts_query->query( $query_args );
 364  
 365          // Allow access to all password protected posts if the context is edit.
 366          if ( 'edit' === $request['context'] ) {
 367              add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
 368          }
 369  
 370          $posts = array();
 371  
 372          foreach ( $query_result as $post ) {
 373              if ( ! $this->check_read_permission( $post ) ) {
 374                  continue;
 375              }
 376  
 377              $data    = $this->prepare_item_for_response( $post, $request );
 378              $posts[] = $this->prepare_response_for_collection( $data );
 379          }
 380  
 381          // Reset filter.
 382          if ( 'edit' === $request['context'] ) {
 383              remove_filter( 'post_password_required', array( $this, 'check_password_required' ) );
 384          }
 385  
 386          $page        = (int) $query_args['paged'];
 387          $total_posts = $posts_query->found_posts;
 388  
 389          if ( $total_posts < 1 ) {
 390              // Out-of-bounds, run the query again without LIMIT for total count.
 391              unset( $query_args['paged'] );
 392  
 393              $count_query = new WP_Query();
 394              $count_query->query( $query_args );
 395              $total_posts = $count_query->found_posts;
 396          }
 397  
 398          $max_pages = ceil( $total_posts / (int) $posts_query->query_vars['posts_per_page'] );
 399  
 400          if ( $page > $max_pages && $total_posts > 0 ) {
 401              return new WP_Error(
 402                  'rest_post_invalid_page_number',
 403                  __( 'The page number requested is larger than the number of pages available.' ),
 404                  array( 'status' => 400 )
 405              );
 406          }
 407  
 408          $response = rest_ensure_response( $posts );
 409  
 410          $response->header( 'X-WP-Total', (int) $total_posts );
 411          $response->header( 'X-WP-TotalPages', (int) $max_pages );
 412  
 413          $request_params = $request->get_query_params();
 414          $base           = add_query_arg( urlencode_deep( $request_params ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
 415  
 416          if ( $page > 1 ) {
 417              $prev_page = $page - 1;
 418  
 419              if ( $prev_page > $max_pages ) {
 420                  $prev_page = $max_pages;
 421              }
 422  
 423              $prev_link = add_query_arg( 'page', $prev_page, $base );
 424              $response->link_header( 'prev', $prev_link );
 425          }
 426          if ( $max_pages > $page ) {
 427              $next_page = $page + 1;
 428              $next_link = add_query_arg( 'page', $next_page, $base );
 429  
 430              $response->link_header( 'next', $next_link );
 431          }
 432  
 433          return $response;
 434      }
 435  
 436      /**
 437       * Get the post, if the ID is valid.
 438       *
 439       * @since 4.7.2
 440       *
 441       * @param int $id Supplied ID.
 442       * @return WP_Post|WP_Error Post object if ID is valid, WP_Error otherwise.
 443       */
 444  	protected function get_post( $id ) {
 445          $error = new WP_Error(
 446              'rest_post_invalid_id',
 447              __( 'Invalid post ID.' ),
 448              array( 'status' => 404 )
 449          );
 450  
 451          if ( (int) $id <= 0 ) {
 452              return $error;
 453          }
 454  
 455          $post = get_post( (int) $id );
 456          if ( empty( $post ) || empty( $post->ID ) || $this->post_type !== $post->post_type ) {
 457              return $error;
 458          }
 459  
 460          return $post;
 461      }
 462  
 463      /**
 464       * Checks if a given request has access to read a post.
 465       *
 466       * @since 4.7.0
 467       *
 468       * @param WP_REST_Request $request Full details about the request.
 469       * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
 470       */
 471  	public function get_item_permissions_check( $request ) {
 472          $post = $this->get_post( $request['id'] );
 473          if ( is_wp_error( $post ) ) {
 474              return $post;
 475          }
 476  
 477          if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) {
 478              return new WP_Error(
 479                  'rest_forbidden_context',
 480                  __( 'Sorry, you are not allowed to edit this post.' ),
 481                  array( 'status' => rest_authorization_required_code() )
 482              );
 483          }
 484  
 485          if ( $post && ! empty( $request['password'] ) ) {
 486              // Check post password, and return error if invalid.
 487              if ( ! hash_equals( $post->post_password, $request['password'] ) ) {
 488                  return new WP_Error(
 489                      'rest_post_incorrect_password',
 490                      __( 'Incorrect post password.' ),
 491                      array( 'status' => 403 )
 492                  );
 493              }
 494          }
 495  
 496          // Allow access to all password protected posts if the context is edit.
 497          if ( 'edit' === $request['context'] ) {
 498              add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
 499          }
 500  
 501          if ( $post ) {
 502              return $this->check_read_permission( $post );
 503          }
 504  
 505          return true;
 506      }
 507  
 508      /**
 509       * Checks if the user can access password-protected content.
 510       *
 511       * This method determines whether we need to override the regular password
 512       * check in core with a filter.
 513       *
 514       * @since 4.7.0
 515       *
 516       * @param WP_Post         $post    Post to check against.
 517       * @param WP_REST_Request $request Request data to check.
 518       * @return bool True if the user can access password-protected content, otherwise false.
 519       */
 520  	public function can_access_password_content( $post, $request ) {
 521          if ( empty( $post->post_password ) ) {
 522              // No filter required.
 523              return false;
 524          }
 525  
 526          /*
 527           * Users always gets access to password protected content in the edit
 528           * context if they have the `edit_post` meta capability.
 529           */
 530          if (
 531              'edit' === $request['context'] &&
 532              current_user_can( 'edit_post', $post->ID )
 533          ) {
 534              return true;
 535          }
 536  
 537          // No password, no auth.
 538          if ( empty( $request['password'] ) ) {
 539              return false;
 540          }
 541  
 542          // Double-check the request password.
 543          return hash_equals( $post->post_password, $request['password'] );
 544      }
 545  
 546      /**
 547       * Retrieves a single post.
 548       *
 549       * @since 4.7.0
 550       *
 551       * @param WP_REST_Request $request Full details about the request.
 552       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 553       */
 554  	public function get_item( $request ) {
 555          $post = $this->get_post( $request['id'] );
 556          if ( is_wp_error( $post ) ) {
 557              return $post;
 558          }
 559  
 560          $data     = $this->prepare_item_for_response( $post, $request );
 561          $response = rest_ensure_response( $data );
 562  
 563          if ( is_post_type_viewable( get_post_type_object( $post->post_type ) ) ) {
 564              $response->link_header( 'alternate', get_permalink( $post->ID ), array( 'type' => 'text/html' ) );
 565          }
 566  
 567          return $response;
 568      }
 569  
 570      /**
 571       * Checks if a given request has access to create a post.
 572       *
 573       * @since 4.7.0
 574       *
 575       * @param WP_REST_Request $request Full details about the request.
 576       * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
 577       */
 578  	public function create_item_permissions_check( $request ) {
 579          if ( ! empty( $request['id'] ) ) {
 580              return new WP_Error(
 581                  'rest_post_exists',
 582                  __( 'Cannot create existing post.' ),
 583                  array( 'status' => 400 )
 584              );
 585          }
 586  
 587          $post_type = get_post_type_object( $this->post_type );
 588  
 589          if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
 590              return new WP_Error(
 591                  'rest_cannot_edit_others',
 592                  __( 'Sorry, you are not allowed to create posts as this user.' ),
 593                  array( 'status' => rest_authorization_required_code() )
 594              );
 595          }
 596  
 597          if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
 598              return new WP_Error(
 599                  'rest_cannot_assign_sticky',
 600                  __( 'Sorry, you are not allowed to make posts sticky.' ),
 601                  array( 'status' => rest_authorization_required_code() )
 602              );
 603          }
 604  
 605          if ( ! current_user_can( $post_type->cap->create_posts ) ) {
 606              return new WP_Error(
 607                  'rest_cannot_create',
 608                  __( 'Sorry, you are not allowed to create posts as this user.' ),
 609                  array( 'status' => rest_authorization_required_code() )
 610              );
 611          }
 612  
 613          if ( ! $this->check_assign_terms_permission( $request ) ) {
 614              return new WP_Error(
 615                  'rest_cannot_assign_term',
 616                  __( 'Sorry, you are not allowed to assign the provided terms.' ),
 617                  array( 'status' => rest_authorization_required_code() )
 618              );
 619          }
 620  
 621          return true;
 622      }
 623  
 624      /**
 625       * Creates a single post.
 626       *
 627       * @since 4.7.0
 628       *
 629       * @param WP_REST_Request $request Full details about the request.
 630       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 631       */
 632  	public function create_item( $request ) {
 633          if ( ! empty( $request['id'] ) ) {
 634              return new WP_Error(
 635                  'rest_post_exists',
 636                  __( 'Cannot create existing post.' ),
 637                  array( 'status' => 400 )
 638              );
 639          }
 640  
 641          $prepared_post = $this->prepare_item_for_database( $request );
 642  
 643          if ( is_wp_error( $prepared_post ) ) {
 644              return $prepared_post;
 645          }
 646  
 647          $prepared_post->post_type = $this->post_type;
 648  
 649          $post_id = wp_insert_post( wp_slash( (array) $prepared_post ), true, false );
 650  
 651          if ( is_wp_error( $post_id ) ) {
 652  
 653              if ( 'db_insert_error' === $post_id->get_error_code() ) {
 654                  $post_id->add_data( array( 'status' => 500 ) );
 655              } else {
 656                  $post_id->add_data( array( 'status' => 400 ) );
 657              }
 658  
 659              return $post_id;
 660          }
 661  
 662          $post = get_post( $post_id );
 663  
 664          /**
 665           * Fires after a single post is created or updated via the REST API.
 666           *
 667           * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
 668           *
 669           * Possible hook names include:
 670           *
 671           *  - `rest_insert_post`
 672           *  - `rest_insert_page`
 673           *  - `rest_insert_attachment`
 674           *
 675           * @since 4.7.0
 676           *
 677           * @param WP_Post         $post     Inserted or updated post object.
 678           * @param WP_REST_Request $request  Request object.
 679           * @param bool            $creating True when creating a post, false when updating.
 680           */
 681          do_action( "rest_insert_{$this->post_type}", $post, $request, true );
 682  
 683          $schema = $this->get_item_schema();
 684  
 685          if ( ! empty( $schema['properties']['sticky'] ) ) {
 686              if ( ! empty( $request['sticky'] ) ) {
 687                  stick_post( $post_id );
 688              } else {
 689                  unstick_post( $post_id );
 690              }
 691          }
 692  
 693          if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) {
 694              $this->handle_featured_media( $request['featured_media'], $post_id );
 695          }
 696  
 697          if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) {
 698              set_post_format( $post, $request['format'] );
 699          }
 700  
 701          if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) {
 702              $this->handle_template( $request['template'], $post_id, true );
 703          }
 704  
 705          $terms_update = $this->handle_terms( $post_id, $request );
 706  
 707          if ( is_wp_error( $terms_update ) ) {
 708              return $terms_update;
 709          }
 710  
 711          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 712              $meta_update = $this->meta->update_value( $request['meta'], $post_id );
 713  
 714              if ( is_wp_error( $meta_update ) ) {
 715                  return $meta_update;
 716              }
 717          }
 718  
 719          $post          = get_post( $post_id );
 720          $fields_update = $this->update_additional_fields_for_object( $post, $request );
 721  
 722          if ( is_wp_error( $fields_update ) ) {
 723              return $fields_update;
 724          }
 725  
 726          $request->set_param( 'context', 'edit' );
 727  
 728          /**
 729           * Fires after a single post is completely created or updated via the REST API.
 730           *
 731           * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
 732           *
 733           * Possible hook names include:
 734           *
 735           *  - `rest_after_insert_post`
 736           *  - `rest_after_insert_page`
 737           *  - `rest_after_insert_attachment`
 738           *
 739           * @since 5.0.0
 740           *
 741           * @param WP_Post         $post     Inserted or updated post object.
 742           * @param WP_REST_Request $request  Request object.
 743           * @param bool            $creating True when creating a post, false when updating.
