Views_Route::get_items() - Code Metrics - Inspection of "Merge pull request #1143 from gravityview/feature/..." - gravityview/GravityView - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( e63648...3edd81 )

by Zack

created 2018-08-22 16:31 UTC

Views_Route::get_items() A

↳ Parent: Views_Route

Complexity

Conditions	3
Paths	3

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	12
CRAP Score	3.004

Importance

Changes

Metric	Value
cc	3
nc	3
nop	1
dl	0
loc	24
ccs	12
cts	13
cp	0.9231
crap	3.004
rs	9.536
c	0
b	0
f	0

<?php

/**
 * @package   GravityView
 * @license   GPL2+
 * @author    Josh Pollock <[email protected]>
 * @link      http://gravityview.co
 * @copyright Copyright 2015, Katz Web Services, Inc.
 *
 * @since 2.0
 */
namespace GV\REST;

/** If this file is called directly, abort. */
if ( ! defined( 'GRAVITYVIEW_DIR' ) ) {
	die();
}

class Views_Route extends Route {
	/**
	 * Route Name
	 *
	 * @since 2.0
	 *
	 * @access protected
	 * @string
	 */
	protected $route_name = 'views';

	/**
	 * Sub type, forms {$namespace}/route_name/{id}/sub_type type endpoints
	 *
	 * @since 2.0
	 * @access protected
	 * @var string
	 */
	protected $sub_type = 'entries';


	/**
	 * Get a collection of views
	 *
	 * Callback for GET /v1/views/
	 *
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_items( $request ) {

		$page = $request->get_param( 'page' );
		$limit = $request->get_param( 'limit' );

		$items = \GVCommon::get_all_views( array(
			'posts_per_page' => $limit,
			'paged' => $page,
		) );

		if ( empty( $items ) ) {
			return new \WP_Error( 'gravityview-no-views', __( 'No Views found.', 'gravityview' ) ); //@todo message
		}

		$data = array(
			'views' => array(),
			'total' => wp_count_posts( 'gravityview' )->publish,
		);
		foreach ( $items as $item ) {
			$data['views'][] = $this->prepare_view_for_response( $item, $request );
		}

		return new \WP_REST_Response( $data, 200 );
	}

	/**
	 * Get one view
	 *
	 * Callback for /v1/views/{id}/
	 *
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_item( $request ) {

		$url = $request->get_url_params();

		$view_id = intval( $url['id'] );

		$item = get_post( $view_id );

		//return a response or error based on some conditional
		if ( $item && ! is_wp_error( $item ) ) {
			$data = $this->prepare_view_for_response( $item, $request );
			return new \WP_REST_Response( $data, 200 );
		}

		return new \WP_Error( 'code', sprintf( 'A View with ID #%d was not found.', $view_id ) );
	}

	/**
	 * Prepare the item for the REST response
	 *
	 * @since 2.0
	 * @param \GV\View $view The view.
	 * @param \GV\Entry $entry WordPress representation of the item.
	 * @param \WP_REST_Request $request Request object.
	 * @param string $context The context (directory, single)
	 * @return mixed The data that is sent.
	 */
	public function prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context ) {
		$return = $entry->as_entry();

		// Only output the fields that should be displayed.
		$allowed = array();
		foreach ( $view->fields->by_position( "{$context}_*" )->by_visible()->all() as $field ) {
			$allowed[] = $field->ID;
		}

		/**
		 * @filter `gravityview/rest/entry/fields` Whitelist more entry fields that are output in regular REST requests.
		 * @param[in,out] array $allowed The allowed ones, default by_visible, by_position( "context_*" ), i.e. as set in the view.
		 * @param \GV\View $view The view.
		 * @param \GV\Entry $entry WordPress representation of the item.
		 * @param \WP_REST_Request $request Request object.
		 * @param string $context The context (directory, single)
		 */
		$allowed = apply_filters( 'gravityview/rest/entry/fields', $allowed, $view, $entry, $request, $context );

		foreach ( $return as $key => $value ) {
			if ( ! in_array( $key, $allowed ) ) {
				unset( $return[ $key ] );
			}
		}

