WP_REST_React_Controller::check_update_post_permission() - Code Metrics - Inspection of "More Scrutinizer bugs" - pento/reactions - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 74a956...f01bc4 )

by Gary

created 2016-03-04 12:17 UTC

check_update_post_permission() A

↳ Parent: WP_REST_React_Controller

Complexity

Conditions	2
Paths	2

Size

Total Lines	9
Code Lines	5

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	9
rs	9.6666
cc	2
eloc	5
nc	2
nop	1

<?php

/**
 * Class WP_REST_React_Controller
 */
class WP_REST_React_Controller {
	/**
	 * The namespace of this controller's route.
	 *
	 * @var string
	 */
	protected $namespace;

	/**
	 * The base of this controller's route.
	 *
	 * @var string
	 */
	protected $rest_base;

	/**
	 * Constructor.
	 */
	public function __construct() {
		$this->namespace = 'wp/v2';
		$this->rest_base = 'react';
	}

	/**
	 * Register the routes for the objects of the controller.
	 */
	public function register_routes() {
		register_rest_route( $this->namespace, $this->rest_base, array(
			array(
				'methods'             => WP_Rest_Server::READABLE,
				'callback'            => array( $this, 'get_items' ),
				'permission_callback' => array( $this, 'get_items_permission_callback' ),
				'args'                => $this->get_collection_params(),
			),
			array(
				'methods'             => WP_Rest_Server::CREATABLE,
				'callback'            => array( $this, 'create_item' ),
				'permission_callback' => array( $this, 'create_item_permission_callback' ),
				'args'                => $this->get_creation_params(),
			),
			'schema' => array( $this, 'get_public_item_schema' ),
		) );
	}

	/**
	 * Check if a given request has access to read reactions.
	 *
	 * @param  WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function get_items_permissions_check( $request ) {
		if ( ! empty( $request['post'] ) ) {
			foreach ( (array) $request['post'] as $post_id ) {
				$post = get_post( $post_id );
				if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post ) ) {
					return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you cannot read the post for this reaction.' ), array( 'status' => rest_authorization_required_code() ) );
				} else if ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) {
					return new WP_Error( 'rest_cannot_read', __( 'Sorry, you cannot read reactions without a post.' ), array( 'status' => rest_authorization_required_code() ) );
				}
			}
		}

		return true;
	}

	/**
	 * Get a list of reactions.
	 *
	 * @param  WP_REST_Request $request Full details about the request.
	 * @return WP_Error|WP_REST_Response
	 */
	public function get_items( $request ) {
		$prepared_args = array(
			'post__in' => $request['post'],
			'type'     => 'reaction',
		);

		/**
		 * Filter arguments, before passing to WP_Comment_Query, when querying reactions via the REST API.
		 *
		 * @see https://developer.wordpress.org/reference/classes/wp_comment_query/
		 *
		 * @param array           $prepared_args Array of arguments for WP_Comment_Query.
		 * @param WP_REST_Request $request       The current request.
		 */
		$prepared_args = apply_filters( 'rest_reaction_query', $prepared_args, $request );

		$query = new WP_Comment_Query;
		$query_result = $query->query( $prepared_args );

		$reactions_count = array();
		foreach( $query_result as $reaction ) {
			if ( empty( $reactions_count[ $reaction->comment_content ] ) ) {
				$reactions_count[ $reaction->comment_content ] = array(
					'count'   => 0,
					'post_id' => $reaction->comment_post_ID,
				);
			}

			$reactions_count[ $reaction->comment_content ]++;
		}

		$reactions = array();
		foreach( $reactions_count as $emoji => $data ) {
			$reaction = array(
				'emoji'   => $emoji,
				'count'   => $data['count'],
				'post_id' => $data['post_id'],
			);

			$data = $this->prepare_item_for_response( $reaction, $request );
			$reactions[] = $this->prepare_response_for_collection( $data );
		}

		$total_reactions = (int) $query->found_comments;
		$reaction_groups = count( $reactions );

		$response = rest_ensure_response( $reactions );
		$response->header( 'X-WP-Total', $total_reactions );
		$response->header( 'X-WP-TotalGroups', $reaction_groups );

		return $response;
	}

	/**
	 * Check if a given request has access to create a reaction
	 *
	 * @param  WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function create_item_permissions_check( $request ) {

		return true;
	}

	/**
	 * Create a reaction.
	 *
	 * @param  WP_REST_Request $request Full details about the request.
	 * @return WP_Error|WP_REST_Response
	 */
	public function create_item( $request ) {

