| [ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * REST API: WP_REST_Users_Controller class 4 * 5 * @package WordPress 6 * @subpackage REST_API 7 * @since 4.7.0 8 */ 9 10 /** 11 * Core class used to manage users via the REST API. 12 * 13 * @since 4.7.0 14 * 15 * @see WP_REST_Controller 16 */ 17 class WP_REST_Users_Controller extends WP_REST_Controller { 18 19 /** 20 * Instance of a user meta fields object. 21 * 22 * @since 4.7.0 23 * @var WP_REST_User_Meta_Fields 24 */ 25 protected $meta; 26 27 /** 28 * Constructor. 29 * 30 * @since 4.7.0 31 */ 32 public function __construct() { 33 $this->namespace = 'wp/v2'; 34 $this->rest_base = 'users'; 35 36 $this->meta = new WP_REST_User_Meta_Fields(); 37 } 38 39 /** 40 * Registers the routes for users. 41 * 42 * @since 4.7.0 43 * 44 * @see register_rest_route() 45 */ 46 public function register_routes() { 47 48 register_rest_route( 49 $this->namespace, 50 '/' . $this->rest_base, 51 array( 52 array( 53 'methods' => WP_REST_Server::READABLE, 54 'callback' => array( $this, 'get_items' ), 55 'permission_callback' => array( $this, 'get_items_permissions_check' ), 56 'args' => $this->get_collection_params(), 57 ), 58 array( 59 'methods' => WP_REST_Server::CREATABLE, 60 'callback' => array( $this, 'create_item' ), 61 'permission_callback' => array( $this, 'create_item_permissions_check' ), 62 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), 63 ), 64 'schema' => array( $this, 'get_public_item_schema' ), 65 ) 66 ); 67 68 register_rest_route( 69 $this->namespace, 70 '/' . $this->rest_base . '/(?P<id>[\d]+)', 71 array( 72 'args' => array( 73 'id' => array( 74 'description' => __( 'Unique identifier for the user.' ), 75 'type' => 'integer', 76 ), 77 ), 78 array( 79 'methods' => WP_REST_Server::READABLE, 80 'callback' => array( $this, 'get_item' ), 81 'permission_callback' => array( $this, 'get_item_permissions_check' ), 82 'args' => array( 83 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 84 ), 85 ), 86 array( 87 'methods' => WP_REST_Server::EDITABLE, 88 'callback' => array( $this, 'update_item' ), 89 'permission_callback' => array( $this, 'update_item_permissions_check' ), 90 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 91 ), 92 array( 93 'methods' => WP_REST_Server::DELETABLE, 94 'callback' => array( $this, 'delete_item' ), 95 'permission_callback' => array( $this, 'delete_item_permissions_check' ), 96 'args' => array( 97 'force' => array( 98 'type' => 'boolean', 99 'default' => false, 100 'description' => __( 'Required to be true, as users do not support trashing.' ), 101 ), 102 'reassign' => array( 103 'type' => 'integer', 104 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 105 'required' => true, 106 'sanitize_callback' => array( $this, 'check_reassign' ), 107 ), 108 ), 109 ), 110 'schema' => array( $this, 'get_public_item_schema' ), 111 ) 112 ); 113 114 register_rest_route( 115 $this->namespace, 116 '/' . $this->rest_base . '/me', 117 array( 118 array( 119 'methods' => WP_REST_Server::READABLE, 120 'permission_callback' => '__return_true', 121 'callback' => array( $this, 'get_current_item' ), 122 'args' => array( 123 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 124 ), 125 ), 126 array( 127 'methods' => WP_REST_Server::EDITABLE, 128 'callback' => array( $this, 'update_current_item' ), 129 'permission_callback' => array( $this, 'update_current_item_permissions_check' ), 130 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 131 ), 132 array( 133 'methods' => WP_REST_Server::DELETABLE, 134 'callback' => array( $this, 'delete_current_item' ), 135 'permission_callback' => array( $this, 'delete_current_item_permissions_check' ), 136 'args' => array( 137 'force' => array( 138 'type' => 'boolean', 139 'default' => false, 140 'description' => __( 'Required to be true, as users do not support trashing.' ), 141 ), 142 'reassign' => array( 143 'type' => 'integer', 144 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 145 'required' => true, 146 'sanitize_callback' => array( $this, 'check_reassign' ), 147 ), 148 ), 149 ), 150 'schema' => array( $this, 'get_public_item_schema' ), 151 ) 152 ); 153 } 154 155 /** 156 * Checks for a valid value for the reassign parameter when deleting users. 157 * 158 * The value can be an integer, 'false', false, or ''. 159 * 160 * @since 4.7.0 161 * 162 * @param int|bool $value The value passed to the reassign parameter. 163 * @param WP_REST_Request $request Full details about the request. 164 * @param string $param The parameter that is being sanitized. 165 * @return int|bool|WP_Error 166 */ 167 public function check_reassign( $value, $request, $param ) { 168 if ( is_numeric( $value ) ) { 169 return $value; 170 } 171 172 if ( empty( $value ) || false === $value || 'false' === $value ) { 173 return false; 174 } 175 176 return new WP_Error( 177 'rest_invalid_param', 178 __( 'Invalid user parameter(s).' ), 179 array( 'status' => 400 ) 180 ); 181 } 182 183 /** 184 * Permissions check for getting all users. 185 * 186 * @since 4.7.0 187 * 188 * @param WP_REST_Request $request Full details about the request. 189 * @return true|WP_Error True if the request has read access, otherwise WP_Error object. 190 */ 191 public function get_items_permissions_check( $request ) { 192 // Check if roles is specified in GET request and if user can list users. 