| [ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * REST API: WP_REST_Users_Controller class 4 * 5 * @package WordPress 6 * @subpackage REST_API 7 * @since 4.7.0 8 */ 9 10 /** 11 * Core class used to manage users via the REST API. 12 * 13 * @since 4.7.0 14 * 15 * @see WP_REST_Controller 16 */ 17 class WP_REST_Users_Controller extends WP_REST_Controller { 18 19 /** 20 * Instance of a user meta fields object. 21 * 22 * @since 4.7.0 23 * @var WP_REST_User_Meta_Fields 24 */ 25 protected $meta; 26 27 /** 28 * Constructor. 29 * 30 * @since 4.7.0 31 */ 32 public function __construct() { 33 $this->namespace = 'wp/v2'; 34 $this->rest_base = 'users'; 35 36 $this->meta = new WP_REST_User_Meta_Fields(); 37 } 38 39 /** 40 * Registers the routes for the objects of the controller. 41 * 42 * @since 4.7.0 43 * 44 * @see register_rest_route() 45 */ 46 public function register_routes() { 47 48 register_rest_route( 49 $this->namespace, 50 '/' . $this->rest_base, 51 array( 52 array( 53 'methods' => WP_REST_Server::READABLE, 54 'callback' => array( $this, 'get_items' ), 55 'permission_callback' => array( $this, 'get_items_permissions_check' ), 56 'args' => $this->get_collection_params(), 57 ), 58 array( 59 'methods' => WP_REST_Server::CREATABLE, 60 'callback' => array( $this, 'create_item' ), 61 'permission_callback' => array( $this, 'create_item_permissions_check' ), 62 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), 63 ), 64 'schema' => array( $this, 'get_public_item_schema' ), 65 ) 66 ); 67 68 register_rest_route( 69 $this->namespace, 70 '/' . $this->rest_base . '/(?P<id>[\d]+)', 71 array( 72 'args' => array( 73 'id' => array( 74 'description' => __( 'Unique identifier for the user.' ), 75 'type' => 'integer', 76 ), 77 ), 78 array( 79 'methods' => WP_REST_Server::READABLE, 80 'callback' => array( $this, 'get_item' ), 81 'permission_callback' => array( $this, 'get_item_permissions_check' ), 82 'args' => array( 83 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 84 ), 85 ), 86 array( 87 'methods' => WP_REST_Server::EDITABLE, 88 'callback' => array( $this, 'update_item' ), 89 'permission_callback' => array( $this, 'update_item_permissions_check' ), 90 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 91 ), 92 array( 93 'methods' => WP_REST_Server::DELETABLE, 94 'callback' => array( $this, 'delete_item' ), 95 'permission_callback' => array( $this, 'delete_item_permissions_check' ), 96 'args' => array( 97 'force' => array( 98 'type' => 'boolean', 99 'default' => false, 100 'description' => __( 'Required to be true, as users do not support trashing.' ), 101 ), 102 'reassign' => array( 103 'type' => 'integer', 104 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 105 'required' => true, 106 'sanitize_callback' => array( $this, 'check_reassign' ), 107 ), 108 ), 109 ), 110 'schema' => array( $this, 'get_public_item_schema' ), 111 ) 112 ); 113 114 register_rest_route( 115 $this->namespace, 116 '/' . $this->rest_base . '/me', 117 array( 118 array( 119 'methods' => WP_REST_Server::READABLE, 120 'callback' => array( $this, 'get_current_item' ), 121 'args' => array( 122 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 123 ), 124 ), 125 array( 126 'methods' => WP_REST_Server::EDITABLE, 127 'callback' => array( $this, 'update_current_item' ), 128 'permission_callback' => array( $this, 'update_current_item_permissions_check' ), 129 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 130 ), 131 array( 132 'methods' => WP_REST_Server::DELETABLE, 133 'callback' => array( $this, 'delete_current_item' ), 134 'permission_callback' => array( $this, 'delete_current_item_permissions_check' ), 135 'args' => array( 136 'force' => array( 137 'type' => 'boolean', 138 'default' => false, 139 'description' => __( 'Required to be true, as users do not support trashing.' ), 140 ), 141 'reassign' => array( 142 'type' => 'integer', 143 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 144 'required' => true, 145 'sanitize_callback' => array( $this, 'check_reassign' ), 146 ), 147 ), 148 ), 149 'schema' => array( $this, 'get_public_item_schema' ), 150 ) 151 ); 152 } 153 154 /** 155 * Checks for a valid value for the reassign parameter when deleting users. 156 * 157 * The value can be an integer, 'false', false, or ''. 158 * 159 * @since 4.7.0 160 * 161 * @param int|bool $value The value passed to the reassign parameter. 162 * @param WP_REST_Request $request Full details about the request. 163 * @param string $param The parameter that is being sanitized. 164 * @return int|bool|WP_Error 165 */ 166 public function check_reassign( $value, $request, $param ) { 167 if ( is_numeric( $value ) ) { 168 return $value; 169 } 170 171 if ( empty( $value ) || false === $value || 'false' === $value ) { 172 return false; 173 } 174 175 return new WP_Error( 176 'rest_invalid_param', 177 __( 'Invalid user parameter(s).' ), 178 array( 'status' => 400 ) 179 ); 180 } 181 182 /** 183 * Permissions check for getting all users. 184 * 185 * @since 4.7.0 186 * 187 * @param WP_REST_Request $request Full details about the request. 188 * @return true|WP_Error True if the request has read access, otherwise WP_Error object. 189 */ 190 public function get_items_permissions_check( $request ) { 191 // Check if roles is specified in GET request and if user can list users. 