	}

	/**
	 * Check if we can read a post.
	 *
	 * Correctly handles posts with the inherit status.
	 *
	 * @param object $post Post object.
	 * @return boolean Can we read it?
	 */
	public function check_read_post_permission( $post ) {
		if ( ! empty( $post->post_password ) && ! $this->check_update_post_permission( $post ) ) {
			return false;
		}

		$post_type = get_post_type_object( $post->post_type );
		if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
			return false;
		}

		// Can we read the post?
		if ( 'publish' === $post->post_status || current_user_can( $post_type->cap->read_post, $post->ID ) ) {
			return true;
		}

		$post_status_obj = get_post_status_object( $post->post_status );
		if ( $post_status_obj && $post_status_obj->public ) {
			return true;
		}

		// Can we read the parent if we're inheriting?
		if ( 'inherit' === $post->post_status && $post->post_parent > 0 ) {
			$parent = get_post( $post->post_parent );
			return $this->check_read_post_permission( $parent );
		}

		// If we don't have a parent, but the status is set to inherit, assume
		// it's published (as per get_post_status()).
		if ( 'inherit' === $post->post_status ) {
			return true;
		}

		return false;
	}

	/**
	 * Check if we can edit a post.
	 *
	 * @param object $post Post object.
	 * @return boolean Can we edit it?
	 */
	protected function check_update_post_permission( $post ) {
		$post_type = get_post_type_object( $post->post_type );

		if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
			return false;
		}

		return current_user_can( $post_type->cap->edit_post, $post->ID );
	}

	/**
	 * Check if a given post type should be viewed or managed.
	 *
	 * @param object|string $post_type
	 * @return boolean Is post type allowed?
	 */
	protected function check_is_post_type_allowed( $post_type ) {
		if ( ! is_object( $post_type ) ) {
			$post_type = get_post_type_object( $post_type );
		}

		if ( ! empty( $post_type ) && ! empty( $post_type->show_in_rest ) ) {
			return true;
		}

		return false;
	}

	/**
	 * Prepare a reaction group output for response.
	 *
	 * @param  array            $reaction Reaction data.
	 * @param  WP_REST_Request  $request  Request object.
	 * @return WP_REST_Response $response
	 */
	public function prepare_item_for_response( $reaction, $request ) {
		$data = array(
			'emoji'   => $reaction['emoji'],
			'count'   => (int) $reaction['count'],
			'post_id' => (int) $reaction['post_id'],
		);

		// Wrap the data in a response object
		$response = rest_ensure_response( $data );

		$response->add_links( $this->prepare_links( $reaction ) );

		/**
		 * Filter a reaction group returned from the API.
		 *
		 * Allows modification of the reaction right before it is returned.
		 *
		 * @param WP_REST_Response  $response   The response object.
		 * @param array             $reaction   The original reaction data.
		 * @param WP_REST_Request   $request    Request used to generate the response.
		 */
		return apply_filters( 'rest_prepare_comment', $response, $reaction, $request );
	}

	/**
	 * Prepare a response for inserting into a collection.
	 *
	 * @param WP_REST_Response $response Response object.
	 * @return array Response data, ready for insertion into collection data.
	 */
	public function prepare_response_for_collection( $response ) {
		if ( ! ( $response instanceof WP_REST_Response ) ) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
			return $response;
		}

		$data = (array) $response->get_data();
		$links = WP_REST_Server::get_response_links( $response );
		if ( ! empty( $links ) ) {
			$data['_links'] = $links;
		}

		return $data;
	}

	/**
	 * Prepare links for the request.
	 *
	 * @param array $reaction Reaction.
	 * @return array Links for the given reaction.
	 */
	protected function prepare_links( $reaction ) {
		$links = array(
			'self' => array(
				'href' => rest_url( sprintf( '/%s/%s/%s', $this->namespace, $this->rest_base, $reaction->emoji ) ),
			),
			'collection' => array(
				'href' => rest_url( sprintf( '/%s/%s', $this->namespace, $this->rest_base ) ),
			),
		);

		if ( 0 !== (int) $reaction['post_id'] ) {
			$post = get_post( $reaction['post_id'] );
			if ( ! empty( $post->ID ) ) {
				$obj = get_post_type_object( $post->post_type );
				$base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name;
				$links['up'] = array(
					'href'       => rest_url( '/wp/v2/' . $base . '/' . $reaction['post_id'] ),
					'embeddable' => true,
					'post_type'  => $post->post_type,
				);
			}
		}

		return $links;
	}

	/**
	 * Get the query params for collections
	 *
	 * @return array
	 */
	public function get_collection_params() {
		$query_params = array();