193 if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) { 194 return new WP_Error( 195 'rest_user_cannot_view', 196 __( 'Sorry, you are not allowed to filter users by role.' ), 197 array( 'status' => rest_authorization_required_code() ) 198 ); 199 } 200 201 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 202 return new WP_Error( 203 'rest_forbidden_context', 204 __( 'Sorry, you are not allowed to list users.' ), 205 array( 'status' => rest_authorization_required_code() ) 206 ); 207 } 208 209 if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) { 210 return new WP_Error( 211 'rest_forbidden_orderby', 212 __( 'Sorry, you are not allowed to order users by this parameter.' ), 213 array( 'status' => rest_authorization_required_code() ) 214 ); 215 } 216 217 if ( 'authors' === $request['who'] ) { 218 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 219 220 foreach ( $types as $type ) { 221 if ( post_type_supports( $type->name, 'author' ) 222 && current_user_can( $type->cap->edit_posts ) ) { 223 return true; 224 } 225 } 226 227 return new WP_Error( 228 'rest_forbidden_who', 229 __( 'Sorry, you are not allowed to query users by this parameter.' ), 230 array( 'status' => rest_authorization_required_code() ) 231 ); 232 } 233 234 return true; 235 } 236 237 /** 238 * Retrieves all users. 239 * 240 * @since 4.7.0 241 * 242 * @param WP_REST_Request $request Full details about the request. 243 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 244 */ 245 public function get_items( $request ) { 246 247 // Retrieve the list of registered collection query parameters. 248 $registered = $this->get_collection_params(); 249 250 /* 251 * This array defines mappings between public API query parameters whose 252 * values are accepted as-passed, and their internal WP_Query parameter 253 * name equivalents (some are the same). Only values which are also 254 * present in $registered will be set. 255 */ 256 $parameter_mappings = array( 257 'exclude' => 'exclude', 258 'include' => 'include', 259 'order' => 'order', 260 'per_page' => 'number', 261 'search' => 'search', 262 'roles' => 'role__in', 263 'slug' => 'nicename__in', 264 ); 265 266 $prepared_args = array(); 267 268 /* 269 * For each known parameter which is both registered and present in the request, 270 * set the parameter's value on the query $prepared_args. 271 */ 272 foreach ( $parameter_mappings as $api_param => $wp_param ) { 273 if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { 274 $prepared_args[ $wp_param ] = $request[ $api_param ]; 275 } 276 } 277 278 if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) { 279 $prepared_args['offset'] = $request['offset']; 280 } else { 281 $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number']; 282 } 283 284 if ( isset( $registered['orderby'] ) ) { 285 $orderby_possibles = array( 286 'id' => 'ID', 287 'include' => 'include', 288 'name' => 'display_name', 289 'registered_date' => 'registered', 290 'slug' => 'user_nicename', 291 'include_slugs' => 'nicename__in', 292 'email' => 'user_email', 293 'url' => 'user_url', 294 ); 295 $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ]; 296 } 297 298 if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { 299 $prepared_args['who'] = 'authors'; 300 } elseif ( ! current_user_can( 'list_users' ) ) { 301 $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); 302 } 303 304 if ( ! empty( $prepared_args['search'] ) ) { 305 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; 306 } 307 /** 308 * Filters WP_User_Query arguments when querying users via the REST API. 309 * 310 * @link https://developer.wordpress.org/reference/classes/wp_user_query/ 311 * 312 * @since 4.7.0 313 * 314 * @param array $prepared_args Array of arguments for WP_User_Query. 315 * @param WP_REST_Request $request The REST API request. 316 */ 317 $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request ); 318 319 $query = new WP_User_Query( $prepared_args ); 320 321 $users = array(); 322 323 foreach ( $query->results as $user ) { 324 $data = $this->prepare_item_for_response( $user, $request ); 325 $users[] = $this->prepare_response_for_collection( $data ); 326 } 327 328 $response = rest_ensure_response( $users ); 329 330 // Store pagination values for headers then unset for count query. 331 $per_page = (int) $prepared_args['number']; 332 $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); 333 334 $prepared_args['fields'] = 'ID'; 335 336 $total_users = $query->get_total(); 337 338 if ( $total_users < 1 ) { 339 // Out-of-bounds, run the query again without LIMIT for total count. 340 unset( $prepared_args['number'], $prepared_args['offset'] ); 341 $count_query = new WP_User_Query( $prepared_args ); 342 $total_users = $count_query->get_total(); 343 } 344 345 $response->header( 'X-WP-Total', (int) $total_users ); 346 347 $max_pages = ceil( $total_users / $per_page ); 348 349 $response->header( 'X-WP-TotalPages', (int) $max_pages ); 350 351 $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); 352 if ( $page > 1 ) { 353 $prev_page = $page - 1; 354 355 if ( $prev_page > $max_pages ) { 356 $prev_page = $max_pages; 357 } 358 359 $prev_link = add_query_arg( 'page', $prev_page, $base ); 360 $response->link_header( 'prev', $prev_link ); 361 } 362 if ( $max_pages > $page ) { 363 $next_page = $page + 1; 364 $next_link = add_query_arg( 'page', $next_page, $base ); 365 366 $response->link_header( 'next', $next_link ); 367 } 368 369 return $response; 370 } 371 372 /** 373 * Get the user, if the ID is valid. 374 * 375 * @since 4.7.2 376 * 377 * @param int $id Supplied ID. 378 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 379 */ 380 protected function get_user( $id ) { 381 $error = new WP_Error( 382 'rest_user_invalid_id', 383 __( 'Invalid user ID.' ), 384 array( 'status' => 404 ) 385 ); 386 387 if ( (int) $id <= 0 ) { 388 return $error; 389 } 390 391 $user = get_userdata( (int) $id ); 392 if ( empty( $user ) || ! $user->exists() ) { 393 return $error; 394 } 395 396 if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) { 397 return $error; 398 } 399 400 return $user; 401 } 402 403 /** 404 * Checks if a given request has access to read a user. 405 * 406 * @since 4.7.0 407 * 408 * @param WP_REST_Request $request Full details about the request. 