192 if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) { 193 return new WP_Error( 194 'rest_user_cannot_view', 195 __( 'Sorry, you are not allowed to filter users by role.' ), 196 array( 'status' => rest_authorization_required_code() ) 197 ); 198 } 199 200 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 201 return new WP_Error( 202 'rest_forbidden_context', 203 __( 'Sorry, you are not allowed to list users.' ), 204 array( 'status' => rest_authorization_required_code() ) 205 ); 206 } 207 208 if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) { 209 return new WP_Error( 210 'rest_forbidden_orderby', 211 __( 'Sorry, you are not allowed to order users by this parameter.' ), 212 array( 'status' => rest_authorization_required_code() ) 213 ); 214 } 215 216 if ( 'authors' === $request['who'] ) { 217 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 218 219 foreach ( $types as $type ) { 220 if ( post_type_supports( $type->name, 'author' ) 221 && current_user_can( $type->cap->edit_posts ) ) { 222 return true; 223 } 224 } 225 226 return new WP_Error( 227 'rest_forbidden_who', 228 __( 'Sorry, you are not allowed to query users by this parameter.' ), 229 array( 'status' => rest_authorization_required_code() ) 230 ); 231 } 232 233 return true; 234 } 235 236 /** 237 * Retrieves all users. 238 * 239 * @since 4.7.0 240 * 241 * @param WP_REST_Request $request Full details about the request. 242 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 243 */ 244 public function get_items( $request ) { 245 246 // Retrieve the list of registered collection query parameters. 247 $registered = $this->get_collection_params(); 248 249 /* 250 * This array defines mappings between public API query parameters whose 251 * values are accepted as-passed, and their internal WP_Query parameter 252 * name equivalents (some are the same). Only values which are also 253 * present in $registered will be set. 254 */ 255 $parameter_mappings = array( 256 'exclude' => 'exclude', 257 'include' => 'include', 258 'order' => 'order', 259 'per_page' => 'number', 260 'search' => 'search', 261 'roles' => 'role__in', 262 'slug' => 'nicename__in', 263 ); 264 265 $prepared_args = array(); 266 267 /* 268 * For each known parameter which is both registered and present in the request, 269 * set the parameter's value on the query $prepared_args. 270 */ 271 foreach ( $parameter_mappings as $api_param => $wp_param ) { 272 if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { 273 $prepared_args[ $wp_param ] = $request[ $api_param ]; 274 } 275 } 276 277 if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) { 278 $prepared_args['offset'] = $request['offset']; 279 } else { 280 $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number']; 281 } 282 283 if ( isset( $registered['orderby'] ) ) { 284 $orderby_possibles = array( 285 'id' => 'ID', 286 'include' => 'include', 287 'name' => 'display_name', 288 'registered_date' => 'registered', 289 'slug' => 'user_nicename', 290 'include_slugs' => 'nicename__in', 291 'email' => 'user_email', 292 'url' => 'user_url', 293 ); 294 $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ]; 295 } 296 297 if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { 298 $prepared_args['who'] = 'authors'; 299 } elseif ( ! current_user_can( 'list_users' ) ) { 300 $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); 301 } 302 303 if ( ! empty( $prepared_args['search'] ) ) { 304 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; 305 } 306 /** 307 * Filters WP_User_Query arguments when querying users via the REST API. 308 * 309 * @link https://developer.wordpress.org/reference/classes/wp_user_query/ 310 * 311 * @since 4.7.0 312 * 313 * @param array $prepared_args Array of arguments for WP_User_Query. 314 * @param WP_REST_Request $request The current request. 315 */ 316 $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request ); 317 318 $query = new WP_User_Query( $prepared_args ); 319 320 $users = array(); 321 322 foreach ( $query->results as $user ) { 323 $data = $this->prepare_item_for_response( $user, $request ); 324 $users[] = $this->prepare_response_for_collection( $data ); 325 } 326 327 $response = rest_ensure_response( $users ); 328 329 // Store pagination values for headers then unset for count query. 330 $per_page = (int) $prepared_args['number']; 331 $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); 332 333 $prepared_args['fields'] = 'ID'; 334 335 $total_users = $query->get_total(); 336 337 if ( $total_users < 1 ) { 338 // Out-of-bounds, run the query again without LIMIT for total count. 339 unset( $prepared_args['number'], $prepared_args['offset'] ); 340 $count_query = new WP_User_Query( $prepared_args ); 341 $total_users = $count_query->get_total(); 342 } 343 344 $response->header( 'X-WP-Total', (int) $total_users ); 345 346 $max_pages = ceil( $total_users / $per_page ); 347 348 $response->header( 'X-WP-TotalPages', (int) $max_pages ); 349 350 $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); 351 if ( $page > 1 ) { 352 $prev_page = $page - 1; 353 354 if ( $prev_page > $max_pages ) { 355 $prev_page = $max_pages; 356 } 357 358 $prev_link = add_query_arg( 'page', $prev_page, $base ); 359 $response->link_header( 'prev', $prev_link ); 360 } 361 if ( $max_pages > $page ) { 362 $next_page = $page + 1; 363 $next_link = add_query_arg( 'page', $next_page, $base ); 364 365 $response->link_header( 'next', $next_link ); 366 } 367 368 return $response; 369 } 370 371 /** 372 * Get the user, if the ID is valid. 