/** * Declare the Jetpack REST API endpoints. * * @since 4.3.0 */ public static function register_endpoints() { // Load API endpoint base classes require_once JETPACK__PLUGIN_DIR . '_inc/lib/core-api/class.jetpack-core-api-xmlrpc-consumer-endpoint.php'; // Load API endpoints require_once JETPACK__PLUGIN_DIR . '_inc/lib/core-api/class.jetpack-core-api-module-endpoints.php'; self::$user_permissions_error_msg = esc_html__('You do not have the correct user permissions to perform this action. Please contact your site admin if you think this is a mistake.', 'jetpack'); self::$stats_roles = array('administrator', 'editor', 'author', 'contributor', 'subscriber'); // Get current connection status of Jetpack register_rest_route('jetpack/v4', '/connection', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::jetpack_connection_status')); // Fetches a fresh connect URL register_rest_route('jetpack/v4', '/connection/url', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::build_connect_url', 'permission_callback' => __CLASS__ . '::connect_url_permission_callback')); // Get current user connection data register_rest_route('jetpack/v4', '/connection/data', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_user_connection_data', 'permission_callback' => __CLASS__ . '::get_user_connection_data_permission_callback')); // Disconnect site from WordPress.com servers register_rest_route('jetpack/v4', '/connection', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::disconnect_site', 'permission_callback' => __CLASS__ . '::disconnect_site_permission_callback')); // Disconnect/unlink user from WordPress.com servers register_rest_route('jetpack/v4', '/connection/user', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::unlink_user', 'permission_callback' => __CLASS__ . '::unlink_user_permission_callback')); // Get current site data register_rest_route('jetpack/v4', '/site', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_site_data', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check')); // Confirm that a site in identity crisis should be in staging mode register_rest_route('jetpack/v4', '/identity-crisis/confirm-safe-mode', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::confirm_safe_mode', 'permission_callback' => __CLASS__ . '::identity_crisis_mitigation_permission_check')); // IDC resolve: create an entirely new shadow site for this URL. register_rest_route('jetpack/v4', '/identity-crisis/start-fresh', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::start_fresh_connection', 'permission_callback' => __CLASS__ . '::identity_crisis_mitigation_permission_check')); // Handles the request to migrate stats and subscribers during an identity crisis. register_rest_route('jetpack/v4', 'identity-crisis/migrate', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::migrate_stats_and_subscribers', 'permissison_callback' => __CLASS__ . '::identity_crisis_mitigation_permission_check')); // Return all modules self::route('module/all', 'Jetpack_Core_API_Module_List_Endpoint', WP_REST_Server::READABLE); // Activate many modules self::route('/module/all/active', 'Jetpack_Core_API_Module_List_Endpoint', WP_REST_Server::EDITABLE, NULL, array('modules' => array('default' => '', 'type' => 'array', 'required' => true, 'validate_callback' => __CLASS__ . '::validate_module_list'), 'active' => array('default' => true, 'type' => 'boolean', 'required' => false, 'validate_callback' => __CLASS__ . '::validate_boolean'))); Jetpack::load_xml_rpc_client(); // Return a single module and update it when needed self::route('/module/(?P<slug>[a-z\\-]+)', 'Jetpack_Core_API_Data', WP_REST_Server::READABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id()))); // Activate and deactivate a module self::route('/module/(?P<slug>[a-z\\-]+)/active', 'Jetpack_Core_API_Module_Toggle_Endpoint', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(), array('active' => array('default' => true, 'type' => 'boolean', 'required' => true, 'validate_callback' => __CLASS__ . '::validate_boolean'))); // Update a module self::route('/module/(?P<slug>[a-z\\-]+)', 'Jetpack_Core_API_Data', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id())), self::get_updateable_parameters()); // Get data for a specific module, i.e. Protect block count, WPCOM stats, // Akismet spam count, etc. self::route('/module/(?P<slug>[a-z\\-]+)/data', 'Jetpack_Core_API_Module_Data_Endpoint', WP_REST_Server::READABLE, NULL, array('range' => array('default' => 'day', 'type' => 'string', 'required' => false, 'validate_callback' => __CLASS__ . '::validate_string'))); // Update any Jetpack module option or setting self::route('/settings', 'Jetpack_Core_API_Data', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id())), self::get_updateable_parameters('any')); // Update a module self::route('/settings/(?P<slug>[a-z\\-]+)', 'Jetpack_Core_API_Data', WP_REST_Server::EDITABLE, new Jetpack_IXR_Client(array('user_id' => get_current_user_id())), self::get_updateable_parameters()); // Return miscellaneous settings register_rest_route('jetpack/v4', '/settings', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_settings', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check')); // Reset all Jetpack options register_rest_route('jetpack/v4', '/options/(?P<options>[a-z\\-]+)', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::reset_jetpack_options', 'permission_callback' => __CLASS__ . '::manage_modules_permission_check')); // Jumpstart