Views_Route::get_sub_item_permissions_check() - Code Metrics - Inspection of "Merge pull request #1064 from gravityview/develop" - gravityview/GravityView - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 397f5b...27d97b )

by Zack

created 2018-05-24 07:30 UTC

Views_Route::get_sub_item_permissions_check() C

↳ Parent: Views_Route

Complexity

Conditions	11
Paths	11

Size

Total Lines	38
Code Lines	20

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	15
CRAP Score	12.8905

Importance

Changes

Metric	Value
cc	11
eloc	20
nc	11
nop	1
dl	0
loc	38
ccs	15
cts	20
cp	0.75
crap	12.8905
rs	5.2653
c	0
b	0
f	0

How to fix Complexity

<?php

/**
 * @package   GravityView
 * @license   GPL2+
 * @author    Josh Pollock <[email protected]>
 * @link      http://gravityview.co
 * @copyright Copyright 2015, Katz Web Services, Inc.
 *
 * @since 2.0
 */
namespace GV\REST;

/** If this file is called directly, abort. */
if ( ! defined( 'GRAVITYVIEW_DIR' ) ) {
	die();
}

class Views_Route extends Route {
	/**
	 * Route Name
	 *
	 * @since 2.0
	 *
	 * @access protected
	 * @string
	 */
	protected $route_name = 'views';

	/**
	 * Sub type, forms {$namespace}/route_name/{id}/sub_type type endpoints
	 *
	 * @since 2.0
	 * @access protected
	 * @var string
	 */
	protected $sub_type = 'entries';


	/**
	 * Get a collection of views
	 *
	 * Callback for GET /v1/views/
	 *
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_items( $request ) {

		$page = $request->get_param( 'page' );
		$limit = $request->get_param( 'limit' );

		$items = \GVCommon::get_all_views( array(
			'posts_per_page' => $limit,
			'paged' => $page,
		) );

		if ( empty( $items ) ) {
			return new \WP_Error( 'gravityview-no-views', __( 'No Views found.', 'gravityview' ) ); //@todo message
		}

		$data = array(
			'views' => array(),
			'total' => wp_count_posts( 'gravityview' )->publish,
		);
		foreach ( $items as $item ) {
			$data['views'][] = $this->prepare_view_for_response( $item, $request );
		}

		return new \WP_REST_Response( $data, 200 );
	}

	/**
	 * Get one view
	 *
	 * Callback for /v1/views/{id}/
	 *
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_item( $request ) {

		$url = $request->get_url_params();

		$view_id = intval( $url['id'] );

		$item = get_post( $view_id );

		//return a response or error based on some conditional
		if ( $item && ! is_wp_error( $item ) ) {
			$data = $this->prepare_view_for_response( $item, $request );
			return new \WP_REST_Response( $data, 200 );
		}

		return new \WP_Error( 'code', sprintf( 'A View with ID #%d was not found.', $view_id ) );
	}

	/**
	 * Prepare the item for the REST response
	 *
	 * @since 2.0
	 * @param \GV\View $view The view.
	 * @param \GV\Entry $entry WordPress representation of the item.
	 * @param \WP_REST_Request $request Request object.
	 * @param string $context The context (directory, single)
	 * @return mixed The data that is sent.
	 */
	public function prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context ) {
		$return = $entry->as_entry();

		// Only output the fields that should be displayed.
		$allowed = array();
		foreach ( $view->fields->by_position( "{$context}_*" )->by_visible()->all() as $field ) {
			$allowed[] = $field->ID;
		}

		/**
		 * @filter `gravityview/rest/entry/fields` Whitelist more entry fields that are output in regular REST requests.
		 * @param[in,out] array $allowed The allowed ones, default by_visible, by_position( "context_*" ), i.e. as set in the view.
		 * @param \GV\View $view The view.
		 * @param \GV\Entry $entry WordPress representation of the item.
		 * @param \WP_REST_Request $request Request object.
		 * @param string $context The context (directory, single)
		 */
		$allowed = apply_filters( 'gravityview/rest/entry/fields', $allowed, $view, $entry, $request, $context );

		foreach ( $return as $key => $value ) {
			if ( ! in_array( $key, $allowed ) ) {
				unset( $return[ $key ] );
			}
		}

