[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-includes/rest-api/endpoints/ -> class-wp-rest-users-controller.php (source)

   1  <?php
   2  /**
   3   * REST API: WP_REST_Users_Controller class
   4   *
   5   * @package WordPress
   6   * @subpackage REST_API
   7   * @since 4.7.0
   8   */
   9  
  10  /**
  11   * Core class used to manage users via the REST API.
  12   *
  13   * @since 4.7.0
  14   *
  15   * @see WP_REST_Controller
  16   */
  17  class WP_REST_Users_Controller extends WP_REST_Controller {
  18  
  19      /**
  20       * Instance of a user meta fields object.
  21       *
  22       * @since 4.7.0
  23       * @var WP_REST_User_Meta_Fields
  24       */
  25      protected $meta;
  26  
  27      /**
  28       * Constructor.
  29       *
  30       * @since 4.7.0
  31       */
  32  	public function __construct() {
  33          $this->namespace = 'wp/v2';
  34          $this->rest_base = 'users';
  35  
  36          $this->meta = new WP_REST_User_Meta_Fields();
  37      }
  38  
  39      /**
  40       * Registers the routes for the objects of the controller.
  41       *
  42       * @since 4.7.0
  43       *
  44       * @see register_rest_route()
  45       */
  46  	public function register_routes() {
  47  
  48          register_rest_route(
  49              $this->namespace,
  50              '/' . $this->rest_base,
  51              array(
  52                  array(
  53                      'methods'             => WP_REST_Server::READABLE,
  54                      'callback'            => array( $this, 'get_items' ),
  55                      'permission_callback' => array( $this, 'get_items_permissions_check' ),
  56                      'args'                => $this->get_collection_params(),
  57                  ),
  58                  array(
  59                      'methods'             => WP_REST_Server::CREATABLE,
  60                      'callback'            => array( $this, 'create_item' ),
  61                      'permission_callback' => array( $this, 'create_item_permissions_check' ),
  62                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ),
  63                  ),
  64                  'schema' => array( $this, 'get_public_item_schema' ),
  65              )
  66          );
  67  
  68          register_rest_route(
  69              $this->namespace,
  70              '/' . $this->rest_base . '/(?P<id>[\d]+)',
  71              array(
  72                  'args'   => array(
  73                      'id' => array(
  74                          'description' => __( 'Unique identifier for the user.' ),
  75                          'type'        => 'integer',
  76                      ),
  77                  ),
  78                  array(
  79                      'methods'             => WP_REST_Server::READABLE,
  80                      'callback'            => array( $this, 'get_item' ),
  81                      'permission_callback' => array( $this, 'get_item_permissions_check' ),
  82                      'args'                => array(
  83                          'context' => $this->get_context_param( array( 'default' => 'view' ) ),
  84                      ),
  85                  ),
  86                  array(
  87                      'methods'             => WP_REST_Server::EDITABLE,
  88                      'callback'            => array( $this, 'update_item' ),
  89                      'permission_callback' => array( $this, 'update_item_permissions_check' ),
  90                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
  91                  ),
  92                  array(
  93                      'methods'             => WP_REST_Server::DELETABLE,
  94                      'callback'            => array( $this, 'delete_item' ),
  95                      'permission_callback' => array( $this, 'delete_item_permissions_check' ),
  96                      'args'                => array(
  97                          'force'    => array(
  98                              'type'        => 'boolean',
  99                              'default'     => false,
 100                              'description' => __( 'Required to be true, as users do not support trashing.' ),
 101                          ),
 102                          'reassign' => array(
 103                              'type'              => 'integer',
 104                              'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
 105                              'required'          => true,
 106                              'sanitize_callback' => array( $this, 'check_reassign' ),
 107                          ),
 108                      ),
 109                  ),
 110                  'schema' => array( $this, 'get_public_item_schema' ),
 111              )
 112          );
 113  
 114          register_rest_route(
 115              $this->namespace,
 116              '/' . $this->rest_base . '/me',
 117              array(
 118                  array(
 119                      'methods'  => WP_REST_Server::READABLE,
 120                      'callback' => array( $this, 'get_current_item' ),
 121                      'args'     => array(
 122                          'context' => $this->get_context_param( array( 'default' => 'view' ) ),
 123                      ),
 124                  ),
 125                  array(
 126                      'methods'             => WP_REST_Server::EDITABLE,
 127                      'callback'            => array( $this, 'update_current_item' ),
 128                      'permission_callback' => array( $this, 'update_current_item_permissions_check' ),
 129                      'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
 130                  ),
 131                  array(
 132                      'methods'             => WP_REST_Server::DELETABLE,
 133                      'callback'            => array( $this, 'delete_current_item' ),
 134                      'permission_callback' => array( $this, 'delete_current_item_permissions_check' ),
 135                      'args'                => array(
 136                          'force'    => array(
 137                              'type'        => 'boolean',
 138                              'default'     => false,
 139                              'description' => __( 'Required to be true, as users do not support trashing.' ),
 140                          ),
 141                          'reassign' => array(
 142                              'type'              => 'integer',
 143                              'description'       => __( 'Reassign the deleted user\'s posts and links to this user ID.' ),
 144                              'required'          => true,
 145                              'sanitize_callback' => array( $this, 'check_reassign' ),
 146                          ),
 147                      ),
 148                  ),
 149                  'schema' => array( $this, 'get_public_item_schema' ),
 150              )
 151          );
 152      }
 153  
 154      /**
 155       * Checks for a valid value for the reassign parameter when deleting users.
 156       *
 157       * The value can be an integer, 'false', false, or ''.
 158       *
 159       * @since 4.7.0
 160       *
 161       * @param int|bool        $value   The value passed to the reassign parameter.
 162       * @param WP_REST_Request $request Full details about the request.
 163       * @param string          $param   The parameter that is being sanitized.
 164       * @return int|bool|WP_Error
 165       */
 166  	public function check_reassign( $value, $request, $param ) {
 167          if ( is_numeric( $value ) ) {
 168              return $value;
 169          }
 170  
 171          if ( empty( $value ) || false === $value || 'false' === $value ) {
 172              return false;
 173          }
 174  
 175          return new WP_Error(
 176              'rest_invalid_param',
 177              __( 'Invalid user parameter(s).' ),
 178              array( 'status' => 400 )
 179          );
 180      }
 181  
 182      /**
 183       * Permissions check for getting all users.