register_rest_route('jetpack/v4', '/jumpstart', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::jumpstart_toggle', 'permission_callback' => __CLASS__ . '::manage_modules_permission_check', 'args' => array('active' => array('required' => true, 'validate_callback' => __CLASS__ . '::validate_boolean')))); // Updates: get number of plugin updates available register_rest_route('jetpack/v4', '/updates/plugins', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_plugin_update_count', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check')); // Dismiss Jetpack Notices register_rest_route('jetpack/v4', '/notice/(?P<notice>[a-z\\-_]+)', array('methods' => WP_REST_Server::EDITABLE, 'callback' => __CLASS__ . '::dismiss_notice', 'permission_callback' => __CLASS__ . '::view_admin_page_permission_check')); // Plugins: get list of all plugins. register_rest_route('jetpack/v4', '/plugins', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_plugins', 'permission_callback' => __CLASS__ . '::activate_plugins_permission_check')); // Plugins: check if the plugin is active. register_rest_route('jetpack/v4', '/plugin/(?P<plugin>[a-z\\/\\.\\-_]+)', array('methods' => WP_REST_Server::READABLE, 'callback' => __CLASS__ . '::get_plugin', 'permission_callback' => __CLASS__ . '::activate_plugins_permission_check')); }
/** * Check if user is allowed to perform the update. * * @since 4.3.0 * * @param WP_REST_Request $request * * @return bool */ public function can_request($request) { if ('GET' === $request->get_method()) { return current_user_can('jetpack_admin_page'); } else { $module = Jetpack_Core_Json_Api_Endpoints::get_module_requested(); // User is trying to create, regenerate or delete its PbE || ATD settings. if ('post-by-email' === $module || 'after-the-deadline' === $module) { return current_user_can('edit_posts') && current_user_can('jetpack_admin_page'); } return current_user_can('jetpack_configure_modules'); } }
/** * Test permission to manage and configure Jetpack modules. * * @since 4.4.0 */ public function test_manage_configure_modules_permission() { // Current user doesn't have credentials, so checking permissions should fail $this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::manage_modules_permission_check()); $this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::configure_modules_permission_check()); // Create a user $user = $this->create_and_get_user(); // Add Jetpack capability $user->add_cap('jetpack_manage_modules'); $user->add_cap('jetpack_configure_modules'); // Setup global variables so this is the current user wp_set_current_user($user->ID); // User is not admin, so this should still fail $this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::manage_modules_permission_check()); $this->assertInstanceOf('WP_Error', Jetpack_Core_Json_Api_Endpoints::configure_modules_permission_check()); // Set user as admin $user->set_role('administrator'); // Reset user and setup globals again to reflect the role change. wp_set_current_user(0); wp_set_current_user($user->ID); // User has the capability and is connected so this should work this time $this->assertTrue(Jetpack_Core_Json_Api_Endpoints::manage_modules_permission_check()); $this->assertTrue(Jetpack_Core_Json_Api_Endpoints::configure_modules_permission_check()); }
function __construct() { self::$user_permissions_error_msg = esc_html__('You do not have the correct user permissions to perform this action. Please contact your site admin if you think this is a mistake.', 'jetpack'); }
function page_admin_scripts() { // Enqueue jp.js and localize it wp_enqueue_script('react-plugin', plugins_url('_inc/build/admin.js', JETPACK__PLUGIN_FILE), array(), time(), true); wp_enqueue_style('dops-css', plugins_url('_inc/build/dops-style.css', JETPACK__PLUGIN_FILE), array(), time()); wp_enqueue_style('components-css', plugins_url('_inc/build/style.min.css', JETPACK__PLUGIN_FILE), array(), time()); $localeSlug = explode('_', get_locale()); $localeSlug = $localeSlug[0]; // Add objects to be passed to the initial state of the app wp_localize_script('react-plugin', 'Initial_State', array('WP_API_root' => esc_url_raw(rest_url()), 'WP_API_nonce' => wp_create_nonce('wp_rest'), 'pluginBaseUrl' => plugins_url('', JETPACK__PLUGIN_FILE), 'connectionStatus' => array('isActive' => Jetpack::is_active(), 'isStaging' => Jetpack::is_staging_site(), 'devMode' => array('isActive' => Jetpack::is_development_mode(), 'constant' => defined('JETPACK_DEV_DEBUG') && JETPACK_DEV_DEBUG, 'url' => site_url() && false === strpos(site_url(), '.'), 'filter' => apply_filters('jetpack_development_mode', false))), 'dismissedNotices' => $this->get_dismissed_jetpack_notices(), 'isDevVersion' => Jetpack::is_development_version(), 'currentVersion' => JETPACK__VERSION, 'happinessGravIds' => jetpack_get_happiness_gravatar_ids(), 'getModules' => Jetpack_Core_Json_Api_Endpoints::get_modules(), 'showJumpstart' => jetpack_show_jumpstart(), 'rawUrl' => Jetpack::build_raw_urls(get_home_url()), 'adminUrl' => esc_url(admin_url()), 'statsData' => build_initial_stats_shape(), 'settingNames' => array('jetpack_holiday_snow_enabled' => function_exists('jetpack_holiday_snow_option_name') ? jetpack_holiday_snow_option_name() : false), 'userData' => array('othersLinked' => jetpack_get_other_linked_users(), 'currentUser' => jetpack_current_user_data()), 'locale' => $this->get_i18n_data(), 'localeSlug' => $localeSlug, 'jetpackStateNotices' => array('messageCode' => Jetpack::state('message'), 'errorCode' => Jetpack::state('error'), 'errorDescription' => Jetpack::state('error_description')))); }