		$r = new Request( $request );

		foreach ( $allowed as $field ) {
			$source = is_numeric( $field ) ? $view->form : new \GV\Internal_Source();
			$field  = is_numeric( $field ) ? \GV\GF_Field::by_id( $view->form, $field ) : \GV\Internal_Field::by_id( $field );

			$return[ $field->ID ] = $field->get_value( $view, $source, $entry, $r );
		}

		// @todo Set the labels!

		return $return;
	}

	/**
	 * Get entries from a view
	 *
	 * Callback for /v1/views/{id}/entries/
	 *
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_sub_items( $request ) {

		$url     = $request->get_url_params();
		$view_id = intval( $url['id'] );
		$format  = \GV\Utils::get( $url, 'format', 'json' );

		if( $post_id = $request->get_param('post_id') ) {

			global $post;
function myFunction($a, $b) {
    // Do something
}

			$post = get_post( $post_id );


			if ( ! $post || is_wp_error( $post ) ) {
				return new \WP_Error( 'gravityview-post-not-found', sprintf( 'A post with ID #%d was not found.', $post_id ) );
			}

			$collection = \GV\View_Collection::from_post( $post );

			if ( ! $collection->contains( $view_id ) ) {
				return new \WP_Error( 'gravityview-post-not-contains', sprintf( 'The post with ID #%d does not contain a View with ID #%d', $post_id, $view_id ) );
			}
		}

		$view = \GV\View::by_id( $view_id );

		if ( 'html' === $format ) {

			$renderer = new \GV\View_Renderer();
			$count = $total = 0;

			/** @var \GV\Template_Context $context */
			add_action( 'gravityview/template/view/render', function( $context ) use ( &$count, &$total ) {
				$count = $context->entries->count();
				$total = $context->entries->total();
			} );

			$output = $renderer->render( $view, new Request( $request ) );

			/**
			 * @filter `gravityview/rest/entries/html/insert_meta` Whether to include `http-equiv` meta tags in the HTML output describing the data
			 * @since 2.0
			 * @param bool $insert_meta Add <meta> tags? [Default: true]
			 * @param int $count The number of entries being rendered
			 * @param \GV\View $view The view.
			 * @param \WP_REST_Request $request Request object.
			 * @param int $total The number of total entries for the request
			 */
			$insert_meta = apply_filters( 'gravityview/rest/entries/html/insert_meta', true, $count, $view, $request, $total );

			if ( $insert_meta ) {
				$output = '<meta http-equiv="X-Item-Count" content="' . $count . '" />' . $output;
				$output = '<meta http-equiv="X-Item-Total" content="' . $total . '" />' . $output;
			}

			$response = new \WP_REST_Response( $output, 200 );
			$response->header( 'X-Item-Count', $count );
			$response->header( 'X-Item-Total', $total );

			return $response;
		}

		$entries = $view->get_entries( new Request( $request ) );

		if ( ! $entries->all() ) {
			return new \WP_Error( 'gravityview-no-entries', __( 'No Entries found.', 'gravityview' ) );
		}

		if ( 'csv' === $format ) {
			ob_start();

			$csv = fopen( 'php://output', 'w' );

			/** Da' BOM :) */
			if ( apply_filters( 'gform_include_bom_export_entries', true, $view->form->form ) ) {
				fputs( $csv, "\xef\xbb\xbf" );

			}

			$headers_done = false;

			foreach ( $entries->all() as $entry ) {
				$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );

				if ( ! $headers_done ) {
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
					$headers_done = fputcsv( $csv, array_keys( $entry ) );

				}

				fputcsv( $csv, array_map( 'gravityview_strip_excel_formulas', $entry ) );