 184       *
 185       * @since 4.7.0
 186       *
 187       * @param WP_REST_Request $request Full details about the request.
 188       * @return true|WP_Error True if the request has read access, otherwise WP_Error object.
 189       */
 190  	public function get_items_permissions_check( $request ) {
 191          // Check if roles is specified in GET request and if user can list users.
 192          if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
 193              return new WP_Error(
 194                  'rest_user_cannot_view',
 195                  __( 'Sorry, you are not allowed to filter users by role.' ),
 196                  array( 'status' => rest_authorization_required_code() )
 197              );
 198          }
 199  
 200          if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
 201              return new WP_Error(
 202                  'rest_forbidden_context',
 203                  __( 'Sorry, you are not allowed to list users.' ),
 204                  array( 'status' => rest_authorization_required_code() )
 205              );
 206          }
 207  
 208          if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
 209              return new WP_Error(
 210                  'rest_forbidden_orderby',
 211                  __( 'Sorry, you are not allowed to order users by this parameter.' ),
 212                  array( 'status' => rest_authorization_required_code() )
 213              );
 214          }
 215  
 216          if ( 'authors' === $request['who'] ) {
 217              $types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
 218  
 219              foreach ( $types as $type ) {
 220                  if ( post_type_supports( $type->name, 'author' )
 221                      && current_user_can( $type->cap->edit_posts ) ) {
 222                      return true;
 223                  }
 224              }
 225  
 226              return new WP_Error(
 227                  'rest_forbidden_who',
 228                  __( 'Sorry, you are not allowed to query users by this parameter.' ),
 229                  array( 'status' => rest_authorization_required_code() )
 230              );
 231          }
 232  
 233          return true;
 234      }
 235  
 236      /**
 237       * Retrieves all users.
 238       *
 239       * @since 4.7.0
 240       *
 241       * @param WP_REST_Request $request Full details about the request.
 242       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 243       */
 244  	public function get_items( $request ) {
 245  
 246          // Retrieve the list of registered collection query parameters.
 247          $registered = $this->get_collection_params();
 248  
 249          /*
 250           * This array defines mappings between public API query parameters whose
 251           * values are accepted as-passed, and their internal WP_Query parameter
 252           * name equivalents (some are the same). Only values which are also
 253           * present in $registered will be set.
 254           */
 255          $parameter_mappings = array(
 256              'exclude'  => 'exclude',
 257              'include'  => 'include',
 258              'order'    => 'order',
 259              'per_page' => 'number',
 260              'search'   => 'search',
 261              'roles'    => 'role__in',
 262              'slug'     => 'nicename__in',
 263          );
 264  
 265          $prepared_args = array();
 266  
 267          /*
 268           * For each known parameter which is both registered and present in the request,
 269           * set the parameter's value on the query $prepared_args.
 270           */
 271          foreach ( $parameter_mappings as $api_param => $wp_param ) {
 272              if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) {
 273                  $prepared_args[ $wp_param ] = $request[ $api_param ];
 274              }
 275          }
 276  
 277          if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) {
 278              $prepared_args['offset'] = $request['offset'];
 279          } else {
 280              $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number'];
 281          }
 282  
 283          if ( isset( $registered['orderby'] ) ) {
 284              $orderby_possibles        = array(
 285                  'id'              => 'ID',
 286                  'include'         => 'include',
 287                  'name'            => 'display_name',
 288                  'registered_date' => 'registered',
 289                  'slug'            => 'user_nicename',
 290                  'include_slugs'   => 'nicename__in',
 291                  'email'           => 'user_email',
 292                  'url'             => 'user_url',
 293              );
 294              $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ];
 295          }
 296  
 297          if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) {
 298              $prepared_args['who'] = 'authors';
 299          } elseif ( ! current_user_can( 'list_users' ) ) {
 300              $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' );
 301          }
 302  
 303          if ( ! empty( $prepared_args['search'] ) ) {
 304              $prepared_args['search'] = '*' . $prepared_args['search'] . '*';
 305          }
 306          /**
 307           * Filters WP_User_Query arguments when querying users via the REST API.
 308           *
 309           * @link https://developer.wordpress.org/reference/classes/wp_user_query/
 310           *
 311           * @since 4.7.0
 312           *
 313           * @param array           $prepared_args Array of arguments for WP_User_Query.
 314           * @param WP_REST_Request $request       The current request.
 315           */
 316          $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request );
 317  
 318          $query = new WP_User_Query( $prepared_args );
 319  
 320          $users = array();
 321  
 322          foreach ( $query->results as $user ) {
 323              $data    = $this->prepare_item_for_response( $user, $request );
 324              $users[] = $this->prepare_response_for_collection( $data );
 325          }
 326  
 327          $response = rest_ensure_response( $users );
 328  
 329          // Store pagination values for headers then unset for count query.
 330          $per_page = (int) $prepared_args['number'];
 331          $page     = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 );
 332  
 333          $prepared_args['fields'] = 'ID';
 334  
 335          $total_users = $query->get_total();
 336  
 337          if ( $total_users < 1 ) {
 338              // Out-of-bounds, run the query again without LIMIT for total count.
 339              unset( $prepared_args['number'], $prepared_args['offset'] );
 340              $count_query = new WP_User_Query( $prepared_args );
 341              $total_users = $count_query->get_total();
 342          }
 343  
 344          $response->header( 'X-WP-Total', (int) $total_users );
 345  
 346          $max_pages = ceil( $total_users / $per_page );
 347  
 348          $response->header( 'X-WP-TotalPages', (int) $max_pages );
 349  
 350          $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) );
 351          if ( $page > 1 ) {
 352              $prev_page = $page - 1;
 353  
 354              if ( $prev_page > $max_pages ) {
 355                  $prev_page = $max_pages;
 356              }
 357  
 358              $prev_link = add_query_arg( 'page', $prev_page, $base );
 359              $response->link_header( 'prev', $prev_link );
 360          }
 361          if ( $max_pages > $page ) {
 362              $next_page = $page + 1;
 363              $next_link = add_query_arg( 'page', $next_page, $base );
 364  
 365              $response->link_header( 'next', $next_link );
 366          }
 367  
 368          return $response;
 369      }
 370  
 371      /**
 372       * Get the user, if the ID is valid.
