Views_Route::get_item() - Code Metrics - Inspection of "2.1 [WIP]" - gravityview/GravityView - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#1147)

by Zack

created 2018-09-27 20:26 UTC

Views_Route::get_item() A

↳ Parent: Views_Route

Complexity

Conditions	3
Paths	2

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	7
CRAP Score	3.0175

Importance

Changes

Metric	Value
cc	3
nc	2
nop	1
dl	0
loc	16
ccs	7
cts	8
cp	0.875
crap	3.0175
rs	9.7333
c	0
b	0
f	0

<?php

/**
 * @package   GravityView
 * @license   GPL2+
 * @author    Josh Pollock <[email protected]>
 * @link      http://gravityview.co
 * @copyright Copyright 2015, Katz Web Services, Inc.
 *
 * @since 2.0
 */
namespace GV\REST;

/** If this file is called directly, abort. */
if ( ! defined( 'GRAVITYVIEW_DIR' ) ) {
	die();
}

class Views_Route extends Route {
	/**
	 * Route Name
	 *
	 * @since 2.0
	 *
	 * @access protected
	 * @string
	 */
	protected $route_name = 'views';

	/**
	 * Sub type, forms {$namespace}/route_name/{id}/sub_type type endpoints
	 *
	 * @since 2.0
	 * @access protected
	 * @var string
	 */
	protected $sub_type = 'entries';


	/**
	 * Get a collection of views
	 *
	 * Callback for GET /v1/views/
	 *
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_items( $request ) {

		$page = $request->get_param( 'page' );
		$limit = $request->get_param( 'limit' );

		$items = \GVCommon::get_all_views( array(
			'posts_per_page' => $limit,
			'paged' => $page,
		) );

		if ( empty( $items ) ) {
			return new \WP_Error( 'gravityview-no-views', __( 'No Views found.', 'gravityview' ) ); //@todo message
		}

		$data = array(
			'views' => array(),
			'total' => wp_count_posts( 'gravityview' )->publish,
		);
		foreach ( $items as $item ) {
			$data['views'][] = $this->prepare_view_for_response( $item, $request );
		}

		return new \WP_REST_Response( $data, 200 );
	}

	/**
	 * Get one view
	 *
	 * Callback for /v1/views/{id}/
	 *
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_item( $request ) {

		$url = $request->get_url_params();

		$view_id = intval( $url['id'] );

		$item = get_post( $view_id );

		//return a response or error based on some conditional
		if ( $item && ! is_wp_error( $item ) ) {
			$data = $this->prepare_view_for_response( $item, $request );
			return new \WP_REST_Response( $data, 200 );
		}

		return new \WP_Error( 'code', sprintf( 'A View with ID #%d was not found.', $view_id ) );
	}

	/**
	 * Prepare the item for the REST response
	 *
	 * @since 2.0
	 * @param \GV\View $view The view.
	 * @param \GV\Entry $entry WordPress representation of the item.
	 * @param \WP_REST_Request $request Request object.
	 * @param string $context The context (directory, single)
	 * @param string $class The value renderer. Default: null (raw value)
	 *
	 * @since 2.1 Add value renderer override $class parameter.
	 *
	 * @return mixed The data that is sent.
	 */
	public function prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context, $class = null ) {

		// Only output the fields that should be displayed.
		$allowed = array();
		foreach ( $view->fields->by_position( "{$context}_*" )->by_visible()->all() as $field ) {
			$allowed[ $field->ID ] = $field;
		}

		/**
		 * @filter `gravityview/rest/entry/fields` Whitelist more entry fields that are output in regular REST requests.
		 * @param[in,out] array $allowed The allowed ones, default by_visible, by_position( "context_*" ), i.e. as set in the view.
		 * @param \GV\View $view The view.
		 * @param \GV\Entry $entry WordPress representation of the item.
		 * @param \WP_REST_Request $request Request object.
		 * @param string $context The context (directory, single)
		 */
		$allowed_field_ids = apply_filters( 'gravityview/rest/entry/fields', array_keys( $allowed ), $view, $entry, $request, $context );

