| [ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * REST API: WP_REST_Users_Controller class 4 * 5 * @package WordPress 6 * @subpackage REST_API 7 * @since 4.7.0 8 */ 9 10 /** 11 * Core class used to manage users via the REST API. 12 * 13 * @since 4.7.0 14 * 15 * @see WP_REST_Controller 16 */ 17 class WP_REST_Users_Controller extends WP_REST_Controller { 18 19 /** 20 * Instance of a user meta fields object. 21 * 22 * @since 4.7.0 23 * @var WP_REST_User_Meta_Fields 24 */ 25 protected $meta; 26 27 /** 28 * Constructor. 29 * 30 * @since 4.7.0 31 */ 32 public function __construct() { 33 $this->namespace = 'wp/v2'; 34 $this->rest_base = 'users'; 35 36 $this->meta = new WP_REST_User_Meta_Fields(); 37 } 38 39 /** 40 * Registers the routes for the objects of the controller. 41 * 42 * @since 4.7.0 43 * 44 * @see register_rest_route() 45 */ 46 public function register_routes() { 47 48 register_rest_route( 49 $this->namespace, 50 '/' . $this->rest_base, 51 array( 52 array( 53 'methods' => WP_REST_Server::READABLE, 54 'callback' => array( $this, 'get_items' ), 55 'permission_callback' => array( $this, 'get_items_permissions_check' ), 56 'args' => $this->get_collection_params(), 57 ), 58 array( 59 'methods' => WP_REST_Server::CREATABLE, 60 'callback' => array( $this, 'create_item' ), 61 'permission_callback' => array( $this, 'create_item_permissions_check' ), 62 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), 63 ), 64 'schema' => array( $this, 'get_public_item_schema' ), 65 ) 66 ); 67 68 register_rest_route( 69 $this->namespace, 70 '/' . $this->rest_base . '/(?P<id>[\d]+)', 71 array( 72 'args' => array( 73 'id' => array( 74 'description' => __( 'Unique identifier for the user.' ), 75 'type' => 'integer', 76 ), 77 ), 78 array( 79 'methods' => WP_REST_Server::READABLE, 80 'callback' => array( $this, 'get_item' ), 81 'permission_callback' => array( $this, 'get_item_permissions_check' ), 82 'args' => array( 83 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 84 ), 85 ), 86 array( 87 'methods' => WP_REST_Server::EDITABLE, 88 'callback' => array( $this, 'update_item' ), 89 'permission_callback' => array( $this, 'update_item_permissions_check' ), 90 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 91 ), 92 array( 93 'methods' => WP_REST_Server::DELETABLE, 94 'callback' => array( $this, 'delete_item' ), 95 'permission_callback' => array( $this, 'delete_item_permissions_check' ), 96 'args' => array( 97 'force' => array( 98 'type' => 'boolean', 99 'default' => false, 100 'description' => __( 'Required to be true, as users do not support trashing.' ), 101 ), 102 'reassign' => array( 103 'type' => 'integer', 104 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 105 'required' => true, 106 'sanitize_callback' => array( $this, 'check_reassign' ), 107 ), 108 ), 109 ), 110 'schema' => array( $this, 'get_public_item_schema' ), 111 ) 112 ); 113 114 register_rest_route( 115 $this->namespace, 116 '/' . $this->rest_base . '/me', 117 array( 118 array( 119 'methods' => WP_REST_Server::READABLE, 120 'callback' => array( $this, 'get_current_item' ), 121 'args' => array( 122 'context' => $this->get_context_param( array( 'default' => 'view' ) ), 123 ), 124 ), 125 array( 126 'methods' => WP_REST_Server::EDITABLE, 127 'callback' => array( $this, 'update_current_item' ), 128 'permission_callback' => array( $this, 'update_current_item_permissions_check' ), 129 'args' => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ), 130 ), 131 array( 132 'methods' => WP_REST_Server::DELETABLE, 133 'callback' => array( $this, 'delete_current_item' ), 134 'permission_callback' => array( $this, 'delete_current_item_permissions_check' ), 135 'args' => array( 136 'force' => array( 137 'type' => 'boolean', 138 'default' => false, 139 'description' => __( 'Required to be true, as users do not support trashing.' ), 140 ), 141 'reassign' => array( 142 'type' => 'integer', 143 'description' => __( 'Reassign the deleted user\'s posts and links to this user ID.' ), 144 'required' => true, 145 'sanitize_callback' => array( $this, 'check_reassign' ), 146 ), 147 ), 148 ), 149 'schema' => array( $this, 'get_public_item_schema' ), 150 ) 151 ); 152 } 153 154 /** 155 * Checks for a valid value for the reassign parameter when deleting users. 156 * 157 * The value can be an integer, 'false', false, or ''. 158 * 159 * @since 4.7.0 160 * 161 * @param int|bool $value The value passed to the reassign parameter. 162 * @param WP_REST_Request $request Full details about the request. 163 * @param string $param The parameter that is being sanitized. 164 * 165 * @return int|bool|WP_Error 166 */ 167 public function check_reassign( $value, $request, $param ) { 168 if ( is_numeric( $value ) ) { 169 return $value; 170 } 171 172 if ( empty( $value ) || false === $value || 'false' === $value ) { 173 return false; 174 } 175 176 return new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) ); 177 } 178 179 /** 180 * Permissions check for getting all users. 181 * 182 * @since 4.7.0 183 * 184 * @param WP_REST_Request $request Full details about the request. 185 * @return true|WP_Error True if the request has read access, otherwise WP_Error object. 186 */ 187 public function get_items_permissions_check( $request ) { 188 // Check if roles is specified in GET request and if user can list users. 