 373       *
 374       * @since 4.7.2
 375       *
 376       * @param int $id Supplied ID.
 377       * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
 378       */
 379  	protected function get_user( $id ) {
 380          $error = new WP_Error(
 381              'rest_user_invalid_id',
 382              __( 'Invalid user ID.' ),
 383              array( 'status' => 404 )
 384          );
 385  
 386          if ( (int) $id <= 0 ) {
 387              return $error;
 388          }
 389  
 390          $user = get_userdata( (int) $id );
 391          if ( empty( $user ) || ! $user->exists() ) {
 392              return $error;
 393          }
 394  
 395          if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) {
 396              return $error;
 397          }
 398  
 399          return $user;
 400      }
 401  
 402      /**
 403       * Checks if a given request has access to read a user.
 404       *
 405       * @since 4.7.0
 406       *
 407       * @param WP_REST_Request $request Full details about the request.
 408       * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
 409       */
 410  	public function get_item_permissions_check( $request ) {
 411          $user = $this->get_user( $request['id'] );
 412          if ( is_wp_error( $user ) ) {
 413              return $user;
 414          }
 415  
 416          $types = get_post_types( array( 'show_in_rest' => true ), 'names' );
 417  
 418          if ( get_current_user_id() === $user->ID ) {
 419              return true;
 420          }
 421  
 422          if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
 423              return new WP_Error(
 424                  'rest_user_cannot_view',
 425                  __( 'Sorry, you are not allowed to list users.' ),
 426                  array( 'status' => rest_authorization_required_code() )
 427              );
 428          } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) {
 429              return new WP_Error(
 430                  'rest_user_cannot_view',
 431                  __( 'Sorry, you are not allowed to list users.' ),
 432                  array( 'status' => rest_authorization_required_code() )
 433              );
 434          }
 435  
 436          return true;
 437      }
 438  
 439      /**
 440       * Retrieves a single user.
 441       *
 442       * @since 4.7.0
 443       *
 444       * @param WP_REST_Request $request Full details about the request.
 445       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 446       */
 447  	public function get_item( $request ) {
 448          $user = $this->get_user( $request['id'] );
 449          if ( is_wp_error( $user ) ) {
 450              return $user;
 451          }
 452  
 453          $user     = $this->prepare_item_for_response( $user, $request );
 454          $response = rest_ensure_response( $user );
 455  
 456          return $response;
 457      }
 458  
 459      /**
 460       * Retrieves the current user.
 461       *
 462       * @since 4.7.0
 463       *
 464       * @param WP_REST_Request $request Full details about the request.
 465       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 466       */
 467  	public function get_current_item( $request ) {
 468          $current_user_id = get_current_user_id();
 469  
 470          if ( empty( $current_user_id ) ) {
 471              return new WP_Error(
 472                  'rest_not_logged_in',
 473                  __( 'You are not currently logged in.' ),
 474                  array( 'status' => 401 )
 475              );
 476          }
 477  
 478          $user     = wp_get_current_user();
 479          $response = $this->prepare_item_for_response( $user, $request );
 480          $response = rest_ensure_response( $response );
 481  
 482          return $response;
 483      }
 484  
 485      /**
 486       * Checks if a given request has access create users.
 487       *
 488       * @since 4.7.0
 489       *
 490       * @param WP_REST_Request $request Full details about the request.
 491       * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise.
 492       */
 493  	public function create_item_permissions_check( $request ) {
 494  
 495          if ( ! current_user_can( 'create_users' ) ) {
 496              return new WP_Error(
 497                  'rest_cannot_create_user',
 498                  __( 'Sorry, you are not allowed to create new users.' ),
 499                  array( 'status' => rest_authorization_required_code() )
 500              );
 501          }
 502  
 503          return true;
 504      }
 505  
 506      /**
 507       * Creates a single user.
 508       *
 509       * @since 4.7.0
 510       *
 511       * @param WP_REST_Request $request Full details about the request.
 512       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 513       */
 514  	public function create_item( $request ) {
 515          if ( ! empty( $request['id'] ) ) {
 516              return new WP_Error(
 517                  'rest_user_exists',
 518                  __( 'Cannot create existing user.' ),
 519                  array( 'status' => 400 )
 520              );
 521          }
 522  
 523          $schema = $this->get_item_schema();
 524  
 525          if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
 526              $check_permission = $this->check_role_update( $request['id'], $request['roles'] );
 527  
 528              if ( is_wp_error( $check_permission ) ) {
 529                  return $check_permission;
 530              }
 531          }
 532  
 533          $user = $this->prepare_item_for_database( $request );
 534  
 535          if ( is_multisite() ) {
 536              $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email );
 537  
 538              if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) {
 539                  $error = new WP_Error(
 540                      'rest_invalid_param',
 541                      __( 'Invalid user parameter(s).' ),
 542                      array( 'status' => 400 )
 543                  );
 544  
 545                  foreach ( $ret['errors']->errors as $code => $messages ) {
 546                      foreach ( $messages as $message ) {
 547                          $error->add( $code, $message );
 548                      }
 549  
 550                      $error_data = $error->get_error_data( $code );
 551  
 552                      if ( $error_data ) {
 553                          $error->add_data( $error_data, $code );
 554                      }
 555                  }
 556                  return $error;
 557              }
 558          }
 559  
 560          if ( is_multisite() ) {
 561              $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email );
 562  
 563              if ( ! $user_id ) {
 564                  return new WP_Error(
 565                      'rest_user_create',
 566                      __( 'Error creating new user.' ),
 567                      array( 'status' => 500 )
 568                  );
 569              }
 570  
 571              $user->ID = $user_id;
 572              $user_id  = wp_update_user( wp_slash( (array) $user ) );
 573  
 574              if ( is_wp_error( $user_id ) ) {
 575                  return $user_id;
 576              }
 577  
 578              $result = add_user_to_blog( get_site()->id, $user_id, '' );
 579              if ( is_wp_error( $result ) ) {
 580                  return $result;
 581              }
 582          } else {
 583              $user_id = wp_insert_user( wp_slash( (array) $user ) );
 584  
 585              if ( is_wp_error( $user_id ) ) {
 586                  return $user_id;
 587              }
 588          }
 589  
 590          $user = get_user_by( 'id', $user_id );
 591  
 592          /**
 593           * Fires immediately after a user is created or updated via the REST API.