		$r = new Request( $request );
		$return = array();
		$renderer = null;

		if ( $class ) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
			$renderer = new \GV\Field_Renderer();
		}

		foreach ( $allowed_field_ids as $field_id ) {
			$source = is_numeric( $field_id ) ? $view->form : new \GV\Internal_Source();

			if ( isset( $allowed[ $field_id ] ) ) {
				$field = $allowed[ $field_id ];
			} else {
				$field = is_numeric( $field_id ) ? \GV\GF_Field::by_id( $view->form, $field_id ) : \GV\Internal_Field::by_id( $field_id );
			}

			if ( $class ) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
				$return[ $field->ID ] = $renderer->render( $field, $view, $source, $entry, $r, $class );
			} else {
				$return[ $field->ID ] = $field->get_value( $view, $source, $entry, $r );
			}
		}

		return $return;
	}

	/**
	 * Get entries from a view
	 *
	 * Callback for /v1/views/{id}/entries/
	 *
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_sub_items( $request ) {

		$url     = $request->get_url_params();
		$view_id = intval( $url['id'] );
		$format  = \GV\Utils::get( $url, 'format', 'json' );

		if( $post_id = $request->get_param('post_id') ) {

			global $post;
function myFunction($a, $b) {
    // Do something
}

			$post = get_post( $post_id );


			if ( ! $post || is_wp_error( $post ) ) {
				return new \WP_Error( 'gravityview-post-not-found', sprintf( 'A post with ID #%d was not found.', $post_id ) );
			}

			$collection = \GV\View_Collection::from_post( $post );

			if ( ! $collection->contains( $view_id ) ) {
				return new \WP_Error( 'gravityview-post-not-contains', sprintf( 'The post with ID #%d does not contain a View with ID #%d', $post_id, $view_id ) );
			}
		}

		$view = \GV\View::by_id( $view_id );

		if ( 'html' === $format ) {

			$renderer = new \GV\View_Renderer();
			$count = $total = 0;

			/** @var \GV\Template_Context $context */
			add_action( 'gravityview/template/view/render', function( $context ) use ( &$count, &$total ) {
				$count = $context->entries->count();
				$total = $context->entries->total();
			} );

			$output = $renderer->render( $view, new Request( $request ) );

			/**
			 * @filter `gravityview/rest/entries/html/insert_meta` Whether to include `http-equiv` meta tags in the HTML output describing the data
			 * @since 2.0
			 * @param bool $insert_meta Add <meta> tags? [Default: true]
			 * @param int $count The number of entries being rendered
			 * @param \GV\View $view The view.
			 * @param \WP_REST_Request $request Request object.
			 * @param int $total The number of total entries for the request
			 */
			$insert_meta = apply_filters( 'gravityview/rest/entries/html/insert_meta', true, $count, $view, $request, $total );

			if ( $insert_meta ) {
				$output = '<meta http-equiv="X-Item-Count" content="' . $count . '" />' . $output;
				$output = '<meta http-equiv="X-Item-Total" content="' . $total . '" />' . $output;
			}

			$response = new \WP_REST_Response( $output, 200 );
			$response->header( 'X-Item-Count', $count );
			$response->header( 'X-Item-Total', $total );

			return $response;
		}

		$entries = $view->get_entries( new Request( $request ) );

		if ( ! $entries->all() ) {
			return new \WP_Error( 'gravityview-no-entries', __( 'No Entries found.', 'gravityview' ) );
		}

		if ( 'csv' === $format ) {
			ob_start();

			$csv = fopen( 'php://output', 'w' );

			/** Da' BOM :) */
			if ( apply_filters( 'gform_include_bom_export_entries', true, $view->form ? $view->form->form : null ) ) {
				fputs( $csv, "\xef\xbb\xbf" );

			}

			$headers_done = false;

			foreach ( $entries->all() as $entry ) {
				$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory', '\GV\Field_CSV_Template' );

				if ( ! $headers_done ) {
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
					$headers_done = fputcsv( $csv, array_map( array( '\GV\Utils', 'strip_excel_formulas' ), array_keys( $entry ) ) );

				}

				fputcsv( $csv, array_map( array( '\GV\Utils', 'strip_excel_formulas' ), $entry ) );