373 * 374 * @since 4.7.2 375 * 376 * @param int $id Supplied ID. 377 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 378 */ 379 protected function get_user( $id ) { 380 $error = new WP_Error( 381 'rest_user_invalid_id', 382 __( 'Invalid user ID.' ), 383 array( 'status' => 404 ) 384 ); 385 386 if ( (int) $id <= 0 ) { 387 return $error; 388 } 389 390 $user = get_userdata( (int) $id ); 391 if ( empty( $user ) || ! $user->exists() ) { 392 return $error; 393 } 394 395 if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) { 396 return $error; 397 } 398 399 return $user; 400 } 401 402 /** 403 * Checks if a given request has access to read a user. 404 * 405 * @since 4.7.0 406 * 407 * @param WP_REST_Request $request Full details about the request. 408 * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object. 409 */ 410 public function get_item_permissions_check( $request ) { 411 $user = $this->get_user( $request['id'] ); 412 if ( is_wp_error( $user ) ) { 413 return $user; 414 } 415 416 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 417 418 if ( get_current_user_id() === $user->ID ) { 419 return true; 420 } 421 422 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 423 return new WP_Error( 424 'rest_user_cannot_view', 425 __( 'Sorry, you are not allowed to list users.' ), 426 array( 'status' => rest_authorization_required_code() ) 427 ); 428 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 429 return new WP_Error( 430 'rest_user_cannot_view', 431 __( 'Sorry, you are not allowed to list users.' ), 432 array( 'status' => rest_authorization_required_code() ) 433 ); 434 } 435 436 return true; 437 } 438 439 /** 440 * Retrieves a single user. 441 * 442 * @since 4.7.0 443 * 444 * @param WP_REST_Request $request Full details about the request. 445 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 446 */ 447 public function get_item( $request ) { 448 $user = $this->get_user( $request['id'] ); 449 if ( is_wp_error( $user ) ) { 450 return $user; 451 } 452 453 $user = $this->prepare_item_for_response( $user, $request ); 454 $response = rest_ensure_response( $user ); 455 456 return $response; 457 } 458 459 /** 460 * Retrieves the current user. 461 * 462 * @since 4.7.0 463 * 464 * @param WP_REST_Request $request Full details about the request. 465 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 466 */ 467 public function get_current_item( $request ) { 468 $current_user_id = get_current_user_id(); 469 470 if ( empty( $current_user_id ) ) { 471 return new WP_Error( 472 'rest_not_logged_in', 473 __( 'You are not currently logged in.' ), 474 array( 'status' => 401 ) 475 ); 476 } 477 478 $user = wp_get_current_user(); 479 $response = $this->prepare_item_for_response( $user, $request ); 480 $response = rest_ensure_response( $response ); 481 482 return $response; 483 } 484 485 /** 486 * Checks if a given request has access create users. 487 * 488 * @since 4.7.0 489 * 490 * @param WP_REST_Request $request Full details about the request. 491 * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. 492 */ 493 public function create_item_permissions_check( $request ) { 494 495 if ( ! current_user_can( 'create_users' ) ) { 496 return new WP_Error( 497 'rest_cannot_create_user', 498 __( 'Sorry, you are not allowed to create new users.' ), 499 array( 'status' => rest_authorization_required_code() ) 500 ); 501 } 502 503 return true; 504 } 505 506 /** 507 * Creates a single user. 508 * 509 * @since 4.7.0 510 * 511 * @param WP_REST_Request $request Full details about the request. 512 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 513 */ 514 public function create_item( $request ) { 515 if ( ! empty( $request['id'] ) ) { 516 return new WP_Error( 517 'rest_user_exists', 518 __( 'Cannot create existing user.' ), 519 array( 'status' => 400 ) 520 ); 521 } 522 523 $schema = $this->get_item_schema(); 524 525 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 526 $check_permission = $this->check_role_update( $request['id'], $request['roles'] ); 527 528 if ( is_wp_error( $check_permission ) ) { 529 return $check_permission; 530 } 531 } 532 533 $user = $this->prepare_item_for_database( $request ); 534 535 if ( is_multisite() ) { 536 $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email ); 537 538 if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) { 539 $error = new WP_Error( 540 'rest_invalid_param', 541 __( 'Invalid user parameter(s).' ), 542 array( 'status' => 400 ) 543 ); 544 545 foreach ( $ret['errors']->errors as $code => $messages ) { 546 foreach ( $messages as $message ) { 547 $error->add( $code, $message ); 548 } 549 550 $error_data = $error->get_error_data( $code ); 551 552 if ( $error_data ) { 553 $error->add_data( $error_data, $code ); 554 } 555 } 556 return $error; 557 } 558 } 559 560 if ( is_multisite() ) { 561 $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email ); 562 563 if ( ! $user_id ) { 564 return new WP_Error( 565 'rest_user_create', 566 __( 'Error creating new user.' ), 567 array( 'status' => 500 ) 568 ); 569 } 570 571 $user->ID = $user_id; 572 $user_id = wp_update_user( wp_slash( (array) $user ) ); 573 574 if ( is_wp_error( $user_id ) ) { 575 return $user_id; 576 } 577 578 $result = add_user_to_blog( get_site()->id, $user_id, '' ); 579 if ( is_wp_error( $result ) ) { 580 return $result; 581 } 582 } else { 583 $user_id = wp_insert_user( wp_slash( (array) $user ) ); 584 585 if ( is_wp_error( $user_id ) ) { 586 return $user_id; 587 } 588 } 589 590 $user = get_user_by( 'id', $user_id ); 591 592 /** 593 * Fires immediately after a user is created or updated via the REST API. 594 * 595 * @since 4.7.0 596 * 597 * @param WP_User $user Inserted or updated user object. 598 * @param WP_REST_Request $request Request object. 599 * @param bool $creating True when creating a user, false when updating. 