[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-users-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Users_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core class used to manage users via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Controller
  16   */
  17  class WP_REST_Users_Controller extends WP_REST_Controller {
  18  
  19      /**
  20       * Instance of a user meta fields object.
  21       *
  22       * @since 4.7.0
  23       * @var WP_REST_User_Meta_Fields
  24       */
  25      protected $meta;
  26  
  27      /**
  28       * Constructor.
  29       *
  30       * @since 4.7.0
  31       */
  32  	public function __construct() {
  33          $this->namespace = 'wp/v2';
  34          $this->rest_base = 'users';
  35  
  36          $this->meta = new WP_REST_User_Meta_Fields();
  37      }
  38  
  39      /**
  40       * Registers the routes for the objects of the controller.
  41       *
  42       * @since 4.7.0
  43       *
  44       * @see register_rest_route()
  45       */
  46  	public function register_routes() {
  47  
  48          register_rest_route(
  49              $this->namespace,
  50              '/' . $this->rest_base,
  51              array(
  52                  array(
  53                      'methods'             => WP_REST_Server::READABLE,
  54                      'callback'            => array( $this, 'get_items' ),
  55                      'permission_callback' => array( $this, 'get_items_permissions_check' ),
  56                      'args'                => $this->get_collection_params(),
  57                  ),
  58                  array(
  59                      'methods'             => WP_REST_Server::CREATABLE,
  60                      'callback'            => array( $this, 'create_item' ),
  61                      'permission_callback' => array( $this, 'create_item_permissions_check' ),
  62                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
  63                  ),
  64                  'schema' => array( $this, 'get_public_item_schema' ),
  65              )
  66          );
  67  
  68          register_rest_route(
  69              $this->namespace,
  70              '/' . $this->rest_base . '/(?P<id>[\d]+)',
  71              array(
  72                  'args'   => array(
  73                      'id' => array(
  74                          'description' => __( 'Unique identifier for the user.' ),
  75                          'type'        => 'integer',
  76                      ),
  77                  ),
  78                  array(
  79                      'methods'             => WP_REST_Server::READABLE,
  80                      'callback'            => array( $this, 'get_item' ),
  81                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  82                      'args'                => array(
  83                          'context' => $this->get_context_param( array( 'default' => 'view' ) ),
  84                      ),
  85                  ),
  86                  array(
  87                      'methods'             => WP_REST_Server::EDITABLE,
  88                      'callback'            => array( $this, 'update_item' ),
  89                      'permission_callback' => array( $this, 'update_item_permissions_check' ),
  90                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
  91                  ),
  92                  array(
  93                      'methods'             => WP_REST_Server::DELETABLE,
  94                      'callback'            => array( $this, 'delete_item' ),
  95                      'permission_callback' => array( $this, 'delete_item_permissions_check' ),
  96                      'args'                => array(
  97                          'force'    => array(
  98                              'type'        => 'boolean',
  99                              'default'     => false,
 100                              'description' => __( 'Required to be true, as users do not support trashing.' ),
 101                          ),
 102                          'reassign' => array(
 103                              'type'              => 'integer',
 104                              'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
 105                              'required'          => true,
 106                              'sanitize_callback' => array( $this, 'check_reassign' ),
 107                          ),
 108                      ),
 109                  ),
 110                  'schema' => array( $this, 'get_public_item_schema' ),
 111              )
 112          );
 113  
 114          register_rest_route(
 115              $this->namespace,
 116              '/' . $this->rest_base . '/me',
 117              array(
 118                  array(
 119                      'methods'  => WP_REST_Server::READABLE,
 120                      'callback' => array( $this, 'get_current_item' ),
 121                      'args'     => array(
 122                          'context' => $this->get_context_param( array( 'default' => 'view' ) ),
 123                      ),
 124                  ),
 125                  array(
 126                      'methods'             => WP_REST_Server::EDITABLE,
 127                      'callback'            => array( $this, 'update_current_item' ),
 128                      'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
 129                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
 130                  ),
 131                  array(
 132                      'methods'             => WP_REST_Server::DELETABLE,
 133                      'callback'            => array( $this, 'delete_current_item' ),
 134                      'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
 135                      'args'                => array(
 136                          'force'    => array(
 137                              'type'        => 'boolean',
 138                              'default'     => false,
 139                              'description' => __( 'Required to be true, as users do not support trashing.' ),
 140                          ),
 141                          'reassign' => array(
 142                              'type'              => 'integer',
 143                              'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
 144                              'required'          => true,
 145                              'sanitize_callback' => array( $this, 'check_reassign' ),
 146                          ),
 147                      ),
 148                  ),
 149                  'schema' => array( $this, 'get_public_item_schema' ),
 150              )
 151          );
 152      }
 153  
 154      /**
 155       * Checks for a valid value for the reassign parameter when deleting users.
 156       *
 157       * The value can be an integer, 'false', false, or ''.
 158       *
 159       * @since 4.7.0
 160       *
 161       * @param int|bool        $value   The value passed to the reassign parameter.
 162       * @param WP_REST_Request $request Full details about the request.
 163       * @param string          $param   The parameter that is being sanitized.
 164       *
 165       * @return int|bool|WP_Error
 166       */
 167  	public function check_reassign( $value, $request, $param ) {
 168          if ( is_numeric( $value ) ) {
 169              return $value;
 170          }
 171  
 172          if ( empty( $value ) || false === $value || 'false' === $value ) {
 173              return false;
 174          }
 175  
 176          return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
 177      }
 178  
 179      /**
 180       * Permissions check for getting all users.
 181       *
 182       * @since 4.7.0
 183       *
 184       * @param WP_REST_Request $request Full details about the request.