			}

			$response = new \WP_REST_Response( rtrim( ob_get_clean() ), 200 );
			$response->header( 'X-Item-Count', $entries->count() );
			$response->header( 'X-Item-Total', $entries->total() );

			return $response;
		}

		$data = array( 'entries' => $entries->all(), 'total' => $entries->total() );

		foreach ( $data['entries'] as &$entry ) {
			$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
		}

		return new \WP_REST_Response( $data, 200 );
	}

	/**
	 * Get one entry from view
	 *
	 * Callback for /v1/views/{id}/entries/{id}/
	 *
	 * @uses GVCommon::get_entry
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_sub_item( $request ) {
		$url      = $request->get_url_params();
		$view_id  = intval( $url['id'] );
		$entry_id = intval( $url['s_id'] );
		$format   = \GV\Utils::get( $url, 'format', 'json' );

		$view  = \GV\View::by_id( $view_id );
		$entry = \GV\GF_Entry::by_id( $entry_id );

		if ( $format === 'html' ) {

			$renderer = new \GV\Entry_Renderer();
			return $renderer->render( $entry, $view, new Request( $request ) );
		}

		return $this->prepare_entry_for_response( $view, $entry, $request, 'single' );
	}

	/**
	 * Prepare the item for the REST response
	 *
	 * @since 2.0
	 * @param \WP_Post $view_post WordPress representation of the item.
	 * @param \WP_REST_Request $request Request object.
	 * @return mixed
	 */
	public function prepare_view_for_response( $view_post, \WP_REST_Request $request ) {
		if ( is_wp_error( $this->get_item_permissions_check( $request, $view_post->ID ) ) ) {
			// Redacted out view.
			return array( 'ID' => $view_post->ID, 'post_content' => __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		$view = \GV\View::from_post( $view_post );

		$item = $view->as_data();

		// Add all the WP_Post data
		$view_post = $view_post->to_array();

		unset( $view_post['to_ping'], $view_post['ping_status'], $view_post['pinged'], $view_post['post_type'], $view_post['filter'], $view_post['post_category'], $view_post['tags_input'], $view_post['post_content'], $view_post['post_content_filtered'] );

		$return = wp_parse_args( $item, $view_post );

		$return['title'] = $return['post_title'];

		$return['settings'] = isset( $return['atts'] ) ? $return['atts'] : array();
		unset( $return['atts'], $return['view_id'] );

		$return['search_criteria'] = array(
			'page_size' => rgars( $return, 'settings/page_size' ),
			'sort_field' => rgars( $return, 'settings/sort_field' ),
			'sort_direction' => rgars( $return, 'settings/sort_direction' ),
			'offset' => rgars( $return, 'settings/offset' ),
		);

		unset( $return['settings']['page_size'], $return['settings']['sort_field'], $return['settings']['sort_direction'] );

		// Redact for non-logged ins
		if ( ! \GVCommon::has_cap( 'edit_others_gravityviews' ) ) {
			unset( $return['settings'] );
			unset( $return['search_criteria'] );
		}
		
		if ( ! \GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
			unset( $return['form'] );
		}

		return $return;
	}

	/**
	 * @param \WP_REST_Request $request
	 *
	 * @return bool|\WP_Error
	 */
	public function get_item_permissions_check( $request ) {
		if ( func_num_args() === 2 ) {

			$view_id = func_get_arg( 1 ); // $view_id override
		} else {
			$url     = $request->get_url_params();
			$view_id = intval( $url['id'] );
		}

		if ( ! $view = \GV\View::by_id( $view_id ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		while ( $error = $view->can_render( array( 'rest' ), $request ) ) {

			if ( ! is_wp_error( $error ) ) {
				break;
			}

			switch ( str_replace( 'gravityview/', '', $error->get_error_code() ) ) {
				case 'rest_disabled':
				case 'post_password_required':
				case 'not_public':
				case 'embed_only':
				case 'no_direct_access':
					return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
				case 'no_form_attached':
					return new \WP_Error( 'rest_forbidden', __( 'This View is not configured properly.', 'gravityview' ) );
			}
		}