409 * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object. 410 */ 411 public function get_item_permissions_check( $request ) { 412 $user = $this->get_user( $request['id'] ); 413 if ( is_wp_error( $user ) ) { 414 return $user; 415 } 416 417 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 418 419 if ( get_current_user_id() === $user->ID ) { 420 return true; 421 } 422 423 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 424 return new WP_Error( 425 'rest_user_cannot_view', 426 __( 'Sorry, you are not allowed to list users.' ), 427 array( 'status' => rest_authorization_required_code() ) 428 ); 429 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 430 return new WP_Error( 431 'rest_user_cannot_view', 432 __( 'Sorry, you are not allowed to list users.' ), 433 array( 'status' => rest_authorization_required_code() ) 434 ); 435 } 436 437 return true; 438 } 439 440 /** 441 * Retrieves a single user. 442 * 443 * @since 4.7.0 444 * 445 * @param WP_REST_Request $request Full details about the request. 446 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 447 */ 448 public function get_item( $request ) { 449 $user = $this->get_user( $request['id'] ); 450 if ( is_wp_error( $user ) ) { 451 return $user; 452 } 453 454 $user = $this->prepare_item_for_response( $user, $request ); 455 $response = rest_ensure_response( $user ); 456 457 return $response; 458 } 459 460 /** 461 * Retrieves the current user. 462 * 463 * @since 4.7.0 464 * 465 * @param WP_REST_Request $request Full details about the request. 466 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 467 */ 468 public function get_current_item( $request ) { 469 $current_user_id = get_current_user_id(); 470 471 if ( empty( $current_user_id ) ) { 472 return new WP_Error( 473 'rest_not_logged_in', 474 __( 'You are not currently logged in.' ), 475 array( 'status' => 401 ) 476 ); 477 } 478 479 $user = wp_get_current_user(); 480 $response = $this->prepare_item_for_response( $user, $request ); 481 $response = rest_ensure_response( $response ); 482 483 return $response; 484 } 485 486 /** 487 * Checks if a given request has access create users. 488 * 489 * @since 4.7.0 490 * 491 * @param WP_REST_Request $request Full details about the request. 492 * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. 493 */ 494 public function create_item_permissions_check( $request ) { 495 496 if ( ! current_user_can( 'create_users' ) ) { 497 return new WP_Error( 498 'rest_cannot_create_user', 499 __( 'Sorry, you are not allowed to create new users.' ), 500 array( 'status' => rest_authorization_required_code() ) 501 ); 502 } 503 504 return true; 505 } 506 507 /** 508 * Creates a single user. 509 * 510 * @since 4.7.0 511 * 512 * @param WP_REST_Request $request Full details about the request. 513 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 514 */ 515 public function create_item( $request ) { 516 if ( ! empty( $request['id'] ) ) { 517 return new WP_Error( 518 'rest_user_exists', 519 __( 'Cannot create existing user.' ), 520 array( 'status' => 400 ) 521 ); 522 } 523 524 $schema = $this->get_item_schema(); 525 526 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 527 $check_permission = $this->check_role_update( $request['id'], $request['roles'] ); 528 529 if ( is_wp_error( $check_permission ) ) { 530 return $check_permission; 531 } 532 } 533 534 $user = $this->prepare_item_for_database( $request ); 535 536 if ( is_multisite() ) { 537 $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email ); 538 539 if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) { 540 $error = new WP_Error( 541 'rest_invalid_param', 542 __( 'Invalid user parameter(s).' ), 543 array( 'status' => 400 ) 544 ); 545 546 foreach ( $ret['errors']->errors as $code => $messages ) { 547 foreach ( $messages as $message ) { 548 $error->add( $code, $message ); 549 } 550 551 $error_data = $error->get_error_data( $code ); 552 553 if ( $error_data ) { 554 $error->add_data( $error_data, $code ); 555 } 556 } 557 return $error; 558 } 559 } 560 561 if ( is_multisite() ) { 562 $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email ); 563 564 if ( ! $user_id ) { 565 return new WP_Error( 566 'rest_user_create', 567 __( 'Error creating new user.' ), 568 array( 'status' => 500 ) 569 ); 570 } 571 572 $user->ID = $user_id; 573 $user_id = wp_update_user( wp_slash( (array) $user ) ); 574 575 if ( is_wp_error( $user_id ) ) { 576 return $user_id; 577 } 578 579 $result = add_user_to_blog( get_site()->id, $user_id, '' ); 580 if ( is_wp_error( $result ) ) { 581 return $result; 582 } 583 } else { 584 $user_id = wp_insert_user( wp_slash( (array) $user ) ); 585 586 if ( is_wp_error( $user_id ) ) { 587 return $user_id; 588 } 589 } 590 591 $user = get_user_by( 'id', $user_id ); 592 593 /** 594 * Fires immediately after a user is created or updated via the REST API. 595 * 596 * @since 4.7.0 597 * 598 * @param WP_User $user Inserted or updated user object. 599 * @param WP_REST_Request $request Request object. 600 * @param bool $creating True when creating a user, false when updating. 