189 if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) { 190 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to filter users by role.' ), array( 'status' => rest_authorization_required_code() ) ); 191 } 192 193 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 194 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 195 } 196 197 if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) { 198 return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); 199 } 200 201 if ( 'authors' === $request['who'] ) { 202 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 203 204 foreach ( $types as $type ) { 205 if ( post_type_supports( $type->name, 'author' ) 206 && current_user_can( $type->cap->edit_posts ) ) { 207 return true; 208 } 209 } 210 211 return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); 212 } 213 214 return true; 215 } 216 217 /** 218 * Retrieves all users. 219 * 220 * @since 4.7.0 221 * 222 * @param WP_REST_Request $request Full details about the request. 223 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 224 */ 225 public function get_items( $request ) { 226 227 // Retrieve the list of registered collection query parameters. 228 $registered = $this->get_collection_params(); 229 230 /* 231 * This array defines mappings between public API query parameters whose 232 * values are accepted as-passed, and their internal WP_Query parameter 233 * name equivalents (some are the same). Only values which are also 234 * present in $registered will be set. 235 */ 236 $parameter_mappings = array( 237 'exclude' => 'exclude', 238 'include' => 'include', 239 'order' => 'order', 240 'per_page' => 'number', 241 'search' => 'search', 242 'roles' => 'role__in', 243 'slug' => 'nicename__in', 244 ); 245 246 $prepared_args = array(); 247 248 /* 249 * For each known parameter which is both registered and present in the request, 250 * set the parameter's value on the query $prepared_args. 251 */ 252 foreach ( $parameter_mappings as $api_param => $wp_param ) { 253 if ( isset( $registered[ $api_param ], $request[ $api_param ] ) ) { 254 $prepared_args[ $wp_param ] = $request[ $api_param ]; 255 } 256 } 257 258 if ( isset( $registered['offset'] ) && ! empty( $request['offset'] ) ) { 259 $prepared_args['offset'] = $request['offset']; 260 } else { 261 $prepared_args['offset'] = ( $request['page'] - 1 ) * $prepared_args['number']; 262 } 263 264 if ( isset( $registered['orderby'] ) ) { 265 $orderby_possibles = array( 266 'id' => 'ID', 267 'include' => 'include', 268 'name' => 'display_name', 269 'registered_date' => 'registered', 270 'slug' => 'user_nicename', 271 'include_slugs' => 'nicename__in', 272 'email' => 'user_email', 273 'url' => 'user_url', 274 ); 275 $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ]; 276 } 277 278 if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { 279 $prepared_args['who'] = 'authors'; 280 } elseif ( ! current_user_can( 'list_users' ) ) { 281 $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); 282 } 283 284 if ( ! empty( $prepared_args['search'] ) ) { 285 $prepared_args['search'] = '*' . $prepared_args['search'] . '*'; 286 } 287 /** 288 * Filters WP_User_Query arguments when querying users via the REST API. 289 * 290 * @link https://developer.wordpress.org/reference/classes/wp_user_query/ 291 * 292 * @since 4.7.0 293 * 294 * @param array $prepared_args Array of arguments for WP_User_Query. 295 * @param WP_REST_Request $request The current request. 296 */ 297 $prepared_args = apply_filters( 'rest_user_query', $prepared_args, $request ); 298 299 $query = new WP_User_Query( $prepared_args ); 300 301 $users = array(); 302 303 foreach ( $query->results as $user ) { 304 $data = $this->prepare_item_for_response( $user, $request ); 305 $users[] = $this->prepare_response_for_collection( $data ); 306 } 307 308 $response = rest_ensure_response( $users ); 309 310 // Store pagination values for headers then unset for count query. 311 $per_page = (int) $prepared_args['number']; 312 $page = ceil( ( ( (int) $prepared_args['offset'] ) / $per_page ) + 1 ); 313 314 $prepared_args['fields'] = 'ID'; 315 316 $total_users = $query->get_total(); 317 318 if ( $total_users < 1 ) { 319 // Out-of-bounds, run the query again without LIMIT for total count. 320 unset( $prepared_args['number'], $prepared_args['offset'] ); 321 $count_query = new WP_User_Query( $prepared_args ); 322 $total_users = $count_query->get_total(); 323 } 324 325 $response->header( 'X-WP-Total', (int) $total_users ); 326 327 $max_pages = ceil( $total_users / $per_page ); 328 329 $response->header( 'X-WP-TotalPages', (int) $max_pages ); 330 331 $base = add_query_arg( urlencode_deep( $request->get_query_params() ), rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ) ); 332 if ( $page > 1 ) { 333 $prev_page = $page - 1; 334 335 if ( $prev_page > $max_pages ) { 336 $prev_page = $max_pages; 337 } 338 339 $prev_link = add_query_arg( 'page', $prev_page, $base ); 340 $response->link_header( 'prev', $prev_link ); 341 } 342 if ( $max_pages > $page ) { 343 $next_page = $page + 1; 344 $next_link = add_query_arg( 'page', $next_page, $base ); 345 346 $response->link_header( 'next', $next_link ); 347 } 348 349 return $response; 350 } 351 352 /** 353 * Get the user, if the ID is valid. 