| [ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * REST API: WP_REST_Users_Controller class 4 * 5 * @package WordPress 6 * @subpackage REST_API 7 * @since 4.7.0 8 */ 9 10 /** 11 * Core class used to manage users via the REST API. 12 * 13 * @since 4.7.0 14 * 15 * @see WP_REST_Controller 16 */ 17 class WP_REST_Users_Controller extends WP_REST_Controller { 18 19 /** 20 * Instance of a user meta fields object. 21 * 22 * @since 4.7.0 23 * @var WP_REST_User_Meta_Fields 24 */ 25 protected $meta; 26 27 /** 28 * Constructor. 29 * 30 * @since 4.7.0 31 */ 32 public function __construct() { 33 $this->namespace = 'wp/v2'; 34 $this->rest_base = 'users'; 35 36 $this->meta = new WP_REST_User_Meta_Fields(); 37 } 38 39 /** 40 * Registers the routes for the objects of the controller. 41 * 42 * @since 4.7.0 43 * 44 * @see register_rest_route() 45 */ 46 public function register_routes() { 47 48 register_rest_route( 49 $this->namespace, 50 '/' . $this->rest_base, 51 array( 52 array( 53 'methods' => WP_REST_Server::READABLE, 54 'callback' => array( $this, 'get_items' ), 55 'permission_callback' => array( $this, 'get_items_permissions_check' ), 56 'args' => $this->get_collection_params(), 57 ), 58 array( 59 'methods' => WP_REST_Server::CREATABLE, 60 'callback' => array( $this, 'create_item' ), 61 'permission_callback' => array( $this, 'create_item_permissions_check' ), 62 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), 63 ), 64 'schema' => array( $this, 'get_public_item_schema' ), 65 ) 66 ); 67 68 register_rest_route( 69 $this->namespace, 70 '/' . $this->rest_base . '/(?P<id>[\d]+)', 71 array( 72 'args' => array( 73 'id' => array( 74 'description' => __( 'Unique identifier for the user.' ), 75 'type' => 'integer', 76 ), 77 ), 78 array( 79 'methods' => WP_REST_Server::READABLE, 80 'callback' => array( $this, 'get_item' ), 81 'permission_callback' => array( $this, 'get_item_permissions_check' ), 82 'args' => array( 83 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 84 ), 85 ), 86 array( 87 'methods' => WP_REST_Server::EDITABLE, 88 'callback' => array( $this, 'update_item' ), 89 'permission_callback' => array( $this, 'update_item_permissions_check' ), 90 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 91 ), 92 array( 93 'methods' => WP_REST_Server::DELETABLE, 94 'callback' => array( $this, 'delete_item' ), 95 'permission_callback' => array( $this, 'delete_item_permissions_check' ), 96 'args' => array( 97 'force' => array( 98 'type' => 'boolean', 99 'default' => false, 100 'description' => __( 'Required to be true, as users do not support trashing.' ), 101 ), 102 'reassign' => array( 103 'type' => 'integer', 104 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 105 'required' => true, 106 'sanitize_callback' => array( $this, 'check_reassign' ), 107 ), 108 ), 109 ), 110 'schema' => array( $this, 'get_public_item_schema' ), 111 ) 112 ); 113 114 register_rest_route( 115 $this->namespace, 116 '/' . $this->rest_base . '/me', 117 array( 118 array( 119 'methods' => WP_REST_Server::READABLE, 120 'callback' => array( $this, 'get_current_item' ), 121 'args' => array( 122 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 123 ), 124 ), 125 array( 126 'methods' => WP_REST_Server::EDITABLE, 127 'callback' => array( $this, 'update_current_item' ), 128 'permission_callback' => array( $this, 'update_current_item_permissions_check' ), 129 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 130 ), 131 array( 132 'methods' => WP_REST_Server::DELETABLE, 133 'callback' => array( $this, 'delete_current_item' ), 134 'permission_callback' => array( $this, 'delete_current_item_permissions_check' ), 135 'args' => array( 136 'force' => array( 137 'type' => 'boolean', 138 'default' => false, 139 'description' => __( 'Required to be true, as users do not support trashing.' ), 140 ), 141 'reassign' => array( 142 'type' => 'integer', 143 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 144 'required' => true, 145 'sanitize_callback' => array( $this, 'check_reassign' ), 146 ), 147 ), 148 ), 149 'schema' => array( $this, 'get_public_item_schema' ), 150 ) 151 ); 152 } 153 154 /** 155 * Checks for a valid value for the reassign parameter when deleting users. 156 * 157 * The value can be an integer, 'false', false, or ''. 158 * 159 * @since 4.7.0 160 * 161 * @param int|bool $value The value passed to the reassign parameter. 162 * @param WP_REST_Request $request Full details about the request. 163 * @param string $param The parameter that is being sanitized. 164 * 165 * @return int|bool|WP_Error 166 */ 167 public function check_reassign( $value, $request, $param ) { 168 if ( is_numeric( $value ) ) { 169 return $value; 170 } 171 172 if ( empty( $value ) || false === $value || 'false' === $value ) { 173 return false; 174 } 175 176 return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) ); 177 } 178 179 /** 180 * Permissions check for getting all users. 181 * 182 * @since 4.7.0 183 * 184 * @param WP_REST_Request $request Full details about the request. 185 * @return true|WP_Error True if the request has read access, otherwise WP_Error object. 186 */ 187 public function get_items_permissions_check( $request ) { 188 // Check if roles is specified in GET request and if user can list users. 