 744           */
 745          do_action( "rest_after_insert_{$this->post_type}", $post, $request, true );
 746  
 747          wp_after_insert_post( $post, false, null );
 748  
 749          $response = $this->prepare_item_for_response( $post, $request );
 750          $response = rest_ensure_response( $response );
 751  
 752          $response->set_status( 201 );
 753          $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $post_id ) ) );
 754  
 755          return $response;
 756      }
 757  
 758      /**
 759       * Checks if a given request has access to update a post.
 760       *
 761       * @since 4.7.0
 762       *
 763       * @param WP_REST_Request $request Full details about the request.
 764       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 765       */
 766  	public function update_item_permissions_check( $request ) {
 767          $post = $this->get_post( $request['id'] );
 768          if ( is_wp_error( $post ) ) {
 769              return $post;
 770          }
 771  
 772          $post_type = get_post_type_object( $this->post_type );
 773  
 774          if ( $post && ! $this->check_update_permission( $post ) ) {
 775              return new WP_Error(
 776                  'rest_cannot_edit',
 777                  __( 'Sorry, you are not allowed to edit this post.' ),
 778                  array( 'status' => rest_authorization_required_code() )
 779              );
 780          }
 781  
 782          if ( ! empty( $request['author'] ) && get_current_user_id() !== $request['author'] && ! current_user_can( $post_type->cap->edit_others_posts ) ) {
 783              return new WP_Error(
 784                  'rest_cannot_edit_others',
 785                  __( 'Sorry, you are not allowed to update posts as this user.' ),
 786                  array( 'status' => rest_authorization_required_code() )
 787              );
 788          }
 789  
 790          if ( ! empty( $request['sticky'] ) && ! current_user_can( $post_type->cap->edit_others_posts ) && ! current_user_can( $post_type->cap->publish_posts ) ) {
 791              return new WP_Error(
 792                  'rest_cannot_assign_sticky',
 793                  __( 'Sorry, you are not allowed to make posts sticky.' ),
 794                  array( 'status' => rest_authorization_required_code() )
 795              );
 796          }
 797  
 798          if ( ! $this->check_assign_terms_permission( $request ) ) {
 799              return new WP_Error(
 800                  'rest_cannot_assign_term',
 801                  __( 'Sorry, you are not allowed to assign the provided terms.' ),
 802                  array( 'status' => rest_authorization_required_code() )
 803              );
 804          }
 805  
 806          return true;
 807      }
 808  
 809      /**
 810       * Updates a single post.
 811       *
 812       * @since 4.7.0
 813       *
 814       * @param WP_REST_Request $request Full details about the request.
 815       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 816       */
 817  	public function update_item( $request ) {
 818          $valid_check = $this->get_post( $request['id'] );
 819          if ( is_wp_error( $valid_check ) ) {
 820              return $valid_check;
 821          }
 822  
 823          $post_before = get_post( $request['id'] );
 824          $post        = $this->prepare_item_for_database( $request );
 825  
 826          if ( is_wp_error( $post ) ) {
 827              return $post;
 828          }
 829  
 830          // Convert the post object to an array, otherwise wp_update_post() will expect non-escaped input.
 831          $post_id = wp_update_post( wp_slash( (array) $post ), true, false );
 832  
 833          if ( is_wp_error( $post_id ) ) {
 834              if ( 'db_update_error' === $post_id->get_error_code() ) {
 835                  $post_id->add_data( array( 'status' => 500 ) );
 836              } else {
 837                  $post_id->add_data( array( 'status' => 400 ) );
 838              }
 839              return $post_id;
 840          }
 841  
 842          $post = get_post( $post_id );
 843  
 844          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
 845          do_action( "rest_insert_{$this->post_type}", $post, $request, false );
 846  
 847          $schema = $this->get_item_schema();
 848  
 849          if ( ! empty( $schema['properties']['format'] ) && ! empty( $request['format'] ) ) {
 850              set_post_format( $post, $request['format'] );
 851          }
 852  
 853          if ( ! empty( $schema['properties']['featured_media'] ) && isset( $request['featured_media'] ) ) {
 854              $this->handle_featured_media( $request['featured_media'], $post_id );
 855          }
 856  
 857          if ( ! empty( $schema['properties']['sticky'] ) && isset( $request['sticky'] ) ) {
 858              if ( ! empty( $request['sticky'] ) ) {
 859                  stick_post( $post_id );
 860              } else {
 861                  unstick_post( $post_id );
 862              }
 863          }
 864  
 865          if ( ! empty( $schema['properties']['template'] ) && isset( $request['template'] ) ) {
 866              $this->handle_template( $request['template'], $post->ID );
 867          }
 868  
 869          $terms_update = $this->handle_terms( $post->ID, $request );
 870  
 871          if ( is_wp_error( $terms_update ) ) {
 872              return $terms_update;
 873          }
 874  
 875          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 876              $meta_update = $this->meta->update_value( $request['meta'], $post->ID );
 877  
 878              if ( is_wp_error( $meta_update ) ) {
 879                  return $meta_update;
 880              }
 881          }
 882  
 883          $post          = get_post( $post_id );
 884          $fields_update = $this->update_additional_fields_for_object( $post, $request );
 885  
 886          if ( is_wp_error( $fields_update ) ) {
 887              return $fields_update;
 888          }
 889  
 890          $request->set_param( 'context', 'edit' );
 891  
 892          // Filter is fired in WP_REST_Attachments_Controller subclass.
 893          if ( 'attachment' === $this->post_type ) {
 894              $response = $this->prepare_item_for_response( $post, $request );
 895              return rest_ensure_response( $response );
 896          }
 897  
 898          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php */
 899          do_action( "rest_after_insert_{$this->post_type}", $post, $request, false );
 900  
 901          wp_after_insert_post( $post, true, $post_before );
 902  
 903          $response = $this->prepare_item_for_response( $post, $request );
 904  
 905          return rest_ensure_response( $response );
 906      }
 907  
 908      /**
 909       * Checks if a given request has access to delete a post.
 910       *
 911       * @since 4.7.0
 912       *
 913       * @param WP_REST_Request $request Full details about the request.
 914       * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
 915       */
 916  	public function delete_item_permissions_check( $request ) {
 917          $post = $this->get_post( $request['id'] );
 918          if ( is_wp_error( $post ) ) {
 919              return $post;
 920          }
 921  
 922          if ( $post && ! $this->check_delete_permission( $post ) ) {
 923              return new WP_Error(
 924                  'rest_cannot_delete',
 925                  __( 'Sorry, you are not allowed to delete this post.' ),
 926                  array( 'status' => rest_authorization_required_code() )
 927              );
 928          }
 929  
 930          return true;
 931      }
 932  
 933      /**
 934       * Deletes a single post.
 935       *
 936       * @since 4.7.0
 937       *
 938       * @param WP_REST_Request $request Full details about the request.
 939       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 940       */
 941  	public function delete_item( $request ) {
 942          $post = $this->get_post( $request['id'] );
 943          if ( is_wp_error( $post ) ) {
 944              return $post;
 945          }
 946  
 947          $id    = $post->ID;
 948          $force = (bool) $request['force'];
 949  
 950          $supports_trash = ( EMPTY_TRASH_DAYS > 0 );
 951  
 952          if ( 'attachment' === $post->post_type ) {
 953              $supports_trash = $supports_trash && MEDIA_TRASH;
 954          }
 955  
 956          /**
 957           * Filters whether a post is trashable.
 958           *
 959           * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
 960           *
 961           * Possible hook names include:
 962           *
 963           *  - `rest_post_trashable`
 964           *  - `rest_page_trashable`
 965           *  - `rest_attachment_trashable`
 966           *
 967           * Pass false to disable Trash support for the post.
 968           *
 969           * @since 4.7.0
 970           *
 971           * @param bool    $supports_trash Whether the post type support trashing.
 972           * @param WP_Post $post           The Post object being considered for trashing support.
 973           */
 974          $supports_trash = apply_filters( "rest_{$this->post_type}_trashable", $supports_trash, $post );
 975  
 976          if ( ! $this->check_delete_permission( $post ) ) {
 977              return new WP_Error(
 978                  'rest_user_cannot_delete_post',
 979                  __( 'Sorry, you are not allowed to delete this post.' ),
 980                  array( 'status' => rest_authorization_required_code() )
 981              );
 982          }
 983  
 984          $request->set_param( 'context', 'edit' );
 985  
 986          // If we're forcing, then delete permanently.
 987          if ( $force ) {
 988              $previous = $this->prepare_item_for_response( $post, $request );
 989              $result   = wp_delete_post( $id, true );
 990              $response = new WP_REST_Response();
 991              $response->set_data(
 992                  array(
 993                      'deleted'  => true,
 994                      'previous' => $previous->get_data(),
 995                  )
 996              );
 997          } else {
 998              // If we don't support trashing for this type, error out.
 999              if ( ! $supports_trash ) {
1000                  return new WP_Error(
1001                      'rest_trash_not_supported',
1002                      /* translators: %s: force=true */
1003                      sprintf( __( "The post does not support trashing. Set '%s' to delete." ), 'force=true' ),
1004                      array( 'status' => 501 )
1005                  );
1006              }
1007  
1008              // Otherwise, only trash if we haven't already.
1009              if ( 'trash' === $post->post_status ) {
1010                  return new WP_Error(
1011                      'rest_already_trashed',
1012                      __( 'The post has already been deleted.' ),
1013                      array( 'status' => 410 )
1014                  );
1015              }
1016  
1017              // (Note that internally this falls through to `wp_delete_post()`
1018              // if the Trash is disabled.)
1019              $result   = wp_trash_post( $id );
1020              $post     = get_post( $id );
1021              $response = $this->prepare_item_for_response( $post, $request );
1022          }
1023  
1024          if ( ! $result ) {
1025              return new WP_Error(
1026                  'rest_cannot_delete',
1027                  __( 'The post cannot be deleted.' ),
1028                  array( 'status' => 500 )
1029              );
1030          }
1031  
1032          /**
1033           * Fires immediately after a single post is deleted or trashed via the REST API.
1034           *
1035           * They dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
1036           *
1037           * Possible hook names include:
1038           *
1039           *  - `rest_delete_post`
1040           *  - `rest_delete_page`
1041           *  - `rest_delete_attachment`
1042           *
1043           * @since 4.7.0
1044           *
1045           * @param WP_Post          $post     The deleted or trashed post.
1046           * @param WP_REST_Response $response The response data.
1047           * @param WP_REST_Request  $request  The request sent to the API.
1048           */
1049          do_action( "rest_delete_{$this->post_type}", $post, $response, $request );
1050  
1051          return $response;
1052      }
1053  
1054      /**
1055       * Determines the allowed query_vars for a get_items() response and prepares
1056       * them for WP_Query.
1057       *
1058       * @since 4.7.0
1059       *
1060       * @param array           $prepared_args Optional. Prepared WP_Query arguments. Default empty array.
1061       * @param WP_REST_Request $request       Optional. Full details about the request.
1062       * @return array Items query arguments.
1063       */
1064  	protected function prepare_items_query( $prepared_args = array(), $request = null ) {
1065          $query_args = array();
1066  
1067          foreach ( $prepared_args as $key => $value ) {
1068              /**
1069               * Filters the query_vars used in get_items() for the constructed query.
1070               *
1071               * The dynamic portion of the hook name, `$key`, refers to the query_var key.
1072               *
1073               * @since 4.7.0
1074               *
1075               * @param string $value The query_var value.
1076               */
1077              $query_args[ $key ] = apply_filters( "rest_query_var-{$key}", $value ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
1078          }
1079  
1080          if ( 'post' !== $this->post_type || ! isset( $query_args['ignore_sticky_posts'] ) ) {
1081              $query_args['ignore_sticky_posts'] = true;
1082          }
1083  
1084          // Map to proper WP_Query orderby param.
1085          if ( isset( $query_args['orderby'] ) && isset( $request['orderby'] ) ) {
1086              $orderby_mappings = array(
1087                  'id'            => 'ID',
1088                  'include'       => 'post__in',
1089                  'slug'          => 'post_name',
1090                  'include_slugs' => 'post_name__in',
1091              );
1092  
1093              if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) {
1094                  $query_args['orderby'] = $orderby_mappings[ $request['orderby'] ];
1095              }
1096          }
1097  
1098          return $query_args;
1099      }
1100  
1101      /**
1102       * Checks the post_date_gmt or modified_gmt and prepare any post or
1103       * modified date for single post output.