		$query_params['post']   = array(
			'default'           => array(),
			'description'       => __( 'Limit result set to resources assigned to specific post ids.' ),
			'type'              => 'array',
			'sanitize_callback' => 'wp_parse_id_list',
			'validate_callback' => 'rest_validate_request_arg',
		);

		return $query_params;
	}
	/**
	 * Get the query params for collections
	 *
	 * @return array
	 */
	public function get_creation_params() {
		$query_params = array();

		$query_params['post']   = array(
			'default'           => array(),
			'description'       => __( 'The post ID to add a reaction to.' ),
			'type'              => 'integer',
			'sanitize_callback' => 'absint',
			'validate_callback' => 'rest_validate_request_arg',
		);

		$query_params['emoji']  = array(
			'default'           => array(),
			'description'       => __( 'The reaction emoji.' ),
			'type'              => 'string',
			'validate_callback' => 'rest_validate_request_arg',
		);

		return $query_params;
	}
}

Push — master ( 74a956...f01bc4 )

check_update_post_permission() A

Complexity

Size

Duplication

Importance

1. Missing dependencies

2. Missing use statement

1			<?php
2
3			/**
4			* Class WP_REST_React_Controller
5			*/
6			class WP_REST_React_Controller {
7			/**
8			* The namespace of this controller's route.
9			*
10			* @var string
11			*/
12			protected $namespace;
13
14			/**
15			* The base of this controller's route.
16			*
17			* @var string
18			*/
19			protected $rest_base;
20
21			/**
22			* Constructor.
23			*/
24			public function __construct() {
25			$this->namespace = 'wp/v2';
26			$this->rest_base = 'react';
27			}
28
29			/**
30			* Register the routes for the objects of the controller.
31			*/
32			public function register_routes() {
33			register_rest_route( $this->namespace, $this->rest_base, array(
34			array(
35			'methods' => WP_Rest_Server::READABLE,
36			'callback' => array( $this, 'get_items' ),
37			'permission_callback' => array( $this, 'get_items_permission_callback' ),
38			'args' => $this->get_collection_params(),
39			),
40			array(
41			'methods' => WP_Rest_Server::CREATABLE,
42			'callback' => array( $this, 'create_item' ),
43			'permission_callback' => array( $this, 'create_item_permission_callback' ),
44			'args' => $this->get_creation_params(),
45			),
46			'schema' => array( $this, 'get_public_item_schema' ),
47			) );
48			}
49
50			/**
51			* Check if a given request has access to read reactions.
52			*
53			* @param WP_REST_Request $request Full details about the request.
54			* @return WP_Error\|boolean
55			*/
56			public function get_items_permissions_check( $request ) {
57			if ( ! empty( $request['post'] ) ) {
58			foreach ( (array) $request['post'] as $post_id ) {
59			$post = get_post( $post_id );
60			if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post ) ) {
61			return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you cannot read the post for this reaction.' ), array( 'status' => rest_authorization_required_code() ) );
62			} else if ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) {
63			return new WP_Error( 'rest_cannot_read', __( 'Sorry, you cannot read reactions without a post.' ), array( 'status' => rest_authorization_required_code() ) );
64			}
65			}
66			}
67
68			return true;
69			}
70
71			/**
72			* Get a list of reactions.
73			*
74			* @param WP_REST_Request $request Full details about the request.
75			* @return WP_Error\|WP_REST_Response
76			*/
77			public function get_items( $request ) {
78			$prepared_args = array(
79			'post__in' => $request['post'],
80			'type' => 'reaction',
81			);
82
83			/**
84			* Filter arguments, before passing to WP_Comment_Query, when querying reactions via the REST API.
85			*
86			* @see https://developer.wordpress.org/reference/classes/wp_comment_query/
87			*
88			* @param array $prepared_args Array of arguments for WP_Comment_Query.
89			* @param WP_REST_Request $request The current request.
90			*/
91			$prepared_args = apply_filters( 'rest_reaction_query', $prepared_args, $request );
92
93			$query = new WP_Comment_Query;
94			$query_result = $query->query( $prepared_args );
95
96			$reactions_count = array();
97			foreach( $query_result as $reaction ) {