189 if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) { 190 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to filter users by role.' ), array( 'status' => rest_authorization_required_code() ) ); 191 } 192 193 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 194 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 195 } 196 197 if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) { 198 return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); 199 } 200 201 if ( 'authors' === $request['who'] ) { 202 $can_view = false; 203 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 204 foreach ( $types as $type ) { 205 if ( post_type_supports( $type->name, 'author' ) 206 && current_user_can( $type->cap->edit_posts ) ) { 207 $can_view = true; 208 } 209 } 210 if ( ! $can_view ) { 211 return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); 212 } 213 } 214 215 return true; 216 } 217 218 /** 219 * Retrieves all users. 220 * 221 * @since 4.7.0 222 * 223 * @param WP_REST_Request $request Full details about the request. 224 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 225 */ 226 public function get_items( $request ) { 227 228 // Retrieve the list of registered collection query parameters. 229 $registered = $this->get_collection_params(); 230 231 /* 232 * This array defines mappings between public API query parameters whose 233 * values are accepted as-passed, and their internal WP_Query parameter 234 * name equivalents (some are the same). Only values which are also 235 * present in $registered will be set. 236 */ 237 $parameter_mappings = array( 238 'exclude' => 'exclude', 239 'include' => 'include', 240 'order' => 'order', 241 'per_page' => 'number', 242 'search' => 'search', 243 'roles' => 'role__in', 244 'slug' => 'nicename__in', 245 ); 246 247 $prepared_args = array(); 248 249 /* 250 * For each known parameter which is both registered and present in the request, 251 * set the parameter's value on the query $prepared_args. 252 */ 253 foreach ( $parameter_mappings as $api_param => $wp_param ) { 254 if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { 255 $prepared_args[ $wp_param ] = $request[ $api_param ]; 256 } 257 } 258 259 if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) { 260 $prepared_args['offset'] = $request['offset']; 261 } else { 262 $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number']; 263 } 264 265 if ( isset( $registered['orderby'] ) ) { 266 $orderby_possibles = array( 267 'id' => 'ID', 268 'include' => 'include', 269 'name' => 'display_name', 270 'registered_date' => 'registered', 271 'slug' => 'user_nicename', 272 'include_slugs' => 'nicename__in', 273 'email' => 'user_email', 274 'url' => 'user_url', 275 ); 276 $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ]; 277 } 278 279 if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { 280 $prepared_args['who'] = 'authors'; 281 } elseif ( ! current_user_can( 'list_users' ) ) { 282 $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); 283 } 284 285 if ( ! empty( $prepared_args['search'] ) ) { 286 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; 287 } 288 /** 289 * Filters WP_User_Query arguments when querying users via the REST API. 290 * 291 * @link https://developer.wordpress.org/reference/classes/wp_user_query/ 292 * 293 * @since 4.7.0 294 * 295 * @param array $prepared_args Array of arguments for WP_User_Query. 296 * @param WP_REST_Request $request The current request. 297 */ 298 $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request ); 299 300 $query = new WP_User_Query( $prepared_args ); 301 302 $users = array(); 303 304 foreach ( $query->results as $user ) { 305 $data = $this->prepare_item_for_response( $user, $request ); 306 $users[] = $this->prepare_response_for_collection( $data ); 307 } 308 309 $response = rest_ensure_response( $users ); 310 311 // Store pagination values for headers then unset for count query. 312 $per_page = (int) $prepared_args['number']; 313 $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); 314 315 $prepared_args['fields'] = 'ID'; 316 317 $total_users = $query->get_total(); 318 319 if ( $total_users < 1 ) { 320 // Out-of-bounds, run the query again without LIMIT for total count. 321 unset( $prepared_args['number'], $prepared_args['offset'] ); 322 $count_query = new WP_User_Query( $prepared_args ); 323 $total_users = $count_query->get_total(); 324 } 325 326 $response->header( 'X-WP-Total', (int) $total_users ); 327 328 $max_pages = ceil( $total_users / $per_page ); 329 330 $response->header( 'X-WP-TotalPages', (int) $max_pages ); 331 332 $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); 333 if ( $page > 1 ) { 334 $prev_page = $page - 1; 335 336 if ( $prev_page > $max_pages ) { 337 $prev_page = $max_pages; 338 } 339 340 $prev_link = add_query_arg( 'page', $prev_page, $base ); 341 $response->link_header( 'prev', $prev_link ); 342 } 343 if ( $max_pages > $page ) { 344 $next_page = $page + 1; 345 $next_link = add_query_arg( 'page', $next_page, $base ); 346 347 $response->link_header( 'next', $next_link ); 348 } 349 350 return $response; 351 } 352 353 /** 354 * Get the user, if the ID is valid. 