600 */ 601 do_action( 'rest_insert_user', $user, $request, true ); 602 603 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 604 array_map( array( $user, 'add_role' ), $request['roles'] ); 605 } 606 607 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 608 $meta_update = $this->meta->update_value( $request['meta'], $user_id ); 609 610 if ( is_wp_error( $meta_update ) ) { 611 return $meta_update; 612 } 613 } 614 615 $user = get_user_by( 'id', $user_id ); 616 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 617 618 if ( is_wp_error( $fields_update ) ) { 619 return $fields_update; 620 } 621 622 $request->set_param( 'context', 'edit' ); 623 624 /** 625 * Fires after a user is completely created or updated via the REST API. 626 * 627 * @since 5.0.0 628 * 629 * @param WP_User $user Inserted or updated user object. 630 * @param WP_REST_Request $request Request object. 631 * @param bool $creating True when creating a user, false when updating. 632 */ 633 do_action( 'rest_after_insert_user', $user, $request, true ); 634 635 $response = $this->prepare_item_for_response( $user, $request ); 636 $response = rest_ensure_response( $response ); 637 638 $response->set_status( 201 ); 639 $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) ); 640 641 return $response; 642 } 643 644 /** 645 * Checks if a given request has access to update a user. 646 * 647 * @since 4.7.0 648 * 649 * @param WP_REST_Request $request Full details about the request. 650 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 651 */ 652 public function update_item_permissions_check( $request ) { 653 $user = $this->get_user( $request['id'] ); 654 if ( is_wp_error( $user ) ) { 655 return $user; 656 } 657 658 if ( ! empty( $request['roles'] ) ) { 659 if ( ! current_user_can( 'promote_user', $user->ID ) ) { 660 return new WP_Error( 661 'rest_cannot_edit_roles', 662 __( 'Sorry, you are not allowed to edit roles of this user.' ), 663 array( 'status' => rest_authorization_required_code() ) 664 ); 665 } 666 667 $request_params = array_keys( $request->get_params() ); 668 sort( $request_params ); 669 // If only 'id' and 'roles' are specified (we are only trying to 670 // edit roles), then only the 'promote_user' cap is required. 671 if ( array( 'id', 'roles' ) === $request_params ) { 672 return true; 673 } 674 } 675 676 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 677 return new WP_Error( 678 'rest_cannot_edit', 679 __( 'Sorry, you are not allowed to edit this user.' ), 680 array( 'status' => rest_authorization_required_code() ) 681 ); 682 } 683 684 return true; 685 } 686 687 /** 688 * Updates a single user. 689 * 690 * @since 4.7.0 691 * 692 * @param WP_REST_Request $request Full details about the request. 693 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 694 */ 695 public function update_item( $request ) { 696 $user = $this->get_user( $request['id'] ); 697 if ( is_wp_error( $user ) ) { 698 return $user; 699 } 700 701 $id = $user->ID; 702 703 if ( ! $user ) { 704 return new WP_Error( 705 'rest_user_invalid_id', 706 __( 'Invalid user ID.' ), 707 array( 'status' => 404 ) 708 ); 709 } 710 711 $owner_id = email_exists( $request['email'] ); 712 713 if ( $owner_id && $owner_id !== $id ) { 714 return new WP_Error( 715 'rest_user_invalid_email', 716 __( 'Invalid email address.' ), 717 array( 'status' => 400 ) 718 ); 719 } 720 721 if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { 722 return new WP_Error( 723 'rest_user_invalid_argument', 724 __( "Username isn't editable." ), 725 array( 'status' => 400 ) 726 ); 727 } 728 729 if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { 730 return new WP_Error( 731 'rest_user_invalid_slug', 732 __( 'Invalid slug.' ), 733 array( 'status' => 400 ) 734 ); 735 } 736 737 if ( ! empty( $request['roles'] ) ) { 738 $check_permission = $this->check_role_update( $id, $request['roles'] ); 739 740 if ( is_wp_error( $check_permission ) ) { 741 return $check_permission; 742 } 743 } 744 745 $user = $this->prepare_item_for_database( $request ); 746 747 // Ensure we're operating on the same user we already checked. 748 $user->ID = $id; 749 750 $user_id = wp_update_user( wp_slash( (array) $user ) ); 751 752 if ( is_wp_error( $user_id ) ) { 753 return $user_id; 754 } 755 756 $user = get_user_by( 'id', $user_id ); 757 758 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 759 do_action( 'rest_insert_user', $user, $request, false ); 760 761 if ( ! empty( $request['roles'] ) ) { 762 array_map( array( $user, 'add_role' ), $request['roles'] ); 763 } 764 765 $schema = $this->get_item_schema(); 766 767 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 768 $meta_update = $this->meta->update_value( $request['meta'], $id ); 769 770 if ( is_wp_error( $meta_update ) ) { 771 return $meta_update; 772 } 773 } 774 775 $user = get_user_by( 'id', $user_id ); 776 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 777 778 if ( is_wp_error( $fields_update ) ) { 779 return $fields_update; 780 } 781 782 $request->set_param( 'context', 'edit' ); 783 784 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 785 do_action( 'rest_after_insert_user', $user, $request, false ); 786 787 $response = $this->prepare_item_for_response( $user, $request ); 788 $response = rest_ensure_response( $response ); 789 790 return $response; 791 } 792 793 /** 794 * Checks if a given request has access to update the current user. 795 * 796 * @since 4.7.0 797 * 798 * @param WP_REST_Request $request Full details about the request. 