		/**
		 * @filter `gravityview/view/output/rest` Disable rest output. Final chance.
		 * @param[in,out] bool Enable or not.
		 * @param \GV\View $view The view.
		 */
		if ( ! apply_filters( 'gravityview/view/output/rest', true, $view ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		return true;
	}

	public function get_sub_item_permissions_check( $request ) {
		// Accessing a single entry needs the View access permissions.
		if ( is_wp_error( $error = $this->get_items_permissions_check( $request ) ) ) {
			return $error;
		}

		$url     = $request->get_url_params();
		$view_id = intval( $url['id'] );
		$entry_id = intval( $url['s_id'] );

		$view = \GV\View::by_id( $view_id );

		if ( ! $entry = \GV\GF_Entry::by_id( $entry_id ) ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( $entry['form_id'] != $view->form->ID ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( $entry['status'] != 'active' ) {

			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( apply_filters( 'gravityview_custom_entry_slug', false ) && $entry->slug != get_query_var( \GV\Entry::get_endpoint_name() ) ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		$is_admin_and_can_view = $view->settings->get( 'admin_show_all_statuses' ) && \GVCommon::has_cap('gravityview_moderate_entries', $view->ID );


		if ( $view->settings->get( 'show_only_approved' ) && ! $is_admin_and_can_view ) {
			if ( ! \GravityView_Entry_Approval_Status::is_approved( gform_get_meta( $entry->ID, \GravityView_Entry_Approval::meta_key ) )  ) {
				return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
			}
		}

		return true;
	}

	public function get_items_permissions_check( $request ) {
		// Getting a list of all Views is always possible.
		return true;
	}

	public function get_sub_items_permissions_check( $request ) {
		// Accessing all entries of a View needs the same permissions as accessing the View.
		return $this->get_item_permissions_check( $request );
	}
}


Pull Request — master (#1147)