355 * 356 * @since 4.7.2 357 * 358 * @param int $id Supplied ID. 359 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 360 */ 361 protected function get_user( $id ) { 362 $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 363 if ( (int) $id <= 0 ) { 364 return $error; 365 } 366 367 $user = get_userdata( (int) $id ); 368 if ( empty( $user ) || ! $user->exists() ) { 369 return $error; 370 } 371 372 if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) { 373 return $error; 374 } 375 376 return $user; 377 } 378 379 /** 380 * Checks if a given request has access to read a user. 381 * 382 * @since 4.7.0 383 * 384 * @param WP_REST_Request $request Full details about the request. 385 * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object. 386 */ 387 public function get_item_permissions_check( $request ) { 388 $user = $this->get_user( $request['id'] ); 389 if ( is_wp_error( $user ) ) { 390 return $user; 391 } 392 393 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 394 395 if ( get_current_user_id() === $user->ID ) { 396 return true; 397 } 398 399 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 400 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 401 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 402 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 403 } 404 405 return true; 406 } 407 408 /** 409 * Retrieves a single user. 410 * 411 * @since 4.7.0 412 * 413 * @param WP_REST_Request $request Full details about the request. 414 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 415 */ 416 public function get_item( $request ) { 417 $user = $this->get_user( $request['id'] ); 418 if ( is_wp_error( $user ) ) { 419 return $user; 420 } 421 422 $user = $this->prepare_item_for_response( $user, $request ); 423 $response = rest_ensure_response( $user ); 424 425 return $response; 426 } 427 428 /** 429 * Retrieves the current user. 430 * 431 * @since 4.7.0 432 * 433 * @param WP_REST_Request $request Full details about the request. 434 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 435 */ 436 public function get_current_item( $request ) { 437 $current_user_id = get_current_user_id(); 438 439 if ( empty( $current_user_id ) ) { 440 return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) ); 441 } 442 443 $user = wp_get_current_user(); 444 $response = $this->prepare_item_for_response( $user, $request ); 445 $response = rest_ensure_response( $response ); 446 447 return $response; 448 } 449 450 /** 451 * Checks if a given request has access create users. 452 * 453 * @since 4.7.0 454 * 455 * @param WP_REST_Request $request Full details about the request. 456 * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. 457 */ 458 public function create_item_permissions_check( $request ) { 459 460 if ( ! current_user_can( 'create_users' ) ) { 461 return new WP_Error( 'rest_cannot_create_user', __( 'Sorry, you are not allowed to create new users.' ), array( 'status' => rest_authorization_required_code() ) ); 462 } 463 464 return true; 465 } 466 467 /** 468 * Creates a single user. 469 * 470 * @since 4.7.0 471 * 472 * @param WP_REST_Request $request Full details about the request. 473 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 474 */ 475 public function create_item( $request ) { 476 if ( ! empty( $request['id'] ) ) { 477 return new WP_Error( 'rest_user_exists', __( 'Cannot create existing user.' ), array( 'status' => 400 ) ); 478 } 479 480 $schema = $this->get_item_schema(); 481 482 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 483 $check_permission = $this->check_role_update( $request['id'], $request['roles'] ); 484 485 if ( is_wp_error( $check_permission ) ) { 486 return $check_permission; 487 } 488 } 489 490 $user = $this->prepare_item_for_database( $request ); 491 492 if ( is_multisite() ) { 493 $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email ); 494 495 if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) { 496 $error = new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) ); 497 foreach ( $ret['errors']->errors as $code => $messages ) { 498 foreach ( $messages as $message ) { 499 $error->add( $code, $message ); 500 } 501 $error_data = $error->get_error_data( $code ); 502 if ( $error_data ) { 503 $error->add_data( $error_data, $code ); 504 } 505 } 506 return $error; 507 } 508 } 509 510 if ( is_multisite() ) { 511 $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email ); 512 513 if ( ! $user_id ) { 514 return new WP_Error( 'rest_user_create', __( 'Error creating new user.' ), array( 'status' => 500 ) ); 515 } 516 517 $user->ID = $user_id; 518 $user_id = wp_update_user( wp_slash( (array) $user ) ); 519 520 if ( is_wp_error( $user_id ) ) { 521 return $user_id; 522 } 523 524 $result = add_user_to_blog( get_site()->id, $user_id, '' ); 525 if ( is_wp_error( $result ) ) { 526 return $result; 527 } 528 } else { 529 $user_id = wp_insert_user( wp_slash( (array) $user ) ); 530 531 if ( is_wp_error( $user_id ) ) { 532 return $user_id; 533 } 534 } 535 536 $user = get_user_by( 'id', $user_id ); 537 538 /** 539 * Fires immediately after a user is created or updated via the REST API. 540 * 541 * @since 4.7.0 542 * 543 * @param WP_User $user Inserted or updated user object. 544 * @param WP_REST_Request $request Request object. 545 * @param bool $creating True when creating a user, false when updating. 