 185       * @return true|WP_Error True if the request has read access, otherwise WP_Error object.
 186       */
 187  	public function get_items_permissions_check( $request ) {
 188          // Check if roles is specified in GET request and if user can list users.
 189          if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
 190              return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to filter users by role.' ), array( 'status' => rest_authorization_required_code() ) );
 191          }
 192  
 193          if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
 194              return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
 195          }
 196  
 197          if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
 198              return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
 199          }
 200  
 201          if ( 'authors' === $request['who'] ) {
 202              $types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
 203  
 204              foreach ( $types as $type ) {
 205                  if ( post_type_supports( $type->name, 'author' )
 206                      && current_user_can( $type->cap->edit_posts ) ) {
 207                      return true;
 208                  }
 209              }
 210  
 211              return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
 212          }
 213  
 214          return true;
 215      }
 216  
 217      /**
 218       * Retrieves all users.
 219       *
 220       * @since 4.7.0
 221       *
 222       * @param WP_REST_Request $request Full details about the request.
 223       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 224       */
 225  	public function get_items( $request ) {
 226  
 227          // Retrieve the list of registered collection query parameters.
 228          $registered = $this->get_collection_params();
 229  
 230          /*
 231           * This array defines mappings between public API query parameters whose
 232           * values are accepted as-passed, and their internal WP_Query parameter
 233           * name equivalents (some are the same). Only values which are also
 234           * present in $registered will be set.
 235           */
 236          $parameter_mappings = array(
 237              'exclude'  => 'exclude',
 238              'include'  => 'include',
 239              'order'    => 'order',
 240              'per_page' => 'number',
 241              'search'   => 'search',
 242              'roles'    => 'role__in',
 243              'slug'     => 'nicename__in',
 244          );
 245  
 246          $prepared_args = array();
 247  
 248          /*
 249           * For each known parameter which is both registered and present in the request,
 250           * set the parameter's value on the query $prepared_args.
 251           */
 252          foreach ( $parameter_mappings as $api_param => $wp_param ) {
 253              if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
 254                  $prepared_args[ $wp_param ] = $request[ $api_param ];
 255              }
 256          }
 257  
 258          if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) {
 259              $prepared_args['offset'] = $request['offset'];
 260          } else {
 261              $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number'];
 262          }
 263  
 264          if ( isset( $registered['orderby'] ) ) {
 265              $orderby_possibles        = array(
 266                  'id'              => 'ID',
 267                  'include'         => 'include',
 268                  'name'            => 'display_name',
 269                  'registered_date' => 'registered',
 270                  'slug'            => 'user_nicename',
 271                  'include_slugs'   => 'nicename__in',
 272                  'email'           => 'user_email',
 273                  'url'             => 'user_url',
 274              );
 275              $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ];
 276          }
 277  
 278          if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) {
 279              $prepared_args['who'] = 'authors';
 280          } elseif ( ! current_user_can( 'list_users' ) ) {
 281              $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' );
 282          }
 283  
 284          if ( ! empty( $prepared_args['search'] ) ) {
 285              $prepared_args['search'] = '*' . $prepared_args['search'] . '*';
 286          }
 287          /**
 288           * Filters WP_User_Query arguments when querying users via the REST API.
 289           *
 290           * @link https://developer.wordpress.org/reference/classes/wp_user_query/
 291           *
 292           * @since 4.7.0
 293           *
 294           * @param array           $prepared_args Array of arguments for WP_User_Query.
 295           * @param WP_REST_Request $request       The current request.
 296           */
 297          $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request );
 298  
 299          $query = new WP_User_Query( $prepared_args );
 300  
 301          $users = array();
 302  
 303          foreach ( $query->results as $user ) {
 304              $data    = $this->prepare_item_for_response( $user, $request );
 305              $users[] = $this->prepare_response_for_collection( $data );
 306          }
 307  
 308          $response = rest_ensure_response( $users );
 309  
 310          // Store pagination values for headers then unset for count query.
 311          $per_page = (int) $prepared_args['number'];
 312          $page     = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
 313  
 314          $prepared_args['fields'] = 'ID';
 315  
 316          $total_users = $query->get_total();
 317  
 318          if ( $total_users < 1 ) {
 319              // Out-of-bounds, run the query again without LIMIT for total count.
 320              unset( $prepared_args['number'], $prepared_args['offset'] );
 321              $count_query = new WP_User_Query( $prepared_args );
 322              $total_users = $count_query->get_total();
 323          }
 324  
 325          $response->header( 'X-WP-Total', (int) $total_users );
 326  
 327          $max_pages = ceil( $total_users / $per_page );
 328  
 329          $response->header( 'X-WP-TotalPages', (int) $max_pages );
 330  
 331          $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
 332          if ( $page > 1 ) {
 333              $prev_page = $page - 1;
 334  
 335              if ( $prev_page > $max_pages ) {
 336                  $prev_page = $max_pages;
 337              }
 338  
 339              $prev_link = add_query_arg( 'page', $prev_page, $base );
 340              $response->link_header( 'prev', $prev_link );
 341          }
 342          if ( $max_pages > $page ) {
 343              $next_page = $page + 1;
 344              $next_link = add_query_arg( 'page', $next_page, $base );
 345  
 346              $response->link_header( 'next', $next_link );
 347          }
 348  
 349          return $response;
 350      }
 351  
 352      /**
 353       * Get the user, if the ID is valid.
 354       *
 355       * @since 4.7.2
 356       *
 357       * @param int $id Supplied ID.