		$r = new Request( $request );

		foreach ( $allowed as $field ) {
			$source = is_numeric( $field ) ? $view->form : new \GV\Internal_Source();
			$field  = is_numeric( $field ) ? \GV\GF_Field::by_id( $view->form, $field ) : \GV\Internal_Field::by_id( $field );

			$return[ $field->ID ] = $field->get_value( $view, $source, $entry, $r );
		}

		// @todo Set the labels!

		return $return;
	}

	/**
	 * Get entries from a view
	 *
	 * Callback for /v1/views/{id}/entries/
	 *
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_sub_items( $request ) {

		$url     = $request->get_url_params();
		$view_id = intval( $url['id'] );
		$format  = \GV\Utils::get( $url, 'format', 'json' );

		$view = \GV\View::by_id( $view_id );

		if ( $format == 'html' ) {


			$renderer = new \GV\View_Renderer();
			$total = 0;

			add_action( 'gravityview/template/view/render', function( $context ) use ( &$total ) {
				$total = $context->entries->count();
			} );

			$output = $renderer->render( $view, new Request( $request ) );

			/**
			 * @filter `gravityview/rest/entries/html/insert_meta` Whether to include `http-equiv` meta tags in the HTML output describing the data
			 * @param bool $insert_meta Add <meta> tags? [Default: true]
			 * @param int $total The number of entries being rendered
			 * @param \GV\View $view The view.
			 * @param \WP_REST_Request $request Request object.
			 */
			$insert_meta = apply_filters( 'gravityview/rest/entries/html/insert_meta', true, $total, $view, $request );

			if ( $insert_meta ) {
				$output = '<meta http-equiv="X-Item-Count" content="' . $total . '" />' . $output;
			}

			$response = new \WP_REST_Response( $output, 200 );
			$response->header( 'X-Item-Count', $total );

			return $response;
		}

		$entries = $view->get_entries( new Request( $request ) );

		if ( ! $entries->all() ) {
			return new \WP_Error( 'gravityview-no-entries', __( 'No Entries found.', 'gravityview' ) );
		}

		$data = array( 'entries' => $entries->all(), 'total' => $entries->total() );

		foreach ( $data['entries'] as &$entry ) {
			$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
		}

		return new \WP_REST_Response( $data, 200 );
	}

	/**
	 * Get one entry from view
	 *
	 * Callback for /v1/views/{id}/entries/{id}/
	 *
	 * @uses GVCommon::get_entry
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_sub_item( $request ) {
		$url      = $request->get_url_params();
		$view_id  = intval( $url['id'] );
		$entry_id = intval( $url['s_id'] );
		$format   = \GV\Utils::get( $url, 'format', 'json' );

		$view  = \GV\View::by_id( $view_id );
		$entry = \GV\GF_Entry::by_id( $entry_id );

		if ( $format == 'html' ) {

			$renderer = new \GV\Entry_Renderer();
			return $renderer->render( $entry, $view, new Request( $request ) );
		}

		return $this->prepare_entry_for_response( $view, $entry, $request, 'single' );
	}

	/**
	 * Prepare the item for the REST response
	 *
	 * @since 2.0
	 * @param \WP_Post $view_post WordPress representation of the item.
	 * @param \WP_REST_Request $request Request object.
	 * @return mixed
	 */
	public function prepare_view_for_response( $view_post, \WP_REST_Request $request ) {
		if ( is_wp_error( $this->get_item_permissions_check( $request, $view_post->ID ) ) ) {
			// Redacted out view.
			return array( 'ID' => $view_post->ID, 'post_content' => __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		$view = \GV\View::from_post( $view_post );

		$item = $view->as_data();