			}

			$response = new \WP_REST_Response( ob_get_clean(), 200 );
			$response->header( 'X-Item-Count', $entries->count() );
			$response->header( 'X-Item-Total', $entries->total() );

			return $response;
		}

		$data = array( 'entries' => $entries->all(), 'total' => $entries->total() );

		foreach ( $data['entries'] as &$entry ) {
			$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
		}

		return new \WP_REST_Response( $data, 200 );
	}

	/**
	 * Get one entry from view
	 *
	 * Callback for /v1/views/{id}/entries/{id}/
	 *
	 * @uses GVCommon::get_entry
	 * @since 2.0
	 * @param \WP_REST_Request $request Full data about the request.
	 * @return \WP_Error|\WP_REST_Response
	 */
	public function get_sub_item( $request ) {
		$url      = $request->get_url_params();
		$view_id  = intval( $url['id'] );
		$entry_id = intval( $url['s_id'] );
		$format   = \GV\Utils::get( $url, 'format', 'json' );

		$view  = \GV\View::by_id( $view_id );
		$entry = \GV\GF_Entry::by_id( $entry_id );

		if ( $format === 'html' ) {

			$renderer = new \GV\Entry_Renderer();
			return $renderer->render( $entry, $view, new Request( $request ) );
		}

		return $this->prepare_entry_for_response( $view, $entry, $request, 'single' );
	}

	/**
	 * Prepare the item for the REST response
	 *
	 * @since 2.0
	 * @param \WP_Post $view_post WordPress representation of the item.
	 * @param \WP_REST_Request $request Request object.
	 * @return mixed
	 */
	public function prepare_view_for_response( $view_post, \WP_REST_Request $request ) {
		if ( is_wp_error( $this->get_item_permissions_check( $request, $view_post->ID ) ) ) {
			// Redacted out view.
			return array( 'ID' => $view_post->ID, 'post_content' => __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		$view = \GV\View::from_post( $view_post );

		$item = $view->as_data();

		// Add all the WP_Post data
		$view_post = $view_post->to_array();

		unset( $view_post['to_ping'], $view_post['ping_status'], $view_post['pinged'], $view_post['post_type'], $view_post['filter'], $view_post['post_category'], $view_post['tags_input'], $view_post['post_content'], $view_post['post_content_filtered'] );

		$return = wp_parse_args( $item, $view_post );

		$return['title'] = $return['post_title'];

		$return['settings'] = isset( $return['atts'] ) ? $return['atts'] : array();
		unset( $return['atts'], $return['view_id'] );

		$return['search_criteria'] = array(
			'page_size' => rgars( $return, 'settings/page_size' ),
			'sort_field' => rgars( $return, 'settings/sort_field' ),
			'sort_direction' => rgars( $return, 'settings/sort_direction' ),
			'offset' => rgars( $return, 'settings/offset' ),
		);

		unset( $return['settings']['page_size'], $return['settings']['sort_field'], $return['settings']['sort_direction'] );

		// Redact for non-logged ins
		if ( ! \GVCommon::has_cap( 'edit_others_gravityviews' ) ) {
			unset( $return['settings'] );
			unset( $return['search_criteria'] );
		}
		
		if ( ! \GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
			unset( $return['form'] );
		}

		return $return;
	}

	/**
	 * @param \WP_REST_Request $request
	 *
	 * @return bool|\WP_Error
	 */
	public function get_item_permissions_check( $request ) {
		if ( func_num_args() === 2 ) {

			$view_id = func_get_arg( 1 ); // $view_id override
		} else {
			$url     = $request->get_url_params();
			$view_id = intval( $url['id'] );
		}

		if ( ! $view = \GV\View::by_id( $view_id ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		while ( $error = $view->can_render( array( 'rest' ), $request ) ) {

			if ( ! is_wp_error( $error ) ) {
				break;
			}

			switch ( str_replace( 'gravityview/', '', $error->get_error_code() ) ) {
				case 'rest_disabled':
				case 'post_password_required':
				case 'not_public':
				case 'embed_only':
				case 'no_direct_access':
					return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
				case 'no_form_attached':
					return new \WP_Error( 'rest_forbidden', __( 'This View is not configured properly.', 'gravityview' ) );
			}
		}