 358       * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
 359       */
 360  	protected function get_user( $id ) {
 361          $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
 362          if ( (int) $id <= 0 ) {
 363              return $error;
 364          }
 365  
 366          $user = get_userdata( (int) $id );
 367          if ( empty( $user ) || ! $user->exists() ) {
 368              return $error;
 369          }
 370  
 371          if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) {
 372              return $error;
 373          }
 374  
 375          return $user;
 376      }
 377  
 378      /**
 379       * Checks if a given request has access to read a user.
 380       *
 381       * @since 4.7.0
 382       *
 383       * @param WP_REST_Request $request Full details about the request.
 384       * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
 385       */
 386  	public function get_item_permissions_check( $request ) {
 387          $user = $this->get_user( $request['id'] );
 388          if ( is_wp_error( $user ) ) {
 389              return $user;
 390          }
 391  
 392          $types = get_post_types( array( 'show_in_rest' => true ), 'names' );
 393  
 394          if ( get_current_user_id() === $user->ID ) {
 395              return true;
 396          }
 397  
 398          if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
 399              return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
 400          } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) {
 401              return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
 402          }
 403  
 404          return true;
 405      }
 406  
 407      /**
 408       * Retrieves a single user.
 409       *
 410       * @since 4.7.0
 411       *
 412       * @param WP_REST_Request $request Full details about the request.
 413       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 414       */
 415  	public function get_item( $request ) {
 416          $user = $this->get_user( $request['id'] );
 417          if ( is_wp_error( $user ) ) {
 418              return $user;
 419          }
 420  
 421          $user     = $this->prepare_item_for_response( $user, $request );
 422          $response = rest_ensure_response( $user );
 423  
 424          return $response;
 425      }
 426  
 427      /**
 428       * Retrieves the current user.
 429       *
 430       * @since 4.7.0
 431       *
 432       * @param WP_REST_Request $request Full details about the request.
 433       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 434       */
 435  	public function get_current_item( $request ) {
 436          $current_user_id = get_current_user_id();
 437  
 438          if ( empty( $current_user_id ) ) {
 439              return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) );
 440          }
 441  
 442          $user     = wp_get_current_user();
 443          $response = $this->prepare_item_for_response( $user, $request );
 444          $response = rest_ensure_response( $response );
 445  
 446          return $response;
 447      }
 448  
 449      /**
 450       * Checks if a given request has access create users.
 451       *
 452       * @since 4.7.0
 453       *
 454       * @param WP_REST_Request $request Full details about the request.
 455       * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
 456       */
 457  	public function create_item_permissions_check( $request ) {
 458  
 459          if ( ! current_user_can( 'create_users' ) ) {
 460              return new WP_Error( 'rest_cannot_create_user', __( 'Sorry, you are not allowed to create new users.' ), array( 'status' => rest_authorization_required_code() ) );
 461          }
 462  
 463          return true;
 464      }
 465  
 466      /**
 467       * Creates a single user.
 468       *
 469       * @since 4.7.0
 470       *
 471       * @param WP_REST_Request $request Full details about the request.
 472       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 473       */
 474  	public function create_item( $request ) {
 475          if ( ! empty( $request['id'] ) ) {
 476              return new WP_Error( 'rest_user_exists', __( 'Cannot create existing user.' ), array( 'status' => 400 ) );
 477          }
 478  
 479          $schema = $this->get_item_schema();
 480  
 481          if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
 482              $check_permission = $this->check_role_update( $request['id'], $request['roles'] );
 483  
 484              if ( is_wp_error( $check_permission ) ) {
 485                  return $check_permission;
 486              }
 487          }
 488  
 489          $user = $this->prepare_item_for_database( $request );
 490  
 491          if ( is_multisite() ) {
 492              $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email );
 493  
 494              if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) {
 495                  $error = new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) );
 496                  foreach ( $ret['errors']->errors as $code => $messages ) {
 497                      foreach ( $messages as $message ) {
 498                          $error->add( $code, $message );
 499                      }
 500                      $error_data = $error->get_error_data( $code );
 501                      if ( $error_data ) {
 502                          $error->add_data( $error_data, $code );
 503                      }
 504                  }
 505                  return $error;
 506              }
 507          }
 508  
 509          if ( is_multisite() ) {
 510              $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email );
 511  
 512              if ( ! $user_id ) {
 513                  return new WP_Error( 'rest_user_create', __( 'Error creating new user.' ), array( 'status' => 500 ) );
 514              }
 515  
 516              $user->ID = $user_id;
 517              $user_id  = wp_update_user( wp_slash( (array) $user ) );
 518  
 519              if ( is_wp_error( $user_id ) ) {
 520                  return $user_id;
 521              }
 522  
 523              $result = add_user_to_blog( get_site()->id, $user_id, '' );
 524              if ( is_wp_error( $result ) ) {
 525                  return $result;
 526              }
 527          } else {
 528              $user_id = wp_insert_user( wp_slash( (array) $user ) );
 529  
 530              if ( is_wp_error( $user_id ) ) {
 531                  return $user_id;
 532              }
 533          }
 534  
 535          $user = get_user_by( 'id', $user_id );
 536  
 537          /**
 538           * Fires immediately after a user is created or updated via the REST API.
 539           *
 540           * @since 4.7.0
 541           *
 542           * @param WP_User         $user     Inserted or updated user object.
 543           * @param WP_REST_Request $request  Request object.
 544           * @param bool            $creating True when creating a user, false when updating.