 594           *
 595           * @since 4.7.0
 596           *
 597           * @param WP_User         $user     Inserted or updated user object.
 598           * @param WP_REST_Request $request  Request object.
 599           * @param bool            $creating True when creating a user, false when updating.
 600           */
 601          do_action( 'rest_insert_user', $user, $request, true );
 602  
 603          if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) {
 604              array_map( array( $user, 'add_role' ), $request['roles'] );
 605          }
 606  
 607          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 608              $meta_update = $this->meta->update_value( $request['meta'], $user_id );
 609  
 610              if ( is_wp_error( $meta_update ) ) {
 611                  return $meta_update;
 612              }
 613          }
 614  
 615          $user          = get_user_by( 'id', $user_id );
 616          $fields_update = $this->update_additional_fields_for_object( $user, $request );
 617  
 618          if ( is_wp_error( $fields_update ) ) {
 619              return $fields_update;
 620          }
 621  
 622          $request->set_param( 'context', 'edit' );
 623  
 624          /**
 625           * Fires after a user is completely created or updated via the REST API.
 626           *
 627           * @since 5.0.0
 628           *
 629           * @param WP_User         $user     Inserted or updated user object.
 630           * @param WP_REST_Request $request  Request object.
 631           * @param bool            $creating True when creating a user, false when updating.
 632           */
 633          do_action( 'rest_after_insert_user', $user, $request, true );
 634  
 635          $response = $this->prepare_item_for_response( $user, $request );
 636          $response = rest_ensure_response( $response );
 637  
 638          $response->set_status( 201 );
 639          $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) );
 640  
 641          return $response;
 642      }
 643  
 644      /**
 645       * Checks if a given request has access to update a user.
 646       *
 647       * @since 4.7.0
 648       *
 649       * @param WP_REST_Request $request Full details about the request.
 650       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 651       */
 652  	public function update_item_permissions_check( $request ) {
 653          $user = $this->get_user( $request['id'] );
 654          if ( is_wp_error( $user ) ) {
 655              return $user;
 656          }
 657  
 658          if ( ! empty( $request['roles'] ) ) {
 659              if ( ! current_user_can( 'promote_user', $user->ID ) ) {
 660                  return new WP_Error(
 661                      'rest_cannot_edit_roles',
 662                      __( 'Sorry, you are not allowed to edit roles of this user.' ),
 663                      array( 'status' => rest_authorization_required_code() )
 664                  );
 665              }
 666  
 667              $request_params = array_keys( $request->get_params() );
 668              sort( $request_params );
 669              // If only 'id' and 'roles' are specified (we are only trying to
 670              // edit roles), then only the 'promote_user' cap is required.
 671              if ( array( 'id', 'roles' ) === $request_params ) {
 672                  return true;
 673              }
 674          }
 675  
 676          if ( ! current_user_can( 'edit_user', $user->ID ) ) {
 677              return new WP_Error(
 678                  'rest_cannot_edit',
 679                  __( 'Sorry, you are not allowed to edit this user.' ),
 680                  array( 'status' => rest_authorization_required_code() )
 681              );
 682          }
 683  
 684          return true;
 685      }
 686  
 687      /**
 688       * Updates a single user.
 689       *
 690       * @since 4.7.0
 691       *
 692       * @param WP_REST_Request $request Full details about the request.
 693       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 694       */
 695  	public function update_item( $request ) {
 696          $user = $this->get_user( $request['id'] );
 697          if ( is_wp_error( $user ) ) {
 698              return $user;
 699          }
 700  
 701          $id = $user->ID;
 702  
 703          if ( ! $user ) {
 704              return new WP_Error(
 705                  'rest_user_invalid_id',
 706                  __( 'Invalid user ID.' ),
 707                  array( 'status' => 404 )
 708              );
 709          }
 710  
 711          $owner_id = email_exists( $request['email'] );
 712  
 713          if ( $owner_id && $owner_id !== $id ) {
 714              return new WP_Error(
 715                  'rest_user_invalid_email',
 716                  __( 'Invalid email address.' ),
 717                  array( 'status' => 400 )
 718              );
 719          }
 720  
 721          if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) {
 722              return new WP_Error(
 723                  'rest_user_invalid_argument',
 724                  __( "Username isn't editable." ),
 725                  array( 'status' => 400 )
 726              );
 727          }
 728  
 729          if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) {
 730              return new WP_Error(
 731                  'rest_user_invalid_slug',
 732                  __( 'Invalid slug.' ),
 733                  array( 'status' => 400 )
 734              );
 735          }
 736  
 737          if ( ! empty( $request['roles'] ) ) {
 738              $check_permission = $this->check_role_update( $id, $request['roles'] );
 739  
 740              if ( is_wp_error( $check_permission ) ) {
 741                  return $check_permission;
 742              }
 743          }
 744  
 745          $user = $this->prepare_item_for_database( $request );
 746  
 747          // Ensure we're operating on the same user we already checked.
 748          $user->ID = $id;
 749  
 750          $user_id = wp_update_user( wp_slash( (array) $user ) );
 751  
 752          if ( is_wp_error( $user_id ) ) {
 753              return $user_id;
 754          }
 755  
 756          $user = get_user_by( 'id', $user_id );
 757  
 758          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
 759          do_action( 'rest_insert_user', $user, $request, false );
 760  
 761          if ( ! empty( $request['roles'] ) ) {
 762              array_map( array( $user, 'add_role' ), $request['roles'] );
 763          }
 764  
 765          $schema = $this->get_item_schema();
 766  
 767          if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) {
 768              $meta_update = $this->meta->update_value( $request['meta'], $id );
 769  
 770              if ( is_wp_error( $meta_update ) ) {
 771                  return $meta_update;
 772              }
 773          }
 774  
 775          $user          = get_user_by( 'id', $user_id );
 776          $fields_update = $this->update_additional_fields_for_object( $user, $request );
 777  
 778          if ( is_wp_error( $fields_update ) ) {
 779              return $fields_update;
 780          }
 781  
 782          $request->set_param( 'context', 'edit' );
 783  
 784          /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */
 785          do_action( 'rest_after_insert_user', $user, $request, false );
 786  
 787          $response = $this->prepare_item_for_response( $user, $request );
 788          $response = rest_ensure_response( $response );
 789  
 790          return $response;
 791      }
 792  
 793      /**
 794       * Checks if a given request has access to update the current user.