354 * 355 * @since 4.7.2 356 * 357 * @param int $id Supplied ID. 358 * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise. 359 */ 360 protected function get_user( $id ) { 361 $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 362 if ( (int) $id <= 0 ) { 363 return $error; 364 } 365 366 $user = get_userdata( (int) $id ); 367 if ( empty( $user ) || ! $user->exists() ) { 368 return $error; 369 } 370 371 if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) ) { 372 return $error; 373 } 374 375 return $user; 376 } 377 378 /** 379 * Checks if a given request has access to read a user. 380 * 381 * @since 4.7.0 382 * 383 * @param WP_REST_Request $request Full details about the request. 384 * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object. 385 */ 386 public function get_item_permissions_check( $request ) { 387 $user = $this->get_user( $request['id'] ); 388 if ( is_wp_error( $user ) ) { 389 return $user; 390 } 391 392 $types = get_post_types( array( 'show_in_rest' => true ), 'names' ); 393 394 if ( get_current_user_id() === $user->ID ) { 395 return true; 396 } 397 398 if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) { 399 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 400 } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) { 401 return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) ); 402 } 403 404 return true; 405 } 406 407 /** 408 * Retrieves a single user. 409 * 410 * @since 4.7.0 411 * 412 * @param WP_REST_Request $request Full details about the request. 413 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 414 */ 415 public function get_item( $request ) { 416 $user = $this->get_user( $request['id'] ); 417 if ( is_wp_error( $user ) ) { 418 return $user; 419 } 420 421 $user = $this->prepare_item_for_response( $user, $request ); 422 $response = rest_ensure_response( $user ); 423 424 return $response; 425 } 426 427 /** 428 * Retrieves the current user. 429 * 430 * @since 4.7.0 431 * 432 * @param WP_REST_Request $request Full details about the request. 433 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 434 */ 435 public function get_current_item( $request ) { 436 $current_user_id = get_current_user_id(); 437 438 if ( empty( $current_user_id ) ) { 439 return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) ); 440 } 441 442 $user = wp_get_current_user(); 443 $response = $this->prepare_item_for_response( $user, $request ); 444 $response = rest_ensure_response( $response ); 445 446 return $response; 447 } 448 449 /** 450 * Checks if a given request has access create users. 451 * 452 * @since 4.7.0 453 * 454 * @param WP_REST_Request $request Full details about the request. 455 * @return true|WP_Error True if the request has access to create items, WP_Error object otherwise. 456 */ 457 public function create_item_permissions_check( $request ) { 458 459 if ( ! current_user_can( 'create_users' ) ) { 460 return new WP_Error( 'rest_cannot_create_user', __( 'Sorry, you are not allowed to create new users.' ), array( 'status' => rest_authorization_required_code() ) ); 461 } 462 463 return true; 464 } 465 466 /** 467 * Creates a single user. 468 * 469 * @since 4.7.0 470 * 471 * @param WP_REST_Request $request Full details about the request. 472 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 473 */ 474 public function create_item( $request ) { 475 if ( ! empty( $request['id'] ) ) { 476 return new WP_Error( 'rest_user_exists', __( 'Cannot create existing user.' ), array( 'status' => 400 ) ); 477 } 478 479 $schema = $this->get_item_schema(); 480 481 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 482 $check_permission = $this->check_role_update( $request['id'], $request['roles'] ); 483 484 if ( is_wp_error( $check_permission ) ) { 485 return $check_permission; 486 } 487 } 488 489 $user = $this->prepare_item_for_database( $request ); 490 491 if ( is_multisite() ) { 492 $ret = wpmu_validate_user_signup( $user->user_login, $user->user_email ); 493 494 if ( is_wp_error( $ret['errors'] ) && $ret['errors']->has_errors() ) { 495 $error = new WP_Error( 'rest_invalid_param', __( 'Invalid user parameter(s).' ), array( 'status' => 400 ) ); 496 foreach ( $ret['errors']->errors as $code => $messages ) { 497 foreach ( $messages as $message ) { 498 $error->add( $code, $message ); 499 } 500 $error_data = $error->get_error_data( $code ); 501 if ( $error_data ) { 502 $error->add_data( $error_data, $code ); 503 } 504 } 505 return $error; 506 } 507 } 508 509 if ( is_multisite() ) { 510 $user_id = wpmu_create_user( $user->user_login, $user->user_pass, $user->user_email ); 511 512 if ( ! $user_id ) { 513 return new WP_Error( 'rest_user_create', __( 'Error creating new user.' ), array( 'status' => 500 ) ); 514 } 515 516 $user->ID = $user_id; 517 $user_id = wp_update_user( wp_slash( (array) $user ) ); 518 519 if ( is_wp_error( $user_id ) ) { 520 return $user_id; 521 } 522 523 $result = add_user_to_blog( get_site()->id, $user_id, '' ); 524 if ( is_wp_error( $result ) ) { 525 return $result; 526 } 527 } else { 528 $user_id = wp_insert_user( wp_slash( (array) $user ) ); 529 530 if ( is_wp_error( $user_id ) ) { 531 return $user_id; 532 } 533 } 534 535 $user = get_user_by( 'id', $user_id ); 536 537 /** 538 * Fires immediately after a user is created or updated via the REST API. 539 * 540 * @since 4.7.0 541 * 542 * @param WP_User $user Inserted or updated user object. 543 * @param WP_REST_Request $request Request object. 544 * @param bool $creating True when creating a user, false when updating. 