		// Add all the WP_Post data
		$view_post = $view_post->to_array();

		unset( $view_post['to_ping'], $view_post['ping_status'], $view_post['pinged'], $view_post['post_type'], $view_post['filter'], $view_post['post_category'], $view_post['tags_input'], $view_post['post_content'], $view_post['post_content_filtered'] );

		$return = wp_parse_args( $item, $view_post );

		$return['title'] = $return['post_title'];

		$return['settings'] = isset( $return['atts'] ) ? $return['atts'] : array();
		unset( $return['atts'], $return['view_id'] );

		$return['search_criteria'] = array(
			'page_size' => rgars( $return, 'settings/page_size' ),
			'sort_field' => rgars( $return, 'settings/sort_field' ),
			'sort_direction' => rgars( $return, 'settings/sort_direction' ),
			'offset' => rgars( $return, 'settings/offset' ),
		);

		unset( $return['settings']['page_size'], $return['settings']['sort_field'], $return['settings']['sort_direction'] );

		// Redact for non-logged ins
		if ( ! \GVCommon::has_cap( 'edit_others_gravityviews' ) ) {
			unset( $return['settings'] );
			unset( $return['search_criteria'] );
		}
		
		if ( ! \GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
			unset( $return['form'] );
		}

		return $return;
	}

	public function get_item_permissions_check( $request ) {
		if ( func_num_args() == 2 ) {

			$view_id = func_get_arg( 1 ); // $view_id override
		} else {
			$url     = $request->get_url_params();
			$view_id = intval( $url['id'] );
		}

		if ( ! $view = \GV\View::by_id( $view_id ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		if ( post_password_required( $view->ID ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		$public_states = get_post_stati( array( 'public' => true ) );
		if ( ! in_array( $view->post_status, $public_states ) && ! \GVCommon::has_cap( 'read_gravityview', $view->ID ) ) {
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		// Shortcodes only
		$direct_access = apply_filters( 'gravityview_direct_access', true, $view->ID );
		if ( ! apply_filters( 'gravityview/view/output/direct', $direct_access, $view, $request ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		// Embed only
		if ( $view->settings->get( 'embed_only' ) && ! \GVCommon::has_cap( 'read_private_gravityviews' ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		// REST
		if ( gravityview()->plugin->settings->get( 'rest_api' ) === '1' && $view->settings->get( 'rest_disable' ) === '1' ) {

			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		} elseif ( gravityview()->plugin->settings->get( 'rest_api' ) !== '1' && $view->settings->get( 'rest_enable' ) !== '1' ) {

			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		/**
		 * @filter `gravityview/view/output/rest` Disable rest output. Final chance.
		 * @param[in,out] bool Enable or not.
		 * @param \GV\View $view The view.
		 */
		if ( ! apply_filters( 'gravityview/view/output/rest', true, $view ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		return true;
	}

	public function get_sub_item_permissions_check( $request ) {
		// Accessing a single entry needs the View access permissions.
		if ( is_wp_error( $error = $this->get_items_permissions_check( $request ) ) ) {
			return $error;
		}

		$url     = $request->get_url_params();
		$view_id = intval( $url['id'] );
		$entry_id = intval( $url['s_id'] );

		$view = \GV\View::by_id( $view_id );

		if ( ! $entry = \GV\GF_Entry::by_id( $entry_id ) ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( $entry['form_id'] != $view->form->ID ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( $entry['status'] != 'active' ) {

			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( apply_filters( 'gravityview_custom_entry_slug', false ) && $entry->slug != get_query_var( \GV\Entry::get_endpoint_name() ) ) {