 545           */
 546          do_action( 'rest_insert_user', $user, $request, true );
 547  
 548          if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
 549              array_map( array( $user, 'add_role' ), $request['roles'] );
 550          }
 551  
 552          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 553              $meta_update = $this->meta->update_value( $request['meta'], $user_id );
 554  
 555              if ( is_wp_error( $meta_update ) ) {
 556                  return $meta_update;
 557              }
 558          }
 559  
 560          $user          = get_user_by( 'id', $user_id );
 561          $fields_update = $this->update_additional_fields_for_object( $user, $request );
 562  
 563          if ( is_wp_error( $fields_update ) ) {
 564              return $fields_update;
 565          }
 566  
 567          $request->set_param( 'context', 'edit' );
 568  
 569          /**
 570           * Fires after a user is completely created or updated via the REST API.
 571           *
 572           * @since 5.0.0
 573           *
 574           * @param WP_User         $user     Inserted or updated user object.
 575           * @param WP_REST_Request $request  Request object.
 576           * @param bool            $creating True when creating a user, false when updating.
 577           */
 578          do_action( 'rest_after_insert_user', $user, $request, true );
 579  
 580          $response = $this->prepare_item_for_response( $user, $request );
 581          $response = rest_ensure_response( $response );
 582  
 583          $response->set_status( 201 );
 584          $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) );
 585  
 586          return $response;
 587      }
 588  
 589      /**
 590       * Checks if a given request has access to update a user.
 591       *
 592       * @since 4.7.0
 593       *
 594       * @param WP_REST_Request $request Full details about the request.
 595       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 596       */
 597  	public function update_item_permissions_check( $request ) {
 598          $user = $this->get_user( $request['id'] );
 599          if ( is_wp_error( $user ) ) {
 600              return $user;
 601          }
 602  
 603          if ( ! empty( $request['roles'] ) ) {
 604              if ( ! current_user_can( 'promote_user', $user->ID ) ) {
 605                  return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) );
 606              }
 607  
 608              $request_params = array_keys( $request->get_params() );
 609              sort( $request_params );
 610              // If only 'id' and 'roles' are specified (we are only trying to
 611              // edit roles), then only the 'promote_user' cap is required.
 612              if ( array( 'id', 'roles' ) === $request_params ) {
 613                  return true;
 614              }
 615          }
 616  
 617          if ( ! current_user_can( 'edit_user', $user->ID ) ) {
 618              return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
 619          }
 620  
 621          return true;
 622      }
 623  
 624      /**
 625       * Updates a single user.
 626       *
 627       * @since 4.7.0
 628       *
 629       * @param WP_REST_Request $request Full details about the request.
 630       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 631       */
 632  	public function update_item( $request ) {
 633          $user = $this->get_user( $request['id'] );
 634          if ( is_wp_error( $user ) ) {
 635              return $user;
 636          }
 637  
 638          $id = $user->ID;
 639  
 640          if ( ! $user ) {
 641              return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
 642          }
 643  
 644          $owner_id = email_exists( $request['email'] );
 645  
 646          if ( $owner_id && $owner_id !== $id ) {
 647              return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) );
 648          }
 649  
 650          if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) {
 651              return new WP_Error( 'rest_user_invalid_argument', __( "Username isn't editable." ), array( 'status' => 400 ) );
 652          }
 653  
 654          if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) {
 655              return new WP_Error( 'rest_user_invalid_slug', __( 'Invalid slug.' ), array( 'status' => 400 ) );
 656          }
 657  
 658          if ( ! empty( $request['roles'] ) ) {
 659              $check_permission = $this->check_role_update( $id, $request['roles'] );
 660  
 661              if ( is_wp_error( $check_permission ) ) {
 662                  return $check_permission;
 663              }
 664          }
 665  
 666          $user = $this->prepare_item_for_database( $request );
 667  
 668          // Ensure we're operating on the same user we already checked.
 669          $user->ID = $id;
 670  
 671          $user_id = wp_update_user( wp_slash( (array) $user ) );
 672  
 673          if ( is_wp_error( $user_id ) ) {
 674              return $user_id;
 675          }
 676  
 677          $user = get_user_by( 'id', $user_id );
 678  
 679          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
 680          do_action( 'rest_insert_user', $user, $request, false );
 681  
 682          if ( ! empty( $request['roles'] ) ) {
 683              array_map( array( $user, 'add_role' ), $request['roles'] );
 684          }
 685  
 686          $schema = $this->get_item_schema();
 687  
 688          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 689              $meta_update = $this->meta->update_value( $request['meta'], $id );
 690  
 691              if ( is_wp_error( $meta_update ) ) {
 692                  return $meta_update;
 693              }
 694          }
 695  
 696          $user          = get_user_by( 'id', $user_id );
 697          $fields_update = $this->update_additional_fields_for_object( $user, $request );
 698  
 699          if ( is_wp_error( $fields_update ) ) {
 700              return $fields_update;
 701          }
 702  
 703          $request->set_param( 'context', 'edit' );
 704  
 705          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
 706          do_action( 'rest_after_insert_user', $user, $request, false );
 707  
 708          $response = $this->prepare_item_for_response( $user, $request );
 709          $response = rest_ensure_response( $response );
 710  
 711          return $response;
 712      }
 713  
 714      /**
 715       * Checks if a given request has access to update the current user.
 716       *
 717       * @since 4.7.0
 718       *
 719       * @param WP_REST_Request $request Full details about the request.
 720       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 721       */
 722  	public function update_current_item_permissions_check( $request ) {
 723          $request['id'] = get_current_user_id();
 724  
 725          return $this->update_item_permissions_check( $request );
 726      }
 727  
 728      /**
 729       * Updates the current user.
 730       *
 731       * @since 4.7.0
 732       *
 733       * @param WP_REST_Request $request Full details about the request.
 734       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 735       */
 736  	public function update_current_item( $request ) {
 737          $request['id'] = get_current_user_id();
 738  
 739          return $this->update_item( $request );
 740      }
 741  
 742      /**
 743       * Checks if a given request has access delete a user.