545 */ 546 do_action( 'rest_insert_user', $user, $request, true ); 547 548 if ( ! empty( $request['roles'] ) && ! empty( $schema['properties']['roles'] ) ) { 549 array_map( array( $user, 'add_role' ), $request['roles'] ); 550 } 551 552 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 553 $meta_update = $this->meta->update_value( $request['meta'], $user_id ); 554 555 if ( is_wp_error( $meta_update ) ) { 556 return $meta_update; 557 } 558 } 559 560 $user = get_user_by( 'id', $user_id ); 561 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 562 563 if ( is_wp_error( $fields_update ) ) { 564 return $fields_update; 565 } 566 567 $request->set_param( 'context', 'edit' ); 568 569 /** 570 * Fires after a user is completely created or updated via the REST API. 571 * 572 * @since 5.0.0 573 * 574 * @param WP_User $user Inserted or updated user object. 575 * @param WP_REST_Request $request Request object. 576 * @param bool $creating True when creating a user, false when updating. 577 */ 578 do_action( 'rest_after_insert_user', $user, $request, true ); 579 580 $response = $this->prepare_item_for_response( $user, $request ); 581 $response = rest_ensure_response( $response ); 582 583 $response->set_status( 201 ); 584 $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user_id ) ) ); 585 586 return $response; 587 } 588 589 /** 590 * Checks if a given request has access to update a user. 591 * 592 * @since 4.7.0 593 * 594 * @param WP_REST_Request $request Full details about the request. 595 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 596 */ 597 public function update_item_permissions_check( $request ) { 598 $user = $this->get_user( $request['id'] ); 599 if ( is_wp_error( $user ) ) { 600 return $user; 601 } 602 603 if ( ! empty( $request['roles'] ) ) { 604 if ( ! current_user_can( 'promote_user', $user->ID ) ) { 605 return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) ); 606 } 607 608 $request_params = array_keys( $request->get_params() ); 609 sort( $request_params ); 610 // If only 'id' and 'roles' are specified (we are only trying to 611 // edit roles), then only the 'promote_user' cap is required. 612 if ( array( 'id', 'roles' ) === $request_params ) { 613 return true; 614 } 615 } 616 617 if ( ! current_user_can( 'edit_user', $user->ID ) ) { 618 return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) ); 619 } 620 621 return true; 622 } 623 624 /** 625 * Updates a single user. 626 * 627 * @since 4.7.0 628 * 629 * @param WP_REST_Request $request Full details about the request. 630 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 631 */ 632 public function update_item( $request ) { 633 $user = $this->get_user( $request['id'] ); 634 if ( is_wp_error( $user ) ) { 635 return $user; 636 } 637 638 $id = $user->ID; 639 640 if ( ! $user ) { 641 return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) ); 642 } 643 644 $owner_id = email_exists( $request['email'] ); 645 646 if ( $owner_id && $owner_id !== $id ) { 647 return new WP_Error( 'rest_user_invalid_email', __( 'Invalid email address.' ), array( 'status' => 400 ) ); 648 } 649 650 if ( ! empty( $request['username'] ) && $request['username'] !== $user->user_login ) { 651 return new WP_Error( 'rest_user_invalid_argument', __( "Username isn't editable." ), array( 'status' => 400 ) ); 652 } 653 654 if ( ! empty( $request['slug'] ) && $request['slug'] !== $user->user_nicename && get_user_by( 'slug', $request['slug'] ) ) { 655 return new WP_Error( 'rest_user_invalid_slug', __( 'Invalid slug.' ), array( 'status' => 400 ) ); 656 } 657 658 if ( ! empty( $request['roles'] ) ) { 659 $check_permission = $this->check_role_update( $id, $request['roles'] ); 660 661 if ( is_wp_error( $check_permission ) ) { 662 return $check_permission; 663 } 664 } 665 666 $user = $this->prepare_item_for_database( $request ); 667 668 // Ensure we're operating on the same user we already checked. 669 $user->ID = $id; 670 671 $user_id = wp_update_user( wp_slash( (array) $user ) ); 672 673 if ( is_wp_error( $user_id ) ) { 674 return $user_id; 675 } 676 677 $user = get_user_by( 'id', $user_id ); 678 679 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 680 do_action( 'rest_insert_user', $user, $request, false ); 681 682 if ( ! empty( $request['roles'] ) ) { 683 array_map( array( $user, 'add_role' ), $request['roles'] ); 684 } 685 686 $schema = $this->get_item_schema(); 687 688 if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { 689 $meta_update = $this->meta->update_value( $request['meta'], $id ); 690 691 if ( is_wp_error( $meta_update ) ) { 692 return $meta_update; 693 } 694 } 695 696 $user = get_user_by( 'id', $user_id ); 697 $fields_update = $this->update_additional_fields_for_object( $user, $request ); 698 699 if ( is_wp_error( $fields_update ) ) { 700 return $fields_update; 701 } 702 703 $request->set_param( 'context', 'edit' ); 704 705 /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php */ 706 do_action( 'rest_after_insert_user', $user, $request, false ); 707 708 $response = $this->prepare_item_for_response( $user, $request ); 709 $response = rest_ensure_response( $response ); 710 711 return $response; 712 } 713 714 /** 715 * Checks if a given request has access to update the current user. 716 * 717 * @since 4.7.0 718 * 719 * @param WP_REST_Request $request Full details about the request. 720 * @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise. 721 */ 722 public function update_current_item_permissions_check( $request ) { 723 $request['id'] = get_current_user_id(); 724 725 return $this->update_item_permissions_check( $request ); 726 } 727 728 /** 729 * Updates the current user. 730 * 731 * @since 4.7.0 732 * 733 * @param WP_REST_Request $request Full details about the request. 