1104       *
1105       * @since 4.7.0
1106       *
1107       * @param string      $date_gmt GMT publication time.
1108       * @param string|null $date     Optional. Local publication time. Default null.
1109       * @return string|null ISO8601/RFC3339 formatted datetime.
1110       */
1111  	protected function prepare_date_response( $date_gmt, $date = null ) {
1112          // Use the date if passed.
1113          if ( isset( $date ) ) {
1114              return mysql_to_rfc3339( $date );
1115          }
1116  
1117          // Return null if $date_gmt is empty/zeros.
1118          if ( '0000-00-00 00:00:00' === $date_gmt ) {
1119              return null;
1120          }
1121  
1122          // Return the formatted datetime.
1123          return mysql_to_rfc3339( $date_gmt );
1124      }
1125  
1126      /**
1127       * Prepares a single post for create or update.
1128       *
1129       * @since 4.7.0
1130       *
1131       * @param WP_REST_Request $request Request object.
1132       * @return stdClass|WP_Error Post object or WP_Error.
1133       */
1134  	protected function prepare_item_for_database( $request ) {
1135          $prepared_post  = new stdClass();
1136          $current_status = '';
1137  
1138          // Post ID.
1139          if ( isset( $request['id'] ) ) {
1140              $existing_post = $this->get_post( $request['id'] );
1141              if ( is_wp_error( $existing_post ) ) {
1142                  return $existing_post;
1143              }
1144  
1145              $prepared_post->ID = $existing_post->ID;
1146              $current_status    = $existing_post->post_status;
1147          }
1148  
1149          $schema = $this->get_item_schema();
1150  
1151          // Post title.
1152          if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) {
1153              if ( is_string( $request['title'] ) ) {
1154                  $prepared_post->post_title = $request['title'];
1155              } elseif ( ! empty( $request['title']['raw'] ) ) {
1156                  $prepared_post->post_title = $request['title']['raw'];
1157              }
1158          }
1159  
1160          // Post content.
1161          if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) {
1162              if ( is_string( $request['content'] ) ) {
1163                  $prepared_post->post_content = $request['content'];
1164              } elseif ( isset( $request['content']['raw'] ) ) {
1165                  $prepared_post->post_content = $request['content']['raw'];
1166              }
1167          }
1168  
1169          // Post excerpt.
1170          if ( ! empty( $schema['properties']['excerpt'] ) && isset( $request['excerpt'] ) ) {
1171              if ( is_string( $request['excerpt'] ) ) {
1172                  $prepared_post->post_excerpt = $request['excerpt'];
1173              } elseif ( isset( $request['excerpt']['raw'] ) ) {
1174                  $prepared_post->post_excerpt = $request['excerpt']['raw'];
1175              }
1176          }
1177  
1178          // Post type.
1179          if ( empty( $request['id'] ) ) {
1180              // Creating new post, use default type for the controller.
1181              $prepared_post->post_type = $this->post_type;
1182          } else {
1183              // Updating a post, use previous type.
1184              $prepared_post->post_type = get_post_type( $request['id'] );
1185          }
1186  
1187          $post_type = get_post_type_object( $prepared_post->post_type );
1188  
1189          // Post status.
1190          if (
1191              ! empty( $schema['properties']['status'] ) &&
1192              isset( $request['status'] ) &&
1193              ( ! $current_status || $current_status !== $request['status'] )
1194          ) {
1195              $status = $this->handle_status_param( $request['status'], $post_type );
1196  
1197              if ( is_wp_error( $status ) ) {
1198                  return $status;
1199              }
1200  
1201              $prepared_post->post_status = $status;
1202          }
1203  
1204          // Post date.
1205          if ( ! empty( $schema['properties']['date'] ) && ! empty( $request['date'] ) ) {
1206              $current_date = isset( $prepared_post->ID ) ? get_post( $prepared_post->ID )->post_date : false;
1207              $date_data    = rest_get_date_with_gmt( $request['date'] );
1208  
1209              if ( ! empty( $date_data ) && $current_date !== $date_data[0] ) {
1210                  list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data;
1211                  $prepared_post->edit_date                                        = true;
1212              }
1213          } elseif ( ! empty( $schema['properties']['date_gmt'] ) && ! empty( $request['date_gmt'] ) ) {
1214              $current_date = isset( $prepared_post->ID ) ? get_post( $prepared_post->ID )->post_date_gmt : false;
1215              $date_data    = rest_get_date_with_gmt( $request['date_gmt'], true );
1216  
1217              if ( ! empty( $date_data ) && $current_date !== $date_data[1] ) {
1218                  list( $prepared_post->post_date, $prepared_post->post_date_gmt ) = $date_data;
1219                  $prepared_post->edit_date                                        = true;
1220              }
1221          }
1222  
1223          // Sending a null date or date_gmt value resets date and date_gmt to their
1224          // default values (`0000-00-00 00:00:00`).
1225          if (
1226              ( ! empty( $schema['properties']['date_gmt'] ) && $request->has_param( 'date_gmt' ) && null === $request['date_gmt'] ) ||
1227              ( ! empty( $schema['properties']['date'] ) && $request->has_param( 'date' ) && null === $request['date'] )
1228          ) {
1229              $prepared_post->post_date_gmt = null;
1230              $prepared_post->post_date     = null;
1231          }
1232  
1233          // Post slug.
1234          if ( ! empty( $schema['properties']['slug'] ) && isset( $request['slug'] ) ) {
1235              $prepared_post->post_name = $request['slug'];
1236          }
1237  
1238          // Author.
1239          if ( ! empty( $schema['properties']['author'] ) && ! empty( $request['author'] ) ) {
1240              $post_author = (int) $request['author'];
1241  
1242              if ( get_current_user_id() !== $post_author ) {
1243                  $user_obj = get_userdata( $post_author );
1244  
1245                  if ( ! $user_obj ) {
1246                      return new WP_Error(
1247                          'rest_invalid_author',
1248                          __( 'Invalid author ID.' ),
1249                          array( 'status' => 400 )
1250                      );
1251                  }
1252              }
1253  
1254              $prepared_post->post_author = $post_author;
1255          }
1256  
1257          // Post password.
1258          if ( ! empty( $schema['properties']['password'] ) && isset( $request['password'] ) ) {
1259              $prepared_post->post_password = $request['password'];
1260  
1261              if ( '' !== $request['password'] ) {
1262                  if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) {
1263                      return new WP_Error(
1264                          'rest_invalid_field',
1265                          __( 'A post can not be sticky and have a password.' ),
1266                          array( 'status' => 400 )
1267                      );
1268                  }
1269  
1270                  if ( ! empty( $prepared_post->ID ) && is_sticky( $prepared_post->ID ) ) {
1271                      return new WP_Error(
1272                          'rest_invalid_field',
1273                          __( 'A sticky post can not be password protected.' ),
1274                          array( 'status' => 400 )
1275                      );
1276                  }
1277              }
1278          }
1279  
1280          if ( ! empty( $schema['properties']['sticky'] ) && ! empty( $request['sticky'] ) ) {
1281              if ( ! empty( $prepared_post->ID ) && post_password_required( $prepared_post->ID ) ) {
1282                  return new WP_Error(
1283                      'rest_invalid_field',
1284                      __( 'A password protected post can not be set to sticky.' ),
1285                      array( 'status' => 400 )
1286                  );
1287              }
1288          }
1289  
1290          // Parent.
1291          if ( ! empty( $schema['properties']['parent'] ) && isset( $request['parent'] ) ) {
1292              if ( 0 === (int) $request['parent'] ) {
1293                  $prepared_post->post_parent = 0;
1294              } else {
1295                  $parent = get_post( (int) $request['parent'] );
1296  
1297                  if ( empty( $parent ) ) {
1298                      return new WP_Error(
1299                          'rest_post_invalid_id',
1300                          __( 'Invalid post parent ID.' ),
1301                          array( 'status' => 400 )
1302                      );
1303                  }
1304  
1305                  $prepared_post->post_parent = (int) $parent->ID;
1306              }
1307          }
1308  
1309          // Menu order.
1310          if ( ! empty( $schema['properties']['menu_order'] ) && isset( $request['menu_order'] ) ) {
1311              $prepared_post->menu_order = (int) $request['menu_order'];
1312          }
1313  
1314          // Comment status.
1315          if ( ! empty( $schema['properties']['comment_status'] ) && ! empty( $request['comment_status'] ) ) {
1316              $prepared_post->comment_status = $request['comment_status'];
1317          }
1318  
1319          // Ping status.
1320          if ( ! empty( $schema['properties']['ping_status'] ) && ! empty( $request['ping_status'] ) ) {
1321              $prepared_post->ping_status = $request['ping_status'];
1322          }
1323  
1324          if ( ! empty( $schema['properties']['template'] ) ) {
1325              // Force template to null so that it can be handled exclusively by the REST controller.
1326              $prepared_post->page_template = null;
1327          }
1328  
1329          /**
1330           * Filters a post before it is inserted via the REST API.
1331           *
1332           * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
1333           *
1334           * Possible hook names include:
1335           *
1336           *  - `rest_pre_insert_post`
1337           *  - `rest_pre_insert_page`
1338           *  - `rest_pre_insert_attachment`
1339           *
1340           * @since 4.7.0
1341           *
1342           * @param stdClass        $prepared_post An object representing a single post prepared
1343           *                                       for inserting or updating the database.
1344           * @param WP_REST_Request $request       Request object.
1345           */
1346          return apply_filters( "rest_pre_insert_{$this->post_type}", $prepared_post, $request );
1347  
1348      }
1349  
1350      /**
1351       * Checks whether the status is valid for the given post.
1352       *
1353       * Allows for sending an update request with the current status, even if that status would not be acceptable.
1354       *
1355       * @since 5.6.0
1356       *
1357       * @param string          $status  The provided status.
1358       * @param WP_REST_Request $request The request object.
1359       * @param string          $param   The parameter name.
1360       * @return true|WP_Error True if the status is valid, or WP_Error if not.
1361       */
1362  	public function check_status( $status, $request, $param ) {
1363          if ( $request['id'] ) {
1364              $post = $this->get_post( $request['id'] );
1365  
1366              if ( ! is_wp_error( $post ) && $post->post_status === $status ) {
1367                  return true;
1368              }
1369          }
1370  
1371          $args = $request->get_attributes()['args'][ $param ];
1372  
1373          return rest_validate_value_from_schema( $status, $args, $param );
1374      }
1375  
1376      /**
1377       * Determines validity and normalizes the given status parameter.
1378       *
1379       * @since 4.7.0
1380       *
1381       * @param string       $post_status Post status.
1382       * @param WP_Post_Type $post_type   Post type.
1383       * @return string|WP_Error Post status or WP_Error if lacking the proper permission.
1384       */
1385  	protected function handle_status_param( $post_status, $post_type ) {
1386  
1387          switch ( $post_status ) {
1388              case 'draft':
1389              case 'pending':
1390                  break;
1391              case 'private':
1392                  if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
1393                      return new WP_Error(
1394                          'rest_cannot_publish',
1395                          __( 'Sorry, you are not allowed to create private posts in this post type.' ),
1396                          array( 'status' => rest_authorization_required_code() )
1397                      );
1398                  }
1399                  break;
1400              case 'publish':
1401              case 'future':
1402                  if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
1403                      return new WP_Error(
1404                          'rest_cannot_publish',
1405                          __( 'Sorry, you are not allowed to publish posts in this post type.' ),
1406                          array( 'status' => rest_authorization_required_code() )
1407                      );
1408                  }
1409                  break;
1410              default:
1411                  if ( ! get_post_status_object( $post_status ) ) {
1412                      $post_status = 'draft';
1413                  }
1414                  break;
1415          }
1416  
1417          return $post_status;
1418      }
1419  
1420      /**
1421       * Determines the featured media based on a request param.
1422       *
1423       * @since 4.7.0
1424       *
1425       * @param int $featured_media Featured Media ID.