 744       *
 745       * @since 4.7.0
 746       *
 747       * @param WP_REST_Request $request Full details about the request.
 748       * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
 749       */
 750  	public function delete_item_permissions_check( $request ) {
 751          $user = $this->get_user( $request['id'] );
 752          if ( is_wp_error( $user ) ) {
 753              return $user;
 754          }
 755  
 756          if ( ! current_user_can( 'delete_user', $user->ID ) ) {
 757              return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) );
 758          }
 759  
 760          return true;
 761      }
 762  
 763      /**
 764       * Deletes a single user.
 765       *
 766       * @since 4.7.0
 767       *
 768       * @param WP_REST_Request $request Full details about the request.
 769       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 770       */
 771  	public function delete_item( $request ) {
 772          // We don't support delete requests in multisite.
 773          if ( is_multisite() ) {
 774              return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
 775          }
 776          $user = $this->get_user( $request['id'] );
 777          if ( is_wp_error( $user ) ) {
 778              return $user;
 779          }
 780  
 781          $id       = $user->ID;
 782          $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
 783          $force    = isset( $request['force'] ) ? (bool) $request['force'] : false;
 784  
 785          // We don't support trashing for users.
 786          if ( ! $force ) {
 787              /* translators: %s: force=true */
 788              return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) );
 789          }
 790  
 791          if ( ! empty( $reassign ) ) {
 792              if ( $reassign === $id || ! get_userdata( $reassign ) ) {
 793                  return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) );
 794              }
 795          }
 796  
 797          $request->set_param( 'context', 'edit' );
 798  
 799          $previous = $this->prepare_item_for_response( $user, $request );
 800  
 801          /** Include admin user functions to get access to wp_delete_user() */
 802          require_once ABSPATH . 'wp-admin/includes/user.php';
 803  
 804          $result = wp_delete_user( $id, $reassign );
 805  
 806          if ( ! $result ) {
 807              return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) );
 808          }
 809  
 810          $response = new WP_REST_Response();
 811          $response->set_data(
 812              array(
 813                  'deleted'  => true,
 814                  'previous' => $previous->get_data(),
 815              )
 816          );
 817  
 818          /**
 819           * Fires immediately after a user is deleted via the REST API.
 820           *
 821           * @since 4.7.0
 822           *
 823           * @param WP_User          $user     The user data.
 824           * @param WP_REST_Response $response The response returned from the API.
 825           * @param WP_REST_Request  $request  The request sent to the API.
 826           */
 827          do_action( 'rest_delete_user', $user, $response, $request );
 828  
 829          return $response;
 830      }
 831  
 832      /**
 833       * Checks if a given request has access to delete the current user.
 834       *
 835       * @since 4.7.0
 836       *
 837       * @param WP_REST_Request $request Full details about the request.
 838       * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
 839       */
 840  	public function delete_current_item_permissions_check( $request ) {
 841          $request['id'] = get_current_user_id();
 842  
 843          return $this->delete_item_permissions_check( $request );
 844      }
 845  
 846      /**
 847       * Deletes the current user.
 848       *
 849       * @since 4.7.0
 850       *
 851       * @param WP_REST_Request $request Full details about the request.
 852       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 853       */
 854  	public function delete_current_item( $request ) {
 855          $request['id'] = get_current_user_id();
 856  
 857          return $this->delete_item( $request );
 858      }
 859  
 860      /**
 861       * Prepares a single user output for response.
 862       *
 863       * @since 4.7.0
 864       *
 865       * @param WP_User         $user    User object.
 866       * @param WP_REST_Request $request Request object.
 867       * @return WP_REST_Response Response object.
 868       */
 869  	public function prepare_item_for_response( $user, $request ) {
 870  
 871          $data   = array();
 872          $fields = $this->get_fields_for_response( $request );
 873  
 874          if ( in_array( 'id', $fields, true ) ) {
 875              $data['id'] = $user->ID;
 876          }
 877  
 878          if ( in_array( 'username', $fields, true ) ) {
 879              $data['username'] = $user->user_login;
 880          }
 881  
 882          if ( in_array( 'name', $fields, true ) ) {
 883              $data['name'] = $user->display_name;
 884          }
 885  
 886          if ( in_array( 'first_name', $fields, true ) ) {
 887              $data['first_name'] = $user->first_name;
 888          }
 889  
 890          if ( in_array( 'last_name', $fields, true ) ) {
 891              $data['last_name'] = $user->last_name;
 892          }
 893  
 894          if ( in_array( 'email', $fields, true ) ) {
 895              $data['email'] = $user->user_email;
 896          }
 897  
 898          if ( in_array( 'url', $fields, true ) ) {
 899              $data['url'] = $user->user_url;
 900          }
 901  
 902          if ( in_array( 'description', $fields, true ) ) {
 903              $data['description'] = $user->description;
 904          }
 905  
 906          if ( in_array( 'link', $fields, true ) ) {
 907              $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename );
 908          }
 909  
 910          if ( in_array( 'locale', $fields, true ) ) {
 911              $data['locale'] = get_user_locale( $user );
 912          }
 913  
 914          if ( in_array( 'nickname', $fields, true ) ) {
 915              $data['nickname'] = $user->nickname;
 916          }
 917  
 918          if ( in_array( 'slug', $fields, true ) ) {
 919              $data['slug'] = $user->user_nicename;
 920          }
 921  
 922          if ( in_array( 'roles', $fields, true ) ) {
 923              // Defensively call array_values() to ensure an array is returned.