734 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 735 */ 736 public function update_current_item( $request ) { 737 $request['id'] = get_current_user_id(); 738 739 return $this->update_item( $request ); 740 } 741 742 /** 743 * Checks if a given request has access delete a user. 744 * 745 * @since 4.7.0 746 * 747 * @param WP_REST_Request $request Full details about the request. 748 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 749 */ 750 public function delete_item_permissions_check( $request ) { 751 $user = $this->get_user( $request['id'] ); 752 if ( is_wp_error( $user ) ) { 753 return $user; 754 } 755 756 if ( ! current_user_can( 'delete_user', $user->ID ) ) { 757 return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) ); 758 } 759 760 return true; 761 } 762 763 /** 764 * Deletes a single user. 765 * 766 * @since 4.7.0 767 * 768 * @param WP_REST_Request $request Full details about the request. 769 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 770 */ 771 public function delete_item( $request ) { 772 // We don't support delete requests in multisite. 773 if ( is_multisite() ) { 774 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) ); 775 } 776 $user = $this->get_user( $request['id'] ); 777 if ( is_wp_error( $user ) ) { 778 return $user; 779 } 780 781 $id = $user->ID; 782 $reassign = false === $request['reassign'] ? null : absint( $request['reassign'] ); 783 $force = isset( $request['force'] ) ? (bool) $request['force'] : false; 784 785 // We don't support trashing for users. 786 if ( ! $force ) { 787 /* translators: %s: force=true */ 788 return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Users do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); 789 } 790 791 if ( ! empty( $reassign ) ) { 792 if ( $reassign === $id || ! get_userdata( $reassign ) ) { 793 return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) ); 794 } 795 } 796 797 $request->set_param( 'context', 'edit' ); 798 799 $previous = $this->prepare_item_for_response( $user, $request ); 800 801 /** Include admin user functions to get access to wp_delete_user() */ 802 require_once ABSPATH . 'wp-admin/includes/user.php'; 803 804 $result = wp_delete_user( $id, $reassign ); 805 806 if ( ! $result ) { 807 return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 500 ) ); 808 } 809 810 $response = new WP_REST_Response(); 811 $response->set_data( 812 array( 813 'deleted' => true, 814 'previous' => $previous->get_data(), 815 ) 816 ); 817 818 /** 819 * Fires immediately after a user is deleted via the REST API. 820 * 821 * @since 4.7.0 822 * 823 * @param WP_User $user The user data. 824 * @param WP_REST_Response $response The response returned from the API. 825 * @param WP_REST_Request $request The request sent to the API. 826 */ 827 do_action( 'rest_delete_user', $user, $response, $request ); 828 829 return $response; 830 } 831 832 /** 833 * Checks if a given request has access to delete the current user. 834 * 835 * @since 4.7.0 836 * 837 * @param WP_REST_Request $request Full details about the request. 838 * @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise. 839 */ 840 public function delete_current_item_permissions_check( $request ) { 841 $request['id'] = get_current_user_id(); 842 843 return $this->delete_item_permissions_check( $request ); 844 } 845 846 /** 847 * Deletes the current user. 848 * 849 * @since 4.7.0 850 * 851 * @param WP_REST_Request $request Full details about the request. 852 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. 853 */ 854 public function delete_current_item( $request ) { 855 $request['id'] = get_current_user_id(); 856 857 return $this->delete_item( $request ); 858 } 859 860 /** 861 * Prepares a single user output for response. 862 * 863 * @since 4.7.0 864 * 865 * @param WP_User $user User object. 866 * @param WP_REST_Request $request Request object. 867 * @return WP_REST_Response Response object. 868 */ 869 public function prepare_item_for_response( $user, $request ) { 870 871 $data = array(); 872 $fields = $this->get_fields_for_response( $request ); 873 874 if ( in_array( 'id', $fields, true ) ) { 875 $data['id'] = $user->ID; 876 } 877 878 if ( in_array( 'username', $fields, true ) ) { 879 $data['username'] = $user->user_login; 880 } 881 882 if ( in_array( 'name', $fields, true ) ) { 883 $data['name'] = $user->display_name; 884 } 885 886 if ( in_array( 'first_name', $fields, true ) ) { 887 $data['first_name'] = $user->first_name; 888 } 889 890 if ( in_array( 'last_name', $fields, true ) ) { 891 $data['last_name'] = $user->last_name; 892 } 893 894 if ( in_array( 'email', $fields, true ) ) { 895 $data['email'] = $user->user_email; 896 } 897 898 if ( in_array( 'url', $fields, true ) ) { 899 $data['url'] = $user->user_url; 900 } 901 902 if ( in_array( 'description', $fields, true ) ) { 903 $data['description'] = $user->description; 904 } 905 906 if ( in_array( 'link', $fields, true ) ) { 907 $data['link'] = get_author_posts_url( $user->ID, $user->user_nicename ); 908 } 909 910 if ( in_array( 'locale', $fields, true ) ) { 911 $data['locale'] = get_user_locale( $user ); 912 } 913 914 if ( in_array( 'nickname', $fields, true ) ) { 915 $data['nickname'] = $user->nickname; 916 } 917 918 if ( in_array( 'slug', $fields, true ) ) { 919 $data['slug'] = $user->user_nicename; 920 } 921 922 if ( in_array( 'roles', $fields, true ) ) { 923 // Defensively call array_values() to ensure an array is returned. 