 795       *
 796       * @since 4.7.0
 797       *
 798       * @param WP_REST_Request $request Full details about the request.
 799       * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
 800       */
 801  	public function update_current_item_permissions_check( $request ) {
 802          $request['id'] = get_current_user_id();
 803  
 804          return $this->update_item_permissions_check( $request );
 805      }
 806  
 807      /**
 808       * Updates the current user.
 809       *
 810       * @since 4.7.0
 811       *
 812       * @param WP_REST_Request $request Full details about the request.
 813       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 814       */
 815  	public function update_current_item( $request ) {
 816          $request['id'] = get_current_user_id();
 817  
 818          return $this->update_item( $request );
 819      }
 820  
 821      /**
 822       * Checks if a given request has access delete a user.
 823       *
 824       * @since 4.7.0
 825       *
 826       * @param WP_REST_Request $request Full details about the request.
 827       * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
 828       */
 829  	public function delete_item_permissions_check( $request ) {
 830          $user = $this->get_user( $request['id'] );
 831          if ( is_wp_error( $user ) ) {
 832              return $user;
 833          }
 834  
 835          if ( ! current_user_can( 'delete_user', $user->ID ) ) {
 836              return new WP_Error(
 837                  'rest_user_cannot_delete',
 838                  __( 'Sorry, you are not allowed to delete this user.' ),
 839                  array( 'status' => rest_authorization_required_code() )
 840              );
 841          }
 842  
 843          return true;
 844      }
 845  
 846      /**
 847       * Deletes a single user.
 848       *
 849       * @since 4.7.0
 850       *
 851       * @param WP_REST_Request $request Full details about the request.
 852       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 853       */
 854  	public function delete_item( $request ) {
 855          // We don't support delete requests in multisite.
 856          if ( is_multisite() ) {
 857              return new WP_Error(
 858                  'rest_cannot_delete',
 859                  __( 'The user cannot be deleted.' ),
 860                  array( 'status' => 501 )
 861              );
 862          }
 863  
 864          $user = $this->get_user( $request['id'] );
 865  
 866          if ( is_wp_error( $user ) ) {
 867              return $user;
 868          }
 869  
 870          $id       = $user->ID;
 871          $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
 872          $force    = isset( $request['force'] ) ? (bool) $request['force'] : false;
 873  
 874          // We don't support trashing for users.
 875          if ( ! $force ) {
 876              return new WP_Error(
 877                  'rest_trash_not_supported',
 878                  /* translators: %s: force=true */
 879                  sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ),
 880                  array( 'status' => 501 )
 881              );
 882          }
 883  
 884          if ( ! empty( $reassign ) ) {
 885              if ( $reassign === $id || ! get_userdata( $reassign ) ) {
 886                  return new WP_Error(
 887                      'rest_user_invalid_reassign',
 888                      __( 'Invalid user ID for reassignment.' ),
 889                      array( 'status' => 400 )
 890                  );
 891              }
 892          }
 893  
 894          $request->set_param( 'context', 'edit' );
 895  
 896          $previous = $this->prepare_item_for_response( $user, $request );
 897  
 898          // Include user admin functions to get access to wp_delete_user().
 899          require_once ABSPATH . 'wp-admin/includes/user.php';
 900  
 901          $result = wp_delete_user( $id, $reassign );
 902  
 903          if ( ! $result ) {
 904              return new WP_Error(
 905                  'rest_cannot_delete',
 906                  __( 'The user cannot be deleted.' ),
 907                  array( 'status' => 500 )
 908              );
 909          }
 910  
 911          $response = new WP_REST_Response();
 912          $response->set_data(
 913              array(
 914                  'deleted'  => true,
 915                  'previous' => $previous->get_data(),
 916              )
 917          );
 918  
 919          /**
 920           * Fires immediately after a user is deleted via the REST API.
 921           *
 922           * @since 4.7.0
 923           *
 924           * @param WP_User          $user     The user data.
 925           * @param WP_REST_Response $response The response returned from the API.
 926           * @param WP_REST_Request  $request  The request sent to the API.
 927           */
 928          do_action( 'rest_delete_user', $user, $response, $request );
 929  
 930          return $response;
 931      }
 932  
 933      /**
 934       * Checks if a given request has access to delete the current user.
 935       *
 936       * @since 4.7.0
 937       *
 938       * @param WP_REST_Request $request Full details about the request.
 939       * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
 940       */
 941  	public function delete_current_item_permissions_check( $request ) {
 942          $request['id'] = get_current_user_id();
 943  
 944          return $this->delete_item_permissions_check( $request );
 945      }
 946  
 947      /**
 948       * Deletes the current user.
 949       *
 950       * @since 4.7.0
 951       *
 952       * @param WP_REST_Request $request Full details about the request.
 953       * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 954       */
 955  	public function delete_current_item( $request ) {
 956          $request['id'] = get_current_user_id();
 957  
 958          return $this->delete_item( $request );
 959      }
 960  
 961      /**
 962       * Prepares a single user output for response.
 963       *
 964       * @since 4.7.0
 965       *
 966       * @param WP_User         $user    User object.
 967       * @param WP_REST_Request $request Request object.
 968       * @return WP_REST_Response Response object.
 969       */
 970  	public function prepare_item_for_response( $user, $request ) {
 971  
 972          $data   = array();
 973          $fields = $this->get_fields_for_response( $request );
 974  
 975          if ( in_array( 'id', $fields, true ) ) {
 976              $data['id'] = $user->ID;
 977          }
 978  
 979          if ( in_array( 'username', $fields, true ) ) {
 980              $data['username'] = $user->user_login;
 981          }
 982  
 983          if ( in_array( 'name', $fields, true ) ) {
 984              $data['name'] = $user->display_name;
 985          }
 986  
 987          if ( in_array( 'first_name', $fields, true ) ) {
 988              $data['first_name'] = $user->first_name;
 989          }
 990  
 991          if ( in_array( 'last_name', $fields, true ) ) {
 992              $data['last_name'] = $user->last_name;
 993          }
 994  
 995          if ( in_array( 'email', $fields, true ) ) {
 996              $data['email'] = $user->user_email;
 997          }
 998  
 999          if ( in_array( 'url', $fields, true ) ) {
1000              $data['url'] = $user->user_url;
1001          }
1002  
1003          if ( in_array( 'description', $fields, true ) ) {
1004              $data['description'] = $user->description;
1005          }
1006  
1007          if ( in_array( 'link', $fields, true ) ) {
1008              $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename );
1009          }
1010  
1011          if ( in_array( 'locale', $fields, true ) ) {
1012              $data['locale'] = get_user_locale( $user );
1013          }
1014  
1015          if ( in_array( 'nickname', $fields, true ) ) {
1016              $data['nickname'] = $user->nickname;
1017          }
1018  
1019          if ( in_array( 'slug', $fields, true ) ) {
1020              $data['slug'] = $user->user_nicename;
1021          }
1022  
1023          if ( in_array( 'roles', $fields, true ) ) {
1024              // Defensively call array_values() to ensure an array is returned.