		/**
		 * @filter `gravityview/view/output/rest` Disable rest output. Final chance.
		 * @param[in,out] bool Enable or not.
		 * @param \GV\View $view The view.
		 */
		if ( ! apply_filters( 'gravityview/view/output/rest', true, $view ) ) {
			return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
		}

		return true;
	}

	public function get_sub_item_permissions_check( $request ) {
		// Accessing a single entry needs the View access permissions.
		if ( is_wp_error( $error = $this->get_items_permissions_check( $request ) ) ) {
			return $error;
		}

		$url     = $request->get_url_params();
		$view_id = intval( $url['id'] );
		$entry_id = intval( $url['s_id'] );

		$view = \GV\View::by_id( $view_id );

		if ( ! $entry = \GV\GF_Entry::by_id( $entry_id ) ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( $entry['form_id'] != $view->form->ID ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( $entry['status'] != 'active' ) {

			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		if ( apply_filters( 'gravityview_custom_entry_slug', false ) && $entry->slug != get_query_var( \GV\Entry::get_endpoint_name() ) ) {
			return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
		}

		$is_admin_and_can_view = $view->settings->get( 'admin_show_all_statuses' ) && \GVCommon::has_cap('gravityview_moderate_entries', $view->ID );


		if ( $view->settings->get( 'show_only_approved' ) && ! $is_admin_and_can_view ) {
			if ( ! \GravityView_Entry_Approval_Status::is_approved( gform_get_meta( $entry->ID, \GravityView_Entry_Approval::meta_key ) )  ) {
				return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
			}
		}

		return true;
	}

	public function get_items_permissions_check( $request ) {
		// Getting a list of all Views is always possible.
		return true;
	}

	public function get_sub_items_permissions_check( $request ) {
		// Accessing all entries of a View needs the same permissions as accessing the View.
		return $this->get_item_permissions_check( $request );
	}
}


Push — develop ( e63648...3edd81 )