Views_Route::get_item() A

Complexity

Size

Duplication

Code Coverage

Importance

1. Pass all data via parameters

2. Create a class that maintains your state

1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 18 and the first side effect is on line 15. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2		/**
3		* @package GravityView
4		* @license GPL2+
5		* @author Josh Pollock <[email protected]>
6		* @link http://gravityview.co
7		* @copyright Copyright 2015, Katz Web Services, Inc.
8		*
9		* @since 2.0
10		*/
11		namespace GV\REST;
12
13		/** If this file is called directly, abort. */
14	1	if ( ! defined( 'GRAVITYVIEW_DIR' ) ) {
15		die();
16		}
17
18		class Views_Route extends Route {
19		/**
20		* Route Name
21		*
22		* @since 2.0
23		*
24		* @access protected
25		* @string
26		*/
27		protected $route_name = 'views';
28
29		/**
30		* Sub type, forms {$namespace}/route_name/{id}/sub_type type endpoints
31		*
32		* @since 2.0
33		* @access protected
34		* @var string
35		*/
36		protected $sub_type = 'entries';
37
38
39		/**
40		* Get a collection of views
41		*
42		* Callback for GET /v1/views/
43		*
44		* @param \WP_REST_Request $request Full data about the request.
45		* @return \WP_Error\|\WP_REST_Response
46		*/
47	3	public function get_items( $request ) {
48
49	3	$page = $request->get_param( 'page' );
50	3	$limit = $request->get_param( 'limit' );
51
52	3	$items = \GVCommon::get_all_views( array(
53	3	'posts_per_page' => $limit,
54	3	'paged' => $page,
55		) );
56
57	3	if ( empty( $items ) ) {
58		return new \WP_Error( 'gravityview-no-views', __( 'No Views found.', 'gravityview' ) ); //@todo message
59		}
60
61		$data = array(
62	3	'views' => array(),
63	3	'total' => wp_count_posts( 'gravityview' )->publish,
64		);
65	3	foreach ( $items as $item ) {
66	3	$data['views'][] = $this->prepare_view_for_response( $item, $request );
67		}
68
69	3	return new \WP_REST_Response( $data, 200 );
70		}
71
72		/**
73		* Get one view
74		*
75		* Callback for /v1/views/{id}/
76		*
77		* @since 2.0
78		* @param \WP_REST_Request $request Full data about the request.
79		* @return \WP_Error\|\WP_REST_Response
80		*/
81	2	public function get_item( $request ) {
82
83	2	$url = $request->get_url_params();
84
85	2	$view_id = intval( $url['id'] );
86
87	2	$item = get_post( $view_id );
88
89		//return a response or error based on some conditional
90	2	if ( $item && ! is_wp_error( $item ) ) {
91	2	$data = $this->prepare_view_for_response( $item, $request );
92	2	return new \WP_REST_Response( $data, 200 );
93		}
94
95		return new \WP_Error( 'code', sprintf( 'A View with ID #%d was not found.', $view_id ) );
96		}
97
98		/**
99		* Prepare the item for the REST response
100		*
101		* @since 2.0
102		* @param \GV\View $view The view.
103		* @param \GV\Entry $entry WordPress representation of the item.
104		* @param \WP_REST_Request $request Request object.
105		* @param string $context The context (directory, single)
106		* @param string $class The value renderer. Default: null (raw value)
107		*
108		* @since 2.1 Add value renderer override $class parameter.
109		*
110		* @return mixed The data that is sent.
111		*/
112	5	public function prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context, $class = null ) {
113
114		// Only output the fields that should be displayed.
115	5	$allowed = array();
116	5	foreach ( $view->fields->by_position( "{$context}_*" )->by_visible()->all() as $field ) {
117	5	$allowed[ $field->ID ] = $field;
118		}
119
120		/**
121		* @filter `gravityview/rest/entry/fields` Whitelist more entry fields that are output in regular REST requests.
122		* @param[in,out] array $allowed The allowed ones, default by_visible, by_position( "context_*" ), i.e. as set in the view.
123		* @param \GV\View $view The view.
124		* @param \GV\Entry $entry WordPress representation of the item.
125		* @param \WP_REST_Request $request Request object.
126		* @param string $context The context (directory, single)
127		*/
128	5	$allowed_field_ids = apply_filters( 'gravityview/rest/entry/fields', array_keys( $allowed ), $view, $entry, $request, $context );
129
130	5	$r = new Request( $request );
131	5	$return = array();
132	5	$renderer = null;
133
134	5	if ( $class ) {
		0 ignored issues – show Bug Best Practice introduced 2018-08-24 12:16 UTC by Report Bug Copy Issue Report The expression `$class` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