601 */ 602 do_action( 'rest_insert_user', $user, $request, true ); 603 604 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 605 array_map( array( $user, 'add_role' ), $request['roles'] ); 606 } 607 608 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 609 $meta_update = $this->meta->update_value( $request['meta'], $user_id ); 610 611 if ( is_wp_error( $meta_update ) ) { 612 return $meta_update; 613 } 614 } 615 616 $user = get_user_by( 'id', $user_id ); 617 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 618 619 if ( is_wp_error( $fields_update ) ) { 620 return $fields_update; 621 } 622 623 $request->set_param( 'context', 'edit' ); 624 625 /** 626 * Fires after a user is completely created or updated via the REST API. 627 * 628 * @since 5.0.0 629 * 630 * @param WP_User $user Inserted or updated user object. 631 * @param WP_REST_Request $request Request object. 632 * @param bool $creating True when creating a user, false when updating. 633 */ 634 do_action( 'rest_after_insert_user', $user, $request, true ); 635 636 $response = $this->prepare_item_for_response( $user, $request ); 637 $response = rest_ensure_response( $response ); 638 639 $response->set_status( 201 ); 640 $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) ); 641 642 return $response; 643 } 644 645 /** 646 * Checks if a given request has access to update a user. 647 * 648 * @since 4.7.0 649 * 650 * @param WP_REST_Request $request Full details about the request. 651 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 652 */ 653 public function update_item_permissions_check( $request ) { 654 $user = $this->get_user( $request['id'] ); 655 if ( is_wp_error( $user ) ) { 656 return $user; 657 } 658 659 if ( ! empty( $request['roles'] ) ) { 660 if ( ! current_user_can( 'promote_user', $user->ID ) ) { 661 return new WP_Error( 662 'rest_cannot_edit_roles', 663 __( 'Sorry, you are not allowed to edit roles of this user.' ), 664 array( 'status' => rest_authorization_required_code() ) 665 ); 666 } 667 668 $request_params = array_keys( $request->get_params() ); 669 sort( $request_params ); 670 // If only 'id' and 'roles' are specified (we are only trying to 671 // edit roles), then only the 'promote_user' cap is required. 672 if ( array( 'id', 'roles' ) === $request_params ) { 673 return true; 674 } 675 } 676 677 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 678 return new WP_Error( 679 'rest_cannot_edit', 680 __( 'Sorry, you are not allowed to edit this user.' ), 681 array( 'status' => rest_authorization_required_code() ) 682 ); 683 } 684 685 return true; 686 } 687 688 /** 689 * Updates a single user. 690 * 691 * @since 4.7.0 692 * 693 * @param WP_REST_Request $request Full details about the request. 694 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 695 */ 696 public function update_item( $request ) { 697 $user = $this->get_user( $request['id'] ); 698 if ( is_wp_error( $user ) ) { 699 return $user; 700 } 701 702 $id = $user->ID; 703 704 if ( ! $user ) { 705 return new WP_Error( 706 'rest_user_invalid_id', 707 __( 'Invalid user ID.' ), 708 array( 'status' => 404 ) 709 ); 710 } 711 712 $owner_id = email_exists( $request['email'] ); 713 714 if ( $owner_id && $owner_id !== $id ) { 715 return new WP_Error( 716 'rest_user_invalid_email', 717 __( 'Invalid email address.' ), 718 array( 'status' => 400 ) 719 ); 720 } 721 722 if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { 723 return new WP_Error( 724 'rest_user_invalid_argument', 725 __( "Username isn't editable." ), 726 array( 'status' => 400 ) 727 ); 728 } 729 730 if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { 731 return new WP_Error( 732 'rest_user_invalid_slug', 733 __( 'Invalid slug.' ), 734 array( 'status' => 400 ) 735 ); 736 } 737 738 if ( ! empty( $request['roles'] ) ) { 739 $check_permission = $this->check_role_update( $id, $request['roles'] ); 740 741 if ( is_wp_error( $check_permission ) ) { 742 return $check_permission; 743 } 744 } 745 746 $user = $this->prepare_item_for_database( $request ); 747 748 // Ensure we're operating on the same user we already checked. 749 $user->ID = $id; 750 751 $user_id = wp_update_user( wp_slash( (array) $user ) ); 752 753 if ( is_wp_error( $user_id ) ) { 754 return $user_id; 755 } 756 757 $user = get_user_by( 'id', $user_id ); 758 759 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 760 do_action( 'rest_insert_user', $user, $request, false ); 761 762 if ( ! empty( $request['roles'] ) ) { 763 array_map( array( $user, 'add_role' ), $request['roles'] ); 764 } 765 766 $schema = $this->get_item_schema(); 767 768 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 769 $meta_update = $this->meta->update_value( $request['meta'], $id ); 770 771 if ( is_wp_error( $meta_update ) ) { 772 return $meta_update; 773 } 774 } 775 776 $user = get_user_by( 'id', $user_id ); 777 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 778 779 if ( is_wp_error( $fields_update ) ) { 780 return $fields_update; 781 } 782 783 $request->set_param( 'context', 'edit' ); 784 785 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 786 do_action( 'rest_after_insert_user', $user, $request, false ); 787 788 $response = $this->prepare_item_for_response( $user, $request ); 789 $response = rest_ensure_response( $response ); 790 791 return $response; 792 } 793 794 /** 795 * Checks if a given request has access to update the current user. 796 * 797 * @since 4.7.0 798 * 799 * @param WP_REST_Request $request Full details about the request. 800 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 801 */ 802 public function update_current_item_permissions_check( $request ) { 803 $request['id'] = get_current_user_id(); 804 805 return $this->update_item_permissions_check( $request ); 806 } 807 808 /** 809 * Updates the current user. 810 * 811 * @since 4.7.0 812 * 813 * @param WP_REST_Request $request Full details about the request. 