546 */ 547 do_action( 'rest_insert_user', $user, $request, true ); 548 549 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 550 array_map( array( $user, 'add_role' ), $request['roles'] ); 551 } 552 553 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 554 $meta_update = $this->meta->update_value( $request['meta'], $user_id ); 555 556 if ( is_wp_error( $meta_update ) ) { 557 return $meta_update; 558 } 559 } 560 561 $user = get_user_by( 'id', $user_id ); 562 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 563 564 if ( is_wp_error( $fields_update ) ) { 565 return $fields_update; 566 } 567 568 $request->set_param( 'context', 'edit' ); 569 570 /** 571 * Fires after a user is completely created or updated via the REST API. 572 * 573 * @since 5.0.0 574 * 575 * @param WP_User $user Inserted or updated user object. 576 * @param WP_REST_Request $request Request object. 577 * @param bool $creating True when creating a user, false when updating. 578 */ 579 do_action( 'rest_after_insert_user', $user, $request, true ); 580 581 $response = $this->prepare_item_for_response( $user, $request ); 582 $response = rest_ensure_response( $response ); 583 584 $response->set_status( 201 ); 585 $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) ); 586 587 return $response; 588 } 589 590 /** 591 * Checks if a given request has access to update a user. 592 * 593 * @since 4.7.0 594 * 595 * @param WP_REST_Request $request Full details about the request. 596 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 597 */ 598 public function update_item_permissions_check( $request ) { 599 $user = $this->get_user( $request['id'] ); 600 if ( is_wp_error( $user ) ) { 601 return $user; 602 } 603 604 if ( ! empty( $request['roles'] ) ) { 605 if ( ! current_user_can( 'promote_user', $user->ID ) ) { 606 return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) ); 607 } 608 609 $request_params = array_keys( $request->get_params() ); 610 sort( $request_params ); 611 // If only 'id' and 'roles' are specified (we are only trying to 612 // edit roles), then only the 'promote_user' cap is required. 613 if ( $request_params === array( 'id', 'roles' ) ) { 614 return true; 615 } 616 } 617 618 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 619 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 620 } 621 622 return true; 623 } 624 625 /** 626 * Updates a single user. 627 * 628 * @since 4.7.0 629 * 630 * @param WP_REST_Request $request Full details about the request. 631 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 632 */ 633 public function update_item( $request ) { 634 $user = $this->get_user( $request['id'] ); 635 if ( is_wp_error( $user ) ) { 636 return $user; 637 } 638 639 $id = $user->ID; 640 641 if ( ! $user ) { 642 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 643 } 644 645 $owner_id = email_exists( $request['email'] ); 646 647 if ( $owner_id && $owner_id !== $id ) { 648 return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) ); 649 } 650 651 if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { 652 return new WP_Error( 'rest_user_invalid_argument', __( "Username isn't editable." ), array( 'status' => 400 ) ); 653 } 654 655 if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { 656 return new WP_Error( 'rest_user_invalid_slug', __( 'Invalid slug.' ), array( 'status' => 400 ) ); 657 } 658 659 if ( ! empty( $request['roles'] ) ) { 660 $check_permission = $this->check_role_update( $id, $request['roles'] ); 661 662 if ( is_wp_error( $check_permission ) ) { 663 return $check_permission; 664 } 665 } 666 667 $user = $this->prepare_item_for_database( $request ); 668 669 // Ensure we're operating on the same user we already checked. 670 $user->ID = $id; 671 672 $user_id = wp_update_user( wp_slash( (array) $user ) ); 673 674 if ( is_wp_error( $user_id ) ) { 675 return $user_id; 676 } 677 678 $user = get_user_by( 'id', $user_id ); 679 680 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 681 do_action( 'rest_insert_user', $user, $request, false ); 682 683 if ( ! empty( $request['roles'] ) ) { 684 array_map( array( $user, 'add_role' ), $request['roles'] ); 685 } 686 687 $schema = $this->get_item_schema(); 688 689 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 690 $meta_update = $this->meta->update_value( $request['meta'], $id ); 691 692 if ( is_wp_error( $meta_update ) ) { 693 return $meta_update; 694 } 695 } 696 697 $user = get_user_by( 'id', $user_id ); 698 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 699 700 if ( is_wp_error( $fields_update ) ) { 701 return $fields_update; 702 } 703 704 $request->set_param( 'context', 'edit' ); 705 706 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 707 do_action( 'rest_after_insert_user', $user, $request, false ); 708 709 $response = $this->prepare_item_for_response( $user, $request ); 710 $response = rest_ensure_response( $response ); 711 712 return $response; 713 } 714 715 /** 716 * Checks if a given request has access to update the current user. 717 * 718 * @since 4.7.0 719 * 720 * @param WP_REST_Request $request Full details about the request. 721 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 722 */ 723 public function update_current_item_permissions_check( $request ) { 724 $request['id'] = get_current_user_id(); 725 726 return $this->update_item_permissions_check( $request ); 727 } 728 729 /** 730 * Updates the current user. 731 * 732 * @since 4.7.0 733 * 734 * @param WP_REST_Request $request Full details about the request. 