135	2	$renderer = new \GV\Field_Renderer();
136		}
137
138	5	foreach ( $allowed_field_ids as $field_id ) {
139	5	$source = is_numeric( $field_id ) ? $view->form : new \GV\Internal_Source();
140
141	5	if ( isset( $allowed[ $field_id ] ) ) {
142	5	$field = $allowed[ $field_id ];
143		} else {
144	2	$field = is_numeric( $field_id ) ? \GV\GF_Field::by_id( $view->form, $field_id ) : \GV\Internal_Field::by_id( $field_id );
145		}
146
147	5	if ( $class ) {
		0 ignored issues – show Bug Best Practice introduced 2018-08-24 12:16 UTC by Report Bug Copy Issue Report The expression `$class` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
148	2	$return[ $field->ID ] = $renderer->render( $field, $view, $source, $entry, $r, $class );
149		} else {
150	5	$return[ $field->ID ] = $field->get_value( $view, $source, $entry, $r );
151		}
152		}
153
154	5	return $return;
155		}
156
157		/**
158		* Get entries from a view
159		*
160		* Callback for /v1/views/{id}/entries/
161		*
162		* @since 2.0
163		* @param \WP_REST_Request $request Full data about the request.
164		* @return \WP_Error\|\WP_REST_Response
165		*/
166	4	public function get_sub_items( $request ) {
167
168	4	$url = $request->get_url_params();
169	4	$view_id = intval( $url['id'] );
170	4	$format = \GV\Utils::get( $url, 'format', 'json' );
171
172	4	if( $post_id = $request->get_param('post_id') ) {
		0 ignored issues – show Coding Style introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Expected 1 spaces after opening bracket; 0 found Loading history... Coding Style introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Expected 1 spaces before closing bracket; 0 found Loading history...
173		global $post;
		0 ignored issues – show Compatibility Best Practice introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
174
175		$post = get_post( $post_id );
		0 ignored issues – show introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Overridding WordPress globals is prohibited Loading history...
176
177		if ( ! $post \|\| is_wp_error( $post ) ) {
178		return new \WP_Error( 'gravityview-post-not-found', sprintf( 'A post with ID #%d was not found.', $post_id ) );
179		}
180
181		$collection = \GV\View_Collection::from_post( $post );
182
183		if ( ! $collection->contains( $view_id ) ) {
184		return new \WP_Error( 'gravityview-post-not-contains', sprintf( 'The post with ID #%d does not contain a View with ID #%d', $post_id, $view_id ) );
185		}
186		}
187
188	4	$view = \GV\View::by_id( $view_id );
189
190	4	if ( 'html' === $format ) {
191
192	1	$renderer = new \GV\View_Renderer();
193	1	$count = $total = 0;
194
195		/** @var \GV\Template_Context $context */
196	1	add_action( 'gravityview/template/view/render', function( $context ) use ( &$count, &$total ) {
197	1	$count = $context->entries->count();
198	1	$total = $context->entries->total();
199	1	} );
200
201	1	$output = $renderer->render( $view, new Request( $request ) );
202
203		/**
204		* @filter `gravityview/rest/entries/html/insert_meta` Whether to include `http-equiv` meta tags in the HTML output describing the data
205		* @since 2.0
206		* @param bool $insert_meta Add <meta> tags? [Default: true]
207		* @param int $count The number of entries being rendered
208		* @param \GV\View $view The view.
209		* @param \WP_REST_Request $request Request object.
210		* @param int $total The number of total entries for the request
211		*/
212	1	$insert_meta = apply_filters( 'gravityview/rest/entries/html/insert_meta', true, $count, $view, $request, $total );
213
214	1	if ( $insert_meta ) {
215	1	$output = '<meta http-equiv="X-Item-Count" content="' . $count . '" />' . $output;
216	1	$output = '<meta http-equiv="X-Item-Total" content="' . $total . '" />' . $output;
217		}
218
219	1	$response = new \WP_REST_Response( $output, 200 );
220	1	$response->header( 'X-Item-Count', $count );
221	1	$response->header( 'X-Item-Total', $total );
222
223	1	return $response;
224		}
225
226	4	$entries = $view->get_entries( new Request( $request ) );
227
228	4	if ( ! $entries->all() ) {
229		return new \WP_Error( 'gravityview-no-entries', __( 'No Entries found.', 'gravityview' ) );
230		}
231
232	4	if ( 'csv' === $format ) {
233	2	ob_start();
234
235	2	$csv = fopen( 'php://output', 'w' );
236
237		/** Da' BOM :) */
238	2	if ( apply_filters( 'gform_include_bom_export_entries', true, $view->form ? $view->form->form : null ) ) {