814 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 815 */ 816 public function update_current_item( $request ) { 817 $request['id'] = get_current_user_id(); 818 819 return $this->update_item( $request ); 820 } 821 822 /** 823 * Checks if a given request has access delete a user. 824 * 825 * @since 4.7.0 826 * 827 * @param WP_REST_Request $request Full details about the request. 828 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 829 */ 830 public function delete_item_permissions_check( $request ) { 831 $user = $this->get_user( $request['id'] ); 832 if ( is_wp_error( $user ) ) { 833 return $user; 834 } 835 836 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 837 return new WP_Error( 838 'rest_user_cannot_delete', 839 __( 'Sorry, you are not allowed to delete this user.' ), 840 array( 'status' => rest_authorization_required_code() ) 841 ); 842 } 843 844 return true; 845 } 846 847 /** 848 * Deletes a single user. 849 * 850 * @since 4.7.0 851 * 852 * @param WP_REST_Request $request Full details about the request. 853 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 854 */ 855 public function delete_item( $request ) { 856 // We don't support delete requests in multisite. 857 if ( is_multisite() ) { 858 return new WP_Error( 859 'rest_cannot_delete', 860 __( 'The user cannot be deleted.' ), 861 array( 'status' => 501 ) 862 ); 863 } 864 865 $user = $this->get_user( $request['id'] ); 866 867 if ( is_wp_error( $user ) ) { 868 return $user; 869 } 870 871 $id = $user->ID; 872 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 873 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 874 875 // We don't support trashing for users. 876 if ( ! $force ) { 877 return new WP_Error( 878 'rest_trash_not_supported', 879 /* translators: %s: force=true */ 880 sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), 881 array( 'status' => 501 ) 882 ); 883 } 884 885 if ( ! empty( $reassign ) ) { 886 if ( $reassign === $id || ! get_userdata( $reassign ) ) { 887 return new WP_Error( 888 'rest_user_invalid_reassign', 889 __( 'Invalid user ID for reassignment.' ), 890 array( 'status' => 400 ) 891 ); 892 } 893 } 894 895 $request->set_param( 'context', 'edit' ); 896 897 $previous = $this->prepare_item_for_response( $user, $request ); 898 899 // Include user admin functions to get access to wp_delete_user(). 900 require_once ABSPATH . 'wp-admin/includes/user.php'; 901 902 $result = wp_delete_user( $id, $reassign ); 903 904 if ( ! $result ) { 905 return new WP_Error( 906 'rest_cannot_delete', 907 __( 'The user cannot be deleted.' ), 908 array( 'status' => 500 ) 909 ); 910 } 911 912 $response = new WP_REST_Response(); 913 $response->set_data( 914 array( 915 'deleted' => true, 916 'previous' => $previous->get_data(), 917 ) 918 ); 919 920 /** 921 * Fires immediately after a user is deleted via the REST API. 922 * 923 * @since 4.7.0 924 * 925 * @param WP_User $user The user data. 926 * @param WP_REST_Response $response The response returned from the API. 927 * @param WP_REST_Request $request The request sent to the API. 928 */ 929 do_action( 'rest_delete_user', $user, $response, $request ); 930 931 return $response; 932 } 933 934 /** 935 * Checks if a given request has access to delete the current user. 936 * 937 * @since 4.7.0 938 * 939 * @param WP_REST_Request $request Full details about the request. 940 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 941 */ 942 public function delete_current_item_permissions_check( $request ) { 943 $request['id'] = get_current_user_id(); 944 945 return $this->delete_item_permissions_check( $request ); 946 } 947 948 /** 949 * Deletes the current user. 950 * 951 * @since 4.7.0 952 * 953 * @param WP_REST_Request $request Full details about the request. 954 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 955 */ 956 public function delete_current_item( $request ) { 957 $request['id'] = get_current_user_id(); 958 959 return $this->delete_item( $request ); 960 } 961 962 /** 963 * Prepares a single user output for response. 964 * 965 * @since 4.7.0 966 * @since 5.9.0 Renamed `$user` to `$item` to match parent class for PHP 8 named parameter support. 967 * 968 * @param WP_User $item User object. 969 * @param WP_REST_Request $request Request object. 970 * @return WP_REST_Response Response object. 971 */ 972 public function prepare_item_for_response( $item, $request ) { 973 // Restores the more descriptive, specific name for use within this method. 974 $user = $item; 975 $data = array(); 976 $fields = $this->get_fields_for_response( $request ); 977 978 if ( in_array( 'id', $fields, true ) ) { 979 $data['id'] = $user->ID; 980 } 981 982 if ( in_array( 'username', $fields, true ) ) { 983 $data['username'] = $user->user_login; 984 } 985 986 if ( in_array( 'name', $fields, true ) ) { 987 $data['name'] = $user->display_name; 988 } 989 990 if ( in_array( 'first_name', $fields, true ) ) { 991 $data['first_name'] = $user->first_name; 992 } 993 994 if ( in_array( 'last_name', $fields, true ) ) { 995 $data['last_name'] = $user->last_name; 996 } 997 998 if ( in_array( 'email', $fields, true ) ) { 999 $data['email'] = $user->user_email; 1000 } 1001 1002 if ( in_array( 'url', $fields, true ) ) { 1003 $data['url'] = $user->user_url; 1004 } 1005 1006 if ( in_array( 'description', $fields, true ) ) { 1007 $data['description'] = $user->description; 1008 } 1009 1010 if ( in_array( 'link', $fields, true ) ) { 1011 $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename ); 1012 } 1013 1014 if ( in_array( 'locale', $fields, true ) ) { 1015 $data['locale'] = get_user_locale( $user ); 1016 } 1017 1018 if ( in_array( 'nickname', $fields, true ) ) { 1019 $data['nickname'] = $user->nickname; 1020 } 1021 1022 if ( in_array( 'slug', $fields, true ) ) { 1023 $data['slug'] = $user->user_nicename; 1024 } 1025 1026 if ( in_array( 'roles', $fields, true ) ) { 1027 // Defensively call array_values() to ensure an array is returned. 