/**
  * Check that the object can be accessed.
  *
  * @param mixed $id Object ID
  * @return boolean|WP_Error
  */
 protected function check_object($id)
 {
     $id = (int) $id;
     $post = get_post($id, ARRAY_A);
     if (empty($id) || empty($post['ID'])) {
         return new WP_Error('json_post_invalid_id', __('Invalid post ID.'), array('status' => 404));
     }
     if (!json_check_post_permission($post, 'edit')) {
         return new WP_Error('json_cannot_edit', __('Sorry, you cannot edit this post'), array('status' => 403));
     }
     return true;
 }
 /**
  * Check that the object can be accessed.
  *
  * @param mixed $id Object ID
  * @return boolean|WP_Error
  */
 protected function check_object($id)
 {
     $id = (int) $id;
     $post = get_post($id, ARRAY_A);
     if (empty($id) || empty($post['ID'])) {
         json_error(BigAppErr::$post['code'], BigAppErr::$post['msg'], "empty {$id}");
     }
     if (!json_check_post_permission($post, 'edit')) {
         json_error(BigAppErr::$post['code'], BigAppErr::$post['msg'], "cant read:{$id}");
     }
     return true;
 }
 /**
  * Retrieve comments
  *
  * @param int $id Post ID to retrieve comments for
  * @return array List of Comment entities
  */
 public function get_comments($id)
 {
     //$args = array('status' => $status, 'post_id' => $id, 'offset' => $offset, 'number' => $number )l
     $comments = get_comments(array('post_id' => $id));
     $post = get_post($id, ARRAY_A);
     if (empty($post['ID'])) {
         return new WP_Error('json_post_invalid_id', __('Invalid post ID.'), array('status' => 404));
     }
     if (!json_check_post_permission($post, 'read')) {
         return new WP_Error('json_user_cannot_read', __('Sorry, you cannot read this post.'), array('status' => 401));
     }
     $struct = array();
     foreach ($comments as $comment) {
         $struct[] = $this->prepare_comment($comment, array('comment', 'meta'), 'collection');
     }
     return $struct;
 }
 public function tax_query($data)
 {
     $allowed = array('post_type', 'tax_query');
     foreach ($data as $key => $value) {
         if (!in_array($key, $allowed)) {
             unset($data[$key]);
         }
     }
     if (!is_array($data) || empty($data) || !isset($data['tax_query'])) {
         return new WP_Error('jp_api_tax_query', __('Invalid tax query.'), array('status' => 500));
     }
     $post_query = new WP_Query();
     $posts_list = $post_query->query($data);
     $response = new WP_JSON_Response();
     $response->query_navigation_headers($post_query);
     if (!$posts_list) {
         $response->set_data(array());
         return $response;
     }
     // holds all the posts data
     $struct = array();
     $response->header('Last-Modified', mysql2date('D, d M Y H:i:s', get_lastpostmodified('GMT'), 0) . ' GMT');
     foreach ($posts_list as $post) {
         $post = get_object_vars($post);
         // Do we have permission to read this post?
         if (json_check_post_permission($post, 'read')) {
             continue;
         }
         $response->link_header('item', json_url('/posts/' . $post['ID']), array('title' => $post['post_title']));
         $post_data = $this->prepare_post($post, 'view');
         if (is_wp_error($post_data)) {
             continue;
         }
         $struct[] = $post_data;
     }
     $response->set_data($struct);
     return $response;
 }
Esempio n. 5
0
/**
 * Check if we have permission to interact with the post object.
 *
 * @param WP_Post $post Post object.
 * @param string $capability Permission to check.
 * @return boolean Can we interact with it?
 */
function json_check_post_permission($post, $capability = 'read')
{
    $permission = false;
    $post_type = get_post_type_object($post['post_type']);
    switch ($capability) {
        case 'read':
            if (!$post_type->show_in_json) {
                return false;
            }
            if ('publish' === $post['post_status'] || current_user_can($post_type->cap->read_post, $post['ID'])) {
                $permission = true;
            }
            // Can we read the parent if we're inheriting?