799 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 800 */ 801 public function update_current_item_permissions_check( $request ) { 802 $request['id'] = get_current_user_id(); 803 804 return $this->update_item_permissions_check( $request ); 805 } 806 807 /** 808 * Updates the current user. 809 * 810 * @since 4.7.0 811 * 812 * @param WP_REST_Request $request Full details about the request. 813 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 814 */ 815 public function update_current_item( $request ) { 816 $request['id'] = get_current_user_id(); 817 818 return $this->update_item( $request ); 819 } 820 821 /** 822 * Checks if a given request has access delete a user. 823 * 824 * @since 4.7.0 825 * 826 * @param WP_REST_Request $request Full details about the request. 827 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 828 */ 829 public function delete_item_permissions_check( $request ) { 830 $user = $this->get_user( $request['id'] ); 831 if ( is_wp_error( $user ) ) { 832 return $user; 833 } 834 835 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 836 return new WP_Error( 837 'rest_user_cannot_delete', 838 __( 'Sorry, you are not allowed to delete this user.' ), 839 array( 'status' => rest_authorization_required_code() ) 840 ); 841 } 842 843 return true; 844 } 845 846 /** 847 * Deletes a single user. 848 * 849 * @since 4.7.0 850 * 851 * @param WP_REST_Request $request Full details about the request. 852 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 853 */ 854 public function delete_item( $request ) { 855 // We don't support delete requests in multisite. 856 if ( is_multisite() ) { 857 return new WP_Error( 858 'rest_cannot_delete', 859 __( 'The user cannot be deleted.' ), 860 array( 'status' => 501 ) 861 ); 862 } 863 864 $user = $this->get_user( $request['id'] ); 865 866 if ( is_wp_error( $user ) ) { 867 return $user; 868 } 869 870 $id = $user->ID; 871 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 872 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 873 874 // We don't support trashing for users. 875 if ( ! $force ) { 876 return new WP_Error( 877 'rest_trash_not_supported', 878 /* translators: %s: force=true */ 879 sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), 880 array( 'status' => 501 ) 881 ); 882 } 883 884 if ( ! empty( $reassign ) ) { 885 if ( $reassign === $id || ! get_userdata( $reassign ) ) { 886 return new WP_Error( 887 'rest_user_invalid_reassign', 888 __( 'Invalid user ID for reassignment.' ), 889 array( 'status' => 400 ) 890 ); 891 } 892 } 893 894 $request->set_param( 'context', 'edit' ); 895 896 $previous = $this->prepare_item_for_response( $user, $request ); 897 898 // Include user admin functions to get access to wp_delete_user(). 899 require_once ABSPATH . 'wp-admin/includes/user.php'; 900 901 $result = wp_delete_user( $id, $reassign ); 902 903 if ( ! $result ) { 904 return new WP_Error( 905 'rest_cannot_delete', 906 __( 'The user cannot be deleted.' ), 907 array( 'status' => 500 ) 908 ); 909 } 910 911 $response = new WP_REST_Response(); 912 $response->set_data( 913 array( 914 'deleted' => true, 915 'previous' => $previous->get_data(), 916 ) 917 ); 918 919 /** 920 * Fires immediately after a user is deleted via the REST API. 921 * 922 * @since 4.7.0 923 * 924 * @param WP_User $user The user data. 925 * @param WP_REST_Response $response The response returned from the API. 926 * @param WP_REST_Request $request The request sent to the API. 927 */ 928 do_action( 'rest_delete_user', $user, $response, $request ); 929 930 return $response; 931 } 932 933 /** 934 * Checks if a given request has access to delete the current user. 935 * 936 * @since 4.7.0 937 * 938 * @param WP_REST_Request $request Full details about the request. 939 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 940 */ 941 public function delete_current_item_permissions_check( $request ) { 942 $request['id'] = get_current_user_id(); 943 944 return $this->delete_item_permissions_check( $request ); 945 } 946 947 /** 948 * Deletes the current user. 949 * 950 * @since 4.7.0 951 * 952 * @param WP_REST_Request $request Full details about the request. 953 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 954 */ 955 public function delete_current_item( $request ) { 956 $request['id'] = get_current_user_id(); 957 958 return $this->delete_item( $request ); 959 } 960 961 /** 962 * Prepares a single user output for response. 963 * 964 * @since 4.7.0 965 * 966 * @param WP_User $user User object. 967 * @param WP_REST_Request $request Request object. 968 * @return WP_REST_Response Response object. 969 */ 970 public function prepare_item_for_response( $user, $request ) { 971 972 $data = array(); 973 $fields = $this->get_fields_for_response( $request ); 974 975 if ( in_array( 'id', $fields, true ) ) { 976 $data['id'] = $user->ID; 977 } 978 979 if ( in_array( 'username', $fields, true ) ) { 980 $data['username'] = $user->user_login; 981 } 982 983 if ( in_array( 'name', $fields, true ) ) { 984 $data['name'] = $user->display_name; 985 } 986 987 if ( in_array( 'first_name', $fields, true ) ) { 988 $data['first_name'] = $user->first_name; 989 } 990 991 if ( in_array( 'last_name', $fields, true ) ) { 992 $data['last_name'] = $user->last_name; 993 } 994 995 if ( in_array( 'email', $fields, true ) ) { 996 $data['email'] = $user->user_email; 997 } 998 999 if ( in_array( 'url', $fields, true ) ) { 1000 $data['url'] = $user->user_url; 1001 } 1002 1003 if ( in_array( 'description', $fields, true ) ) { 1004 $data['description'] = $user->description; 1005 } 1006 1007 if ( in_array( 'link', $fields, true ) ) { 1008 $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename ); 1009 } 1010 1011 if ( in_array( 'locale', $fields, true ) ) { 1012 $data['locale'] = get_user_locale( $user ); 1013 } 1014 1015 if ( in_array( 'nickname', $fields, true ) ) { 1016 $data['nickname'] = $user->nickname; 1017 } 1018 1019 if ( in_array( 'slug', $fields, true ) ) { 1020 $data['slug'] = $user->user_nicename; 1021 } 1022 1023 if ( in_array( 'roles', $fields, true ) ) { 1024 // Defensively call array_values() to ensure an array is returned. 