1028 $data['roles'] = array_values( $user->roles ); 1029 } 1030 1031 if ( in_array( 'registered_date', $fields, true ) ) { 1032 $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) ); 1033 } 1034 1035 if ( in_array( 'capabilities', $fields, true ) ) { 1036 $data['capabilities'] = (object) $user->allcaps; 1037 } 1038 1039 if ( in_array( 'extra_capabilities', $fields, true ) ) { 1040 $data['extra_capabilities'] = (object) $user->caps; 1041 } 1042 1043 if ( in_array( 'avatar_urls', $fields, true ) ) { 1044 $data['avatar_urls'] = rest_get_avatar_urls( $user ); 1045 } 1046 1047 if ( in_array( 'meta', $fields, true ) ) { 1048 $data['meta'] = $this->meta->get_value( $user->ID, $request ); 1049 } 1050 1051 $context = ! empty( $request['context'] ) ? $request['context'] : 'embed'; 1052 1053 $data = $this->add_additional_fields_to_object( $data, $request ); 1054 $data = $this->filter_response_by_context( $data, $context ); 1055 1056 // Wrap the data in a response object. 1057 $response = rest_ensure_response( $data ); 1058 1059 $response->add_links( $this->prepare_links( $user ) ); 1060 1061 /** 1062 * Filters user data returned from the REST API. 1063 * 1064 * @since 4.7.0 1065 * 1066 * @param WP_REST_Response $response The response object. 1067 * @param WP_User $user User object used to create response. 1068 * @param WP_REST_Request $request Request object. 1069 */ 1070 return apply_filters( 'rest_prepare_user', $response, $user, $request ); 1071 } 1072 1073 /** 1074 * Prepares links for the user request. 1075 * 1076 * @since 4.7.0 1077 * 1078 * @param WP_User $user User object. 1079 * @return array Links for the given user. 1080 */ 1081 protected function prepare_links( $user ) { 1082 $links = array( 1083 'self' => array( 1084 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ), 1085 ), 1086 'collection' => array( 1087 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), 1088 ), 1089 ); 1090 1091 return $links; 1092 } 1093 1094 /** 1095 * Prepares a single user for creation or update. 1096 * 1097 * @since 4.7.0 1098 * 1099 * @param WP_REST_Request $request Request object. 1100 * @return object User object. 1101 */ 1102 protected function prepare_item_for_database( $request ) { 1103 $prepared_user = new stdClass; 1104 1105 $schema = $this->get_item_schema(); 1106 1107 // Required arguments. 1108 if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) { 1109 $prepared_user->user_email = $request['email']; 1110 } 1111 1112 if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) { 1113 $prepared_user->user_login = $request['username']; 1114 } 1115 1116 if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) { 1117 $prepared_user->user_pass = $request['password']; 1118 } 1119 1120 // Optional arguments. 1121 if ( isset( $request['id'] ) ) { 1122 $prepared_user->ID = absint( $request['id'] ); 1123 } 1124 1125 if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) { 1126 $prepared_user->display_name = $request['name']; 1127 } 1128 1129 if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) { 1130 $prepared_user->first_name = $request['first_name']; 1131 } 1132 1133 if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) { 1134 $prepared_user->last_name = $request['last_name']; 1135 } 1136 1137 if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) { 1138 $prepared_user->nickname = $request['nickname']; 1139 } 1140 1141 if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) { 1142 $prepared_user->user_nicename = $request['slug']; 1143 } 1144 1145 if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) { 1146 $prepared_user->description = $request['description']; 1147 } 1148 1149 if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) { 1150 $prepared_user->user_url = $request['url']; 1151 } 1152 1153 if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) { 1154 $prepared_user->locale = $request['locale']; 1155 } 1156 1157 // Setting roles will be handled outside of this function. 1158 if ( isset( $request['roles'] ) ) { 1159 $prepared_user->role = false; 1160 } 1161 1162 /** 1163 * Filters user data before insertion via the REST API. 1164 * 1165 * @since 4.7.0 1166 * 1167 * @param object $prepared_user User object. 1168 * @param WP_REST_Request $request Request object. 1169 */ 1170 return apply_filters( 'rest_pre_insert_user', $prepared_user, $request ); 1171 } 1172 1173 /** 1174 * Determines if the current user is allowed to make the desired roles change. 1175 * 1176 * @since 4.7.0 1177 * 1178 * @global WP_Roles $wp_roles WordPress role management object. 1179 * 1180 * @param int $user_id User ID. 1181 * @param array $roles New user roles. 1182 * @return true|WP_Error True if the current user is allowed to make the role change, 1183 * otherwise a WP_Error object. 