			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		$is_admin_and_can_view = $view->settings->get( 'admin_show_all_statuses' ) && \GVCommon::has_cap('gravityview_moderate_entries', $view->ID );


		if ( $view->settings->get( 'show_only_approved' ) && ! $is_admin_and_can_view ) {
			if ( ! \GravityView_Entry_Approval_Status::is_approved( gform_get_meta( $entry->ID, \GravityView_Entry_Approval::meta_key ) )  ) {
				return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
			}
		}

		return true;
	}

	public function get_items_permissions_check( $request ) {
		// Getting a list of all Views is always possible.
		return true;
	}

	public function get_sub_items_permissions_check( $request ) {
		// Accessing all entries of a View needs the same permissions as accessing the View.
		return $this->get_item_permissions_check( $request );
	}
}


1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 18 and the first side effect is on line 15. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2		/**
3		* @package GravityView
4		* @license GPL2+
5		* @author Josh Pollock <[email protected]>
6		* @link http://gravityview.co
7		* @copyright Copyright 2015, Katz Web Services, Inc.
8		*
9		* @since 2.0
10		*/
11		namespace GV\REST;
12
13		/** If this file is called directly, abort. */
14	1	if ( ! defined( 'GRAVITYVIEW_DIR' ) ) {
15		die();
16		}
17
18		class Views_Route extends Route {
19		/**
20		* Route Name
21		*
22		* @since 2.0
23		*
24		* @access protected
25		* @string
26		*/
27		protected $route_name = 'views';
28
29		/**
30		* Sub type, forms {$namespace}/route_name/{id}/sub_type type endpoints
31		*
32		* @since 2.0
33		* @access protected
34		* @var string
35		*/
36		protected $sub_type = 'entries';
37
38
39		/**
40		* Get a collection of views
41		*
42		* Callback for GET /v1/views/
43		*
44		* @param \WP_REST_Request $request Full data about the request.
45		* @return \WP_Error\|\WP_REST_Response
46		*/
47	3	public function get_items( $request ) {
48
49	3	$page = $request->get_param( 'page' );
50	3	$limit = $request->get_param( 'limit' );
51
52	3	$items = \GVCommon::get_all_views( array(
53	3	'posts_per_page' => $limit,
54	3	'paged' => $page,
55		) );
56
57	3	if ( empty( $items ) ) {
58		return new \WP_Error( 'gravityview-no-views', __( 'No Views found.', 'gravityview' ) ); //@todo message
59		}
60
61		$data = array(
62	3	'views' => array(),
63	3	'total' => wp_count_posts( 'gravityview' )->publish,
64		);
65	3	foreach ( $items as $item ) {
66	3	$data['views'][] = $this->prepare_view_for_response( $item, $request );
67		}
68
69	3	return new \WP_REST_Response( $data, 200 );
70		}
71
72		/**
73		* Get one view
74		*
75		* Callback for /v1/views/{id}/
76		*
77		* @since 2.0
78		* @param \WP_REST_Request $request Full data about the request.
79		* @return \WP_Error\|\WP_REST_Response
80		*/
81	2	public function get_item( $request ) {
82
83	2	$url = $request->get_url_params();
84
85	2	$view_id = intval( $url['id'] );
86
87	2	$item = get_post( $view_id );
88
89		//return a response or error based on some conditional
90	2	if ( $item && ! is_wp_error( $item ) ) {
91	2	$data = $this->prepare_view_for_response( $item, $request );
92	2	return new \WP_REST_Response( $data, 200 );
93		}
94
95		return new \WP_Error( 'code', sprintf( 'A View with ID #%d was not found.', $view_id ) );
96		}
97
98		/**
99		* Prepare the item for the REST response
100		*
101		* @since 2.0
102		* @param \GV\View $view The view.
103		* @param \GV\Entry $entry WordPress representation of the item.
104		* @param \WP_REST_Request $request Request object.
105		* @param string $context The context (directory, single)
106		* @return mixed The data that is sent.
107		*/
108	4	public function prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context ) {
109	4	$return = $entry->as_entry();
110
111		// Only output the fields that should be displayed.
112	4	$allowed = array();