1025 $data['roles'] = array_values( $user->roles ); 1026 } 1027 1028 if ( in_array( 'registered_date', $fields, true ) ) { 1029 $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) ); 1030 } 1031 1032 if ( in_array( 'capabilities', $fields, true ) ) { 1033 $data['capabilities'] = (object) $user->allcaps; 1034 } 1035 1036 if ( in_array( 'extra_capabilities', $fields, true ) ) { 1037 $data['extra_capabilities'] = (object) $user->caps; 1038 } 1039 1040 if ( in_array( 'avatar_urls', $fields, true ) ) { 1041 $data['avatar_urls'] = rest_get_avatar_urls( $user ); 1042 } 1043 1044 if ( in_array( 'meta', $fields, true ) ) { 1045 $data['meta'] = $this->meta->get_value( $user->ID, $request ); 1046 } 1047 1048 $context = ! empty( $request['context'] ) ? $request['context'] : 'embed'; 1049 1050 $data = $this->add_additional_fields_to_object( $data, $request ); 1051 $data = $this->filter_response_by_context( $data, $context ); 1052 1053 // Wrap the data in a response object. 1054 $response = rest_ensure_response( $data ); 1055 1056 $response->add_links( $this->prepare_links( $user ) ); 1057 1058 /** 1059 * Filters user data returned from the REST API. 1060 * 1061 * @since 4.7.0 1062 * 1063 * @param WP_REST_Response $response The response object. 1064 * @param WP_User $user User object used to create response. 1065 * @param WP_REST_Request $request Request object. 1066 */ 1067 return apply_filters( 'rest_prepare_user', $response, $user, $request ); 1068 } 1069 1070 /** 1071 * Prepares links for the user request. 1072 * 1073 * @since 4.7.0 1074 * 1075 * @param WP_Post $user User object. 1076 * @return array Links for the given user. 1077 */ 1078 protected function prepare_links( $user ) { 1079 $links = array( 1080 'self' => array( 1081 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ), 1082 ), 1083 'collection' => array( 1084 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), 1085 ), 1086 ); 1087 1088 return $links; 1089 } 1090 1091 /** 1092 * Prepares a single user for creation or update. 1093 * 1094 * @since 4.7.0 1095 * 1096 * @param WP_REST_Request $request Request object. 1097 * @return object User object. 1098 */ 1099 protected function prepare_item_for_database( $request ) { 1100 $prepared_user = new stdClass; 1101 1102 $schema = $this->get_item_schema(); 1103 1104 // Required arguments. 1105 if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) { 1106 $prepared_user->user_email = $request['email']; 1107 } 1108 1109 if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) { 1110 $prepared_user->user_login = $request['username']; 1111 } 1112 1113 if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) { 1114 $prepared_user->user_pass = $request['password']; 1115 } 1116 1117 // Optional arguments. 1118 if ( isset( $request['id'] ) ) { 1119 $prepared_user->ID = absint( $request['id'] ); 1120 } 1121 1122 if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) { 1123 $prepared_user->display_name = $request['name']; 1124 } 1125 1126 if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) { 1127 $prepared_user->first_name = $request['first_name']; 1128 } 1129 1130 if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) { 1131 $prepared_user->last_name = $request['last_name']; 1132 } 1133 1134 if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) { 1135 $prepared_user->nickname = $request['nickname']; 1136 } 1137 1138 if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) { 1139 $prepared_user->user_nicename = $request['slug']; 1140 } 1141 1142 if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) { 1143 $prepared_user->description = $request['description']; 1144 } 1145 1146 if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) { 1147 $prepared_user->user_url = $request['url']; 1148 } 1149 1150 if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) { 1151 $prepared_user->locale = $request['locale']; 1152 } 1153 1154 // Setting roles will be handled outside of this function. 1155 if ( isset( $request['roles'] ) ) { 1156 $prepared_user->role = false; 1157 } 1158 1159 /** 1160 * Filters user data before insertion via the REST API. 1161 * 1162 * @since 4.7.0 1163 * 1164 * @param object $prepared_user User object. 1165 * @param WP_REST_Request $request Request object. 1166 */ 1167 return apply_filters( 'rest_pre_insert_user', $prepared_user, $request ); 1168 } 1169 1170 /** 1171 * Determines if the current user is allowed to make the desired roles change. 1172 * 1173 * @since 4.7.0 1174 * 1175 * @param integer $user_id User ID. 1176 * @param array $roles New user roles. 1177 * @return true|WP_Error True if the current user is allowed to make the role change, 1178 * otherwise a WP_Error object. 