Views_Route::get_items() A

Complexity

Size

Duplication

Code Coverage

Importance

1. Pass all data via parameters

2. Create a class that maintains your state

1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 18 and the first side effect is on line 15. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2		/**
3		* @package GravityView
4		* @license GPL2+
5		* @author Josh Pollock <[email protected]>
6		* @link http://gravityview.co
7		* @copyright Copyright 2015, Katz Web Services, Inc.
8		*
9		* @since 2.0
10		*/
11		namespace GV\REST;
12
13		/** If this file is called directly, abort. */
14	1	if ( ! defined( 'GRAVITYVIEW_DIR' ) ) {
15		die();
16		}
17
18		class Views_Route extends Route {
19		/**
20		* Route Name
21		*
22		* @since 2.0
23		*
24		* @access protected
25		* @string
26		*/
27		protected $route_name = 'views';
28
29		/**
30		* Sub type, forms {$namespace}/route_name/{id}/sub_type type endpoints
31		*
32		* @since 2.0
33		* @access protected
34		* @var string
35		*/
36		protected $sub_type = 'entries';
37
38
39		/**
40		* Get a collection of views
41		*
42		* Callback for GET /v1/views/
43		*
44		* @param \WP_REST_Request $request Full data about the request.
45		* @return \WP_Error\|\WP_REST_Response
46		*/
47	3	public function get_items( $request ) {
48
49	3	$page = $request->get_param( 'page' );
50	3	$limit = $request->get_param( 'limit' );
51
52	3	$items = \GVCommon::get_all_views( array(
53	3	'posts_per_page' => $limit,
54	3	'paged' => $page,
55		) );
56
57	3	if ( empty( $items ) ) {
58		return new \WP_Error( 'gravityview-no-views', __( 'No Views found.', 'gravityview' ) ); //@todo message
59		}
60
61		$data = array(
62	3	'views' => array(),
63	3	'total' => wp_count_posts( 'gravityview' )->publish,
64		);
65	3	foreach ( $items as $item ) {
66	3	$data['views'][] = $this->prepare_view_for_response( $item, $request );
67		}
68
69	3	return new \WP_REST_Response( $data, 200 );
70		}
71
72		/**
73		* Get one view
74		*
75		* Callback for /v1/views/{id}/
76		*
77		* @since 2.0
78		* @param \WP_REST_Request $request Full data about the request.
79		* @return \WP_Error\|\WP_REST_Response
80		*/
81	2	public function get_item( $request ) {
82
83	2	$url = $request->get_url_params();
84
85	2	$view_id = intval( $url['id'] );
86
87	2	$item = get_post( $view_id );
88
89		//return a response or error based on some conditional
90	2	if ( $item && ! is_wp_error( $item ) ) {
91	2	$data = $this->prepare_view_for_response( $item, $request );
92	2	return new \WP_REST_Response( $data, 200 );
93		}
94
95		return new \WP_Error( 'code', sprintf( 'A View with ID #%d was not found.', $view_id ) );
96		}
97
98		/**
99		* Prepare the item for the REST response
100		*
101		* @since 2.0
102		* @param \GV\View $view The view.
103		* @param \GV\Entry $entry WordPress representation of the item.
104		* @param \WP_REST_Request $request Request object.
105		* @param string $context The context (directory, single)
106		* @return mixed The data that is sent.
107		*/
108	4	public function prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context ) {
109	4	$return = $entry->as_entry();
110
111		// Only output the fields that should be displayed.
112	4	$allowed = array();
113	4	foreach ( $view->fields->by_position( "{$context}_*" )->by_visible()->all() as $field ) {
114	4	$allowed[] = $field->ID;
115		}
116
117		/**
118		* @filter `gravityview/rest/entry/fields` Whitelist more entry fields that are output in regular REST requests.
119		* @param[in,out] array $allowed The allowed ones, default by_visible, by_position( "context_*" ), i.e. as set in the view.
120		* @param \GV\View $view The view.
121		* @param \GV\Entry $entry WordPress representation of the item.
122		* @param \WP_REST_Request $request Request object.
123		* @param string $context The context (directory, single)
124		*/
125	4	$allowed = apply_filters( 'gravityview/rest/entry/fields', $allowed, $view, $entry, $request, $context );
126
127	4	foreach ( $return as $key => $value ) {
128	4	if ( ! in_array( $key, $allowed ) ) {
129	4	unset( $return[ $key ] );
130		}
131		}
132
133	4	$r = new Request( $request );
134
135	4	foreach ( $allowed as $field ) {