113	4	foreach ( $view->fields->by_position( "{$context}_*" )->by_visible()->all() as $field ) {
114	4	$allowed[] = $field->ID;
115		}
116
117		/**
118		* @filter `gravityview/rest/entry/fields` Whitelist more entry fields that are output in regular REST requests.
119		* @param[in,out] array $allowed The allowed ones, default by_visible, by_position( "context_*" ), i.e. as set in the view.
120		* @param \GV\View $view The view.
121		* @param \GV\Entry $entry WordPress representation of the item.
122		* @param \WP_REST_Request $request Request object.
123		* @param string $context The context (directory, single)
124		*/
125	4	$allowed = apply_filters( 'gravityview/rest/entry/fields', $allowed, $view, $entry, $request, $context );
126
127	4	foreach ( $return as $key => $value ) {
128	4	if ( ! in_array( $key, $allowed ) ) {
129	4	unset( $return[ $key ] );
130		}
131		}
132
133	4	$r = new Request( $request );
134
135	4	foreach ( $allowed as $field ) {
136	4	$source = is_numeric( $field ) ? $view->form : new \GV\Internal_Source();
137	4	$field = is_numeric( $field ) ? \GV\GF_Field::by_id( $view->form, $field ) : \GV\Internal_Field::by_id( $field );
138
139	4	$return[ $field->ID ] = $field->get_value( $view, $source, $entry, $r );
140		}
141
142		// @todo Set the labels!
143
144	4	return $return;
145		}
146
147		/**
148		* Get entries from a view
149		*
150		* Callback for /v1/views/{id}/entries/
151		*
152		* @since 2.0
153		* @param \WP_REST_Request $request Full data about the request.
154		* @return \WP_Error\|\WP_REST_Response
155		*/
156	3	public function get_sub_items( $request ) {
157
158	3	$url = $request->get_url_params();
159	3	$view_id = intval( $url['id'] );
160	3	$format = \GV\Utils::get( $url, 'format', 'json' );
161
162	3	$view = \GV\View::by_id( $view_id );
163
164	3	if ( $format == 'html' ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "== '". Use Yoda Condition checks, you must Loading history...
165
166	1	$renderer = new \GV\View_Renderer();
167	1	$total = 0;
168
169	1	add_action( 'gravityview/template/view/render', function( $context ) use ( &$total ) {
170	1	$total = $context->entries->count();
171	1	} );
172
173	1	$output = $renderer->render( $view, new Request( $request ) );
174
175		/**
176		* @filter `gravityview/rest/entries/html/insert_meta` Whether to include `http-equiv` meta tags in the HTML output describing the data
177		* @param bool $insert_meta Add <meta> tags? [Default: true]
178		* @param int $total The number of entries being rendered
179		* @param \GV\View $view The view.
180		* @param \WP_REST_Request $request Request object.
181		*/
182	1	$insert_meta = apply_filters( 'gravityview/rest/entries/html/insert_meta', true, $total, $view, $request );
183
184	1	if ( $insert_meta ) {
185	1	$output = '<meta http-equiv="X-Item-Count" content="' . $total . '" />' . $output;
186		}
187
188	1	$response = new \WP_REST_Response( $output, 200 );
189	1	$response->header( 'X-Item-Count', $total );
190
191	1	return $response;
192		}
193
194	3	$entries = $view->get_entries( new Request( $request ) );
195
196	3	if ( ! $entries->all() ) {
197		return new \WP_Error( 'gravityview-no-entries', __( 'No Entries found.', 'gravityview' ) );
198		}
199
200	3	$data = array( 'entries' => $entries->all(), 'total' => $entries->total() );
201
202	3	foreach ( $data['entries'] as &$entry ) {
203	3	$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
204		}
205
206	3	return new \WP_REST_Response( $data, 200 );
207		}
208
209		/**
210		* Get one entry from view
211		*
212		* Callback for /v1/views/{id}/entries/{id}/
213		*
214		* @uses GVCommon::get_entry
215		* @since 2.0
216		* @param \WP_REST_Request $request Full data about the request.
217		* @return \WP_Error\|\WP_REST_Response
218		*/
219	2	public function get_sub_item( $request ) {
220	2	$url = $request->get_url_params();
221	2	$view_id = intval( $url['id'] );
222	2	$entry_id = intval( $url['s_id'] );
223	2	$format = \GV\Utils::get( $url, 'format', 'json' );