1426       * @param int $post_id        Post ID.
1427       * @return bool|WP_Error Whether the post thumbnail was successfully deleted, otherwise WP_Error.
1428       */
1429  	protected function handle_featured_media( $featured_media, $post_id ) {
1430  
1431          $featured_media = (int) $featured_media;
1432          if ( $featured_media ) {
1433              $result = set_post_thumbnail( $post_id, $featured_media );
1434              if ( $result ) {
1435                  return true;
1436              } else {
1437                  return new WP_Error(
1438                      'rest_invalid_featured_media',
1439                      __( 'Invalid featured media ID.' ),
1440                      array( 'status' => 400 )
1441                  );
1442              }
1443          } else {
1444              return delete_post_thumbnail( $post_id );
1445          }
1446  
1447      }
1448  
1449      /**
1450       * Check whether the template is valid for the given post.
1451       *
1452       * @since 4.9.0
1453       *
1454       * @param string          $template Page template filename.
1455       * @param WP_REST_Request $request  Request.
1456       * @return bool|WP_Error True if template is still valid or if the same as existing value, or false if template not supported.
1457       */
1458  	public function check_template( $template, $request ) {
1459  
1460          if ( ! $template ) {
1461              return true;
1462          }
1463  
1464          if ( $request['id'] ) {
1465              $post             = get_post( $request['id'] );
1466              $current_template = get_page_template_slug( $request['id'] );
1467          } else {
1468              $post             = null;
1469              $current_template = '';
1470          }
1471  
1472          // Always allow for updating a post to the same template, even if that template is no longer supported.
1473          if ( $template === $current_template ) {
1474              return true;
1475          }
1476  
1477          // If this is a create request, get_post() will return null and wp theme will fallback to the passed post type.
1478          $allowed_templates = wp_get_theme()->get_page_templates( $post, $this->post_type );
1479  
1480          if ( isset( $allowed_templates[ $template ] ) ) {
1481              return true;
1482          }
1483  
1484          return new WP_Error(
1485              'rest_invalid_param',
1486              /* translators: 1: Parameter, 2: List of valid values. */
1487              sprintf( __( '%1$s is not one of %2$s.' ), 'template', implode( ', ', array_keys( $allowed_templates ) ) )
1488          );
1489      }
1490  
1491      /**
1492       * Sets the template for a post.
1493       *
1494       * @since 4.7.0
1495       * @since 4.9.0 Added the `$validate` parameter.
1496       *
1497       * @param string $template Page template filename.
1498       * @param int    $post_id  Post ID.
1499       * @param bool   $validate Whether to validate that the template selected is valid.
1500       */
1501  	public function handle_template( $template, $post_id, $validate = false ) {
1502  
1503          if ( $validate && ! array_key_exists( $template, wp_get_theme()->get_page_templates( get_post( $post_id ) ) ) ) {
1504              $template = '';
1505          }
1506  
1507          update_post_meta( $post_id, '_wp_page_template', $template );
1508      }
1509  
1510      /**
1511       * Updates the post's terms from a REST request.
1512       *
1513       * @since 4.7.0
1514       *
1515       * @param int             $post_id The post ID to update the terms form.
1516       * @param WP_REST_Request $request The request object with post and terms data.
1517       * @return null|WP_Error WP_Error on an error assigning any of the terms, otherwise null.
1518       */
1519  	protected function handle_terms( $post_id, $request ) {
1520          $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
1521  
1522          foreach ( $taxonomies as $taxonomy ) {
1523              $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
1524  
1525              if ( ! isset( $request[ $base ] ) ) {
1526                  continue;
1527              }
1528  
1529              $result = wp_set_object_terms( $post_id, $request[ $base ], $taxonomy->name );
1530  
1531              if ( is_wp_error( $result ) ) {
1532                  return $result;
1533              }
1534          }
1535      }
1536  
1537      /**
1538       * Checks whether current user can assign all terms sent with the current request.
1539       *
1540       * @since 4.7.0
1541       *
1542       * @param WP_REST_Request $request The request object with post and terms data.
1543       * @return bool Whether the current user can assign the provided terms.
1544       */
1545  	protected function check_assign_terms_permission( $request ) {
1546          $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
1547          foreach ( $taxonomies as $taxonomy ) {
1548              $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
1549  
1550              if ( ! isset( $request[ $base ] ) ) {
1551                  continue;
1552              }
1553  
1554              foreach ( (array) $request[ $base ] as $term_id ) {
1555                  // Invalid terms will be rejected later.
1556                  if ( ! get_term( $term_id, $taxonomy->name ) ) {
1557                      continue;
1558                  }
1559  
1560                  if ( ! current_user_can( 'assign_term', (int) $term_id ) ) {
1561                      return false;
1562                  }
1563              }
1564          }
1565  
1566          return true;
1567      }
1568  
1569      /**
1570       * Checks if a given post type can be viewed or managed.
1571       *
1572       * @since 4.7.0
1573       *
1574       * @param WP_Post_Type|string $post_type Post type name or object.
1575       * @return bool Whether the post type is allowed in REST.
1576       */
1577  	protected function check_is_post_type_allowed( $post_type ) {
1578          if ( ! is_object( $post_type ) ) {
1579              $post_type = get_post_type_object( $post_type );
1580          }
1581  
1582          if ( ! empty( $post_type ) && ! empty( $post_type->show_in_rest ) ) {
1583              return true;
1584          }
1585  
1586          return false;
1587      }
1588  
1589      /**
1590       * Checks if a post can be read.
1591       *
1592       * Correctly handles posts with the inherit status.
1593       *
1594       * @since 4.7.0
1595       *
1596       * @param WP_Post $post Post object.
1597       * @return bool Whether the post can be read.
1598       */
1599  	public function check_read_permission( $post ) {
1600          $post_type = get_post_type_object( $post->post_type );
1601          if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
1602              return false;
1603          }
1604  
1605          // Is the post readable?
1606          if ( 'publish' === $post->post_status || current_user_can( 'read_post', $post->ID ) ) {
1607              return true;
1608          }
1609  
1610          $post_status_obj = get_post_status_object( $post->post_status );
1611          if ( $post_status_obj && $post_status_obj->public ) {
1612              return true;
1613          }
1614  
1615          // Can we read the parent if we're inheriting?
1616          if ( 'inherit' === $post->post_status && $post->post_parent > 0 ) {
1617              $parent = get_post( $post->post_parent );
1618              if ( $parent ) {
1619                  return $this->check_read_permission( $parent );
1620              }
1621          }
1622  
1623          /*
1624           * If there isn't a parent, but the status is set to inherit, assume
1625           * it's published (as per get_post_status()).
1626           */
1627          if ( 'inherit' === $post->post_status ) {
1628              return true;
1629          }
1630  
1631          return false;
1632      }
1633  
1634      /**
1635       * Checks if a post can be edited.
1636       *
1637       * @since 4.7.0
1638       *
1639       * @param WP_Post $post Post object.
1640       * @return bool Whether the post can be edited.
1641       */
1642  	protected function check_update_permission( $post ) {
1643          $post_type = get_post_type_object( $post->post_type );
1644  
1645          if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
1646              return false;
1647          }
1648  
1649          return current_user_can( 'edit_post', $post->ID );
1650      }
1651  
1652      /**
1653       * Checks if a post can be created.
1654       *
1655       * @since 4.7.0
1656       *
1657       * @param WP_Post $post Post object.
1658       * @return bool Whether the post can be created.
1659       */
1660  	protected function check_create_permission( $post ) {
1661          $post_type = get_post_type_object( $post->post_type );
1662  
1663          if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
1664              return false;
1665          }
1666  
1667          return current_user_can( $post_type->cap->create_posts );
1668      }
1669  
1670      /**
1671       * Checks if a post can be deleted.
1672       *
1673       * @since 4.7.0
1674       *
1675       * @param WP_Post $post Post object.
1676       * @return bool Whether the post can be deleted.
1677       */
1678  	protected function check_delete_permission( $post ) {
1679          $post_type = get_post_type_object( $post->post_type );
1680  
1681          if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
1682              return false;
1683          }
1684  
1685          return current_user_can( 'delete_post', $post->ID );
1686      }
1687  
1688      /**
1689       * Prepares a single post output for response.
1690       *
1691       * @since 4.7.0
1692       * @since 5.9.0 Renamed `$post` to `$item` to match parent class for PHP 8 named parameter support.
1693       *
1694       * @param WP_Post         $item    Post object.
1695       * @param WP_REST_Request $request Request object.
1696       * @return WP_REST_Response Response object.
1697       */
1698  	public function prepare_item_for_response( $item, $request ) {
1699          // Restores the more descriptive, specific name for use within this method.
1700          $post            = $item;
1701          $GLOBALS['post'] = $post;
1702  
1703          setup_postdata( $post );
1704  
1705          $fields = $this->get_fields_for_response( $request );
1706  
1707          // Base fields for every post.
1708          $data = array();
1709  
1710          if ( rest_is_field_included( 'id', $fields ) ) {
1711              $data['id'] = $post->ID;
1712          }
1713  
1714          if ( rest_is_field_included( 'date', $fields ) ) {
1715              $data['date'] = $this->prepare_date_response( $post->post_date_gmt, $post->post_date );
1716          }
1717  
1718          if ( rest_is_field_included( 'date_gmt', $fields ) ) {
1719              /*
1720               * For drafts, `post_date_gmt` may not be set, indicating that the date
1721               * of the draft should be updated each time it is saved (see #38883).
1722               * In this case, shim the value based on the `post_date` field
1723               * with the site's timezone offset applied.
1724               */
1725              if ( '0000-00-00 00:00:00' === $post->post_date_gmt ) {
1726                  $post_date_gmt = get_gmt_from_date( $post->post_date );
1727              } else {
1728                  $post_date_gmt = $post->post_date_gmt;
1729              }
1730              $data['date_gmt'] = $this->prepare_date_response( $post_date_gmt );
1731          }
1732  
1733          if ( rest_is_field_included( 'guid', $fields ) ) {
1734              $data['guid'] = array(
1735                  /** This filter is documented in wp-includes/post-template.php */
1736                  'rendered' => apply_filters( 'get_the_guid', $post->guid, $post->ID ),
1737                  'raw'      => $post->guid,
1738              );
1739          }
1740  
1741          if ( rest_is_field_included( 'modified', $fields ) ) {
1742              $data['modified'] = $this->prepare_date_response( $post->post_modified_gmt, $post->post_modified );
1743          }
1744  
1745          if ( rest_is_field_included( 'modified_gmt', $fields ) ) {
1746              /*
1747               * For drafts, `post_modified_gmt` may not be set (see `post_date_gmt` comments
1748               * above). In this case, shim the value based on the `post_modified` field
1749               * with the site's timezone offset applied.
1750               */
1751              if ( '0000-00-00 00:00:00' === $post->post_modified_gmt ) {
1752                  $post_modified_gmt = gmdate( 'Y-m-d H:i:s', strtotime( $post->post_modified ) - ( get_option( 'gmt_offset' ) * 3600 ) );
1753              } else {
1754                  $post_modified_gmt = $post->post_modified_gmt;
1755              }
1756              $data['modified_gmt'] = $this->prepare_date_response( $post_modified_gmt );
1757          }
1758  
1759          if ( rest_is_field_included( 'password', $fields ) ) {
1760              $data['password'] = $post->post_password;
1761          }
1762  
1763          if ( rest_is_field_included( 'slug', $fields ) ) {
1764              $data['slug'] = $post->post_name;
1765          }
1766  
1767          if ( rest_is_field_included( 'status', $fields ) ) {
1768              $data['status'] = $post->post_status;
1769          }
1770  
1771          if ( rest_is_field_included( 'type', $fields ) ) {
1772              $data['type'] = $post->post_type;
1773          }
1774  
1775          if ( rest_is_field_included( 'link', $fields ) ) {
1776              $data['link'] = get_permalink( $post->ID );
1777          }
1778  
1779          if ( rest_is_field_included( 'title', $fields ) ) {
1780              $data['title'] = array();
1781          }
1782          if ( rest_is_field_included( 'title.raw', $fields ) ) {
1783              $data['title']['raw'] = $post->post_title;
1784          }
1785          if ( rest_is_field_included( 'title.rendered', $fields ) ) {
1786              add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
1787  
1788              $data['title']['rendered'] = get_the_title( $post->ID );
1789  
1790              remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
1791          }
1792  
1793          $has_password_filter = false;
1794  
1795          if ( $this->can_access_password_content( $post, $request ) ) {
1796              $this->password_check_passed[ $post->ID ] = true;
1797              // Allow access to the post, permissions already checked before.