924 $data['roles'] = array_values( $user->roles ); 925 } 926 927 if ( in_array( 'registered_date', $fields, true ) ) { 928 $data['registered_date'] = gmdate( 'c', strtotime( $user->user_registered ) ); 929 } 930 931 if ( in_array( 'capabilities', $fields, true ) ) { 932 $data['capabilities'] = (object) $user->allcaps; 933 } 934 935 if ( in_array( 'extra_capabilities', $fields, true ) ) { 936 $data['extra_capabilities'] = (object) $user->caps; 937 } 938 939 if ( in_array( 'avatar_urls', $fields, true ) ) { 940 $data['avatar_urls'] = rest_get_avatar_urls( $user ); 941 } 942 943 if ( in_array( 'meta', $fields, true ) ) { 944 $data['meta'] = $this->meta->get_value( $user->ID, $request ); 945 } 946 947 $context = ! empty( $request['context'] ) ? $request['context'] : 'embed'; 948 949 $data = $this->add_additional_fields_to_object( $data, $request ); 950 $data = $this->filter_response_by_context( $data, $context ); 951 952 // Wrap the data in a response object. 953 $response = rest_ensure_response( $data ); 954 955 $response->add_links( $this->prepare_links( $user ) ); 956 957 /** 958 * Filters user data returned from the REST API. 959 * 960 * @since 4.7.0 961 * 962 * @param WP_REST_Response $response The response object. 963 * @param WP_User $user User object used to create response. 964 * @param WP_REST_Request $request Request object. 965 */ 966 return apply_filters( 'rest_prepare_user', $response, $user, $request ); 967 } 968 969 /** 970 * Prepares links for the user request. 971 * 972 * @since 4.7.0 973 * 974 * @param WP_Post $user User object. 975 * @return array Links for the given user. 976 */ 977 protected function prepare_links( $user ) { 978 $links = array( 979 'self' => array( 980 'href' => rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $user->ID ) ), 981 ), 982 'collection' => array( 983 'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ), 984 ), 985 ); 986 987 return $links; 988 } 989 990 /** 991 * Prepares a single user for creation or update. 992 * 993 * @since 4.7.0 994 * 995 * @param WP_REST_Request $request Request object. 996 * @return object $prepared_user User object. 997 */ 998 protected function prepare_item_for_database( $request ) { 999 $prepared_user = new stdClass; 1000 1001 $schema = $this->get_item_schema(); 1002 1003 // required arguments. 1004 if ( isset( $request['email'] ) && ! empty( $schema['properties']['email'] ) ) { 1005 $prepared_user->user_email = $request['email']; 1006 } 1007 1008 if ( isset( $request['username'] ) && ! empty( $schema['properties']['username'] ) ) { 1009 $prepared_user->user_login = $request['username']; 1010 } 1011 1012 if ( isset( $request['password'] ) && ! empty( $schema['properties']['password'] ) ) { 1013 $prepared_user->user_pass = $request['password']; 1014 } 1015 1016 // optional arguments. 1017 if ( isset( $request['id'] ) ) { 1018 $prepared_user->ID = absint( $request['id'] ); 1019 } 1020 1021 if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) { 1022 $prepared_user->display_name = $request['name']; 1023 } 1024 1025 if ( isset( $request['first_name'] ) && ! empty( $schema['properties']['first_name'] ) ) { 1026 $prepared_user->first_name = $request['first_name']; 1027 } 1028 1029 if ( isset( $request['last_name'] ) && ! empty( $schema['properties']['last_name'] ) ) { 1030 $prepared_user->last_name = $request['last_name']; 1031 } 1032 1033 if ( isset( $request['nickname'] ) && ! empty( $schema['properties']['nickname'] ) ) { 1034 $prepared_user->nickname = $request['nickname']; 1035 } 1036 1037 if ( isset( $request['slug'] ) && ! empty( $schema['properties']['slug'] ) ) { 1038 $prepared_user->user_nicename = $request['slug']; 1039 } 1040 1041 if ( isset( $request['description'] ) && ! empty( $schema['properties']['description'] ) ) { 1042 $prepared_user->description = $request['description']; 1043 } 1044 1045 if ( isset( $request['url'] ) && ! empty( $schema['properties']['url'] ) ) { 1046 $prepared_user->user_url = $request['url']; 1047 } 1048 1049 if ( isset( $request['locale'] ) && ! empty( $schema['properties']['locale'] ) ) { 1050 $prepared_user->locale = $request['locale']; 1051 } 1052 1053 // setting roles will be handled outside of this function. 1054 if ( isset( $request['roles'] ) ) { 1055 $prepared_user->role = false; 1056 } 1057 1058 /** 1059 * Filters user data before insertion via the REST API. 1060 * 1061 * @since 4.7.0 1062 * 1063 * @param object $prepared_user User object. 1064 * @param WP_REST_Request $request Request object. 1065 */ 1066 return apply_filters( 'rest_pre_insert_user', $prepared_user, $request ); 1067 } 1068 1069 /** 1070 * Determines if the current user is allowed to make the desired roles change. 1071 * 1072 * @since 4.7.0 1073 * 1074 * @param integer $user_id User ID. 1075 * @param array $roles New user roles. 1076 * @return true|WP_Error True if the current user is allowed to make the role change, 1077 * otherwise a WP_Error object. 1078 */ 1079 protected function check_role_update( $user_id, $roles ) { 1080 global $wp_roles; 1081 1082 foreach ( $roles as $role ) { 1083 1084 if ( ! isset( $wp_roles->role_objects[ $role ] ) ) { 1085 /* translators: %s: Role key. */ 1086 return new WP_Error( 'rest_user_invalid_role', sprintf( __( 'The role %s does not exist.' ), $role ), array( 'status' => 400 ) ); 1087 } 1088 1089 $potential_role = $wp_roles->role_objects[ $role ]; 1090 1091 /* 1092 * Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 1093 * Multisite super admins can freely edit their blog roles -- they possess all caps. 1094 */ 1095 if ( ! ( is_multisite() 1096 && current_user_can( 'manage_sites' ) ) 1097 && get_current_user_id() === $user_id 1098 && ! $potential_role->has_cap( 'edit_users' ) 1099 ) { 1100 return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => rest_authorization_required_code() ) ); 1101 } 1102 1103 /** Include admin functions to get access to get_editable_roles() */ 1104 require_once ABSPATH . 