224
225	2	$view = \GV\View::by_id( $view_id );
226	2	$entry = \GV\GF_Entry::by_id( $entry_id );
227
228	2	if ( $format == 'html' ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "== '". Use Yoda Condition checks, you must Loading history...
229	1	$renderer = new \GV\Entry_Renderer();
230	1	return $renderer->render( $entry, $view, new Request( $request ) );
231		}
232
233	2	return $this->prepare_entry_for_response( $view, $entry, $request, 'single' );
234		}
235
236		/**
237		* Prepare the item for the REST response
238		*
239		* @since 2.0
240		* @param \WP_Post $view_post WordPress representation of the item.
241		* @param \WP_REST_Request $request Request object.
242		* @return mixed
243		*/
244	4	public function prepare_view_for_response( $view_post, \WP_REST_Request $request ) {
245	4	if ( is_wp_error( $this->get_item_permissions_check( $request, $view_post->ID ) ) ) {
246		// Redacted out view.
247	1	return array( 'ID' => $view_post->ID, 'post_content' => __( 'You are not allowed to access this content.', 'gravityview' ) );
248		}
249
250	4	$view = \GV\View::from_post( $view_post );
251
252	4	$item = $view->as_data();
253
254		// Add all the WP_Post data
255	4	$view_post = $view_post->to_array();
256
257	4	unset( $view_post['to_ping'], $view_post['ping_status'], $view_post['pinged'], $view_post['post_type'], $view_post['filter'], $view_post['post_category'], $view_post['tags_input'], $view_post['post_content'], $view_post['post_content_filtered'] );
258
259	4	$return = wp_parse_args( $item, $view_post );
260
261	4	$return['title'] = $return['post_title'];
262
263	4	$return['settings'] = isset( $return['atts'] ) ? $return['atts'] : array();
264	4	unset( $return['atts'], $return['view_id'] );
265
266	4	$return['search_criteria'] = array(
267	4	'page_size' => rgars( $return, 'settings/page_size' ),
268	4	'sort_field' => rgars( $return, 'settings/sort_field' ),
269	4	'sort_direction' => rgars( $return, 'settings/sort_direction' ),
270	4	'offset' => rgars( $return, 'settings/offset' ),
271		);
272
273	4	unset( $return['settings']['page_size'], $return['settings']['sort_field'], $return['settings']['sort_direction'] );
274
275		// Redact for non-logged ins
276	4	if ( ! \GVCommon::has_cap( 'edit_others_gravityviews' ) ) {
277	4	unset( $return['settings'] );
278	4	unset( $return['search_criteria'] );
279		}
280
281	4	if ( ! \GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
282	4	unset( $return['form'] );
283		}
284
285	4	return $return;
286		}
287
288	5	public function get_item_permissions_check( $request ) {
289	5	if ( func_num_args() == 2 ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "== 2". Use Yoda Condition checks, you must Loading history...
290	4	$view_id = func_get_arg( 1 ); // $view_id override
291		} else {
292	4	$url = $request->get_url_params();
293	4	$view_id = intval( $url['id'] );
294		}
295
296	5	if ( ! $view = \GV\View::by_id( $view_id ) ) {
297		return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
298		}
299
300	5	if ( post_password_required( $view->ID ) ) {
301	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
302		}
303
304	5	$public_states = get_post_stati( array( 'public' => true ) );
305	5	if ( ! in_array( $view->post_status, $public_states ) && ! \GVCommon::has_cap( 'read_gravityview', $view->ID ) ) {
		0 ignored issues – show Documentation introduced 2018-05-08 22:39 UTC by Report Bug Copy Issue Report The property `post_status` does not exist on `object<GV\View>`. Since you implemented `__get`, maybe consider adding a @property annotation. Since your code implements the magic getter `_get`, this function will be called for any read access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
306	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
307		}
308
309		// Shortcodes only
310	5	$direct_access = apply_filters( 'gravityview_direct_access', true, $view->ID );