1798              add_filter( 'post_password_required', array( $this, 'check_password_required' ), 10, 2 );
1799  
1800              $has_password_filter = true;
1801          }
1802  
1803          if ( rest_is_field_included( 'content', $fields ) ) {
1804              $data['content'] = array();
1805          }
1806          if ( rest_is_field_included( 'content.raw', $fields ) ) {
1807              $data['content']['raw'] = $post->post_content;
1808          }
1809          if ( rest_is_field_included( 'content.rendered', $fields ) ) {
1810              /** This filter is documented in wp-includes/post-template.php */
1811              $data['content']['rendered'] = post_password_required( $post ) ? '' : apply_filters( 'the_content', $post->post_content );
1812          }
1813          if ( rest_is_field_included( 'content.protected', $fields ) ) {
1814              $data['content']['protected'] = (bool) $post->post_password;
1815          }
1816          if ( rest_is_field_included( 'content.block_version', $fields ) ) {
1817              $data['content']['block_version'] = block_version( $post->post_content );
1818          }
1819  
1820          if ( rest_is_field_included( 'excerpt', $fields ) ) {
1821              /** This filter is documented in wp-includes/post-template.php */
1822              $excerpt = apply_filters( 'get_the_excerpt', $post->post_excerpt, $post );
1823  
1824              /** This filter is documented in wp-includes/post-template.php */
1825              $excerpt = apply_filters( 'the_excerpt', $excerpt );
1826  
1827              $data['excerpt'] = array(
1828                  'raw'       => $post->post_excerpt,
1829                  'rendered'  => post_password_required( $post ) ? '' : $excerpt,
1830                  'protected' => (bool) $post->post_password,
1831              );
1832          }
1833  
1834          if ( $has_password_filter ) {
1835              // Reset filter.
1836              remove_filter( 'post_password_required', array( $this, 'check_password_required' ) );
1837          }
1838  
1839          if ( rest_is_field_included( 'author', $fields ) ) {
1840              $data['author'] = (int) $post->post_author;
1841          }
1842  
1843          if ( rest_is_field_included( 'featured_media', $fields ) ) {
1844              $data['featured_media'] = (int) get_post_thumbnail_id( $post->ID );
1845          }
1846  
1847          if ( rest_is_field_included( 'parent', $fields ) ) {
1848              $data['parent'] = (int) $post->post_parent;
1849          }
1850  
1851          if ( rest_is_field_included( 'menu_order', $fields ) ) {
1852              $data['menu_order'] = (int) $post->menu_order;
1853          }
1854  
1855          if ( rest_is_field_included( 'comment_status', $fields ) ) {
1856              $data['comment_status'] = $post->comment_status;
1857          }
1858  
1859          if ( rest_is_field_included( 'ping_status', $fields ) ) {
1860              $data['ping_status'] = $post->ping_status;
1861          }
1862  
1863          if ( rest_is_field_included( 'sticky', $fields ) ) {
1864              $data['sticky'] = is_sticky( $post->ID );
1865          }
1866  
1867          if ( rest_is_field_included( 'template', $fields ) ) {
1868              $template = get_page_template_slug( $post->ID );
1869              if ( $template ) {
1870                  $data['template'] = $template;
1871              } else {
1872                  $data['template'] = '';
1873              }
1874          }
1875  
1876          if ( rest_is_field_included( 'format', $fields ) ) {
1877              $data['format'] = get_post_format( $post->ID );
1878  
1879              // Fill in blank post format.
1880              if ( empty( $data['format'] ) ) {
1881                  $data['format'] = 'standard';
1882              }
1883          }
1884  
1885          if ( rest_is_field_included( 'meta', $fields ) ) {
1886              $data['meta'] = $this->meta->get_value( $post->ID, $request );
1887          }
1888  
1889          $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
1890  
1891          foreach ( $taxonomies as $taxonomy ) {
1892              $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
1893  
1894              if ( rest_is_field_included( $base, $fields ) ) {
1895                  $terms         = get_the_terms( $post, $taxonomy->name );
1896                  $data[ $base ] = $terms ? array_values( wp_list_pluck( $terms, 'term_id' ) ) : array();
1897              }
1898          }
1899  
1900          $post_type_obj = get_post_type_object( $post->post_type );
1901          if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) {
1902              $permalink_template_requested = rest_is_field_included( 'permalink_template', $fields );
1903              $generated_slug_requested     = rest_is_field_included( 'generated_slug', $fields );
1904  
1905              if ( $permalink_template_requested || $generated_slug_requested ) {
1906                  if ( ! function_exists( 'get_sample_permalink' ) ) {
1907                      require_once ABSPATH . 'wp-admin/includes/post.php';
1908                  }
1909  
1910                  $sample_permalink = get_sample_permalink( $post->ID, $post->post_title, '' );
1911  
1912                  if ( $permalink_template_requested ) {
1913                      $data['permalink_template'] = $sample_permalink[0];
1914                  }
1915  
1916                  if ( $generated_slug_requested ) {
1917                      $data['generated_slug'] = $sample_permalink[1];
1918                  }
1919              }
1920          }
1921  
1922          $context = ! empty( $request['context'] ) ? $request['context'] : 'view';
1923          $data    = $this->add_additional_fields_to_object( $data, $request );
1924          $data    = $this->filter_response_by_context( $data, $context );
1925  
1926          // Wrap the data in a response object.
1927          $response = rest_ensure_response( $data );
1928  
1929          $links = $this->prepare_links( $post );
1930          $response->add_links( $links );
1931  
1932          if ( ! empty( $links['self']['href'] ) ) {
1933              $actions = $this->get_available_actions( $post, $request );
1934  
1935              $self = $links['self']['href'];
1936  
1937              foreach ( $actions as $rel ) {
1938                  $response->add_link( $rel, $self );
1939              }
1940          }
1941  
1942          /**
1943           * Filters the post data for a REST API response.
1944           *
1945           * The dynamic portion of the hook name, `$this->post_type`, refers to the post type slug.
1946           *
1947           * Possible hook names include:
1948           *
1949           *  - `rest_prepare_post`
1950           *  - `rest_prepare_page`
1951           *  - `rest_prepare_attachment`
1952           *
1953           * @since 4.7.0
1954           *
1955           * @param WP_REST_Response $response The response object.
1956           * @param WP_Post          $post     Post object.
1957           * @param WP_REST_Request  $request  Request object.
1958           */
1959          return apply_filters( "rest_prepare_{$this->post_type}", $response, $post, $request );
1960      }
1961  
1962      /**
1963       * Overwrites the default protected title format.
1964       *
1965       * By default, WordPress will show password protected posts with a title of
1966       * "Protected: %s", as the REST API communicates the protected status of a post
1967       * in a machine readable format, we remove the "Protected: " prefix.
1968       *
1969       * @since 4.7.0
1970       *
1971       * @return string Protected title format.
1972       */
1973  	public function protected_title_format() {
1974          return '%s';
1975      }
1976  
1977      /**
1978       * Prepares links for the request.
1979       *
1980       * @since 4.7.0
1981       *
1982       * @param WP_Post $post Post object.
1983       * @return array Links for the given post.
1984       */
1985  	protected function prepare_links( $post ) {
1986          $base = sprintf( '%s/%s', $this->namespace, $this->rest_base );
1987  
1988          // Entity meta.
1989          $links = array(
1990              'self'       => array(
1991                  'href' => rest_url( trailingslashit( $base ) . $post->ID ),
1992              ),
1993              'collection' => array(
1994                  'href' => rest_url( $base ),
1995              ),
1996              'about'      => array(
1997                  'href' => rest_url( 'wp/v2/types/' . $this->post_type ),
1998              ),
1999          );
2000  
2001          if ( ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'author' ) )
2002              && ! empty( $post->post_author ) ) {
2003              $links['author'] = array(
2004                  'href'       => rest_url( 'wp/v2/users/' . $post->post_author ),
2005                  'embeddable' => true,
2006              );
2007          }
2008  
2009          if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'comments' ) ) {
2010              $replies_url = rest_url( 'wp/v2/comments' );
2011              $replies_url = add_query_arg( 'post', $post->ID, $replies_url );
2012  
2013              $links['replies'] = array(
2014                  'href'       => $replies_url,
2015                  'embeddable' => true,
2016              );
2017          }
2018  
2019          if ( in_array( $post->post_type, array( 'post', 'page' ), true ) || post_type_supports( $post->post_type, 'revisions' ) ) {
2020              $revisions       = wp_get_post_revisions( $post->ID, array( 'fields' => 'ids' ) );
2021              $revisions_count = count( $revisions );
2022  
2023              $links['version-history'] = array(
2024                  'href'  => rest_url( trailingslashit( $base ) . $post->ID . '/revisions' ),
2025                  'count' => $revisions_count,
2026              );
2027  
2028              if ( $revisions_count > 0 ) {
2029                  $last_revision = array_shift( $revisions );
2030  
2031                  $links['predecessor-version'] = array(
2032                      'href' => rest_url( trailingslashit( $base ) . $post->ID . '/revisions/' . $last_revision ),
2033                      'id'   => $last_revision,
2034                  );
2035              }
2036          }
2037  
2038          $post_type_obj = get_post_type_object( $post->post_type );
2039  
2040          if ( $post_type_obj->hierarchical && ! empty( $post->post_parent ) ) {
2041              $links['up'] = array(
2042                  'href'       => rest_url( rest_get_route_for_post( $post->post_parent ) ),
2043                  'embeddable' => true,
2044              );
2045          }
2046  
2047          // If we have a featured media, add that.
2048          $featured_media = get_post_thumbnail_id( $post->ID );
2049          if ( $featured_media ) {
2050              $image_url = rest_url( rest_get_route_for_post( $featured_media ) );
2051  
2052              $links['https://api.w.org/featuredmedia'] = array(
2053                  'href'       => $image_url,
2054                  'embeddable' => true,
2055              );
2056          }
2057  
2058          if ( ! in_array( $post->post_type, array( 'attachment', 'nav_menu_item', 'revision' ), true ) ) {
2059              $attachments_url = rest_url( rest_get_route_for_post_type_items( 'attachment' ) );
2060              $attachments_url = add_query_arg( 'parent', $post->ID, $attachments_url );
2061  
2062              $links['https://api.w.org/attachment'] = array(
2063                  'href' => $attachments_url,
2064              );
2065          }
2066  
2067          $taxonomies = get_object_taxonomies( $post->post_type );
2068  
2069          if ( ! empty( $taxonomies ) ) {
2070              $links['https://api.w.org/term'] = array();
2071  
2072              foreach ( $taxonomies as $tax ) {
2073                  $taxonomy_route = rest_get_route_for_taxonomy_items( $tax );
2074  
2075                  // Skip taxonomies that are not public.
2076                  if ( empty( $taxonomy_route ) ) {
2077                      continue;
2078                  }
2079                  $terms_url = add_query_arg(
2080                      'post',
2081                      $post->ID,
2082                      rest_url( $taxonomy_route )
2083                  );
2084  
2085                  $links['https://api.w.org/term'][] = array(
2086                      'href'       => $terms_url,
2087                      'taxonomy'   => $tax,
2088                      'embeddable' => true,
2089                  );
2090              }
2091          }
2092  
2093          return $links;
2094      }
2095  
2096      /**
2097       * Get the link relations available for the post and current user.
2098       *
2099       * @since 4.9.8
2100       *
2101       * @param WP_Post         $post    Post object.
2102       * @param WP_REST_Request $request Request object.
2103       * @return array List of link relations.