1179 */ 1180 protected function check_role_update( $user_id, $roles ) { 1181 global $wp_roles; 1182 1183 foreach ( $roles as $role ) { 1184 1185 if ( ! isset( $wp_roles->role_objects[ $role ] ) ) { 1186 return new WP_Error( 1187 'rest_user_invalid_role', 1188 /* translators: %s: Role key. */ 1189 sprintf( __( 'The role %s does not exist.' ), $role ), 1190 array( 'status' => 400 ) 1191 ); 1192 } 1193 1194 $potential_role = $wp_roles->role_objects[ $role ]; 1195 1196 /* 1197 * Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 1198 * Multisite super admins can freely edit their blog roles -- they possess all caps. 1199 */ 1200 if ( ! ( is_multisite() 1201 && current_user_can( 'manage_sites' ) ) 1202 && get_current_user_id() === $user_id 1203 && ! $potential_role->has_cap( 'edit_users' ) 1204 ) { 1205 return new WP_Error( 1206 'rest_user_invalid_role', 1207 __( 'Sorry, you are not allowed to give users that role.' ), 1208 array( 'status' => rest_authorization_required_code() ) 1209 ); 1210 } 1211 1212 // Include user admin functions to get access to get_editable_roles(). 1213 require_once ABSPATH . 'wp-admin/includes/user.php'; 1214 1215 // The new role must be editable by the logged-in user. 1216 $editable_roles = get_editable_roles(); 1217 1218 if ( empty( $editable_roles[ $role ] ) ) { 1219 return new WP_Error( 1220 'rest_user_invalid_role', 1221 __( 'Sorry, you are not allowed to give users that role.' ), 1222 array( 'status' => 403 ) 1223 ); 1224 } 1225 } 1226 1227 return true; 1228 } 1229 1230 /** 1231 * Check a username for the REST API. 1232 * 1233 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1234 * 1235 * @since 4.7.0 1236 * 1237 * @param string $value The username submitted in the request. 1238 * @param WP_REST_Request $request Full details about the request. 1239 * @param string $param The parameter name. 1240 * @return string|WP_Error The sanitized username, if valid, otherwise an error. 1241 */ 1242 public function check_username( $value, $request, $param ) { 1243 $username = (string) $value; 1244 1245 if ( ! validate_username( $username ) ) { 1246 return new WP_Error( 1247 'rest_user_invalid_username', 1248 __( 'This username is invalid because it uses illegal characters. Please enter a valid username.' ), 1249 array( 'status' => 400 ) 1250 ); 1251 } 1252 1253 /** This filter is documented in wp-includes/user.php */ 1254 $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); 1255 1256 if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) { 1257 return new WP_Error( 1258 'rest_user_invalid_username', 1259 __( 'Sorry, that username is not allowed.' ), 1260 array( 'status' => 400 ) 1261 ); 1262 } 1263 1264 return $username; 1265 } 1266 1267 /** 1268 * Check a user password for the REST API. 1269 * 1270 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1271 * 1272 * @since 4.7.0 1273 * 1274 * @param string $value The password submitted in the request. 1275 * @param WP_REST_Request $request Full details about the request. 1276 * @param string $param The parameter name. 1277 * @return string|WP_Error The sanitized password, if valid, otherwise an error. 1278 */ 1279 public function check_user_password( $value, $request, $param ) { 1280 $password = (string) $value; 1281 1282 if ( empty( $password ) ) { 1283 return new WP_Error( 1284 'rest_user_invalid_password', 1285 __( 'Passwords cannot be empty.' ), 1286 array( 'status' => 400 ) 1287 ); 1288 } 1289 1290 if ( false !== strpos( $password, '\\' ) ) { 1291 return new WP_Error( 1292 'rest_user_invalid_password', 1293 __( 'Passwords cannot contain the "\\" character.' ), 1294 array( 'status' => 400 ) 1295 ); 1296 } 1297 1298 return $password; 1299 } 1300 1301 /** 1302 * Retrieves the user's schema, conforming to JSON Schema. 1303 * 1304 * @since 4.7.0 1305 * 1306 * @return array Item schema data. 1307 */ 1308 public function get_item_schema() { 1309 if ( $this->schema ) { 1310 return $this->add_additional_fields_schema( $this->schema ); 1311 } 1312 1313 $schema = array( 1314 '$schema' => 'http://json-schema.org/draft-04/schema#', 1315 'title' => 'user', 1316 'type' => 'object', 1317 'properties' => array( 1318 'id' => array( 1319 'description' => __( 'Unique identifier for the user.' ), 1320 'type' => 'integer', 1321 'context' => array( 'embed', 'view', 'edit' ), 1322 'readonly' => true, 1323 ), 1324 'username' => array( 1325 'description' => __( 'Login name for the user.' ), 1326 'type' => 'string', 1327 'context' => array( 'edit' ), 1328 'required' => true, 1329 'arg_options' => array( 1330 'sanitize_callback' => array( $this, 'check_username' ), 1331 ), 1332 ), 1333 'name' => array( 1334 'description' => __( 'Display name for the user.' ), 1335 'type' => 'string', 1336 'context' => array( 'embed', 'view', 'edit' ), 1337 'arg_options' => array( 1338 'sanitize_callback' => 'sanitize_text_field', 1339 ), 1340 ), 1341 'first_name' => array( 1342 'description' => __( 'First name for the user.' ), 1343 'type' => 'string', 1344 'context' => array( 'edit' ), 1345 'arg_options' => array( 1346 'sanitize_callback' => 'sanitize_text_field', 1347 ), 1348 ), 1349 'last_name' => array( 1350 'description' => __( 'Last name for the user.' ), 1351 'type' => 'string', 1352 'context' => array( 'edit' ), 1353 'arg_options' => array( 1354 'sanitize_callback' => 'sanitize_text_field', 1355 ), 1356 ), 1357 'email' => array( 1358 'description' => __( 'The email address for the user.' ), 1359 'type' => 'string', 1360 'format' => 'email', 1361 'context' => array( 'edit' ), 1362 'required' => true, 1363 ), 1364 'url' => array( 1365 'description' => __( 'URL of the user.' ), 1366 'type' => 'string', 1367 'format' => 'uri', 1368 'context' => array( 'embed', 'view', 'edit' ), 1369 ), 1370 'description' => array( 1371 'description' => __( 'Description of the user.' ), 1372 'type' => 'string', 1373 'context' => array( 'embed', 'view', 'edit' ), 1374 ), 1375 'link' => array( 1376 'description' => __( 'Author URL of the user.' ), 1377 'type' => 'string', 1378 'format' => 'uri', 1379 'context' => array( 