eventespresso /
event-espresso-core
| @@ 129-143 (lines=15) @@ | ||
| 126 | { |
|
| 127 | Capabilities::verifyAtLeastPartialAccessTo($model, EEM_Base::caps_edit, 'create'); |
|
| 128 | $default_cap_to_check_for = EE_Restriction_Generator_Base::get_default_restrictions_cap(); |
|
| 129 | if (! current_user_can($default_cap_to_check_for)) { |
|
| 130 | throw new RestException( |
|
| 131 | 'rest_cannot_create_' . EEH_Inflector::pluralize_and_lower(($model->get_this_model_name())), |
|
| 132 | sprintf( |
|
| 133 | esc_html__( |
|
| 134 | // @codingStandardsIgnoreStart |
|
| 135 | 'For now, only those with the admin capability to "%1$s" are allowed to use the REST API to insert data into Event Espresso.', |
|
| 136 | // @codingStandardsIgnoreEnd |
|
| 137 | 'event_espresso' |
|
| 138 | ), |
|
| 139 | $default_cap_to_check_for |
|
| 140 | ), |
|
| 141 | array('status' => 403) |
|
| 142 | ); |
|
| 143 | } |
|
| 144 | $submitted_json_data = array_merge((array) $request->get_body_params(), (array) $request->get_json_params()); |
|
| 145 | $model_data = ModelDataTranslator::prepareConditionsQueryParamsForModels( |
|
| 146 | $submitted_json_data, |
|
| @@ 181-195 (lines=15) @@ | ||
| 178 | { |
|
| 179 | Capabilities::verifyAtLeastPartialAccessTo($model, EEM_Base::caps_edit, 'edit'); |
|
| 180 | $default_cap_to_check_for = EE_Restriction_Generator_Base::get_default_restrictions_cap(); |
|
| 181 | if (! current_user_can($default_cap_to_check_for)) { |
|
| 182 | throw new RestException( |
|
| 183 | 'rest_cannot_edit_' . EEH_Inflector::pluralize_and_lower(($model->get_this_model_name())), |
|
| 184 | sprintf( |
|
| 185 | esc_html__( |
|
| 186 | // @codingStandardsIgnoreStart |
|
| 187 | 'For now, only those with the admin capability to "%1$s" are allowed to use the REST API to update data into Event Espresso.', |
|
| 188 | // @codingStandardsIgnoreEnd |
|
| 189 | 'event_espresso' |
|
| 190 | ), |
|
| 191 | $default_cap_to_check_for |
|
| 192 | ), |
|
| 193 | array('status' => 403) |
|
| 194 | ); |
|
| 195 | } |
|
| 196 | $obj_id = $request->get_param('id'); |
|
| 197 | if (! $obj_id) { |
|
| 198 | throw new RestException( |
|
| @@ 235-249 (lines=15) @@ | ||
| 232 | { |
|
| 233 | Capabilities::verifyAtLeastPartialAccessTo($model, EEM_Base::caps_delete, 'delete'); |
|
| 234 | $default_cap_to_check_for = EE_Restriction_Generator_Base::get_default_restrictions_cap(); |
|
| 235 | if (! current_user_can($default_cap_to_check_for)) { |
|
| 236 | throw new RestException( |
|
| 237 | 'rest_cannot_delete_' . EEH_Inflector::pluralize_and_lower(($model->get_this_model_name())), |
|
| 238 | sprintf( |
|
| 239 | esc_html__( |
|
| 240 | // @codingStandardsIgnoreStart |
|
| 241 | 'For now, only those with the admin capability to "%1$s" are allowed to use the REST API to delete data into Event Espresso.', |
|
| 242 | // @codingStandardsIgnoreEnd |
|
| 243 | 'event_espresso' |
|
| 244 | ), |
|
| 245 | $default_cap_to_check_for |
|
| 246 | ), |
|
| 247 | array('status' => 403) |
|
| 248 | ); |
|
| 249 | } |
|
| 250 | $obj_id = $request->get_param('id'); |
|
| 251 | // this is where we would apply more fine-grained caps |
|
| 252 | $model_obj = $model->get_one_by_ID($obj_id); |
|
| @@ 26-41 (lines=16) @@ | ||
| 23 | */ |
|
| 24 | protected function verifyCurrentUserCan($required_permission, $attempted_calculation) |
|
| 25 | { |
|
| 26 | if (! current_user_can($required_permission)) { |
|
| 27 | throw new RestException( |
|
| 28 | 'permission_denied', |
|
| 29 | sprintf( |
|
| 30 | __( |
|
| 31 | // @codingStandardsIgnoreStart |
|
| 32 | 'Permission denied, you cannot calculate %1$s on %2$s because you do not have the capability "%3$s"', |
|
| 33 | // @codingStandardsIgnoreEnd |
|
| 34 | 'event_espresso' |
|
| 35 | ), |
|
| 36 | $attempted_calculation, |
|
| 37 | EEH_Inflector::pluralize_and_lower($this->getResourceName()), |
|
| 38 | $required_permission |
|
| 39 | ) |
|
| 40 | ); |
|
| 41 | } |
|
| 42 | } |
|
| 43 | ||
| 44 | ||