136	4	$source = is_numeric( $field ) ? $view->form : new \GV\Internal_Source();
137	4	$field = is_numeric( $field ) ? \GV\GF_Field::by_id( $view->form, $field ) : \GV\Internal_Field::by_id( $field );
138
139	4	$return[ $field->ID ] = $field->get_value( $view, $source, $entry, $r );
140		}
141
142		// @todo Set the labels!
143
144	4	return $return;
145		}
146
147		/**
148		* Get entries from a view
149		*
150		* Callback for /v1/views/{id}/entries/
151		*
152		* @since 2.0
153		* @param \WP_REST_Request $request Full data about the request.
154		* @return \WP_Error\|\WP_REST_Response
155		*/
156	3	public function get_sub_items( $request ) {
157
158	3	$url = $request->get_url_params();
159	3	$view_id = intval( $url['id'] );
160	3	$format = \GV\Utils::get( $url, 'format', 'json' );
161
162	3	if( $post_id = $request->get_param('post_id') ) {
		0 ignored issues – show Coding Style introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Expected 1 spaces after opening bracket; 0 found Loading history... Coding Style introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Expected 1 spaces before closing bracket; 0 found Loading history...
163		global $post;
		0 ignored issues – show Compatibility Best Practice introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
164
165		$post = get_post( $post_id );
		0 ignored issues – show introduced 2018-07-23 02:00 UTC by Report Bug Copy Issue Report Overridding WordPress globals is prohibited Loading history...
166
167		if ( ! $post \|\| is_wp_error( $post ) ) {
168		return new \WP_Error( 'gravityview-post-not-found', sprintf( 'A post with ID #%d was not found.', $post_id ) );
169		}
170
171		$collection = \GV\View_Collection::from_post( $post );
172
173		if ( ! $collection->contains( $view_id ) ) {
174		return new \WP_Error( 'gravityview-post-not-contains', sprintf( 'The post with ID #%d does not contain a View with ID #%d', $post_id, $view_id ) );
175		}
176		}
177
178	3	$view = \GV\View::by_id( $view_id );
179
180	3	if ( 'html' === $format ) {
181
182	1	$renderer = new \GV\View_Renderer();
183	1	$count = $total = 0;
184
185		/** @var \GV\Template_Context $context */
186	1	add_action( 'gravityview/template/view/render', function( $context ) use ( &$count, &$total ) {
187	1	$count = $context->entries->count();
188	1	$total = $context->entries->total();
189	1	} );
190
191	1	$output = $renderer->render( $view, new Request( $request ) );
192
193		/**
194		* @filter `gravityview/rest/entries/html/insert_meta` Whether to include `http-equiv` meta tags in the HTML output describing the data
195		* @since 2.0
196		* @param bool $insert_meta Add <meta> tags? [Default: true]
197		* @param int $count The number of entries being rendered
198		* @param \GV\View $view The view.
199		* @param \WP_REST_Request $request Request object.
200		* @param int $total The number of total entries for the request
201		*/
202	1	$insert_meta = apply_filters( 'gravityview/rest/entries/html/insert_meta', true, $count, $view, $request, $total );
203
204	1	if ( $insert_meta ) {
205	1	$output = '<meta http-equiv="X-Item-Count" content="' . $count . '" />' . $output;
206	1	$output = '<meta http-equiv="X-Item-Total" content="' . $total . '" />' . $output;
207		}
208
209	1	$response = new \WP_REST_Response( $output, 200 );
210	1	$response->header( 'X-Item-Count', $count );
211	1	$response->header( 'X-Item-Total', $total );
212
213	1	return $response;
214		}
215
216	3	$entries = $view->get_entries( new Request( $request ) );
217
218	3	if ( ! $entries->all() ) {
219		return new \WP_Error( 'gravityview-no-entries', __( 'No Entries found.', 'gravityview' ) );
220		}
221
222	3	if ( 'csv' === $format ) {
223	1	ob_start();
224
225	1	$csv = fopen( 'php://output', 'w' );
226
227		/** Da' BOM :) */
228	1	if ( apply_filters( 'gform_include_bom_export_entries', true, $view->form->form ) ) {
229	1	fputs( $csv, "\xef\xbb\xbf" );
		0 ignored issues – show introduced 2018-08-11 22:38 UTC by Report Bug Copy Issue Report Filesystem writes are forbidden, you should not be using fputs() Loading history...
230		}
231
232	1	$headers_done = false;
233
234	1	foreach ( $entries->all() as $entry ) {
235	1	$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
236