'wp-admin/includes/admin.php'; 1105 1106 // The new role must be editable by the logged-in user. 1107 $editable_roles = get_editable_roles(); 1108 1109 if ( empty( $editable_roles[ $role ] ) ) { 1110 return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give users that role.' ), array( 'status' => 403 ) ); 1111 } 1112 } 1113 1114 return true; 1115 } 1116 1117 /** 1118 * Check a username for the REST API. 1119 * 1120 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1121 * 1122 * @since 4.7.0 1123 * 1124 * @param mixed $value The username submitted in the request. 1125 * @param WP_REST_Request $request Full details about the request. 1126 * @param string $param The parameter name. 1127 * @return string|WP_Error The sanitized username, if valid, otherwise an error. 1128 */ 1129 public function check_username( $value, $request, $param ) { 1130 $username = (string) $value; 1131 1132 if ( ! validate_username( $username ) ) { 1133 return new WP_Error( 'rest_user_invalid_username', __( 'Username contains invalid characters.' ), array( 'status' => 400 ) ); 1134 } 1135 1136 /** This filter is documented in wp-includes/user.php */ 1137 $illegal_logins = (array) apply_filters( 'illegal_user_logins', array() ); 1138 1139 if ( in_array( strtolower( $username ), array_map( 'strtolower', $illegal_logins ), true ) ) { 1140 return new WP_Error( 'rest_user_invalid_username', __( 'Sorry, that username is not allowed.' ), array( 'status' => 400 ) ); 1141 } 1142 1143 return $username; 1144 } 1145 1146 /** 1147 * Check a user password for the REST API. 1148 * 1149 * Performs a couple of checks like edit_user() in wp-admin/includes/user.php. 1150 * 1151 * @since 4.7.0 1152 * 1153 * @param mixed $value The password submitted in the request. 1154 * @param WP_REST_Request $request Full details about the request. 1155 * @param string $param The parameter name. 1156 * @return string|WP_Error The sanitized password, if valid, otherwise an error. 1157 */ 1158 public function check_user_password( $value, $request, $param ) { 1159 $password = (string) $value; 1160 1161 if ( empty( $password ) ) { 1162 return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot be empty.' ), array( 'status' => 400 ) ); 1163 } 1164 1165 if ( false !== strpos( $password, '\\' ) ) { 1166 return new WP_Error( 'rest_user_invalid_password', __( 'Passwords cannot contain the "\\" character.' ), array( 'status' => 400 ) ); 1167 } 1168 1169 return $password; 1170 } 1171 1172 /** 1173 * Retrieves the user's schema, conforming to JSON Schema. 1174 * 1175 * @since 4.7.0 1176 * 1177 * @return array Item schema data. 1178 */ 1179 public function get_item_schema() { 1180 if ( $this->schema ) { 1181 return $this->add_additional_fields_schema( $this->schema ); 1182 } 1183 1184 $schema = array( 1185 '$schema' => 'http://json-schema.org/draft-04/schema#', 1186 'title' => 'user', 1187 'type' => 'object', 1188 'properties' => array( 1189 'id' => array( 1190 'description' => __( 'Unique identifier for the user.' ), 1191 'type' => 'integer', 1192 'context' => array( 'embed', 'view', 'edit' ), 1193 'readonly' => true, 1194 ), 1195 'username' => array( 1196 'description' => __( 'Login name for the user.' ), 1197 'type' => 'string', 1198 'context' => array( 'edit' ), 1199 'required' => true, 1200 'arg_options' => array( 1201 'sanitize_callback' => array( $this, 'check_username' ), 1202 ), 1203 ), 1204 'name' => array( 1205 'description' => __( 'Display name for the user.' ), 1206 'type' => 'string', 1207 'context' => array( 'embed', 'view', 'edit' ), 1208 'arg_options' => array( 1209 'sanitize_callback' => 'sanitize_text_field', 1210 ), 1211 ), 1212 'first_name' => array( 1213 'description' => __( 'First name for the user.' ), 1214 'type' => 'string', 1215 'context' => array( 'edit' ), 1216 'arg_options' => array( 1217 'sanitize_callback' => 'sanitize_text_field', 1218 ), 1219 ), 1220 'last_name' => array( 1221 'description' => __( 'Last name for the user.' ), 1222 'type' => 'string', 1223 'context' => array( 'edit' ), 1224 'arg_options' => array( 1225 'sanitize_callback' => 'sanitize_text_field', 1226 ), 1227 ), 1228 'email' => array( 1229 'description' => __( 'The email address for the user.' ), 1230 'type' => 'string', 1231 'format' => 'email', 1232 'context' => array( 'edit' ), 1233 'required' => true, 1234 ), 1235 'url' => array( 1236 'description' => __( 'URL of the user.' ), 1237 'type' => 'string', 1238 'format' => 'uri', 1239 'context' => array( 'embed', 'view', 'edit' ), 1240 ), 1241 'description' => array( 1242 'description' => __( 'Description of the user.' ), 1243 'type' => 'string', 1244 'context' => array( 'embed', 'view', 'edit' ), 1245 ), 1246 'link' => array( 1247 'description' => __( 'Author URL of the user.' ), 1248 'type' => 'string', 1249 'format' => 'uri', 1250 'context' => array( 'embed', 'view', 'edit' ), 1251 'readonly' => true, 1252 ), 1253 'locale' => array( 1254 'description' => __( 'Locale for the user.' ), 1255 'type' => 'string', 1256 'enum' => array_merge( array( '', 