BP_REST_Members_Endpoint::get_item_permissions_check( WP_REST_Request $request )

Checks if a given request has access to read a user.

Contents

Parameters Parameters

$request

(WP_REST_Request) (Required) Full details about the request.

Top ↑

Return Return

(true|WP_Error)

Source Source

File: bp-members/classes/class-bp-rest-members-endpoint.php 

	public function get_item_permissions_check( $request ) {
		$retval = new WP_Error(
			'bp_rest_authorization_required',
			__( 'Sorry, you are not allowed to perform this action.', 'buddypress' ),
			array(
				'status' => rest_authorization_required_code(),
			)
		);

		$user = bp_rest_get_user( $request['id'] );

		if ( ! $user instanceof WP_User ) {
			$retval = new WP_Error(
				'bp_rest_member_invalid_id',
				__( 'Invalid member ID.', 'buddypress' ),
				array(
					'status' => 404,
				)
			);
		} elseif ( 'edit' === $request['context'] ) {
			if ( get_current_user_id() === $user->ID || bp_current_user_can( 'list_users' ) ) {
				$retval = true;
			} else {
				$retval = new WP_Error(
					'bp_rest_authorization_required',
					__( 'Sorry, you are not allowed to view members with the edit context.', 'buddypress' ),
					array(
						'status' => rest_authorization_required_code(),
					)
				);
			}
		} else {
			$retval = true;
		}

		/**
		 * Filter the members `get_item` permissions check.
		 *
		 * @since 5.0.0
		 *
		 * @param true|WP_Error   $retval  Returned value.
		 * @param WP_REST_Request $request The request sent to the API.
		 */
		return apply_filters( 'bp_rest_members_get_item_permissions_check', $retval, $request );
	}

Expand full source code Collapse full source code View on Trac

Top ↑

Top ↑

Changelog Changelog

Changelog
Version Description
5.0.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.