1025              $data['roles'] = array_values( $user->roles );
1026          }
1027  
1028          if ( in_array( 'registered_date', $fields, true ) ) {
1029              $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) );
1030          }
1031  
1032          if ( in_array( 'capabilities', $fields, true ) ) {
1033              $data['capabilities'] = (object) $user->allcaps;
1034          }
1035  
1036          if ( in_array( 'extra_capabilities', $fields, true ) ) {
1037              $data['extra_capabilities'] = (object) $user->caps;
1038          }
1039  
1040          if ( in_array( 'avatar_urls', $fields, true ) ) {
1041              $data['avatar_urls'] = rest_get_avatar_urls( $user );
1042          }
1043  
1044          if ( in_array( 'meta', $fields, true ) ) {
1045              $data['meta'] = $this->meta->get_value( $user->ID, $request );
1046          }
1047  
1048          $context = ! empty( $request['context'] ) ? $request['context'] : 'embed';
1049  
1050          $data = $this->add_additional_fields_to_object( $data, $request );
1051          $data = $this->filter_response_by_context( $data, $context );
1052  
1053          // Wrap the data in a response object.
1054          $response = rest_ensure_response( $data );
1055  
1056          $response->add_links( $this->prepare_links( $user ) );
1057  
1058          /**
1059           * Filters user data returned from the REST API.
1060           *
1061           * @since 4.7.0
1062           *
1063           * @param WP_REST_Response $response The response object.
1064           * @param WP_User          $user     User object used to create response.
1065           * @param WP_REST_Request  $request  Request object.
1066           */
1067          return apply_filters( 'rest_prepare_user', $response, $user, $request );
1068      }
1069  
1070      /**
1071       * Prepares links for the user request.
1072       *
1073       * @since 4.7.0
1074       *
1075       * @param WP_Post $user User object.
1076       * @return array Links for the given user.
1077       */
1078  	protected function prepare_links( $user ) {
1079          $links = array(
1080              'self'       => array(
1081                  'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ),
1082              ),
1083              'collection' => array(
1084                  'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
1085              ),
1086          );
1087  
1088          return $links;
1089      }
1090  
1091      /**
1092       * Prepares a single user for creation or update.
1093       *
1094       * @since 4.7.0
1095       *
1096       * @param WP_REST_Request $request Request object.
1097       * @return object User object.
1098       */
1099  	protected function prepare_item_for_database( $request ) {
1100          $prepared_user = new stdClass;
1101  
1102          $schema = $this->get_item_schema();
1103  
1104          // Required arguments.
1105          if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) {
1106              $prepared_user->user_email = $request['email'];
1107          }
1108  
1109          if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) {
1110              $prepared_user->user_login = $request['username'];
1111          }
1112  
1113          if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) {
1114              $prepared_user->user_pass = $request['password'];
1115          }
1116  
1117          // Optional arguments.
1118          if ( isset( $request['id'] ) ) {
1119              $prepared_user->ID = absint( $request['id'] );
1120          }
1121  
1122          if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) {
1123              $prepared_user->display_name = $request['name'];
1124          }
1125  
1126          if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) {
1127              $prepared_user->first_name = $request['first_name'];
1128          }
1129  
1130          if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) {
1131              $prepared_user->last_name = $request['last_name'];
1132          }
1133  
1134          if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) {
1135              $prepared_user->nickname = $request['nickname'];
1136          }
1137  
1138          if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) {
1139              $prepared_user->user_nicename = $request['slug'];
1140          }
1141  
1142          if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) {
1143              $prepared_user->description = $request['description'];
1144          }
1145  
1146          if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) {
1147              $prepared_user->user_url = $request['url'];
1148          }
1149  
1150          if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) {
1151              $prepared_user->locale = $request['locale'];
1152          }
1153  
1154          // Setting roles will be handled outside of this function.
1155          if ( isset( $request['roles'] ) ) {
1156              $prepared_user->role = false;
1157          }
1158  
1159          /**
1160           * Filters user data before insertion via the REST API.
1161           *
1162           * @since 4.7.0
1163           *
1164           * @param object          $prepared_user User object.
1165           * @param WP_REST_Request $request       Request object.
1166           */
1167          return apply_filters( 'rest_pre_insert_user', $prepared_user, $request );
1168      }
1169  
1170      /**
1171       * Determines if the current user is allowed to make the desired roles change.
1172       *
1173       * @since 4.7.0
1174       *
1175       * @param integer $user_id User ID.
1176       * @param array   $roles   New user roles.
1177       * @return true|WP_Error True if the current user is allowed to make the role change,
1178       *                       otherwise a WP_Error object.
1179       */
1180  	protected function check_role_update( $user_id, $roles ) {
1181          global $wp_roles;
1182  
1183          foreach ( $roles as $role ) {
1184  
1185              if ( ! isset( $wp_roles->role_objects[ $role ] ) ) {
1186                  return new WP_Error(
1187                      'rest_user_invalid_role',
1188                      /* translators: %s: Role key. */
1189                      sprintf( __( 'The role %s does not exist.' ), $role ),
1190                      array( 'status' => 400 )
1191                  );
1192              }
1193  
1194              $potential_role = $wp_roles->role_objects[ $role ];
1195  
1196              /*
1197               * Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
1198               * Multisite super admins can freely edit their blog roles -- they possess all caps.