735 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 736 */ 737 public function update_current_item( $request ) { 738 $request['id'] = get_current_user_id(); 739 740 return $this->update_item( $request ); 741 } 742 743 /** 744 * Checks if a given request has access delete a user. 745 * 746 * @since 4.7.0 747 * 748 * @param WP_REST_Request $request Full details about the request. 749 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 750 */ 751 public function delete_item_permissions_check( $request ) { 752 $user = $this->get_user( $request['id'] ); 753 if ( is_wp_error( $user ) ) { 754 return $user; 755 } 756 757 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 758 return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); 759 } 760 761 return true; 762 } 763 764 /** 765 * Deletes a single user. 766 * 767 * @since 4.7.0 768 * 769 * @param WP_REST_Request $request Full details about the request. 770 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 771 */ 772 public function delete_item( $request ) { 773 // We don't support delete requests in multisite. 774 if ( is_multisite() ) { 775 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) ); 776 } 777 $user = $this->get_user( $request['id'] ); 778 if ( is_wp_error( $user ) ) { 779 return $user; 780 } 781 782 $id = $user->ID; 783 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 784 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 785 786 // We don't support trashing for users. 787 if ( ! $force ) { 788 /* translators: %s: force=true */ 789 return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); 790 } 791 792 if ( ! empty( $reassign ) ) { 793 if ( $reassign === $id || ! get_userdata( $reassign ) ) { 794 return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) ); 795 } 796 } 797 798 $request->set_param( 'context', 'edit' ); 799 800 $previous = $this->prepare_item_for_response( $user, $request ); 801 802 /** Include admin user functions to get access to wp_delete_user() */ 803 require_once ABSPATH . 'wp-admin/includes/user.php'; 804 805 $result = wp_delete_user( $id, $reassign ); 806 807 if ( ! $result ) { 808 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) ); 809 } 810 811 $response = new WP_REST_Response(); 812 $response->set_data( 813 array( 814 'deleted' => true, 815 'previous' => $previous->get_data(), 816 ) 817 ); 818 819 /** 820 * Fires immediately after a user is deleted via the REST API. 821 * 822 * @since 4.7.0 823 * 824 * @param WP_User $user The user data. 825 * @param WP_REST_Response $response The response returned from the API. 826 * @param WP_REST_Request $request The request sent to the API. 827 */ 828 do_action( 'rest_delete_user', $user, $response, $request ); 829 830 return $response; 831 } 832 833 /** 834 * Checks if a given request has access to delete the current user. 835 * 836 * @since 4.7.0 837 * 838 * @param WP_REST_Request $request Full details about the request. 839 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 840 */ 841 public function delete_current_item_permissions_check( $request ) { 842 $request['id'] = get_current_user_id(); 843 844 return $this->delete_item_permissions_check( $request ); 845 } 846 847 /** 848 * Deletes the current user. 849 * 850 * @since 4.7.0 851 * 852 * @param WP_REST_Request $request Full details about the request. 853 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 854 */ 855 public function delete_current_item( $request ) { 856 $request['id'] = get_current_user_id(); 857 858 return $this->delete_item( $request ); 859 } 860 861 /** 862 * Prepares a single user output for response. 863 * 864 * @since 4.7.0 865 * 866 * @param WP_User $user User object. 867 * @param WP_REST_Request $request Request object. 868 * @return WP_REST_Response Response object. 869 */ 870 public function prepare_item_for_response( $user, $request ) { 871 872 $data = array(); 873 $fields = $this->get_fields_for_response( $request ); 874 875 if ( in_array( 'id', $fields, true ) ) { 876 $data['id'] = $user->ID; 877 } 878 879 if ( in_array( 'username', $fields, true ) ) { 880 $data['username'] = $user->user_login; 881 } 882 883 if ( in_array( 'name', $fields, true ) ) { 884 $data['name'] = $user->display_name; 885 } 886 887 if ( in_array( 'first_name', $fields, true ) ) { 888 $data['first_name'] = $user->first_name; 889 } 890 891 if ( in_array( 'last_name', $fields, true ) ) { 892 $data['last_name'] = $user->last_name; 893 } 894 895 if ( in_array( 'email', $fields, true ) ) { 896 $data['email'] = $user->user_email; 897 } 898 899 if ( in_array( 'url', $fields, true ) ) { 900 $data['url'] = $user->user_url; 901 } 902 903 if ( in_array( 'description', $fields, true ) ) { 904 $data['description'] = $user->description; 905 } 906 907 if ( in_array( 'link', $fields, true ) ) { 908 $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename ); 909 } 910 911 if ( in_array( 'locale', $fields, true ) ) { 912 $data['locale'] = get_user_locale( $user ); 913 } 914 915 if ( in_array( 'nickname', $fields, true ) ) { 916 $data['nickname'] = $user->nickname; 917 } 918 919 if ( in_array( 'slug', $fields, true ) ) { 920 $data['slug'] = $user->user_nicename; 921 } 922 923 if ( in_array( 'roles', $fields, true ) ) { 924 // Defensively call array_values() to ensure an array is returned. 