            if ('inherit' === $post['post_status'] && $post['post_parent'] > 0) {
                $parent = get_post($post['post_parent'], ARRAY_A);
                if (json_check_post_permission($parent, 'read')) {
                    $permission = true;
                }
            }
            // If we don't have a parent, but the status is set to inherit, assume
            // it's published (as per get_post_status())
            if ('inherit' === $post['post_status']) {
                $permission = true;
            }
            break;
        case 'edit':
            if (current_user_can($post_type->cap->edit_post, $post['ID'])) {
                $permission = true;
            }
            break;
        case 'create':
            if (current_user_can($post_type->cap->create_posts) || current_user_can($post_type->cap->edit_posts)) {
                $permission = true;
            }
            break;
        case 'delete':
            if (current_user_can($post_type->cap->delete_post, $post['ID'])) {
                $permission = true;
            }
            break;
        default:
            if (current_user_can($post_type->cap->{$capability})) {
                $permission = true;
            }
    }
    return apply_filters("json_check_post_{$capability}_permission", $permission, $post);
}
Esempio n. 6
0
 public function Sync_post($select, $where, $refguid, $limit)
 {
     global $wp, $wpdb;
     $where .= " AND {$wpdb->posts}.ID < " . $refguid;
     $querystr = $select . $where . " ORDER BY {$wpdb->posts}.ID ASC LIMIT " . $limit;
     $posts_list = $wpdb->get_results($querystr);
     error_log("Sync - " . $querystr);
     $struct = array();
     if (!$posts_list) {
         return $struct;
     }
     foreach ($posts_list as $post) {
         //error_log("post id ".$post['ID']);
         $post = get_object_vars($post);
         // Do we have permission to read this post?
         if (!json_check_post_permission($post, 'read')) {
             continue;
         }
         $post_data["guid"] = $post['ID'];
         $post_data["title"] = $post['post_title'];
         $post_data["description"] = strip_tags($post['post_content']);
         $authorid = get_the_author_id($post);
         $post_data["iconurl"] = get_avatar_url($authorid);
         //$post_data["icontime"] = $post['post_title'];
         $post_data["time"] = get_post_modified_time('U', false, $post, false);
         if (is_wp_error($post_data)) {
             continue;
         }
         //error_log("ajaay".serialize($post));
         $struct[] = $post_data;
     }
     return $struct;
 }
 /**
  * Check if we can edit a post
  *
  * @deprecated WPAPI-1.2
  *
  * @param array $post Post data
  * @return boolean Can we edit it?
  */
 protected function check_edit_permission($post)
 {
     _deprecated_function('WP_JSON_Posts::check_edit_permission', 'WPAPI-1.2', 'json_check_post_permission');
     return json_check_post_permission($post, 'edit');
 }
 /**
  * Return a form given an ID. This is an API endpoint.
  *
  * @param int $id
  * @param string $context
  * @since 6.0
  * @return array|WP_Error
  */
 public function get_form($id, $context = 'view')
 {
     $id = (int) $id;
     if (empty($id)) {
         return new WP_Error('json_invalid_id_ccf_form', esc_html__('Invalid form ID.', 'custom-contact-forms'), array('status' => 404));
     }
     $form = get_post($id, ARRAY_A);
     if (empty($form)) {
         return new WP_Error('json_invalid_ccf_form', esc_html__('Invalid form.', 'custom-contact-forms'), array('status' => 404));
     }
     if (!json_check_post_permission($form, 'read')) {
         return new WP_Error('json_cannot_view_ccf_form', esc_html__('Sorry, you cannot view this form.', 'custom-contact-forms'), array('status' => 403));
     }
     return $this->get_post($id, $context);
 }
 /**
  * Retrieve comments
  *
  * @param int $id Post ID to retrieve comments for
  * @return array List of Comment entities
  * filter: array(pre_page,status)
  * page : 页码
  * 返回的都是审核完毕的
  */
 public function get_comments($id, $filter = array(), $page = 1)
 {
     $post = get_post($id, ARRAY_A);
     if (empty($post['ID'])) {
         json_error(BigAppErr::$comment['code'], "post id is empty", $id);
     }
     show_debug($post, __FILE__, __LINE__);
     if (!json_check_post_permission($post, 'read')) {
         json_error(BigAppErr::$comment['code'], "cannot read this post.");
     }
     $quer_vars = array('pre_page');
     $number = 10;
     if (isset($filter['pre_page'])) {
         $number = intval($filter['pre_page']);
     }
     if ($page < 1) {
         $page = 1;
     }
     $offset = ($page - 1) * $number;
     $status = 'approve';
     if (isset($filter['status'])) {
         $status = $filter['status'];
     }
     $comments = get_comments(array('post_id' => $id, 'number' => $number, 'status' => $status, 'offset' => $offset));
     show_debug($comments, __FILE__, __LINE__);
     $struct = array();
     foreach ($comments as $comment) {
         $struct[] = $this->prepare_comment($comment, array('comment', 'meta'), 'collection');
     }
     return $struct;
 }