98			if ( empty( $reactions_count[ $reaction->comment_content ] ) ) {
99			$reactions_count[ $reaction->comment_content ] = array(
100			'count' => 0,
101			'post_id' => $reaction->comment_post_ID,
102			);
103			}
104
105			$reactions_count[ $reaction->comment_content ]++;
106			}
107
108			$reactions = array();
109			foreach( $reactions_count as $emoji => $data ) {
110			$reaction = array(
111			'emoji' => $emoji,
112			'count' => $data['count'],
113			'post_id' => $data['post_id'],
114			);
115
116			$data = $this->prepare_item_for_response( $reaction, $request );
117			$reactions[] = $this->prepare_response_for_collection( $data );
118			}
119
120			$total_reactions = (int) $query->found_comments;
121			$reaction_groups = count( $reactions );
122
123			$response = rest_ensure_response( $reactions );
124			$response->header( 'X-WP-Total', $total_reactions );
125			$response->header( 'X-WP-TotalGroups', $reaction_groups );
126
127			return $response;
128			}
129
130			/**
131			* Check if a given request has access to create a reaction
132			*
133			* @param WP_REST_Request $request Full details about the request.
134			* @return WP_Error\|boolean
135			*/
136			public function create_item_permissions_check( $request ) {
			0 ignored issues – show Unused Code introduced 2016-03-04 11:53 UTC by Report Bug Copy Issue Report The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
137			return true;
138			}
139
140			/**
141			* Create a reaction.
142			*
143			* @param WP_REST_Request $request Full details about the request.
144			* @return WP_Error\|WP_REST_Response
145			*/
146			public function create_item( $request ) {
			0 ignored issues – show Unused Code introduced 2016-03-04 11:53 UTC by Report Bug Copy Issue Report The parameter `$request` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
147			}
148
149			/**
150			* Check if we can read a post.
151			*
152			* Correctly handles posts with the inherit status.
153			*
154			* @param object $post Post object.
155			* @return boolean Can we read it?
156			*/
157			public function check_read_post_permission( $post ) {
158			if ( ! empty( $post->post_password ) && ! $this->check_update_post_permission( $post ) ) {
159			return false;
160			}
161
162			$post_type = get_post_type_object( $post->post_type );
163			if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
164			return false;
165			}
166
167			// Can we read the post?
168			if ( 'publish' === $post->post_status \|\| current_user_can( $post_type->cap->read_post, $post->ID ) ) {
169			return true;
170			}
171
172			$post_status_obj = get_post_status_object( $post->post_status );
173			if ( $post_status_obj && $post_status_obj->public ) {
174			return true;
175			}
176
177			// Can we read the parent if we're inheriting?
178			if ( 'inherit' === $post->post_status && $post->post_parent > 0 ) {
179			$parent = get_post( $post->post_parent );
180			return $this->check_read_post_permission( $parent );
181			}
182
183			// If we don't have a parent, but the status is set to inherit, assume
184			// it's published (as per get_post_status()).
185			if ( 'inherit' === $post->post_status ) {
186			return true;
187			}
188
189			return false;
190			}
191
192			/**
193			* Check if we can edit a post.
194			*
195			* @param object $post Post object.
196			* @return boolean Can we edit it?
197			*/
198			protected function check_update_post_permission( $post ) {
199			$post_type = get_post_type_object( $post->post_type );
200
201			if ( ! $this->check_is_post_type_allowed( $post_type ) ) {
202			return false;
203			}
204
205			return current_user_can( $post_type->cap->edit_post, $post->ID );
206			}
207
208			/**
209			* Check if a given post type should be viewed or managed.
210			*
211			* @param object\|string $post_type
212			* @return boolean Is post type allowed?
213			*/
214			protected function check_is_post_type_allowed( $post_type ) {
215			if ( ! is_object( $post_type ) ) {
216			$post_type = get_post_type_object( $post_type );
217			}
218
219			if ( ! empty( $post_type ) && ! empty( $post_type->show_in_rest ) ) {
220			return true;
221			}
222
223			return false;
224			}
225
226			/**
227			* Prepare a reaction group output for response.