2104       */
2105  	protected function get_available_actions( $post, $request ) {
2106  
2107          if ( 'edit' !== $request['context'] ) {
2108              return array();
2109          }
2110  
2111          $rels = array();
2112  
2113          $post_type = get_post_type_object( $post->post_type );
2114  
2115          if ( 'attachment' !== $this->post_type && current_user_can( $post_type->cap->publish_posts ) ) {
2116              $rels[] = 'https://api.w.org/action-publish';
2117          }
2118  
2119          if ( current_user_can( 'unfiltered_html' ) ) {
2120              $rels[] = 'https://api.w.org/action-unfiltered-html';
2121          }
2122  
2123          if ( 'post' === $post_type->name ) {
2124              if ( current_user_can( $post_type->cap->edit_others_posts ) && current_user_can( $post_type->cap->publish_posts ) ) {
2125                  $rels[] = 'https://api.w.org/action-sticky';
2126              }
2127          }
2128  
2129          if ( post_type_supports( $post_type->name, 'author' ) ) {
2130              if ( current_user_can( $post_type->cap->edit_others_posts ) ) {
2131                  $rels[] = 'https://api.w.org/action-assign-author';
2132              }
2133          }
2134  
2135          $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
2136  
2137          foreach ( $taxonomies as $tax ) {
2138              $tax_base   = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name;
2139              $create_cap = is_taxonomy_hierarchical( $tax->name ) ? $tax->cap->edit_terms : $tax->cap->assign_terms;
2140  
2141              if ( current_user_can( $create_cap ) ) {
2142                  $rels[] = 'https://api.w.org/action-create-' . $tax_base;
2143              }
2144  
2145              if ( current_user_can( $tax->cap->assign_terms ) ) {
2146                  $rels[] = 'https://api.w.org/action-assign-' . $tax_base;
2147              }
2148          }
2149  
2150          return $rels;
2151      }
2152  
2153      /**
2154       * Retrieves the post's schema, conforming to JSON Schema.
2155       *
2156       * @since 4.7.0
2157       *
2158       * @return array Item schema data.
2159       */
2160  	public function get_item_schema() {
2161          if ( $this->schema ) {
2162              return $this->add_additional_fields_schema( $this->schema );
2163          }
2164  
2165          $schema = array(
2166              '$schema'    => 'http://json-schema.org/draft-04/schema#',
2167              'title'      => $this->post_type,
2168              'type'       => 'object',
2169              // Base properties for every Post.
2170              'properties' => array(
2171                  'date'         => array(
2172                      'description' => __( "The date the post was published, in the site's timezone." ),
2173                      'type'        => array( 'string', 'null' ),
2174                      'format'      => 'date-time',
2175                      'context'     => array( 'view', 'edit', 'embed' ),
2176                  ),
2177                  'date_gmt'     => array(
2178                      'description' => __( 'The date the post was published, as GMT.' ),
2179                      'type'        => array( 'string', 'null' ),
2180                      'format'      => 'date-time',
2181                      'context'     => array( 'view', 'edit' ),
2182                  ),
2183                  'guid'         => array(
2184                      'description' => __( 'The globally unique identifier for the post.' ),
2185                      'type'        => 'object',
2186                      'context'     => array( 'view', 'edit' ),
2187                      'readonly'    => true,
2188                      'properties'  => array(
2189                          'raw'      => array(
2190                              'description' => __( 'GUID for the post, as it exists in the database.' ),
2191                              'type'        => 'string',
2192                              'context'     => array( 'edit' ),
2193                              'readonly'    => true,
2194                          ),
2195                          'rendered' => array(
2196                              'description' => __( 'GUID for the post, transformed for display.' ),
2197                              'type'        => 'string',
2198                              'context'     => array( 'view', 'edit' ),
2199                              'readonly'    => true,
2200                          ),
2201                      ),
2202                  ),
2203                  'id'           => array(
2204                      'description' => __( 'Unique identifier for the post.' ),
2205                      'type'        => 'integer',
2206                      'context'     => array( 'view', 'edit', 'embed' ),
2207                      'readonly'    => true,
2208                  ),
2209                  'link'         => array(
2210                      'description' => __( 'URL to the post.' ),
2211                      'type'        => 'string',
2212                      'format'      => 'uri',
2213                      'context'     => array( 'view', 'edit', 'embed' ),
2214                      'readonly'    => true,
2215                  ),
2216                  'modified'     => array(
2217                      'description' => __( "The date the post was last modified, in the site's timezone." ),
2218                      'type'        => 'string',
2219                      'format'      => 'date-time',
2220                      'context'     => array( 'view', 'edit' ),
2221                      'readonly'    => true,
2222                  ),
2223                  'modified_gmt' => array(
2224                      'description' => __( 'The date the post was last modified, as GMT.' ),
2225                      'type'        => 'string',
2226                      'format'      => 'date-time',
2227                      'context'     => array( 'view', 'edit' ),
2228                      'readonly'    => true,
2229                  ),
2230                  'slug'         => array(
2231                      'description' => __( 'An alphanumeric identifier for the post unique to its type.' ),
2232                      'type'        => 'string',
2233                      'context'     => array( 'view', 'edit', 'embed' ),
2234                      'arg_options' => array(
2235                          'sanitize_callback' => array( $this, 'sanitize_slug' ),
2236                      ),
2237                  ),
2238                  'status'       => array(
2239                      'description' => __( 'A named status for the post.' ),
2240                      'type'        => 'string',
2241                      'enum'        => array_keys( get_post_stati( array( 'internal' => false ) ) ),
2242                      'context'     => array( 'view', 'edit' ),
2243                      'arg_options' => array(
2244                          'validate_callback' => array( $this, 'check_status' ),
2245                      ),
2246                  ),
2247                  'type'         => array(
2248                      'description' => __( 'Type of post.' ),
2249                      'type'        => 'string',
2250                      'context'     => array( 'view', 'edit', 'embed' ),
2251                      'readonly'    => true,
2252                  ),
2253                  'password'     => array(
2254                      'description' => __( 'A password to protect access to the content and excerpt.' ),
2255                      'type'        => 'string',
2256                      'context'     => array( 'edit' ),
2257                  ),
2258              ),
2259          );
2260  
2261          $post_type_obj = get_post_type_object( $this->post_type );
2262          if ( is_post_type_viewable( $post_type_obj ) && $post_type_obj->public ) {
2263              $schema['properties']['permalink_template'] = array(
2264                  'description' => __( 'Permalink template for the post.' ),
2265                  'type'        => 'string',
2266                  'context'     => array( 'edit' ),
2267                  'readonly'    => true,
2268              );
2269  
2270              $schema['properties']['generated_slug'] = array(
2271                  'description' => __( 'Slug automatically generated from the post title.' ),
2272                  'type'        => 'string',
2273                  'context'     => array( 'edit' ),
2274                  'readonly'    => true,
2275              );
2276          }
2277  
2278          if ( $post_type_obj->hierarchical ) {
2279              $schema['properties']['parent'] = array(
2280                  'description' => __( 'The ID for the parent of the post.' ),
2281                  'type'        => 'integer',
2282                  'context'     => array( 'view', 'edit' ),
2283              );
2284          }
2285  
2286          $post_type_attributes = array(
2287              'title',
2288              'editor',
2289              'author',
2290              'excerpt',
2291              'thumbnail',
2292              'comments',
2293              'revisions',
2294              'page-attributes',
2295              'post-formats',
2296              'custom-fields',
2297          );
2298          $fixed_schemas        = array(
2299              'post'       => array(
2300                  'title',
2301                  'editor',
2302                  'author',
2303                  'excerpt',
2304                  'thumbnail',
2305                  'comments',
2306                  'revisions',
2307                  'post-formats',
2308                  'custom-fields',
2309              ),
2310              'page'       => array(
2311                  'title',
2312                  'editor',
2313                  'author',
2314                  'excerpt',
2315                  'thumbnail',
2316                  'comments',
2317                  'revisions',
2318                  'page-attributes',
2319                  'custom-fields',
2320              ),
2321              'attachment' => array(
2322                  'title',
2323                  'author',
2324                  'comments',
2325                  'revisions',
2326                  'custom-fields',
2327              ),
2328          );
2329  
2330          foreach ( $post_type_attributes as $attribute ) {
2331              if ( isset( $fixed_schemas[ $this->post_type ] ) && ! in_array( $attribute, $fixed_schemas[ $this->post_type ], true ) ) {
2332                  continue;
2333              } elseif ( ! isset( $fixed_schemas[ $this->post_type ] ) && ! post_type_supports( $this->post_type, $attribute ) ) {
2334                  continue;
2335              }
2336  
2337              switch ( $attribute ) {
2338  
2339                  case 'title':
2340                      $schema['properties']['title'] = array(
2341                          'description' => __( 'The title for the post.' ),
2342                          'type'        => 'object',
2343                          'context'     => array( 'view', 'edit', 'embed' ),
2344                          'arg_options' => array(
2345                              'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
2346                              'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
2347                          ),
2348                          'properties'  => array(
2349                              'raw'      => array(
2350                                  'description' => __( 'Title for the post, as it exists in the database.' ),
2351                                  'type'        => 'string',
2352                                  'context'     => array( 'edit' ),
2353                              ),
2354                              'rendered' => array(
2355                                  'description' => __( 'HTML title for the post, transformed for display.' ),
2356                                  'type'        => 'string',
2357                                  'context'     => array( 'view', 'edit', 'embed' ),
2358                                  'readonly'    => true,
2359                              ),
2360                          ),
2361                      );
2362                      break;
2363  
2364                  case 'editor':
2365                      $schema['properties']['content'] = array(
2366                          'description' => __( 'The content for the post.' ),
2367                          'type'        => 'object',
2368                          'context'     => array( 'view', 'edit' ),
2369                          'arg_options' => array(
2370                              'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
2371                              'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
2372                          ),
2373                          'properties'  => array(
2374                              'raw'           => array(
2375                                  'description' => __( 'Content for the post, as it exists in the database.' ),
2376                                  'type'        => 'string',
2377                                  'context'     => array( 'edit' ),
2378                              ),
2379                              'rendered'      => array(
2380                                  'description' => __( 'HTML content for the post, transformed for display.' ),
2381                                  'type'        => 'string',
2382                                  'context'     => array( 'view', 'edit' ),
2383                                  'readonly'    => true,
2384                              ),
2385                              'block_version' => array(
2386                                  'description' => __( 'Version of the content block format used by the post.' ),
2387                                  'type'        => 'integer',
2388                                  'context'     => array( 'edit' ),
2389                                  'readonly'    => true,
2390                              ),
2391                              'protected'     => array(
2392                                  'description' => __( 'Whether the content is protected with a password.' ),
2393                                  'type'        => 'boolean',
2394                                  'context'     => array( 'view', 'edit', 'embed' ),
2395                                  'readonly'    => true,
2396                              ),
2397                          ),
2398                      );
2399                      break;
2400  
2401                  case 'author':
2402                      $schema['properties']['author'] = array(
2403                          'description' => __( 'The ID for the author of the post.' ),
2404                          'type'        => 'integer',
2405                          'context'     => array( 'view', 'edit', 'embed' ),
2406                      );
2407                      break;
2408  
2409                  case 'excerpt':
2410                      $schema['properties']['excerpt'] = array(
2411                          'description' => __( 'The excerpt for the post.' ),
2412                          'type'        => 'object',
2413                          'context'     => array( 'view', 'edit', 'embed' ),
2414                          'arg_options' => array(
2415                              'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database().
2416                              'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database().