1184 */ 1185 protected function check_role_update( $user_id, $roles ) { 1186 global $wp_roles; 1187 1188 foreach ( $roles as $role ) { 1189 1190 if ( ! isset( $wp_roles->role_objects[ $role ] ) ) { 1191 return new WP_Error( 1192 'rest_user_invalid_role', 1193 /* translators: %s: Role key. */ 1194 sprintf( __( 'The role %s does not exist.' ), $role ), 1195 array( 'status' => 400 ) 1196 ); 1197 } 1198 1199 $potential_role = $wp_roles->role_objects[ $role ]; 1200 1201 /* 1202 * Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 1203 * Multisite super admins can freely edit their blog roles -- they possess all caps. 1204 */ 1205 if ( ! ( is_multisite() 1206 && current_user_can( 'manage_sites' ) ) 1207 && get_current_user_id() === $user_id 1208 && ! $potential_role->has_cap( 'edit_users' ) 1209 ) { 1210 return new WP_Error( 1211 'rest_user_invalid_role', 1212 __( 'Sorry, you are not allowed to give users that role.' ), 1213 array( 'status' => rest_authorization_required_code() ) 1214 ); 1215 } 1216 1217 // Include user admin functions to get access to get_editable_roles(). 1218 require_once ABSPATH . 'wp-admin/includes/user.php'; 1219 1220 // The new role must be editable by the logged-in user. 1221 $editable_roles = get_editable_roles(); 1222 1223 if ( empty( $editable_roles[ $role ] ) ) { 1224 return new WP_Error( 1225 'rest_user_invalid_role', 1226 __( 'Sorry, you are not allowed to give users that role.' ), 1227 array( 'status' => 403 ) 1228 ); 1229 } 1230 } 1231 1232 return true; 1233 } 1234 1235 /** 1236 * Check a username for the REST API. 1237 * 1238 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1239 * 1240 * @since 4.7.0 1241 * 1242 * @param string $value The username submitted in the request. 1243 * @param WP_REST_Request $request Full details about the request. 1244 * @param string $param The parameter name. 1245 * @return string|WP_Error The sanitized username, if valid, otherwise an error. 1246 */ 1247 public function check_username( $value, $request, $param ) { 1248 $username = (string) $value; 1249 1250 if ( ! validate_username( $username ) ) { 1251 return new WP_Error( 1252 'rest_user_invalid_username', 1253 __( 'This username is invalid because it uses illegal characters. Please enter a valid username.' ), 1254 array( 'status' => 400 ) 1255 ); 1256 } 1257 1258 /** This filter is documented in wp-includes/user.php */ 1259 $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); 1260 1261 if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) { 1262 return new WP_Error( 1263 'rest_user_invalid_username', 1264 __( 'Sorry, that username is not allowed.' ), 1265 array( 'status' => 400 ) 1266 ); 1267 } 1268 1269 return $username; 1270 } 1271 1272 /** 1273 * Check a user password for the REST API. 1274 * 1275 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1276 * 1277 * @since 4.7.0 1278 * 1279 * @param string $value The password submitted in the request. 1280 * @param WP_REST_Request $request Full details about the request. 1281 * @param string $param The parameter name. 1282 * @return string|WP_Error The sanitized password, if valid, otherwise an error. 1283 */ 1284 public function check_user_password( $value, $request, $param ) { 1285 $password = (string) $value; 1286 1287 if ( empty( $password ) ) { 1288 return new WP_Error( 1289 'rest_user_invalid_password', 1290 __( 'Passwords cannot be empty.' ), 1291 array( 'status' => 400 ) 1292 ); 1293 } 1294 1295 if ( false !== strpos( $password, '\\' ) ) { 1296 return new WP_Error( 1297 'rest_user_invalid_password', 1298 sprintf( 1299 /* translators: %s: The '\' character. */ 1300 __( 'Passwords cannot contain the "%s" character.' ), 1301 '\\' 1302 ), 1303 array( 'status' => 400 ) 1304 ); 1305 } 1306 1307 return $password; 1308 } 1309 1310 /** 1311 * Retrieves the user's schema, conforming to JSON Schema. 1312 * 1313 * @since 4.7.0 1314 * 1315 * @return array Item schema data. 1316 */ 1317 public function get_item_schema() { 1318 if ( $this->schema ) { 1319 return $this->add_additional_fields_schema( $this->schema ); 1320 } 1321 1322 $schema = array( 1323 '$schema' => 'http://json-schema.org/draft-04/schema#', 1324 'title' => 'user', 1325 'type' => 'object', 1326 'properties' => array( 1327 'id' => array( 1328 'description' => __( 'Unique identifier for the user.' ), 1329 'type' => 'integer', 1330 'context' => array( 'embed', 'view', 'edit' ), 1331 'readonly' => true, 1332 ), 1333 'username' => array( 1334 'description' => __( 'Login name for the user.' ), 1335 'type' => 'string', 1336 'context' => array( 'edit' ), 1337 'required' => true, 1338 'arg_options' => array( 1339 'sanitize_callback' => array( $this, 'check_username' ), 1340 ), 1341 ), 1342 'name' => array( 1343 'description' => __( 'Display name for the user.' ), 1344 'type' => 'string', 1345 'context' => array( 'embed', 'view', 'edit' ), 1346 'arg_options' => array( 1347 'sanitize_callback' => 'sanitize_text_field', 1348 ), 1349 ), 1350 'first_name' => array( 1351 'description' => __( 'First name for the user.' ), 1352 'type' => 'string', 1353 'context' => array( 'edit' ), 1354 'arg_options' => array( 1355 'sanitize_callback' => 'sanitize_text_field', 1356 ), 1357 ), 1358 'last_name' => array( 1359 'description' => __( 'Last name for the user.' ), 1360 'type' => 'string', 1361 'context' => array( 'edit' ), 1362 'arg_options' => array( 1363 'sanitize_callback' => 'sanitize_text_field', 1364 ), 1365 ), 1366 'email' => array( 1367 'description' => __( 'The email address for the user.' ), 1368 'type' => 'string', 1369 'format' => 'email', 1370 'context' => array( 'edit' ), 1371 'required' => true, 1372 ), 1373 'url' => array( 1374 'description' => __( 'URL of the user.' ), 1375 'type' => 'string', 1376 'format' => 'uri', 1377 'context' => array( 'embed', 'view', 'edit' ), 1378 ), 1379 'description' => array( 1380 'description' => __( 'Description of the user.' ), 1381 'type' => 'string', 1382 'context' => array( 'embed', 'view', 'edit' ), 1383 ), 1384 'link' => array( 1385 'description' => __( 'Author URL of the user.' ), 1386 'type' => 'string', 1387 