1199               */
1200              if ( ! ( is_multisite()
1201                  && current_user_can( 'manage_sites' ) )
1202                  && get_current_user_id() === $user_id
1203                  && ! $potential_role->has_cap( 'edit_users' )
1204              ) {
1205                  return new WP_Error(
1206                      'rest_user_invalid_role',
1207                      __( 'Sorry, you are not allowed to give users that role.' ),
1208                      array( 'status' => rest_authorization_required_code() )
1209                  );
1210              }
1211  
1212              // Include user admin functions to get access to get_editable_roles().
1213              require_once ABSPATH . 'wp-admin/includes/user.php';
1214  
1215              // The new role must be editable by the logged-in user.
1216              $editable_roles = get_editable_roles();
1217  
1218              if ( empty( $editable_roles[ $role ] ) ) {
1219                  return new WP_Error(
1220                      'rest_user_invalid_role',
1221                      __( 'Sorry, you are not allowed to give users that role.' ),
1222                      array( 'status' => 403 )
1223                  );
1224              }
1225          }
1226  
1227          return true;
1228      }
1229  
1230      /**
1231       * Check a username for the REST API.
1232       *
1233       * Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
1234       *
1235       * @since 4.7.0
1236       *
1237       * @param string          $value   The username submitted in the request.
1238       * @param WP_REST_Request $request Full details about the request.
1239       * @param string          $param   The parameter name.
1240       * @return string|WP_Error The sanitized username, if valid, otherwise an error.
1241       */
1242  	public function check_username( $value, $request, $param ) {
1243          $username = (string) $value;
1244  
1245          if ( ! validate_username( $username ) ) {
1246              return new WP_Error(
1247                  'rest_user_invalid_username',
1248                  __( 'This username is invalid because it uses illegal characters. Please enter a valid username.' ),
1249                  array( 'status' => 400 )
1250              );
1251          }
1252  
1253          /** This filter is documented in wp-includes/user.php */
1254          $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() );
1255  
1256          if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) {
1257              return new WP_Error(
1258                  'rest_user_invalid_username',
1259                  __( 'Sorry, that username is not allowed.' ),
1260                  array( 'status' => 400 )
1261              );
1262          }
1263  
1264          return $username;
1265      }
1266  
1267      /**
1268       * Check a user password for the REST API.
1269       *
1270       * Performs a couple of checks like edit_user() in wp-admin/includes/user.php.
1271       *
1272       * @since 4.7.0
1273       *
1274       * @param string          $value   The password submitted in the request.
1275       * @param WP_REST_Request $request Full details about the request.
1276       * @param string          $param   The parameter name.
1277       * @return string|WP_Error The sanitized password, if valid, otherwise an error.
1278       */
1279  	public function check_user_password( $value, $request, $param ) {
1280          $password = (string) $value;
1281  
1282          if ( empty( $password ) ) {
1283              return new WP_Error(
1284                  'rest_user_invalid_password',
1285                  __( 'Passwords cannot be empty.' ),
1286                  array( 'status' => 400 )
1287              );
1288          }
1289  
1290          if ( false !== strpos( $password, '\\' ) ) {
1291              return new WP_Error(
1292                  'rest_user_invalid_password',
1293                  __( 'Passwords cannot contain the "\\" character.' ),
1294                  array( 'status' => 400 )
1295              );
1296          }
1297  
1298          return $password;
1299      }
1300  
1301      /**
1302       * Retrieves the user's schema, conforming to JSON Schema.
1303       *
1304       * @since 4.7.0
1305       *
1306       * @return array Item schema data.
1307       */
1308  	public function get_item_schema() {
1309          if ( $this->schema ) {
1310              return $this->add_additional_fields_schema( $this->schema );
1311          }
1312  
1313          $schema = array(
1314              '$schema'    => 'http://json-schema.org/draft-04/schema#',
1315              'title'      => 'user',
1316              'type'       => 'object',
1317              'properties' => array(
1318                  'id'                 => array(
1319                      'description' => __( 'Unique identifier for the user.' ),
1320                      'type'        => 'integer',
1321                      'context'     => array( 'embed', 'view', 'edit' ),
1322                      'readonly'    => true,
1323                  ),
1324                  'username'           => array(
1325                      'description' => __( 'Login name for the user.' ),
1326                      'type'        => 'string',
1327                      'context'     => array( 'edit' ),
1328                      'required'    => true,
1329                      'arg_options' => array(
1330                          'sanitize_callback' => array( $this, 'check_username' ),
1331                      ),
1332                  ),
1333                  'name'               => array(
1334                      'description' => __( 'Display name for the user.' ),
1335                      'type'        => 'string',
1336                      'context'     => array( 'embed', 'view', 'edit' ),
1337                      'arg_options' => array(
1338                          'sanitize_callback' => 'sanitize_text_field',
1339                      ),
1340                  ),
1341                  'first_name'         => array(
1342                      'description' => __( 'First name for the user.' ),
1343                      'type'        => 'string',
1344                      'context'     => array( 'edit' ),
1345                      'arg_options' => array(
1346                          'sanitize_callback' => 'sanitize_text_field',
1347                      ),
1348                  ),
1349                  'last_name'          => array(
1350                      'description' => __( 'Last name for the user.' ),
1351                      'type'        => 'string',
1352                      'context'     => array( 'edit' ),
1353                      'arg_options' => array(
1354                          'sanitize_callback' => 'sanitize_text_field',
1355                      ),
1356                  ),
1357                  'email'              => array(
1358                      'description' => __( 'The email address for the user.' ),
1359                      'type'        => 'string',
1360                      'format'      => 'email',
1361                      'context'     => array( 'edit' ),
1362                      'required'    => true,
1363                  ),
1364                  'url'                => array(
1365                      'description' => __( 'URL of the user.' ),
1366                      'type'        => 'string',
1367                      'format'      => 'uri',
1368                      'context'     => array( 'embed', 'view', 'edit' ),
1369                  ),
1370                  'description'        => array(
1371                      'description' => __( 'Description of the user.' ),
1372                      'type'        => 'string',
1373                      'context'     => array( 'embed', 'view', 'edit' ),
1374                  ),
1375                  'link'               => array(
1376                      'description' => __( 'Author URL of the user.' ),
1377                      'type'        => 'string',
1378                      'format'      => 'uri',
1379                      'context'     => array( 'embed', 'view', 'edit' ),
1380                      'readonly'    => true,
1381                  ),
1382                  'locale'             => array(
1383                      'description' => __( 'Locale for the user.' ),
1384                      'type'        => 'string',
1385                      'enum'        => array_merge( array( '', 'en_US' ), get_available_languages() ),
1386                      'context'     => array( 'edit' ),
1387                  ),
1388                  'nickname'           => array(
1389                      'description' => __( 'The nickname for the user.' ),
1390                      'type'        => 'string',
1391                      'context'     => array( 'edit' ),
1392                      'arg_options' => array(
1393                          'sanitize_callback' => 'sanitize_text_field',
1394                      ),
1395                  ),
1396                  'slug'               => array(
1397                      'description' => __( 'An alphanumeric identifier for the user.' ),
1398                      'type'        => 'string',
1399                      'context'     => array( 'embed', 'view', 'edit' ),
1400                      'arg_options' => array(
1401                          'sanitize_callback' => array( $this, 'sanitize_slug' ),
1402                      ),
1403                  ),
1404                  'registered_date'    => array(
1405                      'description' => __( 'Registration date for the user.' ),
1406                      'type'        => 'string',
1407                      'format'      => 'date-time',
1408                      'context'     => array( 'edit' ),
1409                      'readonly'    => true,
1410                  ),
1411                  'roles'              => array(
1412                      'description' => __( 'Roles assigned to the user.' ),
1413                      'type'        => 'array',
1414                      'items'       => array(
1415                          'type' => 'string',
1416                      ),
1417                      'context'     => array( 'edit' ),
1418                  ),
1419                  'password'           => array(
1420                      'description' => __( 'Password for the user (never included).' ),
1421                      'type'        => 'string',
1422                      'context'     => array(), // Password is never displayed.