239	2	fputs( $csv, "\xef\xbb\xbf" );
		0 ignored issues – show introduced 2018-08-11 22:38 UTC by Report Bug Copy Issue Report Filesystem writes are forbidden, you should not be using fputs() Loading history...
240		}
241
242	2	$headers_done = false;
243
244	2	foreach ( $entries->all() as $entry ) {
245	2	$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory', '\GV\Field_CSV_Template' );
246
247	2	if ( ! $headers_done ) {
		0 ignored issues – show Bug Best Practice introduced 2018-08-24 12:16 UTC by Report Bug Copy Issue Report The expression `$headers_done` of type `false\|integer` is loosely compared to `false`; this is ambiguous if the integer can be zero. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history...
248	2	$headers_done = fputcsv( $csv, array_map( array( '\GV\Utils', 'strip_excel_formulas' ), array_keys( $entry ) ) );
		0 ignored issues – show introduced 2018-08-24 12:16 UTC by Report Bug Copy Issue Report Filesystem writes are forbidden, you should not be using fputcsv() Loading history...
249		}
250
251	2	fputcsv( $csv, array_map( array( '\GV\Utils', 'strip_excel_formulas' ), $entry ) );
		0 ignored issues – show introduced 2018-08-24 12:16 UTC by Report Bug Copy Issue Report Filesystem writes are forbidden, you should not be using fputcsv() Loading history...
252		}
253
254	2	$response = new \WP_REST_Response( rtrim( ob_get_clean() ), 200 );
255	2	$response->header( 'X-Item-Count', $entries->count() );
256	2	$response->header( 'X-Item-Total', $entries->total() );
257
258	2	return $response;
259		}
260
261	3	$data = array( 'entries' => $entries->all(), 'total' => $entries->total() );
262
263	3	foreach ( $data['entries'] as &$entry ) {
264	3	$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
265		}
266
267	3	return new \WP_REST_Response( $data, 200 );
268		}
269
270		/**
271		* Get one entry from view
272		*
273		* Callback for /v1/views/{id}/entries/{id}/
274		*
275		* @uses GVCommon::get_entry
276		* @since 2.0
277		* @param \WP_REST_Request $request Full data about the request.
278		* @return \WP_Error\|\WP_REST_Response
279		*/
280	2	public function get_sub_item( $request ) {
281	2	$url = $request->get_url_params();
282	2	$view_id = intval( $url['id'] );
283	2	$entry_id = intval( $url['s_id'] );
284	2	$format = \GV\Utils::get( $url, 'format', 'json' );
285
286	2	$view = \GV\View::by_id( $view_id );
287	2	$entry = \GV\GF_Entry::by_id( $entry_id );
288
289	2	if ( $format === 'html' ) {
		0 ignored issues – show introduced 2018-08-21 23:56 UTC by Report Bug Copy Issue Report Found "=== '". Use Yoda Condition checks, you must Loading history...
290	1	$renderer = new \GV\Entry_Renderer();
291	1	return $renderer->render( $entry, $view, new Request( $request ) );
292		}
293
294	2	return $this->prepare_entry_for_response( $view, $entry, $request, 'single' );
295		}
296
297		/**
298		* Prepare the item for the REST response
299		*
300		* @since 2.0
301		* @param \WP_Post $view_post WordPress representation of the item.
302		* @param \WP_REST_Request $request Request object.
303		* @return mixed
304		*/
305	4	public function prepare_view_for_response( $view_post, \WP_REST_Request $request ) {
306	4	if ( is_wp_error( $this->get_item_permissions_check( $request, $view_post->ID ) ) ) {
307		// Redacted out view.
308	1	return array( 'ID' => $view_post->ID, 'post_content' => __( 'You are not allowed to access this content.', 'gravityview' ) );
309		}
310
311	4	$view = \GV\View::from_post( $view_post );
312
313	4	$item = $view->as_data();
314
315		// Add all the WP_Post data
316	4	$view_post = $view_post->to_array();
317
318	4	unset( $view_post['to_ping'], $view_post['ping_status'], $view_post['pinged'], $view_post['post_type'], $view_post['filter'], $view_post['post_category'], $view_post['tags_input'], $view_post['post_content'], $view_post['post_content_filtered'] );
319
320	4	$return = wp_parse_args( $item, $view_post );
321
322	4	$return['title'] = $return['post_title'];
323
324	4	$return['settings'] = isset( $return['atts'] ) ? $return['atts'] : array();
325	4	unset( $return['atts'], $return['view_id'] );
326
327	4	$return['search_criteria'] = array(
328	4	'page_size' => rgars( $return, 'settings/page_size' ),
329	4	'sort_field' => rgars( $return, 'settings/sort_field' ),
330	4	'sort_direction' => rgars( $return, 'settings/sort_direction' ),
331	4	'offset' => rgars( $return, 'settings/offset' ),
332		);