2417                          ),
2418                          'properties'  => array(
2419                              'raw'       => array(
2420                                  'description' => __( 'Excerpt for the post, as it exists in the database.' ),
2421                                  'type'        => 'string',
2422                                  'context'     => array( 'edit' ),
2423                              ),
2424                              'rendered'  => array(
2425                                  'description' => __( 'HTML excerpt for the post, transformed for display.' ),
2426                                  'type'        => 'string',
2427                                  'context'     => array( 'view', 'edit', 'embed' ),
2428                                  'readonly'    => true,
2429                              ),
2430                              'protected' => array(
2431                                  'description' => __( 'Whether the excerpt is protected with a password.' ),
2432                                  'type'        => 'boolean',
2433                                  'context'     => array( 'view', 'edit', 'embed' ),
2434                                  'readonly'    => true,
2435                              ),
2436                          ),
2437                      );
2438                      break;
2439  
2440                  case 'thumbnail':
2441                      $schema['properties']['featured_media'] = array(
2442                          'description' => __( 'The ID of the featured media for the post.' ),
2443                          'type'        => 'integer',
2444                          'context'     => array( 'view', 'edit', 'embed' ),
2445                      );
2446                      break;
2447  
2448                  case 'comments':
2449                      $schema['properties']['comment_status'] = array(
2450                          'description' => __( 'Whether or not comments are open on the post.' ),
2451                          'type'        => 'string',
2452                          'enum'        => array( 'open', 'closed' ),
2453                          'context'     => array( 'view', 'edit' ),
2454                      );
2455                      $schema['properties']['ping_status']    = array(
2456                          'description' => __( 'Whether or not the post can be pinged.' ),
2457                          'type'        => 'string',
2458                          'enum'        => array( 'open', 'closed' ),
2459                          'context'     => array( 'view', 'edit' ),
2460                      );
2461                      break;
2462  
2463                  case 'page-attributes':
2464                      $schema['properties']['menu_order'] = array(
2465                          'description' => __( 'The order of the post in relation to other posts.' ),
2466                          'type'        => 'integer',
2467                          'context'     => array( 'view', 'edit' ),
2468                      );
2469                      break;
2470  
2471                  case 'post-formats':
2472                      // Get the native post formats and remove the array keys.
2473                      $formats = array_values( get_post_format_slugs() );
2474  
2475                      $schema['properties']['format'] = array(
2476                          'description' => __( 'The format for the post.' ),
2477                          'type'        => 'string',
2478                          'enum'        => $formats,
2479                          'context'     => array( 'view', 'edit' ),
2480                      );
2481                      break;
2482  
2483                  case 'custom-fields':
2484                      $schema['properties']['meta'] = $this->meta->get_field_schema();
2485                      break;
2486  
2487              }
2488          }
2489  
2490          if ( 'post' === $this->post_type ) {
2491              $schema['properties']['sticky'] = array(
2492                  'description' => __( 'Whether or not the post should be treated as sticky.' ),
2493                  'type'        => 'boolean',
2494                  'context'     => array( 'view', 'edit' ),
2495              );
2496          }
2497  
2498          $schema['properties']['template'] = array(
2499              'description' => __( 'The theme file to use to display the post.' ),
2500              'type'        => 'string',
2501              'context'     => array( 'view', 'edit' ),
2502              'arg_options' => array(
2503                  'validate_callback' => array( $this, 'check_template' ),
2504              ),
2505          );
2506  
2507          $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
2508  
2509          foreach ( $taxonomies as $taxonomy ) {
2510              $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
2511  
2512              if ( array_key_exists( $base, $schema['properties'] ) ) {
2513                  $taxonomy_field_name_with_conflict = ! empty( $taxonomy->rest_base ) ? 'rest_base' : 'name';
2514                  _doing_it_wrong(
2515                      'register_taxonomy',
2516                      sprintf(
2517                          /* translators: 1: The taxonomy name, 2: The property name, either 'rest_base' or 'name', 3: The conflicting value. */
2518                          __( 'The "%1$s" taxonomy "%2$s" property (%3$s) conflicts with an existing property on the REST API Posts Controller. Specify a custom "rest_base" when registering the taxonomy to avoid this error.' ),
2519                          $taxonomy->name,
2520                          $taxonomy_field_name_with_conflict,
2521                          $base
2522                      ),
2523                      '5.4.0'
2524                  );
2525              }
2526  
2527              $schema['properties'][ $base ] = array(
2528                  /* translators: %s: Taxonomy name. */
2529                  'description' => sprintf( __( 'The terms assigned to the post in the %s taxonomy.' ), $taxonomy->name ),
2530                  'type'        => 'array',
2531                  'items'       => array(
2532                      'type' => 'integer',
2533                  ),
2534                  'context'     => array( 'view', 'edit' ),
2535              );
2536          }
2537  
2538          $schema_links = $this->get_schema_links();
2539  
2540          if ( $schema_links ) {
2541              $schema['links'] = $schema_links;
2542          }
2543  
2544          // Take a snapshot of which fields are in the schema pre-filtering.
2545          $schema_fields = array_keys( $schema['properties'] );
2546  
2547          /**
2548           * Filters the post's schema.
2549           *
2550           * The dynamic portion of the filter, `$this->post_type`, refers to the
2551           * post type slug for the controller.
2552           *
2553           * Possible hook names include:
2554           *
2555           *  - `rest_post_item_schema`
2556           *  - `rest_page_item_schema`
2557           *  - `rest_attachment_item_schema`
2558           *
2559           * @since 5.4.0
2560           *
2561           * @param array $schema Item schema data.
2562           */
2563          $schema = apply_filters( "rest_{$this->post_type}_item_schema", $schema );
2564  
2565          // Emit a _doing_it_wrong warning if user tries to add new properties using this filter.
2566          $new_fields = array_diff( array_keys( $schema['properties'] ), $schema_fields );
2567          if ( count( $new_fields ) > 0 ) {
2568              _doing_it_wrong(
2569                  __METHOD__,
2570                  sprintf(
2571                      /* translators: %s: register_rest_field */
2572                      __( 'Please use %s to add new schema properties.' ),
2573                      'register_rest_field'
2574                  ),
2575                  '5.4.0'
2576              );
2577          }
2578  
2579          $this->schema = $schema;
2580  
2581          return $this->add_additional_fields_schema( $this->schema );
2582      }
2583  
2584      /**
2585       * Retrieve Link Description Objects that should be added to the Schema for the posts collection.
2586       *
2587       * @since 4.9.8
2588       *
2589       * @return array
2590       */
2591  	protected function get_schema_links() {
2592  
2593          $href = rest_url( "{$this->namespace}/{$this->rest_base}/{id}" );
2594  
2595          $links = array();
2596  
2597          if ( 'attachment' !== $this->post_type ) {
2598              $links[] = array(
2599                  'rel'          => 'https://api.w.org/action-publish',
2600                  'title'        => __( 'The current user can publish this post.' ),
2601                  'href'         => $href,
2602                  'targetSchema' => array(
2603                      'type'       => 'object',
2604                      'properties' => array(
2605                          'status' => array(
2606                              'type' => 'string',
2607                              'enum' => array( 'publish', 'future' ),
2608                          ),
2609                      ),
2610                  ),
2611              );
2612          }
2613  
2614          $links[] = array(
2615              'rel'          => 'https://api.w.org/action-unfiltered-html',
2616              'title'        => __( 'The current user can post unfiltered HTML markup and JavaScript.' ),
2617              'href'         => $href,
2618              'targetSchema' => array(
2619                  'type'       => 'object',
2620                  'properties' => array(
2621                      'content' => array(
2622                          'raw' => array(
2623                              'type' => 'string',
2624                          ),
2625                      ),
2626                  ),
2627              ),
2628          );
2629  
2630          if ( 'post' === $this->post_type ) {
2631              $links[] = array(
2632                  'rel'          => 'https://api.w.org/action-sticky',
2633                  'title'        => __( 'The current user can sticky this post.' ),
2634                  'href'         => $href,
2635                  'targetSchema' => array(
2636                      'type'       => 'object',
2637                      'properties' => array(
2638                          'sticky' => array(
2639                              'type' => 'boolean',
2640                          ),
2641                      ),
2642                  ),
2643              );
2644          }
2645  
2646          if ( post_type_supports( $this->post_type, 'author' ) ) {
2647              $links[] = array(
2648                  'rel'          => 'https://api.w.org/action-assign-author',
2649                  'title'        => __( 'The current user can change the author on this post.' ),
2650                  'href'         => $href,
2651                  'targetSchema' => array(
2652                      'type'       => 'object',
2653                      'properties' => array(
2654                          'author' => array(
2655                              'type' => 'integer',
2656                          ),
2657                      ),
2658                  ),
2659              );
2660          }
2661  
2662          $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
2663  
2664          foreach ( $taxonomies as $tax ) {
2665              $tax_base = ! empty( $tax->rest_base ) ? $tax->rest_base : $tax->name;
2666  
2667              /* translators: %s: Taxonomy name. */
2668              $assign_title = sprintf( __( 'The current user can assign terms in the %s taxonomy.' ), $tax->name );
2669              /* translators: %s: Taxonomy name. */
2670              $create_title = sprintf( __( 'The current user can create terms in the %s taxonomy.' ), $tax->name );
2671  
2672              $links[] = array(
2673                  'rel'          => 'https://api.w.org/action-assign-' . $tax_base,
2674                  'title'        => $assign_title,
2675                  'href'         => $href,
2676                  'targetSchema' => array(
2677                      'type'       => 'object',
2678                      'properties' => array(
2679                          $tax_base => array(
2680                              'type'  => 'array',
2681                              'items' => array(
2682                                  'type' => 'integer',
2683                              ),
2684                          ),
2685                      ),
2686                  ),
2687              );
2688  
2689              $links[] = array(
2690                  'rel'          => 'https://api.w.org/action-create-' . $tax_base,
2691                  'title'        => $create_title,
2692                  'href'         => $href,
2693                  'targetSchema' => array(
2694                      'type'       => 'object',
2695                      'properties' => array(
2696                          $tax_base => array(
2697                              'type'  => 'array',
2698                              'items' => array(
2699                                  'type' => 'integer',
2700                              ),
2701                          ),
2702                      ),
2703                  ),
2704              );
2705          }
2706  
2707          return $links;
2708      }
2709  
2710      /**
2711       * Retrieves the query params for the posts collection.
2712       *
2713       * @since 4.7.0
2714       * @since 5.4.0 The `tax_relation` query parameter was added.
2715       * @since 5.7.0 The `modified_after` and `modified_before` query parameters were added.
2716       *
2717       * @return array Collection parameters.