925 $data['roles'] = array_values( $user->roles ); 926 } 927 928 if ( in_array( 'registered_date', $fields, true ) ) { 929 $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) ); 930 } 931 932 if ( in_array( 'capabilities', $fields, true ) ) { 933 $data['capabilities'] = (object) $user->allcaps; 934 } 935 936 if ( in_array( 'extra_capabilities', $fields, true ) ) { 937 $data['extra_capabilities'] = (object) $user->caps; 938 } 939 940 if ( in_array( 'avatar_urls', $fields, true ) ) { 941 $data['avatar_urls'] = rest_get_avatar_urls( $user ); 942 } 943 944 if ( in_array( 'meta', $fields, true ) ) { 945 $data['meta'] = $this->meta->get_value( $user->ID, $request ); 946 } 947 948 $context = ! empty( $request['context'] ) ? $request['context'] : 'embed'; 949 950 $data = $this->add_additional_fields_to_object( $data, $request ); 951 $data = $this->filter_response_by_context( $data, $context ); 952 953 // Wrap the data in a response object. 954 $response = rest_ensure_response( $data ); 955 956 $response->add_links( $this->prepare_links( $user ) ); 957 958 /** 959 * Filters user data returned from the REST API. 960 * 961 * @since 4.7.0 962 * 963 * @param WP_REST_Response $response The response object. 964 * @param object $user User object used to create response. 965 * @param WP_REST_Request $request Request object. 966 */ 967 return apply_filters( 'rest_prepare_user', $response, $user, $request ); 968 } 969 970 /** 971 * Prepares links for the user request. 972 * 973 * @since 4.7.0 974 * 975 * @param WP_Post $user User object. 976 * @return array Links for the given user. 977 */ 978 protected function prepare_links( $user ) { 979 $links = array( 980 'self' => array( 981 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ), 982 ), 983 'collection' => array( 984 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), 985 ), 986 ); 987 988 return $links; 989 } 990 991 /** 992 * Prepares a single user for creation or update. 993 * 994 * @since 4.7.0 995 * 996 * @param WP_REST_Request $request Request object. 997 * @return object $prepared_user User object. 998 */ 999 protected function prepare_item_for_database( $request ) { 1000 $prepared_user = new stdClass; 1001 1002 $schema = $this->get_item_schema(); 1003 1004 // required arguments. 1005 if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) { 1006 $prepared_user->user_email = $request['email']; 1007 } 1008 1009 if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) { 1010 $prepared_user->user_login = $request['username']; 1011 } 1012 1013 if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) { 1014 $prepared_user->user_pass = $request['password']; 1015 } 1016 1017 // optional arguments. 1018 if ( isset( $request['id'] ) ) { 1019 $prepared_user->ID = absint( $request['id'] ); 1020 } 1021 1022 if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) { 1023 $prepared_user->display_name = $request['name']; 1024 } 1025 1026 if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) { 1027 $prepared_user->first_name = $request['first_name']; 1028 } 1029 1030 if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) { 1031 $prepared_user->last_name = $request['last_name']; 1032 } 1033 1034 if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) { 1035 $prepared_user->nickname = $request['nickname']; 1036 } 1037 1038 if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) { 1039 $prepared_user->user_nicename = $request['slug']; 1040 } 1041 1042 if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) { 1043 $prepared_user->description = $request['description']; 1044 } 1045 1046 if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) { 1047 $prepared_user->user_url = $request['url']; 1048 } 1049 1050 if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) { 1051 $prepared_user->locale = $request['locale']; 1052 } 1053 1054 // setting roles will be handled outside of this function. 1055 if ( isset( $request['roles'] ) ) { 1056 $prepared_user->role = false; 1057 } 1058 1059 /** 1060 * Filters user data before insertion via the REST API. 1061 * 1062 * @since 4.7.0 1063 * 1064 * @param object $prepared_user User object. 1065 * @param WP_REST_Request $request Request object. 1066 */ 1067 return apply_filters( 'rest_pre_insert_user', $prepared_user, $request ); 1068 } 1069 1070 /** 1071 * Determines if the current user is allowed to make the desired roles change. 1072 * 1073 * @since 4.7.0 1074 * 1075 * @param integer $user_id User ID. 1076 * @param array $roles New user roles. 1077 * @return true|WP_Error True if the current user is allowed to make the role change, 1078 * otherwise a WP_Error object. 1079 */ 1080 protected function check_role_update( $user_id, $roles ) { 1081 global $wp_roles; 1082 1083 foreach ( $roles as $role ) { 1084 1085 if ( ! isset( $wp_roles->role_objects[ $role ] ) ) { 1086 /* translators: %s: Role key. */ 1087 return new WP_Error( 'rest_user_invalid_role', sprintf( __( 'The role %s does not exist.' ), $role ), array( 'status' => 400 ) ); 1088 } 1089 1090 $potential_role = $wp_roles->role_objects[ $role ]; 1091 1092 /* 1093 * Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 1094 * Multisite super admins can freely edit their blog roles -- they possess all caps. 1095 */ 1096 if ( ! ( is_multisite() 1097 && current_user_can( 'manage_sites' ) ) 1098 && get_current_user_id() === $user_id 1099 && ! $potential_role->has_cap( 'edit_users' ) 1100 ) { 1101 return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => rest_authorization_required_code() ) ); 1102 } 1103 1104 /** Include admin functions to get access to get_editable_roles() */ 1105 require_once ABSPATH . 