228			*
229			* @param array $reaction Reaction data.
230			* @param WP_REST_Request $request Request object.
231			* @return WP_REST_Response $response
232			*/
233			public function prepare_item_for_response( $reaction, $request ) {
234			$data = array(
235			'emoji' => $reaction['emoji'],
236			'count' => (int) $reaction['count'],
237			'post_id' => (int) $reaction['post_id'],
238			);
239
240			// Wrap the data in a response object
241			$response = rest_ensure_response( $data );
242
243			$response->add_links( $this->prepare_links( $reaction ) );
244
245			/**
246			* Filter a reaction group returned from the API.
247			*
248			* Allows modification of the reaction right before it is returned.
249			*
250			* @param WP_REST_Response $response The response object.
251			* @param array $reaction The original reaction data.
252			* @param WP_REST_Request $request Request used to generate the response.
253			*/
254			return apply_filters( 'rest_prepare_comment', $response, $reaction, $request );
255			}
256
257			/**
258			* Prepare a response for inserting into a collection.
259			*
260			* @param WP_REST_Response $response Response object.
261			* @return array Response data, ready for insertion into collection data.
262			*/
263			public function prepare_response_for_collection( $response ) {
264			if ( ! ( $response instanceof WP_REST_Response ) ) {
			0 ignored issues – show Bug introduced 2016-03-04 12:10 UTC by Report Bug Copy Issue Report The class `WP_REST_Response` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
265			return $response;
266			}
267
268			$data = (array) $response->get_data();
269			$links = WP_REST_Server::get_response_links( $response );
270			if ( ! empty( $links ) ) {
271			$data['_links'] = $links;
272			}
273
274			return $data;
275			}
276
277			/**
278			* Prepare links for the request.
279			*
280			* @param array $reaction Reaction.
281			* @return array Links for the given reaction.
282			*/
283			protected function prepare_links( $reaction ) {
284			$links = array(
285			'self' => array(
286			'href' => rest_url( sprintf( '/%s/%s/%s', $this->namespace, $this->rest_base, $reaction->emoji ) ),
287			),
288			'collection' => array(
289			'href' => rest_url( sprintf( '/%s/%s', $this->namespace, $this->rest_base ) ),
290			),
291			);
292
293			if ( 0 !== (int) $reaction['post_id'] ) {
294			$post = get_post( $reaction['post_id'] );
295			if ( ! empty( $post->ID ) ) {
296			$obj = get_post_type_object( $post->post_type );
297			$base = ! empty( $obj->rest_base ) ? $obj->rest_base : $obj->name;
298			$links['up'] = array(
299			'href' => rest_url( '/wp/v2/' . $base . '/' . $reaction['post_id'] ),
300			'embeddable' => true,
301			'post_type' => $post->post_type,
302			);
303			}
304			}
305
306			return $links;
307			}
308
309			/**
310			* Get the query params for collections
311			*
312			* @return array
313			*/
314			public function get_collection_params() {
315			$query_params = array();
316
317			$query_params['post'] = array(
318			'default' => array(),
319			'description' => __( 'Limit result set to resources assigned to specific post ids.' ),
320			'type' => 'array',
321			'sanitize_callback' => 'wp_parse_id_list',
322			'validate_callback' => 'rest_validate_request_arg',
323			);
324
325			return $query_params;
326			}
327			/**
328			* Get the query params for collections
329			*
330			* @return array
331			*/
332			public function get_creation_params() {
333			$query_params = array();
334
335			$query_params['post'] = array(
336			'default' => array(),
337			'description' => __( 'The post ID to add a reaction to.' ),
338			'type' => 'integer',
339			'sanitize_callback' => 'absint',
340			'validate_callback' => 'rest_validate_request_arg',
341			);
342
343			$query_params['emoji'] = array(
344			'default' => array(),
345			'description' => __( 'The reaction emoji.' ),
346			'type' => 'string',
347			'validate_callback' => 'rest_validate_request_arg',
348			);
349
350			return $query_params;
351			}
352			}

pento / reactions

Push — master ( 74a956...f01bc4 )

check_update_post_permission() A

Complexity

Size

Duplication

Importance

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like