333
334	4	unset( $return['settings']['page_size'], $return['settings']['sort_field'], $return['settings']['sort_direction'] );
335
336		// Redact for non-logged ins
337	4	if ( ! \GVCommon::has_cap( 'edit_others_gravityviews' ) ) {
338	4	unset( $return['settings'] );
339	4	unset( $return['search_criteria'] );
340		}
341
342	4	if ( ! \GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
343	4	unset( $return['form'] );
344		}
345
346	4	return $return;
347		}
348
349		/**
350		* @param \WP_REST_Request $request
351		*
352		* @return bool\|\WP_Error
353		*/
354	6	public function get_item_permissions_check( $request ) {
355	6	if ( func_num_args() === 2 ) {
		0 ignored issues – show introduced 2018-08-21 23:56 UTC by Report Bug Copy Issue Report Found "=== 2". Use Yoda Condition checks, you must Loading history...
356	4	$view_id = func_get_arg( 1 ); // $view_id override
357		} else {
358	5	$url = $request->get_url_params();
359	5	$view_id = intval( $url['id'] );
360		}
361
362	6	if ( ! $view = \GV\View::by_id( $view_id ) ) {
363		return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
364		}
365
366	6	while ( $error = $view->can_render( array( 'rest' ), $request ) ) {
367
368	6	if ( ! is_wp_error( $error ) ) {
369	6	break;
370		}
371
372	1	switch ( str_replace( 'gravityview/', '', $error->get_error_code() ) ) {
373	1	case 'rest_disabled':
374	1	case 'post_password_required':
375	1	case 'not_public':
376		case 'embed_only':
377		case 'no_direct_access':
378	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
379		case 'no_form_attached':
380		return new \WP_Error( 'rest_forbidden', __( 'This View is not configured properly.', 'gravityview' ) );
381		}
382		}
383
384		/**
385		* @filter `gravityview/view/output/rest` Disable rest output. Final chance.
386		* @param[in,out] bool Enable or not.
387		* @param \GV\View $view The view.
388		*/
389	6	if ( ! apply_filters( 'gravityview/view/output/rest', true, $view ) ) {
390	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
391		}
392
393	6	return true;
394		}
395
396	2	public function get_sub_item_permissions_check( $request ) {
397		// Accessing a single entry needs the View access permissions.
398	2	if ( is_wp_error( $error = $this->get_items_permissions_check( $request ) ) ) {
399		return $error;
400		}
401
402	2	$url = $request->get_url_params();
403	2	$view_id = intval( $url['id'] );
404	2	$entry_id = intval( $url['s_id'] );
405
406	2	$view = \GV\View::by_id( $view_id );
407
408	2	if ( ! $entry = \GV\GF_Entry::by_id( $entry_id ) ) {
409		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
410		}
411
412	2	if ( $entry['form_id'] != $view->form->ID ) {
413		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
414		}
415
416	2	if ( $entry['status'] != 'active' ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "!= '". Use Yoda Condition checks, you must Loading history...
417		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
418		}
419
420	2	if ( apply_filters( 'gravityview_custom_entry_slug', false ) && $entry->slug != get_query_var( \GV\Entry::get_endpoint_name() ) ) {
421		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
422		}
423
424	2	$is_admin_and_can_view = $view->settings->get( 'admin_show_all_statuses' ) && \GVCommon::has_cap('gravityview_moderate_entries', $view->ID );
		0 ignored issues – show Coding Style introduced 2018-05-23 23:24 UTC by Report Bug Copy Issue Report Expected 1 spaces after opening bracket; 0 found Loading history...
425
426	2	if ( $view->settings->get( 'show_only_approved' ) && ! $is_admin_and_can_view ) {
427	1	if ( ! \GravityView_Entry_Approval_Status::is_approved( gform_get_meta( $entry->ID, \GravityView_Entry_Approval::meta_key ) ) ) {
428	1	return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
429		}
430		}
431
432	2	return true;
433		}
434
435	4	public function get_items_permissions_check( $request ) {
436		// Getting a list of all Views is always possible.
437	4	return true;
438		}
439
440	4	public function get_sub_items_permissions_check( $request ) {
441		// Accessing all entries of a View needs the same permissions as accessing the View.
442	4	return $this->get_item_permissions_check( $request );
443		}
444		}
445

gravityview / GravityView

Pull Request — master (#1147)

Views_Route::get_item() A

Complexity

Size

Duplication

Code Coverage

Importance

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like