1423                      'required'    => true,
1424                      'arg_options' => array(
1425                          'sanitize_callback' => array( $this, 'check_user_password' ),
1426                      ),
1427                  ),
1428                  'capabilities'       => array(
1429                      'description' => __( 'All capabilities assigned to the user.' ),
1430                      'type'        => 'object',
1431                      'context'     => array( 'edit' ),
1432                      'readonly'    => true,
1433                  ),
1434                  'extra_capabilities' => array(
1435                      'description' => __( 'Any extra capabilities assigned to the user.' ),
1436                      'type'        => 'object',
1437                      'context'     => array( 'edit' ),
1438                      'readonly'    => true,
1439                  ),
1440              ),
1441          );
1442  
1443          if ( get_option( 'show_avatars' ) ) {
1444              $avatar_properties = array();
1445  
1446              $avatar_sizes = rest_get_avatar_sizes();
1447  
1448              foreach ( $avatar_sizes as $size ) {
1449                  $avatar_properties[ $size ] = array(
1450                      /* translators: %d: Avatar image size in pixels. */
1451                      'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ),
1452                      'type'        => 'string',
1453                      'format'      => 'uri',
1454                      'context'     => array( 'embed', 'view', 'edit' ),
1455                  );
1456              }
1457  
1458              $schema['properties']['avatar_urls'] = array(
1459                  'description' => __( 'Avatar URLs for the user.' ),
1460                  'type'        => 'object',
1461                  'context'     => array( 'embed', 'view', 'edit' ),
1462                  'readonly'    => true,
1463                  'properties'  => $avatar_properties,
1464              );
1465          }
1466  
1467          $schema['properties']['meta'] = $this->meta->get_field_schema();
1468  
1469          $this->schema = $schema;
1470  
1471          return $this->add_additional_fields_schema( $this->schema );
1472      }
1473  
1474      /**
1475       * Retrieves the query params for collections.
1476       *
1477       * @since 4.7.0
1478       *
1479       * @return array Collection parameters.
1480       */
1481  	public function get_collection_params() {
1482          $query_params = parent::get_collection_params();
1483  
1484          $query_params['context']['default'] = 'view';
1485  
1486          $query_params['exclude'] = array(
1487              'description' => __( 'Ensure result set excludes specific IDs.' ),
1488              'type'        => 'array',
1489              'items'       => array(
1490                  'type' => 'integer',
1491              ),
1492              'default'     => array(),
1493          );
1494  
1495          $query_params['include'] = array(
1496              'description' => __( 'Limit result set to specific IDs.' ),
1497              'type'        => 'array',
1498              'items'       => array(
1499                  'type' => 'integer',
1500              ),
1501              'default'     => array(),
1502          );
1503  
1504          $query_params['offset'] = array(
1505              'description' => __( 'Offset the result set by a specific number of items.' ),
1506              'type'        => 'integer',
1507          );
1508  
1509          $query_params['order'] = array(
1510              'default'     => 'asc',
1511              'description' => __( 'Order sort attribute ascending or descending.' ),
1512              'enum'        => array( 'asc', 'desc' ),
1513              'type'        => 'string',
1514          );
1515  
1516          $query_params['orderby'] = array(
1517              'default'     => 'name',
1518              'description' => __( 'Sort collection by object attribute.' ),
1519              'enum'        => array(
1520                  'id',
1521                  'include',
1522                  'name',
1523                  'registered_date',
1524                  'slug',
1525                  'include_slugs',
1526                  'email',
1527                  'url',
1528              ),
1529              'type'        => 'string',
1530          );
1531  
1532          $query_params['slug'] = array(
1533              'description' => __( 'Limit result set to users with one or more specific slugs.' ),
1534              'type'        => 'array',
1535              'items'       => array(
1536                  'type' => 'string',
1537              ),
1538          );
1539  
1540          $query_params['roles'] = array(
1541              'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ),
1542              'type'        => 'array',
1543              'items'       => array(
1544                  'type' => 'string',
1545              ),
1546          );
1547  
1548          $query_params['who'] = array(
1549              'description' => __( 'Limit result set to users who are considered authors.' ),
1550              'type'        => 'string',
1551              'enum'        => array(
1552                  'authors',
1553              ),
1554          );
1555  
1556          /**
1557           * Filter collection parameters for the users controller.
1558           *
1559           * This filter registers the collection parameter, but does not map the
1560           * collection parameter to an internal WP_User_Query parameter.  Use the
1561           * `rest_user_query` filter to set WP_User_Query arguments.
1562           *
1563           * @since 4.7.0
1564           *
1565           * @param array $query_params JSON Schema-formatted collection parameters.
1566           */
1567          return apply_filters( 'rest_user_collection_params', $query_params );
1568      }
1569  }


Generated: Sun Jul 5 01:00:04 2020 Cross-referenced by PHPXref 0.7.1