2718       */
2719  	public function get_collection_params() {
2720          $query_params = parent::get_collection_params();
2721  
2722          $query_params['context']['default'] = 'view';
2723  
2724          $query_params['after'] = array(
2725              'description' => __( 'Limit response to posts published after a given ISO8601 compliant date.' ),
2726              'type'        => 'string',
2727              'format'      => 'date-time',
2728          );
2729  
2730          $query_params['modified_after'] = array(
2731              'description' => __( 'Limit response to posts modified after a given ISO8601 compliant date.' ),
2732              'type'        => 'string',
2733              'format'      => 'date-time',
2734          );
2735  
2736          if ( post_type_supports( $this->post_type, 'author' ) ) {
2737              $query_params['author']         = array(
2738                  'description' => __( 'Limit result set to posts assigned to specific authors.' ),
2739                  'type'        => 'array',
2740                  'items'       => array(
2741                      'type' => 'integer',
2742                  ),
2743                  'default'     => array(),
2744              );
2745              $query_params['author_exclude'] = array(
2746                  'description' => __( 'Ensure result set excludes posts assigned to specific authors.' ),
2747                  'type'        => 'array',
2748                  'items'       => array(
2749                      'type' => 'integer',
2750                  ),
2751                  'default'     => array(),
2752              );
2753          }
2754  
2755          $query_params['before'] = array(
2756              'description' => __( 'Limit response to posts published before a given ISO8601 compliant date.' ),
2757              'type'        => 'string',
2758              'format'      => 'date-time',
2759          );
2760  
2761          $query_params['modified_before'] = array(
2762              'description' => __( 'Limit response to posts modified before a given ISO8601 compliant date.' ),
2763              'type'        => 'string',
2764              'format'      => 'date-time',
2765          );
2766  
2767          $query_params['exclude'] = array(
2768              'description' => __( 'Ensure result set excludes specific IDs.' ),
2769              'type'        => 'array',
2770              'items'       => array(
2771                  'type' => 'integer',
2772              ),
2773              'default'     => array(),
2774          );
2775  
2776          $query_params['include'] = array(
2777              'description' => __( 'Limit result set to specific IDs.' ),
2778              'type'        => 'array',
2779              'items'       => array(
2780                  'type' => 'integer',
2781              ),
2782              'default'     => array(),
2783          );
2784  
2785          if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) {
2786              $query_params['menu_order'] = array(
2787                  'description' => __( 'Limit result set to posts with a specific menu_order value.' ),
2788                  'type'        => 'integer',
2789              );
2790          }
2791  
2792          $query_params['offset'] = array(
2793              'description' => __( 'Offset the result set by a specific number of items.' ),
2794              'type'        => 'integer',
2795          );
2796  
2797          $query_params['order'] = array(
2798              'description' => __( 'Order sort attribute ascending or descending.' ),
2799              'type'        => 'string',
2800              'default'     => 'desc',
2801              'enum'        => array( 'asc', 'desc' ),
2802          );
2803  
2804          $query_params['orderby'] = array(
2805              'description' => __( 'Sort collection by post attribute.' ),
2806              'type'        => 'string',
2807              'default'     => 'date',
2808              'enum'        => array(
2809                  'author',
2810                  'date',
2811                  'id',
2812                  'include',
2813                  'modified',
2814                  'parent',
2815                  'relevance',
2816                  'slug',
2817                  'include_slugs',
2818                  'title',
2819              ),
2820          );
2821  
2822          if ( 'page' === $this->post_type || post_type_supports( $this->post_type, 'page-attributes' ) ) {
2823              $query_params['orderby']['enum'][] = 'menu_order';
2824          }
2825  
2826          $post_type = get_post_type_object( $this->post_type );
2827  
2828          if ( $post_type->hierarchical || 'attachment' === $this->post_type ) {
2829              $query_params['parent']         = array(
2830                  'description' => __( 'Limit result set to items with particular parent IDs.' ),
2831                  'type'        => 'array',
2832                  'items'       => array(
2833                      'type' => 'integer',
2834                  ),
2835                  'default'     => array(),
2836              );
2837              $query_params['parent_exclude'] = array(
2838                  'description' => __( 'Limit result set to all items except those of a particular parent ID.' ),
2839                  'type'        => 'array',
2840                  'items'       => array(
2841                      'type' => 'integer',
2842                  ),
2843                  'default'     => array(),
2844              );
2845          }
2846  
2847          $query_params['slug'] = array(
2848              'description'       => __( 'Limit result set to posts with one or more specific slugs.' ),
2849              'type'              => 'array',
2850              'items'             => array(
2851                  'type' => 'string',
2852              ),
2853              'sanitize_callback' => 'wp_parse_slug_list',
2854          );
2855  
2856          $query_params['status'] = array(
2857              'default'           => 'publish',
2858              'description'       => __( 'Limit result set to posts assigned one or more statuses.' ),
2859              'type'              => 'array',
2860              'items'             => array(
2861                  'enum' => array_merge( array_keys( get_post_stati() ), array( 'any' ) ),
2862                  'type' => 'string',
2863              ),
2864              'sanitize_callback' => array( $this, 'sanitize_post_statuses' ),
2865          );
2866  
2867          $query_params = $this->prepare_taxonomy_limit_schema( $query_params );
2868  
2869          if ( 'post' === $this->post_type ) {
2870              $query_params['sticky'] = array(
2871                  'description' => __( 'Limit result set to items that are sticky.' ),
2872                  'type'        => 'boolean',
2873              );
2874          }
2875  
2876          /**
2877           * Filters collection parameters for the posts controller.
2878           *
2879           * The dynamic part of the filter `$this->post_type` refers to the post
2880           * type slug for the controller.
2881           *
2882           * This filter registers the collection parameter, but does not map the
2883           * collection parameter to an internal WP_Query parameter. Use the
2884           * `rest_{$this->post_type}_query` filter to set WP_Query parameters.
2885           *
2886           * @since 4.7.0
2887           *
2888           * @param array        $query_params JSON Schema-formatted collection parameters.
2889           * @param WP_Post_Type $post_type    Post type object.
2890           */
2891          return apply_filters( "rest_{$this->post_type}_collection_params", $query_params, $post_type );
2892      }
2893  
2894      /**
2895       * Sanitizes and validates the list of post statuses, including whether the
2896       * user can query private statuses.
2897       *
2898       * @since 4.7.0
2899       *
2900       * @param string|array    $statuses  One or more post statuses.
2901       * @param WP_REST_Request $request   Full details about the request.
2902       * @param string          $parameter Additional parameter to pass to validation.
2903       * @return array|WP_Error A list of valid statuses, otherwise WP_Error object.
2904       */
2905  	public function sanitize_post_statuses( $statuses, $request, $parameter ) {
2906          $statuses = wp_parse_slug_list( $statuses );
2907  
2908          // The default status is different in WP_REST_Attachments_Controller.
2909          $attributes     = $request->get_attributes();
2910          $default_status = $attributes['args']['status']['default'];
2911  
2912          foreach ( $statuses as $status ) {
2913              if ( $status === $default_status ) {
2914                  continue;
2915              }
2916  
2917              $post_type_obj = get_post_type_object( $this->post_type );
2918  
2919              if ( current_user_can( $post_type_obj->cap->edit_posts ) || 'private' === $status && current_user_can( $post_type_obj->cap->read_private_posts ) ) {
2920                  $result = rest_validate_request_arg( $status, $request, $parameter );
2921                  if ( is_wp_error( $result ) ) {
2922                      return $result;
2923                  }
2924              } else {
2925                  return new WP_Error(
2926                      'rest_forbidden_status',
2927                      __( 'Status is forbidden.' ),
2928                      array( 'status' => rest_authorization_required_code() )
2929                  );
2930              }
2931          }
2932  
2933          return $statuses;
2934      }
2935  
2936      /**
2937       * Prepares the 'tax_query' for a collection of posts.
2938       *
2939       * @since 5.7.0
2940       *
2941       * @param array           $args    WP_Query arguments.
2942       * @param WP_REST_Request $request Full details about the request.
2943       * @return array Updated query arguments.
2944       */
2945  	private function prepare_tax_query( array $args, WP_REST_Request $request ) {
2946          $relation = $request['tax_relation'];
2947  
2948          if ( $relation ) {
2949              $args['tax_query'] = array( 'relation' => $relation );
2950          }
2951  
2952          $taxonomies = wp_list_filter(
2953              get_object_taxonomies( $this->post_type, 'objects' ),
2954              array( 'show_in_rest' => true )
2955          );
2956  
2957          foreach ( $taxonomies as $taxonomy ) {
2958              $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
2959  
2960              $tax_include = $request[ $base ];
2961              $tax_exclude = $request[ $base . '_exclude' ];
2962  
2963              if ( $tax_include ) {
2964                  $terms            = array();
2965                  $include_children = false;
2966                  $operator         = 'IN';
2967  
2968                  if ( rest_is_array( $tax_include ) ) {
2969                      $terms = $tax_include;
2970                  } elseif ( rest_is_object( $tax_include ) ) {
2971                      $terms            = empty( $tax_include['terms'] ) ? array() : $tax_include['terms'];
2972                      $include_children = ! empty( $tax_include['include_children'] );
2973  
2974                      if ( isset( $tax_include['operator'] ) && 'AND' === $tax_include['operator'] ) {
2975                          $operator = 'AND';
2976                      }
2977                  }
2978  
2979                  if ( $terms ) {
2980                      $args['tax_query'][] = array(
2981                          'taxonomy'         => $taxonomy->name,
2982                          'field'            => 'term_id',
2983                          'terms'            => $terms,
2984                          'include_children' => $include_children,
2985                          'operator'         => $operator,
2986                      );
2987                  }
2988              }
2989  
2990              if ( $tax_exclude ) {
2991                  $terms            = array();
2992                  $include_children = false;
2993  
2994                  if ( rest_is_array( $tax_exclude ) ) {
2995                      $terms = $tax_exclude;
2996                  } elseif ( rest_is_object( $tax_exclude ) ) {
2997                      $terms            = empty( $tax_exclude['terms'] ) ? array() : $tax_exclude['terms'];
2998                      $include_children = ! empty( $tax_exclude['include_children'] );
2999                  }
3000  
3001                  if ( $terms ) {
3002                      $args['tax_query'][] = array(
3003                          'taxonomy'         => $taxonomy->name,
3004                          'field'            => 'term_id',
3005                          'terms'            => $terms,
3006                          'include_children' => $include_children,
3007                          'operator'         => 'NOT IN',
3008                      );
3009                  }
3010              }
3011          }
3012  
3013          return $args;
3014      }
3015  
3016      /**
3017       * Prepares the collection schema for including and excluding items by terms.
3018       *
3019       * @since 5.7.0
3020       *
3021       * @param array $query_params Collection schema.
3022       * @return array Updated schema.
3023       */
3024  	private function prepare_taxonomy_limit_schema( array $query_params ) {
3025          $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) );
3026  
3027          if ( ! $taxonomies ) {
3028              return $query_params;
3029          }
3030  
3031          $query_params['tax_relation'] = array(
3032              'description' => __( 'Limit result set based on relationship between multiple taxonomies.' ),
3033              'type'        => 'string',
3034              'enum'        => array( 'AND', 'OR' ),
3035          );
3036  
3037          $limit_schema = array(
3038              'type'  => array( 'object', 'array' ),
3039              'oneOf' => array(
3040                  array(
3041                      'title'       => __( 'Term ID List' ),
3042                      'description' => __( 'Match terms with the listed IDs.' ),
3043                      'type'        => 'array',
3044                      'items'       => array(
3045                          'type' => 'integer',
3046                      ),
3047                  ),
3048                  array(
3049                      'title'                => __( 'Term ID Taxonomy Query' ),
3050                      'description'          => __( 'Perform an advanced term query.' ),
3051                      'type'                 => 'object',
3052                      'properties'           => array(
3053                          'terms'            => array(
3054                              'description' => __( 'Term IDs.' ),
3055                              'type'        => 'array',
3056                              'items'       => array(
3057                                  'type' => 'integer',
3058                              ),
3059                              'default'     => array(),
3060                          ),
3061                          'include_children' => array(
3062                              'description' => __( 'Whether to include child terms in the terms limiting the result set.' ),
3063                              'type'        => 'boolean',
3064                              'default'     => false,
3065                          ),
3066                      ),
3067                      'additionalProperties' => false,
3068                  ),
3069              ),
3070          );
3071  
3072          $include_schema = array_merge(
3073              array(
3074                  /* translators: %s: Taxonomy name. */
3075                  'description' => __( 'Limit result set to items with specific terms assigned in the %s taxonomy.' ),
3076              ),
3077              $limit_schema
3078          );
3079          // 'operator' is supported only for 'include' queries.
3080          $include_schema['oneOf'][1]['properties']['operator'] = array(
3081              'description' => __( 'Whether items must be assigned all or any of the specified terms.' ),
3082              'type'        => 'string',
3083              'enum'        => array( 'AND', 'OR' ),
3084              'default'     => 'OR',
3085          );
3086  
3087          $exclude_schema = array_merge(
3088              array(
3089                  /* translators: %s: Taxonomy name. */
3090                  'description' => __( 'Limit result set to items except those with specific terms assigned in the %s taxonomy.' ),
3091              ),
3092              $limit_schema
3093          );
3094  
3095          foreach ( $taxonomies as $taxonomy ) {
3096              $base         = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name;
3097              $base_exclude = $base . '_exclude';
3098  
3099              $query_params[ $base ]                = $include_schema;
3100              $query_params[ $base ]['description'] = sprintf( $query_params[ $base ]['description'], $base );
3101  
3102              $query_params[ $base_exclude ]                = $exclude_schema;
3103              $query_params[ $base_exclude ]['description'] = sprintf( $query_params[ $base_exclude ]['description'], $base );
3104  
3105              if ( ! $taxonomy->hierarchical ) {
3106                  unset( $query_params[ $base ]['oneOf'][1]['properties']['include_children'] );
3107                  unset( $query_params[ $base_exclude ]['oneOf'][1]['properties']['include_children'] );
3108              }
3109          }
3110  
3111          return $query_params;
3112      }
3113  }


Generated: Tue Nov 12 01:00:02 2024 Cross-referenced by PHPXref 0.7.1