/**
* Declare the Jetpack REST API endpoints.
*
* @since 4.3.0
*/
public static function register_endpoints()
{
// Load API endpoint base classes
require_once JETPACK__PLUGIN_DIR . '_inc/lib/core-api/class.jetpack-core-api-xmlrpc-consumer-endpoint.php';
// Load API endpoints
require_once JETPACK__PLUGIN_DIR . '_inc/lib/core-api/class.jetpack-core-api-module-endpoints.php';
self::$user_permissions_error_msg = esc_html__('You do not have the correct user permissions to perform this action.
Please contact your site admin if you think this is a mistake.', 'jetpack');
self::$stats_roles = array('administrator', 'editor', 'author', 'contributor', 'subscriber');
// Get current connection status of Jetpack
register_rest_route('jetpack/v4', '/connection', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::jetpack_connection_status'));
// Fetches a fresh connect URL
register_rest_route('jetpack/v4', '/connection/url', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::build_connect_url', 'permission_callback' => __CLASS__ . '::connect_url_permission_callback'));
// Get current user connection data
register_rest_route('jetpack/v4', '/connection/data', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_user_connection_data', 'permission_callback' => __CLASS__ . '::get_user_connection_data_permission_callback'));
// Disconnect site from WordPress.com servers
register_rest_route('jetpack/v4', '/connection', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::disconnect_site', 'permission_callback' => __CLASS__ . '::disconnect_site_permission_callback'));
// Disconnect/unlink user from WordPress.com servers
register_rest_route('jetpack/v4', '/connection/user', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::unlink_user', 'permission_callback' => __CLASS__ . '::unlink_user_permission_callback'));
// Get current site data
register_rest_route('jetpack/v4', '/site', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_site_data', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check'));
// Confirm that a site in identity crisis should be in staging mode
register_rest_route('jetpack/v4', '/identity-crisis/confirm-safe-mode', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::confirm_safe_mode', 'permission_callback' => __CLASS__ . '::identity_crisis_mitigation_permission_check'));
// IDC resolve: create an entirely new shadow site for this URL.
register_rest_route('jetpack/v4', '/identity-crisis/start-fresh', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::start_fresh_connection', 'permission_callback' => __CLASS__ . '::identity_crisis_mitigation_permission_check'));
// Handles the request to migrate stats and subscribers during an identity crisis.
register_rest_route('jetpack/v4', 'identity-crisis/migrate', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::migrate_stats_and_subscribers', 'permissison_callback' => __CLASS__ . '::identity_crisis_mitigation_permission_check'));
// Return all modules
self::route('module/all', 'Jetpack_Core_API_Module_List_Endpoint', WP_REST_Server::READABLE);
// Activate many modules
self::route('/module/all/active', 'Jetpack_Core_API_Module_List_Endpoint', WP_REST_Server::EDITABLE, NULL, array('modules' => array('default' => '', 'type' => 'array', 'required' => true, 'validate_callback' => __CLASS__ . '::validate_module_list'), 'active' => array('default' => true, 'type' => 'boolean', 'required' => false, 'validate_callback' => __CLASS__ . '::validate_boolean')));
Jetpack::load_xml_rpc_client();
// Return a single module and update it when needed
self::route('/module/(?P<slug>[a-z\\-]+)', 'Jetpack_Core_API_Data', WP_REST_Server::READABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id())));
// Activate and deactivate a module
self::route('/module/(?P<slug>[a-z\\-]+)/active', 'Jetpack_Core_API_Module_Toggle_Endpoint', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(), array('active' => array('default' => true, 'type' => 'boolean', 'required' => true, 'validate_callback' => __CLASS__ . '::validate_boolean')));
// Update a module
self::route('/module/(?P<slug>[a-z\\-]+)', 'Jetpack_Core_API_Data', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id())), self::get_updateable_parameters());
// Get data for a specific module, i.e. Protect block count, WPCOM stats,
// Akismet spam count, etc.
self::route('/module/(?P<slug>[a-z\\-]+)/data', 'Jetpack_Core_API_Module_Data_Endpoint', WP_REST_Server::READABLE, NULL, array('range' => array('default' => 'day', 'type' => 'string', 'required' => false, 'validate_callback' => __CLASS__ . '::validate_string')));
// Update any Jetpack module option or setting
self::route('/settings', 'Jetpack_Core_API_Data', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id())), self::get_updateable_parameters('any'));
// Update a module
self::route('/settings/(?P<slug>[a-z\\-]+)', 'Jetpack_Core_API_Data', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id())), self::get_updateable_parameters());
// Return miscellaneous settings
register_rest_route('jetpack/v4', '/settings', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_settings', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check'));
// Reset all Jetpack options
register_rest_route('jetpack/v4', '/options/(?P<options>[a-z\\-]+)', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::reset_jetpack_options', 'permission_callback' => __CLASS__ . '::manage_modules_permission_check'));
// Jumpstart
register_rest_route('jetpack/v4', '/jumpstart', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::jumpstart_toggle', 'permission_callback' => __CLASS__ . '::manage_modules_permission_check', 'args' => array('active' => array('required' => true, 'validate_callback' => __CLASS__ . '::validate_boolean'))));
// Updates: get number of plugin updates available
register_rest_route('jetpack/v4', '/updates/plugins', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_plugin_update_count', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check'));
// Dismiss Jetpack Notices
register_rest_route('jetpack/v4', '/notice/(?P<notice>[a-z\\-_]+)', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::dismiss_notice', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check'));
// Plugins: get list of all plugins.