 924              $data['roles'] = array_values( $user->roles );
 925          }
 926  
 927          if ( in_array( 'registered_date', $fields, true ) ) {
 928              $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) );
 929          }
 930  
 931          if ( in_array( 'capabilities', $fields, true ) ) {
 932              $data['capabilities'] = (object) $user->allcaps;
 933          }
 934  
 935          if ( in_array( 'extra_capabilities', $fields, true ) ) {
 936              $data['extra_capabilities'] = (object) $user->caps;
 937          }
 938  
 939          if ( in_array( 'avatar_urls', $fields, true ) ) {
 940              $data['avatar_urls'] = rest_get_avatar_urls( $user );
 941          }
 942  
 943          if ( in_array( 'meta', $fields, true ) ) {
 944              $data['meta'] = $this->meta->get_value( $user->ID, $request );
 945          }
 946  
 947          $context = ! empty( $request['context'] ) ? $request['context'] : 'embed';
 948  
 949          $data = $this->add_additional_fields_to_object( $data, $request );
 950          $data = $this->filter_response_by_context( $data, $context );
 951  
 952          // Wrap the data in a response object.
 953          $response = rest_ensure_response( $data );
 954  
 955          $response->add_links( $this->prepare_links( $user ) );
 956  
 957          /**
 958           * Filters user data returned from the REST API.
 959           *
 960           * @since 4.7.0
 961           *
 962           * @param WP_REST_Response $response The response object.
 963           * @param WP_User          $user     User object used to create response.
 964           * @param WP_REST_Request  $request  Request object.
 965           */
 966          return apply_filters( 'rest_prepare_user', $response, $user, $request );
 967      }
 968  
 969      /**
 970       * Prepares links for the user request.
 971       *
 972       * @since 4.7.0
 973       *
 974       * @param WP_Post $user User object.
 975       * @return array Links for the given user.
 976       */
 977  	protected function prepare_links( $user ) {
 978          $links = array(
 979              'self'       => array(
 980                  'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ),
 981              ),
 982              'collection' => array(
 983                  'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
 984              ),
 985          );
 986  
 987          return $links;
 988      }
 989  
 990      /**
 991       * Prepares a single user for creation or update.
 992       *
 993       * @since 4.7.0
 994       *
 995       * @param WP_REST_Request $request Request object.
 996       * @return object $prepared_user User object.
 997       */
 998  	protected function prepare_item_for_database( $request ) {
 999          $prepared_user = new stdClass;
1000  
1001          $schema = $this->get_item_schema();
1002  
1003          // required arguments.
1004          if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) {
1005              $prepared_user->user_email = $request['email'];
1006          }
1007  
1008          if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) {
1009              $prepared_user->user_login = $request['username'];
1010          }
1011  
1012          if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) {
1013              $prepared_user->user_pass = $request['password'];
1014          }
1015  
1016          // optional arguments.
1017          if ( isset( $request['id'] ) ) {
1018              $prepared_user->ID = absint( $request['id'] );
1019          }
1020  
1021          if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) {
1022              $prepared_user->display_name = $request['name'];
1023          }
1024  
1025          if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) {
1026              $prepared_user->first_name = $request['first_name'];
1027          }
1028  
1029          if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) {
1030              $prepared_user->last_name = $request['last_name'];
1031          }
1032  
1033          if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) {
1034              $prepared_user->nickname = $request['nickname'];
1035          }
1036  
1037          if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) {
1038              $prepared_user->user_nicename = $request['slug'];
1039          }
1040  
1041          if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) {
1042              $prepared_user->description = $request['description'];
1043          }
1044  
1045          if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) {
1046              $prepared_user->user_url = $request['url'];
1047          }
1048  
1049          if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) {
1050              $prepared_user->locale = $request['locale'];
1051          }
1052  
1053          // setting roles will be handled outside of this function.
1054          if ( isset( $request['roles'] ) ) {
1055              $prepared_user->role = false;
1056          }
1057  
1058          /**
1059           * Filters user data before insertion via the REST API.
1060           *
1061           * @since 4.7.0
1062           *
1063           * @param object          $prepared_user User object.
1064           * @param WP_REST_Request $request       Request object.
1065           */
1066          return apply_filters( 'rest_pre_insert_user', $prepared_user, $request );
1067      }
1068  
1069      /**
1070       * Determines if the current user is allowed to make the desired roles change.
1071       *
1072       * @since 4.7.0
1073       *
1074       * @param integer $user_id User ID.
1075       * @param array   $roles   New user roles.
1076       * @return true|WP_Error True if the current user is allowed to make the role change,
1077       *                       otherwise a WP_Error object.
1078       */
1079  	protected function check_role_update( $user_id, $roles ) {
1080          global $wp_roles;
1081  
1082          foreach ( $roles as $role ) {
1083  
1084              if ( ! isset( $wp_roles->role_objects[ $role ] ) ) {
1085                  /* translators: %s: Role key. */
1086                  return new WP_Error( 'rest_user_invalid_role', sprintf( __( 'The role %s does not exist.' ), $role ), array( 'status' => 400 ) );
1087              }
1088  
1089              $potential_role = $wp_roles->role_objects[ $role ];
1090  
1091              /*
1092               * Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
1093               * Multisite super admins can freely edit their blog roles -- they possess all caps.
1094               */
1095              if ( ! ( is_multisite()
1096                  && current_user_can( 'manage_sites' ) )
1097                  && get_current_user_id() === $user_id
1098                  && ! $potential_role->has_cap( 'edit_users' )
1099              ) {
1100                  return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => rest_authorization_required_code() ) );
1101              }
1102  
1103              /** Include admin functions to get access to get_editable_roles() */
1104              require_once ABSPATH . 'wp-admin/includes/admin.php';
1105  
1106              // The new role must be editable by the logged-in user.