237	1	if ( ! $headers_done ) {
		0 ignored issues – show Bug Best Practice introduced 2018-08-11 22:38 UTC by Report Bug Copy Issue Report The expression `$headers_done` of type `false\|integer` is loosely compared to `false`; this is ambiguous if the integer can be zero. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history...
238	1	$headers_done = fputcsv( $csv, array_keys( $entry ) );
		0 ignored issues – show introduced 2018-08-11 22:38 UTC by Report Bug Copy Issue Report Filesystem writes are forbidden, you should not be using fputcsv() Loading history...
239		}
240
241	1	fputcsv( $csv, array_map( 'gravityview_strip_excel_formulas', $entry ) );
		0 ignored issues – show introduced 2018-08-14 23:09 UTC by Report Bug Copy Issue Report Filesystem writes are forbidden, you should not be using fputcsv() Loading history...
242		}
243
244	1	$response = new \WP_REST_Response( ob_get_clean(), 200 );
245	1	$response->header( 'X-Item-Count', $entries->count() );
246	1	$response->header( 'X-Item-Total', $entries->total() );
247
248	1	return $response;
249		}
250
251	3	$data = array( 'entries' => $entries->all(), 'total' => $entries->total() );
252
253	3	foreach ( $data['entries'] as &$entry ) {
254	3	$entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
255		}
256
257	3	return new \WP_REST_Response( $data, 200 );
258		}
259
260		/**
261		* Get one entry from view
262		*
263		* Callback for /v1/views/{id}/entries/{id}/
264		*
265		* @uses GVCommon::get_entry
266		* @since 2.0
267		* @param \WP_REST_Request $request Full data about the request.
268		* @return \WP_Error\|\WP_REST_Response
269		*/
270	2	public function get_sub_item( $request ) {
271	2	$url = $request->get_url_params();
272	2	$view_id = intval( $url['id'] );
273	2	$entry_id = intval( $url['s_id'] );
274	2	$format = \GV\Utils::get( $url, 'format', 'json' );
275
276	2	$view = \GV\View::by_id( $view_id );
277	2	$entry = \GV\GF_Entry::by_id( $entry_id );
278
279	2	if ( $format === 'html' ) {
		0 ignored issues – show introduced 2018-08-21 23:56 UTC by Report Bug Copy Issue Report Found "=== '". Use Yoda Condition checks, you must Loading history...
280	1	$renderer = new \GV\Entry_Renderer();
281	1	return $renderer->render( $entry, $view, new Request( $request ) );
282		}
283
284	2	return $this->prepare_entry_for_response( $view, $entry, $request, 'single' );
285		}
286
287		/**
288		* Prepare the item for the REST response
289		*
290		* @since 2.0
291		* @param \WP_Post $view_post WordPress representation of the item.
292		* @param \WP_REST_Request $request Request object.
293		* @return mixed
294		*/
295	4	public function prepare_view_for_response( $view_post, \WP_REST_Request $request ) {
296	4	if ( is_wp_error( $this->get_item_permissions_check( $request, $view_post->ID ) ) ) {
297		// Redacted out view.
298	1	return array( 'ID' => $view_post->ID, 'post_content' => __( 'You are not allowed to access this content.', 'gravityview' ) );
299		}
300
301	4	$view = \GV\View::from_post( $view_post );
302
303	4	$item = $view->as_data();
304
305		// Add all the WP_Post data
306	4	$view_post = $view_post->to_array();
307
308	4	unset( $view_post['to_ping'], $view_post['ping_status'], $view_post['pinged'], $view_post['post_type'], $view_post['filter'], $view_post['post_category'], $view_post['tags_input'], $view_post['post_content'], $view_post['post_content_filtered'] );
309
310	4	$return = wp_parse_args( $item, $view_post );
311
312	4	$return['title'] = $return['post_title'];
313
314	4	$return['settings'] = isset( $return['atts'] ) ? $return['atts'] : array();
315	4	unset( $return['atts'], $return['view_id'] );
316
317	4	$return['search_criteria'] = array(
318	4	'page_size' => rgars( $return, 'settings/page_size' ),
319	4	'sort_field' => rgars( $return, 'settings/sort_field' ),
320	4	'sort_direction' => rgars( $return, 'settings/sort_direction' ),
321	4	'offset' => rgars( $return, 'settings/offset' ),
322		);
323
324	4	unset( $return['settings']['page_size'], $return['settings']['sort_field'], $return['settings']['sort_direction'] );
325
326		// Redact for non-logged ins
327	4	if ( ! \GVCommon::has_cap( 'edit_others_gravityviews' ) ) {
328	4	unset( $return['settings'] );
