/**
* Check if a given request has access to read a webhook develivery.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function get_item_permissions_check($request)
{
$post = get_post((int) $request['product_id']);
if ($post && !wc_rest_check_post_permissions('product', 'read', $post->ID)) {
return new WP_Error('woocommerce_rest_cannot_view', __('Sorry, you cannot view this resource.', 'woocommerce'), array('status' => rest_authorization_required_code()));
}
return true;
}
/**
* Check if a given request has access delete a order note.
*
* @param WP_REST_Request $request Full details about the request.
* @return boolean
*/
public function delete_item_permissions_check($request)
{
$post = get_post((int) $request['order_id']);
if ($post && !wc_rest_check_post_permissions($this->post_type, 'delete', $post->ID)) {
return new WP_Error('woocommerce_rest_cannot_delete', __('Sorry, you are not allowed to delete this resource.', 'woocommerce'), array('status' => rest_authorization_required_code()));
}
return true;
}
/**
* Delete a single item.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error
*/
public function delete_item($request)
{
$id = (int) $request['id'];
$force = (bool) $request['force'];
$post = get_post($id);
$product = wc_get_product($id);
if (!empty($post->post_type) && 'product_variation' === $post->post_type && 'product' === $this->post_type) {
return new WP_Error("woocommerce_rest_invalid_{$this->post_type}_id", __('To manipulate product variations you should use the /products/<product_id>/variations/<id> endpoint.', 'woocommerce'), array('status' => 404));
} elseif (empty($id) || empty($post->ID) || $post->post_type !== $this->post_type) {
return new WP_Error("woocommerce_rest_{$this->post_type}_invalid_id", __('Invalid post ID.', 'woocommerce'), array('status' => 404));
}
$supports_trash = EMPTY_TRASH_DAYS > 0;
/**
* Filter whether an item is trashable.
*
* Return false to disable trash support for the item.
*
* @param boolean $supports_trash Whether the item type support trashing.
* @param WP_Post $post The Post object being considered for trashing support.
*/
$supports_trash = apply_filters("woocommerce_rest_{$this->post_type}_trashable", $supports_trash, $post);
if (!wc_rest_check_post_permissions($this->post_type, 'delete', $post->ID)) {
/* translators: %s: post type */
return new WP_Error("woocommerce_rest_user_cannot_delete_{$this->post_type}", sprintf(__('Sorry, you are not allowed to delete %s.', 'woocommerce'), $this->post_type), array('status' => rest_authorization_required_code()));
}
$request->set_param('context', 'edit');
$response = $this->prepare_item_for_response($post, $request);
// If we're forcing, then delete permanently.
if ($force) {
if ($product->is_type('variable')) {
foreach ($product->get_children() as $child_id) {
$child = wc_get_product($child_id);
$child->delete(true);
}
} elseif ($product->is_type('grouped')) {
foreach ($product->get_children() as $child_id) {
$child = wc_get_product($child_id);
$child->set_parent_id(0);
$child->save();
}
}
$product->delete(true);
$result = $product->get_id() > 0 ? false : true;
} else {
// If we don't support trashing for this type, error out.
if (!$supports_trash) {
/* translators: %s: post type */
return new WP_Error('woocommerce_rest_trash_not_supported', sprintf(__('The %s does not support trashing.', 'woocommerce'), $this->post_type), array('status' => 501));
}
// Otherwise, only trash if we haven't already.
if ('trash' === $post->post_status) {
/* translators: %s: post type */
return new WP_Error('woocommerce_rest_already_trashed', sprintf(__('The %s has already been deleted.', 'woocommerce'), $this->post_type), array('status' => 410));
}
// (Note that internally this falls through to `wp_delete_post` if
// the trash is disabled.)
$product->delete();
$result = 'trash' === $product->get_status();
}
if (!$result) {
/* translators: %s: post type */
return new WP_Error('woocommerce_rest_cannot_delete', sprintf(__('The %s cannot be deleted.', 'woocommerce'), $this->post_type), array('status' => 500));
}
// Delete parent product transients.
if ($parent_id = wp_get_post_parent_id($id)) {
wc_delete_product_transients($parent_id);
}
/**
* Fires after a single item is deleted or trashed via the REST API.
*
* @param object $post The deleted or trashed item.
* @param WP_REST_Response $response The response data.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action("woocommerce_rest_delete_{$this->post_type}", $post, $response, $request);
return $response;
}
/**
* Delete a single item.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_REST_Response|WP_Error
*/
public function delete_item($request)
{
$id = (int) $request['id'];
$force = (bool) $request['force'];
$post = get_post($id);
if (empty($id) || empty($post->ID) || !in_array($post->post_type, $this->get_post_types())) {
return new WP_Error("woocommerce_rest_{$this->post_type}_invalid_id", __('Invalid post id.', 'woocommerce'), array('status' => 404));
}
$supports_trash = EMPTY_TRASH_DAYS > 0;
/**
* Filter whether an item is trashable.
*
* Return false to disable trash support for the item.
*
* @param boolean $supports_trash Whether the item type support trashing.
* @param WP_Post $post The Post object being considered for trashing support.
*/
$supports_trash = apply_filters("woocommerce_rest_{$this->post_type}_trashable", $supports_trash, $post);
if (!wc_rest_check_post_permissions($this->post_type, 'delete', $post->ID)) {
return new WP_Error("woocommerce_rest_user_cannot_delete_{$this->post_type}", sprintf(__('Sorry, you are not allowed to delete %s.', 'woocommerce'), $this->post_type), array('status' => rest_authorization_required_code()));
}
$request->set_param('context', 'edit');
$response = $this->prepare_item_for_response($post, $request);
// If we're forcing, then delete permanently.
if ($force) {
$result = wp_delete_post($id, true);
} else {
// If we don't support trashing for this type, error out.
if (!$supports_trash) {
return new WP_Error('woocommerce_rest_trash_not_supported', sprintf(__('The %s does not support trashing.', 'woocommerce'), $this->post_type), array('status' => 501));
}
// Otherwise, only trash if we haven't already.
if ('trash' === $post->post_status) {
return new WP_Error('woocommerce_rest_already_trashed', sprintf(__('The %s has already been deleted.', 'woocommerce'), $this->post_type), array('status' => 410));
}
// (Note that internally this falls through to `wp_delete_post` if
// the trash is disabled.)
$result = wp_trash_post($id);
}
if (!$result) {
return new WP_Error('woocommerce_rest_cannot_delete', sprintf(__('The %s cannot be deleted.', 'woocommerce'), $this->post_type), array('status' => 500));
}
/**
* Fires after a single item is deleted or trashed via the REST API.
*
* @param object $post The deleted or trashed item.
* @param WP_REST_Response $response The response data.
* @param WP_REST_Request $request The request sent to the API.
*/
do_action("woocommerce_rest_delete_{$this->post_type}", $post, $response, $request);
return $response;
}
/**
* Check if a given request has access to batch manage product reviews.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function batch_items_permissions_check($request)
{
if (!wc_rest_check_post_permissions('product', 'batch')) {
return new WP_Error('woocommerce_rest_cannot_edit', __('Sorry, you are not allowed to batch manipulate this resource.', 'woocommerce'), array('status' => rest_authorization_required_code()));
}
return true;
}
/**
* Test wc_rest_check_post_permissions().
*
* @since 2.6.0
*/
public function test_wc_rest_check_post_permissions()
{
$this->isFalse(wc_rest_check_post_permissions('shop_order'));
}