'wp-admin/includes/admin.php'; 1106 1107 // The new role must be editable by the logged-in user. 1108 $editable_roles = get_editable_roles(); 1109 1110 if ( empty( $editable_roles[ $role ] ) ) { 1111 return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => 403 ) ); 1112 } 1113 } 1114 1115 return true; 1116 } 1117 1118 /** 1119 * Check a username for the REST API. 1120 * 1121 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1122 * 1123 * @since 4.7.0 1124 * 1125 * @param mixed $value The username submitted in the request. 1126 * @param WP_REST_Request $request Full details about the request. 1127 * @param string $param The parameter name. 1128 * @return string|WP_Error The sanitized username, if valid, otherwise an error. 1129 */ 1130 public function check_username( $value, $request, $param ) { 1131 $username = (string) $value; 1132 1133 if ( ! validate_username( $username ) ) { 1134 return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) ); 1135 } 1136 1137 /** This filter is documented in wp-includes/user.php */ 1138 $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); 1139 1140 if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ) ) ) { 1141 return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) ); 1142 } 1143 1144 return $username; 1145 } 1146 1147 /** 1148 * Check a user password for the REST API. 1149 * 1150 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1151 * 1152 * @since 4.7.0 1153 * 1154 * @param mixed $value The password submitted in the request. 1155 * @param WP_REST_Request $request Full details about the request. 1156 * @param string $param The parameter name. 1157 * @return string|WP_Error The sanitized password, if valid, otherwise an error. 1158 */ 1159 public function check_user_password( $value, $request, $param ) { 1160 $password = (string) $value; 1161 1162 if ( empty( $password ) ) { 1163 return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) ); 1164 } 1165 1166 if ( false !== strpos( $password, '\\' ) ) { 1167 return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot contain the "\\" character.' ), array( 'status' => 400 ) ); 1168 } 1169 1170 return $password; 1171 } 1172 1173 /** 1174 * Retrieves the user's schema, conforming to JSON Schema. 1175 * 1176 * @since 4.7.0 1177 * 1178 * @return array Item schema data. 1179 */ 1180 public function get_item_schema() { 1181 if ( $this->schema ) { 1182 return $this->add_additional_fields_schema( $this->schema ); 1183 } 1184 1185 $schema = array( 1186 '$schema' => 'http://json-schema.org/draft-04/schema#', 1187 'title' => 'user', 1188 'type' => 'object', 1189 'properties' => array( 1190 'id' => array( 1191 'description' => __( 'Unique identifier for the user.' ), 1192 'type' => 'integer', 1193 'context' => array( 'embed', 'view', 'edit' ), 1194 'readonly' => true, 1195 ), 1196 'username' => array( 1197 'description' => __( 'Login name for the user.' ), 1198 'type' => 'string', 1199 'context' => array( 'edit' ), 1200 'required' => true, 1201 'arg_options' => array( 1202 'sanitize_callback' => array( $this, 'check_username' ), 1203 ), 1204 ), 1205 'name' => array( 1206 'description' => __( 'Display name for the user.' ), 1207 'type' => 'string', 1208 'context' => array( 'embed', 'view', 'edit' ), 1209 'arg_options' => array( 1210 'sanitize_callback' => 'sanitize_text_field', 1211 ), 1212 ), 1213 'first_name' => array( 1214 'description' => __( 'First name for the user.' ), 1215 'type' => 'string', 1216 'context' => array( 'edit' ), 1217 'arg_options' => array( 1218 'sanitize_callback' => 'sanitize_text_field', 1219 ), 1220 ), 1221 'last_name' => array( 1222 'description' => __( 'Last name for the user.' ), 1223 'type' => 'string', 1224 'context' => array( 'edit' ), 1225 'arg_options' => array( 1226 'sanitize_callback' => 'sanitize_text_field', 1227 ), 1228 ), 1229 'email' => array( 1230 'description' => __( 'The email address for the user.' ), 1231 'type' => 'string', 1232 'format' => 'email', 1233 'context' => array( 'edit' ), 1234 'required' => true, 1235 ), 1236 'url' => array( 1237 'description' => __( 'URL of the user.' ), 1238 'type' => 'string', 1239 'format' => 'uri', 1240 'context' => array( 'embed', 'view', 'edit' ), 1241 ), 1242 'description' => array( 1243 'description' => __( 'Description of the user.' ), 1244 'type' => 'string', 1245 'context' => array( 'embed', 'view', 'edit' ), 1246 ), 1247 'link' => array( 1248 'description' => __( 'Author URL of the user.' ), 1249 'type' => 'string', 1250 'format' => 'uri', 1251 'context' => array( 'embed', 'view', 'edit' ), 1252 'readonly' => true, 1253 ), 1254 'locale' => array( 1255 'description' => __( 'Locale for the user.' ), 1256 'type' => 'string', 1257 'enum' => array_merge( array( '', 'en_US' ), get_available_languages() ), 1258 'context' => array( 'edit' ), 1259 ), 1260 'nickname' => array( 1261 'description' => __( 'The nickname for the user.' ), 1262 'type' => 'string', 1263 'context' => array( 'edit' ), 1264 'arg_options' => array( 1265 'sanitize_callback' => 'sanitize_text_field', 1266 ), 1267 ), 1268 'slug' => array( 1269 'description' => __( 'An alphanumeric identifier for the user.' ), 1270 'type' => 'string', 1271 'context' => array( 'embed', 'view', 'edit' ), 1272 'arg_options' => array( 1273 'sanitize_callback' => array( $this, 'sanitize_slug' ), 1274 ), 1275 ), 1276 'registered_date' => array( 1277 'description' => __( 'Registration date for the user.' ), 1278 'type' => 'string', 1279 'format' => 'date-time', 1280 'context' => array( 'edit' ), 1281 'readonly' => true, 1282 ), 1283 'roles' => array( 1284 'description' => __( 'Roles assigned to the user.' ), 1285 'type' => 'array', 1286 'items' => array( 1287 'type' => 'string', 1288 ), 1289 'context' => array( 'edit' ), 1290 ), 1291 'password' => array( 1292 'description' => __( 'Password for the user (never included).' ), 1293 'type' => 'string', 1294 'context' => array(), // Password is never displayed. 1295 'required' => true, 1296 'arg_options' => array( 1297 'sanitize_callback' => array( $this, 'check_user_password' ), 1298 ), 1299 ), 1300 'capabilities' => array( 1301 'description' => __( 'All capabilities assigned to the user.' ), 1302 'type' => 'object', 1303 'context' => array( 'edit' ), 1304 'readonly' => true, 1305 ), 1306 'extra_capabilities' => array( 1307 'description' => __( 'Any extra capabilities assigned to the user.' ), 1308 'type' => 'object', 1309 'context' => array( 'edit' ), 1310 'readonly' => true, 1311 ), 1312 ), 1313 ); 1314 1315 if ( get_option( 'show_avatars' ) ) { 1316 $avatar_properties = array(); 1317 1318 $avatar_sizes = rest_get_avatar_sizes(); 1319 1320 foreach ( $avatar_sizes as $size ) { 1321 $avatar_properties[ $size ] = array( 1322 /* translators: %d: Avatar image size in pixels. */ 1323 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), 1324 'type' => 'string', 1325 'format' => 'uri', 1326 'context' => array( 'embed', 'view', 'edit' ), 1327 ); 1328 } 1329 1330 $schema['properties']['avatar_urls'] = array( 1331 'description' => __( 'Avatar URLs for the user.' ), 1332 'type' => 'object', 1333 'context' => array( 'embed', 'view', 'edit' ), 1334 'readonly' => true, 1335 'properties' => $avatar_properties, 1336 ); 1337 } 1338 1339 $schema['properties']['meta'] = $this->meta->get_field_schema(); 1340 1341 $this->schema = $schema; 1342 return $this->add_additional_fields_schema( $this->schema ); 1343 } 1344 1345 /** 1346 * Retrieves the query params for collections. 1347 * 1348 * @since 4.7.0 1349 * 1350 * @return array Collection parameters. 1351 */ 1352 public function get_collection_params() { 1353 $query_params = parent::get_collection_params(); 1354 1355 $query_params['context']['default'] = 'view'; 1356 1357 $query_params['exclude'] = array( 1358 'description' => __( 'Ensure result set excludes specific IDs.' ), 1359 'type' => 'array', 1360 'items' => array( 1361 'type' => 'integer', 1362 ), 1363 'default' => array(), 1364 ); 1365 1366 $query_params['include'] = array( 1367 'description' => __( 'Limit result set to specific IDs.' ), 1368 'type' => 'array', 1369 'items' => array( 1370 'type' => 'integer', 1371 ), 1372 'default' => array(), 1373 ); 1374 1375 $query_params['offset'] = array( 1376 'description' => __( 'Offset the result set by a specific number of items.' ), 1377 'type' => 'integer', 1378 ); 1379 1380 $query_params['order'] = array( 1381 'default' => 'asc', 1382 'description' => __( 'Order sort attribute ascending or descending.' ), 1383 'enum' => array( 'asc', 'desc' ), 1384 'type' => 'string', 1385 ); 1386 1387 $query_params['orderby'] = array( 1388 'default' => 'name', 1389 'description' => __( 'Sort collection by object attribute.' ), 1390 'enum' => array( 1391 'id', 1392 'include', 1393 'name', 1394 'registered_date', 1395 'slug', 1396 'include_slugs', 1397 'email', 1398 'url', 1399 ), 1400 'type' => 'string', 1401 ); 1402 1403 $query_params['slug'] = array( 1404 'description' => __( 'Limit result set to users with one or more specific slugs.' ), 1405 'type' => 'array', 1406 'items' => array( 1407 'type' => 'string', 1408 ), 1409 ); 1410 1411 $query_params['roles'] = array( 1412 'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ), 1413 'type' => 'array', 1414 'items' => array( 1415 'type' => 'string', 1416 ), 1417 ); 1418 1419 $query_params['who'] = array( 1420 'description' => __( 'Limit result set to users who are considered authors.' ), 1421 'type' => 'string', 1422 'enum' => array( 1423 'authors', 1424 ), 1425 ); 1426 1427 /** 1428 * Filter collection parameters for the users controller. 1429 * 1430 * This filter registers the collection parameter, but does not map the 1431 * collection parameter to an internal WP_User_Query parameter. Use the 1432 * `rest_user_query` filter to set WP_User_Query arguments. 1433 * 1434 * @since 4.7.0 1435 * 1436 * @param array $query_params JSON Schema-formatted collection parameters. 1437 */ 1438 return apply_filters( 'rest_user_collection_params', $query_params ); 1439 } 1440 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Tue Nov 19 01:00:03 2019 | Cross-referenced by PHPXref 0.7.1 |