1107              $editable_roles = get_editable_roles();
1108  
1109              if ( empty( $editable_roles[ $role ] ) ) {
1110                  return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => 403 ) );
1111              }
1112          }
1113  
1114          return true;
1115      }
1116  
1117      /**
1118       * Check a username for the REST API.
1119       *
1120       * Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
1121       *
1122       * @since 4.7.0
1123       *
1124       * @param mixed           $value   The username submitted in the request.
1125       * @param WP_REST_Request $request Full details about the request.
1126       * @param string          $param   The parameter name.
1127       * @return string|WP_Error The sanitized username, if valid, otherwise an error.
1128       */
1129  	public function check_username( $value, $request, $param ) {
1130          $username = (string) $value;
1131  
1132          if ( ! validate_username( $username ) ) {
1133              return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) );
1134          }
1135  
1136          /** This filter is documented in wp-includes/user.php */
1137          $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
1138  
1139          if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) {
1140              return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) );
1141          }
1142  
1143          return $username;
1144      }
1145  
1146      /**
1147       * Check a user password for the REST API.
1148       *
1149       * Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
1150       *
1151       * @since 4.7.0
1152       *
1153       * @param mixed           $value   The password submitted in the request.
1154       * @param WP_REST_Request $request Full details about the request.
1155       * @param string          $param   The parameter name.
1156       * @return string|WP_Error The sanitized password, if valid, otherwise an error.
1157       */
1158  	public function check_user_password( $value, $request, $param ) {
1159          $password = (string) $value;
1160  
1161          if ( empty( $password ) ) {
1162              return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) );
1163          }
1164  
1165          if ( false !== strpos( $password, '\\' ) ) {
1166              return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot contain the "\\" character.' ), array( 'status' => 400 ) );
1167          }
1168  
1169          return $password;
1170      }
1171  
1172      /**
1173       * Retrieves the user's schema, conforming to JSON Schema.
1174       *
1175       * @since 4.7.0
1176       *
1177       * @return array Item schema data.
1178       */
1179  	public function get_item_schema() {
1180          if ( $this->schema ) {
1181              return $this->add_additional_fields_schema( $this->schema );
1182          }
1183  
1184          $schema = array(
1185              '$schema'    => 'http://json-schema.org/draft-04/schema#',
1186              'title'      => 'user',
1187              'type'       => 'object',
1188              'properties' => array(
1189                  'id'                 => array(
1190                      'description' => __( 'Unique identifier for the user.' ),
1191                      'type'        => 'integer',
1192                      'context'     => array( 'embed', 'view', 'edit' ),
1193                      'readonly'    => true,
1194                  ),
1195                  'username'           => array(
1196                      'description' => __( 'Login name for the user.' ),
1197                      'type'        => 'string',
1198                      'context'     => array( 'edit' ),
1199                      'required'    => true,
1200                      'arg_options' => array(
1201                          'sanitize_callback' => array( $this, 'check_username' ),
1202                      ),
1203                  ),
1204                  'name'               => array(
1205                      'description' => __( 'Display name for the user.' ),
1206                      'type'        => 'string',
1207                      'context'     => array( 'embed', 'view', 'edit' ),
1208                      'arg_options' => array(
1209                          'sanitize_callback' => 'sanitize_text_field',
1210                      ),
1211                  ),
1212                  'first_name'         => array(
1213                      'description' => __( 'First name for the user.' ),
1214                      'type'        => 'string',
1215                      'context'     => array( 'edit' ),
1216                      'arg_options' => array(
1217                          'sanitize_callback' => 'sanitize_text_field',
1218                      ),
1219                  ),
1220                  'last_name'          => array(
1221                      'description' => __( 'Last name for the user.' ),
1222                      'type'        => 'string',
1223                      'context'     => array( 'edit' ),
1224                      'arg_options' => array(
1225                          'sanitize_callback' => 'sanitize_text_field',
1226                      ),
1227                  ),
1228                  'email'              => array(
1229                      'description' => __( 'The email address for the user.' ),
1230                      'type'        => 'string',
1231                      'format'      => 'email',
1232                      'context'     => array( 'edit' ),
1233                      'required'    => true,
1234                  ),
1235                  'url'                => array(
1236                      'description' => __( 'URL of the user.' ),
1237                      'type'        => 'string',
1238                      'format'      => 'uri',
1239                      'context'     => array( 'embed', 'view', 'edit' ),
1240                  ),
1241                  'description'        => array(
1242                      'description' => __( 'Description of the user.' ),
1243                      'type'        => 'string',
1244                      'context'     => array( 'embed', 'view', 'edit' ),
1245                  ),
1246                  'link'               => array(
1247                      'description' => __( 'Author URL of the user.' ),
1248                      'type'        => 'string',
1249                      'format'      => 'uri',
1250                      'context'     => array( 'embed', 'view', 'edit' ),
1251                      'readonly'    => true,
1252                  ),
1253                  'locale'             => array(
1254                      'description' => __( 'Locale for the user.' ),
1255                      'type'        => 'string',
1256                      'enum'        => array_merge( array( '', 'en_US' ), get_available_languages() ),
1257                      'context'     => array( 'edit' ),
1258                  ),
1259                  'nickname'           => array(
1260                      'description' => __( 'The nickname for the user.' ),
1261                      'type'        => 'string',
1262                      'context'     => array( 'edit' ),
1263                      'arg_options' => array(
1264                          'sanitize_callback' => 'sanitize_text_field',
1265                      ),
1266                  ),
1267                  'slug'               => array(
1268                      'description' => __( 'An alphanumeric identifier for the user.' ),
1269                      'type'        => 'string',
1270                      'context'     => array( 'embed', 'view', 'edit' ),
1271                      'arg_options' => array(
1272                          'sanitize_callback' => array( $this, 'sanitize_slug' ),
1273                      ),
1274                  ),
1275                  'registered_date'    => array(
1276                      'description' => __( 'Registration date for the user.' ),
1277                      'type'        => 'string',
1278                      'format'      => 'date-time',
1279                      'context'     => array( 'edit' ),
1280                      'readonly'    => true,
1281                  ),
1282                  'roles'              => array(
1283                      'description' => __( 'Roles assigned to the user.' ),
1284                      'type'        => 'array',
1285                      'items'       => array(
1286                          'type' => 'string',
1287                      ),
1288                      'context'     => array( 'edit' ),
1289                  ),
1290                  'password'           => array(
1291                      'description' => __( 'Password for the user (never included).' ),
1292                      'type'        => 'string',
1293                      'context'     => array(), // Password is never displayed.