'embed', 'view', 'edit' ), 1380 'readonly' => true, 1381 ), 1382 'locale' => array( 1383 'description' => __( 'Locale for the user.' ), 1384 'type' => 'string', 1385 'enum' => array_merge( array( '', 'en_US' ), get_available_languages() ), 1386 'context' => array( 'edit' ), 1387 ), 1388 'nickname' => array( 1389 'description' => __( 'The nickname for the user.' ), 1390 'type' => 'string', 1391 'context' => array( 'edit' ), 1392 'arg_options' => array( 1393 'sanitize_callback' => 'sanitize_text_field', 1394 ), 1395 ), 1396 'slug' => array( 1397 'description' => __( 'An alphanumeric identifier for the user.' ), 1398 'type' => 'string', 1399 'context' => array( 'embed', 'view', 'edit' ), 1400 'arg_options' => array( 1401 'sanitize_callback' => array( $this, 'sanitize_slug' ), 1402 ), 1403 ), 1404 'registered_date' => array( 1405 'description' => __( 'Registration date for the user.' ), 1406 'type' => 'string', 1407 'format' => 'date-time', 1408 'context' => array( 'edit' ), 1409 'readonly' => true, 1410 ), 1411 'roles' => array( 1412 'description' => __( 'Roles assigned to the user.' ), 1413 'type' => 'array', 1414 'items' => array( 1415 'type' => 'string', 1416 ), 1417 'context' => array( 'edit' ), 1418 ), 1419 'password' => array( 1420 'description' => __( 'Password for the user (never included).' ), 1421 'type' => 'string', 1422 'context' => array(), // Password is never displayed. 1423 'required' => true, 1424 'arg_options' => array( 1425 'sanitize_callback' => array( $this, 'check_user_password' ), 1426 ), 1427 ), 1428 'capabilities' => array( 1429 'description' => __( 'All capabilities assigned to the user.' ), 1430 'type' => 'object', 1431 'context' => array( 'edit' ), 1432 'readonly' => true, 1433 ), 1434 'extra_capabilities' => array( 1435 'description' => __( 'Any extra capabilities assigned to the user.' ), 1436 'type' => 'object', 1437 'context' => array( 'edit' ), 1438 'readonly' => true, 1439 ), 1440 ), 1441 ); 1442 1443 if ( get_option( 'show_avatars' ) ) { 1444 $avatar_properties = array(); 1445 1446 $avatar_sizes = rest_get_avatar_sizes(); 1447 1448 foreach ( $avatar_sizes as $size ) { 1449 $avatar_properties[ $size ] = array( 1450 /* translators: %d: Avatar image size in pixels. */ 1451 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), 1452 'type' => 'string', 1453 'format' => 'uri', 1454 'context' => array( 'embed', 'view', 'edit' ), 1455 ); 1456 } 1457 1458 $schema['properties']['avatar_urls'] = array( 1459 'description' => __( 'Avatar URLs for the user.' ), 1460 'type' => 'object', 1461 'context' => array( 'embed', 'view', 'edit' ), 1462 'readonly' => true, 1463 'properties' => $avatar_properties, 1464 ); 1465 } 1466 1467 $schema['properties']['meta'] = $this->meta->get_field_schema(); 1468 1469 $this->schema = $schema; 1470 1471 return $this->add_additional_fields_schema( $this->schema ); 1472 } 1473 1474 /** 1475 * Retrieves the query params for collections. 1476 * 1477 * @since 4.7.0 1478 * 1479 * @return array Collection parameters. 1480 */ 1481 public function get_collection_params() { 1482 $query_params = parent::get_collection_params(); 1483 1484 $query_params['context']['default'] = 'view'; 1485 1486 $query_params['exclude'] = array( 1487 'description' => __( 'Ensure result set excludes specific IDs.' ), 1488 'type' => 'array', 1489 'items' => array( 1490 'type' => 'integer', 1491 ), 1492 'default' => array(), 1493 ); 1494 1495 $query_params['include'] = array( 1496 'description' => __( 'Limit result set to specific IDs.' ), 1497 'type' => 'array', 1498 'items' => array( 1499 'type' => 'integer', 1500 ), 1501 'default' => array(), 1502 ); 1503 1504 $query_params['offset'] = array( 1505 'description' => __( 'Offset the result set by a specific number of items.' ), 1506 'type' => 'integer', 1507 ); 1508 1509 $query_params['order'] = array( 1510 'default' => 'asc', 1511 'description' => __( 'Order sort attribute ascending or descending.' ), 1512 'enum' => array( 'asc', 'desc' ), 1513 'type' => 'string', 1514 ); 1515 1516 $query_params['orderby'] = array( 1517 'default' => 'name', 1518 'description' => __( 'Sort collection by object attribute.' ), 1519 'enum' => array( 1520 'id', 1521 'include', 1522 'name', 1523 'registered_date', 1524 'slug', 1525 'include_slugs', 1526 'email', 1527 'url', 1528 ), 1529 'type' => 'string', 1530 ); 1531 1532 $query_params['slug'] = array( 1533 'description' => __( 'Limit result set to users with one or more specific slugs.' ), 1534 'type' => 'array', 1535 'items' => array( 1536 'type' => 'string', 1537 ), 1538 ); 1539 1540 $query_params['roles'] = array( 1541 'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ), 1542 'type' => 'array', 1543 'items' => array( 1544 'type' => 'string', 1545 ), 1546 ); 1547 1548 $query_params['who'] = array( 1549 'description' => __( 'Limit result set to users who are considered authors.' ), 1550 'type' => 'string', 1551 'enum' => array( 1552 'authors', 1553 ), 1554 ); 1555 1556 /** 1557 * Filter collection parameters for the users controller. 1558 * 1559 * This filter registers the collection parameter, but does not map the 1560 * collection parameter to an internal WP_User_Query parameter. Use the 1561 * `rest_user_query` filter to set WP_User_Query arguments. 1562 * 1563 * @since 4.7.0 1564 * 1565 * @param array $query_params JSON Schema-formatted collection parameters. 1566 */ 1567 return apply_filters( 'rest_user_collection_params', $query_params ); 1568 } 1569 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Jul 5 01:00:04 2020 | Cross-referenced by PHPXref 0.7.1 |