329	4	unset( $return['search_criteria'] );
330		}
331
332	4	if ( ! \GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
333	4	unset( $return['form'] );
334		}
335
336	4	return $return;
337		}
338
339		/**
340		* @param \WP_REST_Request $request
341		*
342		* @return bool\|\WP_Error
343		*/
344	5	public function get_item_permissions_check( $request ) {
345	5	if ( func_num_args() === 2 ) {
		0 ignored issues – show introduced 2018-08-21 23:56 UTC by Report Bug Copy Issue Report Found "=== 2". Use Yoda Condition checks, you must Loading history...
346	4	$view_id = func_get_arg( 1 ); // $view_id override
347		} else {
348	4	$url = $request->get_url_params();
349	4	$view_id = intval( $url['id'] );
350		}
351
352	5	if ( ! $view = \GV\View::by_id( $view_id ) ) {
353		return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
354		}
355
356	5	while ( $error = $view->can_render( array( 'rest' ), $request ) ) {
357
358	5	if ( ! is_wp_error( $error ) ) {
359	5	break;
360		}
361
362	1	switch ( str_replace( 'gravityview/', '', $error->get_error_code() ) ) {
363	1	case 'rest_disabled':
364	1	case 'post_password_required':
365	1	case 'not_public':
366		case 'embed_only':
367		case 'no_direct_access':
368	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
369		case 'no_form_attached':
370		return new \WP_Error( 'rest_forbidden', __( 'This View is not configured properly.', 'gravityview' ) );
371		}
372		}
373
374		/**
375		* @filter `gravityview/view/output/rest` Disable rest output. Final chance.
376		* @param[in,out] bool Enable or not.
377		* @param \GV\View $view The view.
378		*/
379	5	if ( ! apply_filters( 'gravityview/view/output/rest', true, $view ) ) {
380	1	return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gravityview' ) );
381		}
382
383	5	return true;
384		}
385
386	2	public function get_sub_item_permissions_check( $request ) {
387		// Accessing a single entry needs the View access permissions.
388	2	if ( is_wp_error( $error = $this->get_items_permissions_check( $request ) ) ) {
389		return $error;
390		}
391
392	2	$url = $request->get_url_params();
393	2	$view_id = intval( $url['id'] );
394	2	$entry_id = intval( $url['s_id'] );
395
396	2	$view = \GV\View::by_id( $view_id );
397
398	2	if ( ! $entry = \GV\GF_Entry::by_id( $entry_id ) ) {
399		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
400		}
401
402	2	if ( $entry['form_id'] != $view->form->ID ) {
403		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
404		}
405
406	2	if ( $entry['status'] != 'active' ) {
		0 ignored issues – show introduced 2018-05-08 22:40 UTC by Report Bug Copy Issue Report Found "!= '". Use Yoda Condition checks, you must Loading history...
407		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
408		}
409
410	2	if ( apply_filters( 'gravityview_custom_entry_slug', false ) && $entry->slug != get_query_var( \GV\Entry::get_endpoint_name() ) ) {
411		return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
412		}
413
414	2	$is_admin_and_can_view = $view->settings->get( 'admin_show_all_statuses' ) && \GVCommon::has_cap('gravityview_moderate_entries', $view->ID );
		0 ignored issues – show Coding Style introduced 2018-05-23 23:24 UTC by Report Bug Copy Issue Report Expected 1 spaces after opening bracket; 0 found Loading history...
415
416	2	if ( $view->settings->get( 'show_only_approved' ) && ! $is_admin_and_can_view ) {
417	1	if ( ! \GravityView_Entry_Approval_Status::is_approved( gform_get_meta( $entry->ID, \GravityView_Entry_Approval::meta_key ) ) ) {
418	1	return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
419		}
420		}
421
422	2	return true;
423		}
424
425	4	public function get_items_permissions_check( $request ) {
426		// Getting a list of all Views is always possible.
427	4	return true;
428		}
429
430	3	public function get_sub_items_permissions_check( $request ) {
431		// Accessing all entries of a View needs the same permissions as accessing the View.
432	3	return $this->get_item_permissions_check( $request );
433		}
434		}
435

gravityview / GravityView

Push — develop ( e63648...3edd81 )

Views_Route::get_items() A

Complexity

Size

Duplication

Code Coverage

Importance

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like