1294                      'required'    => true,
1295                      'arg_options' => array(
1296                          'sanitize_callback' => array( $this, 'check_user_password' ),
1297                      ),
1298                  ),
1299                  'capabilities'       => array(
1300                      'description' => __( 'All capabilities assigned to the user.' ),
1301                      'type'        => 'object',
1302                      'context'     => array( 'edit' ),
1303                      'readonly'    => true,
1304                  ),
1305                  'extra_capabilities' => array(
1306                      'description' => __( 'Any extra capabilities assigned to the user.' ),
1307                      'type'        => 'object',
1308                      'context'     => array( 'edit' ),
1309                      'readonly'    => true,
1310                  ),
1311              ),
1312          );
1313  
1314          if ( get_option( 'show_avatars' ) ) {
1315              $avatar_properties = array();
1316  
1317              $avatar_sizes = rest_get_avatar_sizes();
1318  
1319              foreach ( $avatar_sizes as $size ) {
1320                  $avatar_properties[ $size ] = array(
1321                      /* translators: %d: Avatar image size in pixels. */
1322                      'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ),
1323                      'type'        => 'string',
1324                      'format'      => 'uri',
1325                      'context'     => array( 'embed', 'view', 'edit' ),
1326                  );
1327              }
1328  
1329              $schema['properties']['avatar_urls'] = array(
1330                  'description' => __( 'Avatar URLs for the user.' ),
1331                  'type'        => 'object',
1332                  'context'     => array( 'embed', 'view', 'edit' ),
1333                  'readonly'    => true,
1334                  'properties'  => $avatar_properties,
1335              );
1336          }
1337  
1338          $schema['properties']['meta'] = $this->meta->get_field_schema();
1339  
1340          $this->schema = $schema;
1341          return $this->add_additional_fields_schema( $this->schema );
1342      }
1343  
1344      /**
1345       * Retrieves the query params for collections.
1346       *
1347       * @since 4.7.0
1348       *
1349       * @return array Collection parameters.
1350       */
1351  	public function get_collection_params() {
1352          $query_params = parent::get_collection_params();
1353  
1354          $query_params['context']['default'] = 'view';
1355  
1356          $query_params['exclude'] = array(
1357              'description' => __( 'Ensure result set excludes specific IDs.' ),
1358              'type'        => 'array',
1359              'items'       => array(
1360                  'type' => 'integer',
1361              ),
1362              'default'     => array(),
1363          );
1364  
1365          $query_params['include'] = array(
1366              'description' => __( 'Limit result set to specific IDs.' ),
1367              'type'        => 'array',
1368              'items'       => array(
1369                  'type' => 'integer',
1370              ),
1371              'default'     => array(),
1372          );
1373  
1374          $query_params['offset'] = array(
1375              'description' => __( 'Offset the result set by a specific number of items.' ),
1376              'type'        => 'integer',
1377          );
1378  
1379          $query_params['order'] = array(
1380              'default'     => 'asc',
1381              'description' => __( 'Order sort attribute ascending or descending.' ),
1382              'enum'        => array( 'asc', 'desc' ),
1383              'type'        => 'string',
1384          );
1385  
1386          $query_params['orderby'] = array(
1387              'default'     => 'name',
1388              'description' => __( 'Sort collection by object attribute.' ),
1389              'enum'        => array(
1390                  'id',
1391                  'include',
1392                  'name',
1393                  'registered_date',
1394                  'slug',
1395                  'include_slugs',
1396                  'email',
1397                  'url',
1398              ),
1399              'type'        => 'string',
1400          );
1401  
1402          $query_params['slug'] = array(
1403              'description' => __( 'Limit result set to users with one or more specific slugs.' ),
1404              'type'        => 'array',
1405              'items'       => array(
1406                  'type' => 'string',
1407              ),
1408          );
1409  
1410          $query_params['roles'] = array(
1411              'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ),
1412              'type'        => 'array',
1413              'items'       => array(
1414                  'type' => 'string',
1415              ),
1416          );
1417  
1418          $query_params['who'] = array(
1419              'description' => __( 'Limit result set to users who are considered authors.' ),
1420              'type'        => 'string',
1421              'enum'        => array(
1422                  'authors',
1423              ),
1424          );
1425  
1426          /**
1427           * Filter collection parameters for the users controller.
1428           *
1429           * This filter registers the collection parameter, but does not map the
1430           * collection parameter to an internal WP_User_Query parameter.  Use the
1431           * `rest_user_query` filter to set WP_User_Query arguments.
1432           *
1433           * @since 4.7.0
1434           *
1435           * @param array $query_params JSON Schema-formatted collection parameters.
1436           */
1437          return apply_filters( 'rest_user_collection_params', $query_params );
1438      }
1439  }


Generated: Sun Jan 19 01:00:03 2020 Cross-referenced by PHPXref 0.7.1