'format' => 'uri', 1388 'context' => array( 'embed', 'view', 'edit' ), 1389 'readonly' => true, 1390 ), 1391 'locale' => array( 1392 'description' => __( 'Locale for the user.' ), 1393 'type' => 'string', 1394 'enum' => array_merge( array( '', 'en_US' ), get_available_languages() ), 1395 'context' => array( 'edit' ), 1396 ), 1397 'nickname' => array( 1398 'description' => __( 'The nickname for the user.' ), 1399 'type' => 'string', 1400 'context' => array( 'edit' ), 1401 'arg_options' => array( 1402 'sanitize_callback' => 'sanitize_text_field', 1403 ), 1404 ), 1405 'slug' => array( 1406 'description' => __( 'An alphanumeric identifier for the user.' ), 1407 'type' => 'string', 1408 'context' => array( 'embed', 'view', 'edit' ), 1409 'arg_options' => array( 1410 'sanitize_callback' => array( $this, 'sanitize_slug' ), 1411 ), 1412 ), 1413 'registered_date' => array( 1414 'description' => __( 'Registration date for the user.' ), 1415 'type' => 'string', 1416 'format' => 'date-time', 1417 'context' => array( 'edit' ), 1418 'readonly' => true, 1419 ), 1420 'roles' => array( 1421 'description' => __( 'Roles assigned to the user.' ), 1422 'type' => 'array', 1423 'items' => array( 1424 'type' => 'string', 1425 ), 1426 'context' => array( 'edit' ), 1427 ), 1428 'password' => array( 1429 'description' => __( 'Password for the user (never included).' ), 1430 'type' => 'string', 1431 'context' => array(), // Password is never displayed. 1432 'required' => true, 1433 'arg_options' => array( 1434 'sanitize_callback' => array( $this, 'check_user_password' ), 1435 ), 1436 ), 1437 'capabilities' => array( 1438 'description' => __( 'All capabilities assigned to the user.' ), 1439 'type' => 'object', 1440 'context' => array( 'edit' ), 1441 'readonly' => true, 1442 ), 1443 'extra_capabilities' => array( 1444 'description' => __( 'Any extra capabilities assigned to the user.' ), 1445 'type' => 'object', 1446 'context' => array( 'edit' ), 1447 'readonly' => true, 1448 ), 1449 ), 1450 ); 1451 1452 if ( get_option( 'show_avatars' ) ) { 1453 $avatar_properties = array(); 1454 1455 $avatar_sizes = rest_get_avatar_sizes(); 1456 1457 foreach ( $avatar_sizes as $size ) { 1458 $avatar_properties[ $size ] = array( 1459 /* translators: %d: Avatar image size in pixels. */ 1460 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), 1461 'type' => 'string', 1462 'format' => 'uri', 1463 'context' => array( 'embed', 'view', 'edit' ), 1464 ); 1465 } 1466 1467 $schema['properties']['avatar_urls'] = array( 1468 'description' => __( 'Avatar URLs for the user.' ), 1469 'type' => 'object', 1470 'context' => array( 'embed', 'view', 'edit' ), 1471 'readonly' => true, 1472 'properties' => $avatar_properties, 1473 ); 1474 } 1475 1476 $schema['properties']['meta'] = $this->meta->get_field_schema(); 1477 1478 $this->schema = $schema; 1479 1480 return $this->add_additional_fields_schema( $this->schema ); 1481 } 1482 1483 /** 1484 * Retrieves the query params for collections. 1485 * 1486 * @since 4.7.0 1487 * 1488 * @return array Collection parameters. 1489 */ 1490 public function get_collection_params() { 1491 $query_params = parent::get_collection_params(); 1492 1493 $query_params['context']['default'] = 'view'; 1494 1495 $query_params['exclude'] = array( 1496 'description' => __( 'Ensure result set excludes specific IDs.' ), 1497 'type' => 'array', 1498 'items' => array( 1499 'type' => 'integer', 1500 ), 1501 'default' => array(), 1502 ); 1503 1504 $query_params['include'] = array( 1505 'description' => __( 'Limit result set to specific IDs.' ), 1506 'type' => 'array', 1507 'items' => array( 1508 'type' => 'integer', 1509 ), 1510 'default' => array(), 1511 ); 1512 1513 $query_params['offset'] = array( 1514 'description' => __( 'Offset the result set by a specific number of items.' ), 1515 'type' => 'integer', 1516 ); 1517 1518 $query_params['order'] = array( 1519 'default' => 'asc', 1520 'description' => __( 'Order sort attribute ascending or descending.' ), 1521 'enum' => array( 'asc', 'desc' ), 1522 'type' => 'string', 1523 ); 1524 1525 $query_params['orderby'] = array( 1526 'default' => 'name', 1527 'description' => __( 'Sort collection by user attribute.' ), 1528 'enum' => array( 1529 'id', 1530 'include', 1531 'name', 1532 'registered_date', 1533 'slug', 1534 'include_slugs', 1535 'email', 1536 'url', 1537 ), 1538 'type' => 'string', 1539 ); 1540 1541 $query_params['slug'] = array( 1542 'description' => __( 'Limit result set to users with one or more specific slugs.' ), 1543 'type' => 'array', 1544 'items' => array( 1545 'type' => 'string', 1546 ), 1547 ); 1548 1549 $query_params['roles'] = array( 1550 'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ), 1551 'type' => 'array', 1552 'items' => array( 1553 'type' => 'string', 1554 ), 1555 ); 1556 1557 $query_params['who'] = array( 1558 'description' => __( 'Limit result set to users who are considered authors.' ), 1559 'type' => 'string', 1560 'enum' => array( 1561 'authors', 1562 ), 1563 ); 1564 1565 /** 1566 * Filters REST API collection parameters for the users controller. 1567 * 1568 * This filter registers the collection parameter, but does not map the 1569 * collection parameter to an internal WP_User_Query parameter. Use the 1570 * `rest_user_query` filter to set WP_User_Query arguments. 1571 * 1572 * @since 4.7.0 1573 * 1574 * @param array $query_params JSON Schema-formatted collection parameters. 1575 */ 1576 return apply_filters( 'rest_user_collection_params', $query_params ); 1577 } 1578 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Oct 24 01:00:03 2021 | Cross-referenced by PHPXref 0.7.1 |