register_rest_route('jetpack/v4', '/plugins', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_plugins', 'permission_callback' => __CLASS__ . '::activate_plugins_permission_check'));
// Plugins: check if the plugin is active.
register_rest_route('jetpack/v4', '/plugin/(?P<plugin>[a-z\\/\\.\\-_]+)', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_plugin', 'permission_callback' => __CLASS__ . '::activate_plugins_permission_check'));
}
/**
* Check if user is allowed to perform the update.
*
* @since 4.3.0
*
* @param WP_REST_Request $request
*
* @return bool
*/
public function can_request($request)
{
if ('GET' === $request->get_method()) {
return current_user_can('jetpack_admin_page');
} else {
$module = Jetpack_Core_Json_Api_Endpoints::get_module_requested();
// User is trying to create, regenerate or delete its PbE || ATD settings.
if ('post-by-email' === $module || 'after-the-deadline' === $module) {
return current_user_can('edit_posts') && current_user_can('jetpack_admin_page');
}
return current_user_can('jetpack_configure_modules');
}
}
/**
* Test permission to manage and configure Jetpack modules.
*
* @since 4.4.0
*/
public function test_manage_configure_modules_permission()
{
// Current user doesn't have credentials, so checking permissions should fail
$this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::manage_modules_permission_check());
$this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::configure_modules_permission_check());
// Create a user
$user = $this->create_and_get_user();
// Add Jetpack capability
$user->add_cap('jetpack_manage_modules');
$user->add_cap('jetpack_configure_modules');
// Setup global variables so this is the current user
wp_set_current_user($user->ID);
// User is not admin, so this should still fail
$this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::manage_modules_permission_check());
$this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::configure_modules_permission_check());
// Set user as admin
$user->set_role('administrator');
// Reset user and setup globals again to reflect the role change.
wp_set_current_user(0);
wp_set_current_user($user->ID);
// User has the capability and is connected so this should work this time
$this->assertTrue(Jetpack_Core_Json_Api_Endpoints::manage_modules_permission_check());
$this->assertTrue(Jetpack_Core_Json_Api_Endpoints::configure_modules_permission_check());
}
function __construct()
{
self::$user_permissions_error_msg = esc_html__('You do not have the correct user permissions to perform this action.
Please contact your site admin if you think this is a mistake.', 'jetpack');
}
function page_admin_scripts()
{
// Enqueue jp.js and localize it
wp_enqueue_script('react-plugin', plugins_url('_inc/build/admin.js', JETPACK__PLUGIN_FILE), array(), time(), true);
wp_enqueue_style('dops-css', plugins_url('_inc/build/dops-style.css', JETPACK__PLUGIN_FILE), array(), time());
wp_enqueue_style('components-css', plugins_url('_inc/build/style.min.css', JETPACK__PLUGIN_FILE), array(), time());
$localeSlug = explode('_', get_locale());
$localeSlug = $localeSlug[0];
// Add objects to be passed to the initial state of the app
wp_localize_script('react-plugin', 'Initial_State', array('WP_API_root' => esc_url_raw(rest_url()), 'WP_API_nonce' => wp_create_nonce('wp_rest'), 'pluginBaseUrl' => plugins_url('', JETPACK__PLUGIN_FILE), 'connectionStatus' => array('isActive' => Jetpack::is_active(), 'isStaging' => Jetpack::is_staging_site(), 'devMode' => array('isActive' => Jetpack::is_development_mode(), 'constant' => defined('JETPACK_DEV_DEBUG') && JETPACK_DEV_DEBUG, 'url' => site_url() && false === strpos(site_url(), '.'), 'filter' => apply_filters('jetpack_development_mode', false))), 'dismissedNotices' => $this->get_dismissed_jetpack_notices(), 'isDevVersion' => Jetpack::is_development_version(), 'currentVersion' => JETPACK__VERSION, 'happinessGravIds' => jetpack_get_happiness_gravatar_ids(), 'getModules' => Jetpack_Core_Json_Api_Endpoints::get_modules(), 'showJumpstart' => jetpack_show_jumpstart(), 'rawUrl' => Jetpack::build_raw_urls(get_home_url()), 'adminUrl' => esc_url(admin_url()), 'statsData' => build_initial_stats_shape(), 'settingNames' => array('jetpack_holiday_snow_enabled' => function_exists('jetpack_holiday_snow_option_name') ? jetpack_holiday_snow_option_name() : false), 'userData' => array('othersLinked' => jetpack_get_other_linked_users(), 'currentUser' => jetpack_current_user_data()), 'locale' => $this->get_i18n_data(), 'localeSlug' => $localeSlug, 'jetpackStateNotices' => array('messageCode' => Jetpack::state('message'), 'errorCode' => Jetpack::state('error'), 'errorDescription' => Jetpack::state('error_description'))));
}