'en_US' ), get_available_languages() ), 1257 'context' => array( 'edit' ), 1258 ), 1259 'nickname' => array( 1260 'description' => __( 'The nickname for the user.' ), 1261 'type' => 'string', 1262 'context' => array( 'edit' ), 1263 'arg_options' => array( 1264 'sanitize_callback' => 'sanitize_text_field', 1265 ), 1266 ), 1267 'slug' => array( 1268 'description' => __( 'An alphanumeric identifier for the user.' ), 1269 'type' => 'string', 1270 'context' => array( 'embed', 'view', 'edit' ), 1271 'arg_options' => array( 1272 'sanitize_callback' => array( $this, 'sanitize_slug' ), 1273 ), 1274 ), 1275 'registered_date' => array( 1276 'description' => __( 'Registration date for the user.' ), 1277 'type' => 'string', 1278 'format' => 'date-time', 1279 'context' => array( 'edit' ), 1280 'readonly' => true, 1281 ), 1282 'roles' => array( 1283 'description' => __( 'Roles assigned to the user.' ), 1284 'type' => 'array', 1285 'items' => array( 1286 'type' => 'string', 1287 ), 1288 'context' => array( 'edit' ), 1289 ), 1290 'password' => array( 1291 'description' => __( 'Password for the user (never included).' ), 1292 'type' => 'string', 1293 'context' => array(), // Password is never displayed. 1294 'required' => true, 1295 'arg_options' => array( 1296 'sanitize_callback' => array( $this, 'check_user_password' ), 1297 ), 1298 ), 1299 'capabilities' => array( 1300 'description' => __( 'All capabilities assigned to the user.' ), 1301 'type' => 'object', 1302 'context' => array( 'edit' ), 1303 'readonly' => true, 1304 ), 1305 'extra_capabilities' => array( 1306 'description' => __( 'Any extra capabilities assigned to the user.' ), 1307 'type' => 'object', 1308 'context' => array( 'edit' ), 1309 'readonly' => true, 1310 ), 1311 ), 1312 ); 1313 1314 if ( get_option( 'show_avatars' ) ) { 1315 $avatar_properties = array(); 1316 1317 $avatar_sizes = rest_get_avatar_sizes(); 1318 1319 foreach ( $avatar_sizes as $size ) { 1320 $avatar_properties[ $size ] = array( 1321 /* translators: %d: Avatar image size in pixels. */ 1322 'description' => sprintf( __( 'Avatar URL with image size of %d pixels.' ), $size ), 1323 'type' => 'string', 1324 'format' => 'uri', 1325 'context' => array( 'embed', 'view', 'edit' ), 1326 ); 1327 } 1328 1329 $schema['properties']['avatar_urls'] = array( 1330 'description' => __( 'Avatar URLs for the user.' ), 1331 'type' => 'object', 1332 'context' => array( 'embed', 'view', 'edit' ), 1333 'readonly' => true, 1334 'properties' => $avatar_properties, 1335 ); 1336 } 1337 1338 $schema['properties']['meta'] = $this->meta->get_field_schema(); 1339 1340 $this->schema = $schema; 1341 return $this->add_additional_fields_schema( $this->schema ); 1342 } 1343 1344 /** 1345 * Retrieves the query params for collections. 1346 * 1347 * @since 4.7.0 1348 * 1349 * @return array Collection parameters. 1350 */ 1351 public function get_collection_params() { 1352 $query_params = parent::get_collection_params(); 1353 1354 $query_params['context']['default'] = 'view'; 1355 1356 $query_params['exclude'] = array( 1357 'description' => __( 'Ensure result set excludes specific IDs.' ), 1358 'type' => 'array', 1359 'items' => array( 1360 'type' => 'integer', 1361 ), 1362 'default' => array(), 1363 ); 1364 1365 $query_params['include'] = array( 1366 'description' => __( 'Limit result set to specific IDs.' ), 1367 'type' => 'array', 1368 'items' => array( 1369 'type' => 'integer', 1370 ), 1371 'default' => array(), 1372 ); 1373 1374 $query_params['offset'] = array( 1375 'description' => __( 'Offset the result set by a specific number of items.' ), 1376 'type' => 'integer', 1377 ); 1378 1379 $query_params['order'] = array( 1380 'default' => 'asc', 1381 'description' => __( 'Order sort attribute ascending or descending.' ), 1382 'enum' => array( 'asc', 'desc' ), 1383 'type' => 'string', 1384 ); 1385 1386 $query_params['orderby'] = array( 1387 'default' => 'name', 1388 'description' => __( 'Sort collection by object attribute.' ), 1389 'enum' => array( 1390 'id', 1391 'include', 1392 'name', 1393 'registered_date', 1394 'slug', 1395 'include_slugs', 1396 'email', 1397 'url', 1398 ), 1399 'type' => 'string', 1400 ); 1401 1402 $query_params['slug'] = array( 1403 'description' => __( 'Limit result set to users with one or more specific slugs.' ), 1404 'type' => 'array', 1405 'items' => array( 1406 'type' => 'string', 1407 ), 1408 ); 1409 1410 $query_params['roles'] = array( 1411 'description' => __( 'Limit result set to users matching at least one specific role provided. Accepts csv list or single role.' ), 1412 'type' => 'array', 1413 'items' => array( 1414 'type' => 'string', 1415 ), 1416 ); 1417 1418 $query_params['who'] = array( 1419 'description' => __( 'Limit result set to users who are considered authors.' ), 1420 'type' => 'string', 1421 'enum' => array( 1422 'authors', 1423 ), 1424 ); 1425 1426 /** 1427 * Filter collection parameters for the users controller. 1428 * 1429 * This filter registers the collection parameter, but does not map the 1430 * collection parameter to an internal WP_User_Query parameter. Use the 1431 * `rest_user_query` filter to set WP_User_Query arguments. 1432 * 1433 * @since 4.7.0 1434 * 1435 * @param array $query_params JSON Schema-formatted collection parameters. 1436 */ 1437 return apply_filters( 'rest_user_collection_params', $query_params ); 1438 } 1439 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Sun Jan 19 01:00:03 2020 | Cross-referenced by PHPXref 0.7.1 |