311	5	if ( ! apply_filters( 'gravityview/view/output/direct', $direct_access, $view, $request ) ) {
312		return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
313		}
314
315		// Embed only
316	5	if ( $view->settings->get( 'embed_only' ) && ! \GVCommon::has_cap( 'read_private_gravityviews' ) ) {
317		return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
318		}
319
320		// REST
321	5	if ( gravityview()->plugin->settings->get( 'rest_api' ) === '1' && $view->settings->get( 'rest_disable' ) === '1' ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "=== '". Use Yoda Condition checks, you must Loading history...
322	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
323	5	} elseif ( gravityview()->plugin->settings->get( 'rest_api' ) !== '1' && $view->settings->get( 'rest_enable' ) !== '1' ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "!== '". Use Yoda Condition checks, you must Loading history...
324	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
325		}
326
327		/**
328		* @filter `gravityview/view/output/rest` Disable rest output. Final chance.
329		* @param[in,out] bool Enable or not.
330		* @param \GV\View $view The view.
331		*/
332	5	if ( ! apply_filters( 'gravityview/view/output/rest', true, $view ) ) {
333	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
334		}
335
336	5	return true;
337		}
338
339	2	public function get_sub_item_permissions_check( $request ) {
340		// Accessing a single entry needs the View access permissions.
341	2	if ( is_wp_error( $error = $this->get_items_permissions_check( $request ) ) ) {
342		return $error;
343		}
344
345	2	$url = $request->get_url_params();
346	2	$view_id = intval( $url['id'] );
347	2	$entry_id = intval( $url['s_id'] );
348
349	2	$view = \GV\View::by_id( $view_id );
350
351	2	if ( ! $entry = \GV\GF_Entry::by_id( $entry_id ) ) {
352		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
353		}
354
355	2	if ( $entry['form_id'] != $view->form->ID ) {
356		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
357		}
358
359	2	if ( $entry['status'] != 'active' ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "!= '". Use Yoda Condition checks, you must Loading history...
360		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
361		}
362
363	2	if ( apply_filters( 'gravityview_custom_entry_slug', false ) && $entry->slug != get_query_var( \GV\Entry::get_endpoint_name() ) ) {
		0 ignored issues – show Bug introduced 2018-05-08 22:39 UTC by Report Bug Copy Issue Report The property `slug` does not seem to exist in `GV\Entry`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
364		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
365		}
366
367	2	$is_admin_and_can_view = $view->settings->get( 'admin_show_all_statuses' ) && \GVCommon::has_cap('gravityview_moderate_entries', $view->ID );
		0 ignored issues – show Coding Style introduced 2018-05-23 23:24 UTC by Report Bug Copy Issue Report Expected 1 spaces after opening bracket; 0 found Loading history...
368
369	2	if ( $view->settings->get( 'show_only_approved' ) && ! $is_admin_and_can_view ) {
370	1	if ( ! \GravityView_Entry_Approval_Status::is_approved( gform_get_meta( $entry->ID, \GravityView_Entry_Approval::meta_key ) ) ) {
371	1	return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
372		}
373		}
374
375	2	return true;
376		}
377
378	4	public function get_items_permissions_check( $request ) {
379		// Getting a list of all Views is always possible.
380	4	return true;
381		}
382
383	3	public function get_sub_items_permissions_check( $request ) {
384		// Accessing all entries of a View needs the same permissions as accessing the View.
385	3	return $this->get_item_permissions_check( $request );
386		}
387		}
388

gravityview / GravityView

Push — master ( 397f5b...27d97b )

Views_Route::get_sub_item_permissions_check() C

Complexity

Size

Duplication

Code Coverage

Importance

How to fix Complexity

Long Method

Duplication Side-by-Side

Filter issues like