ReviewPermissions - Code Metrics - Inspection of "build" - pryley/site-reviews - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — develop ( 6f3ffa...e1a061 )

by Paul

created 2025-11-04 19:49 UTC

ReviewPermissions A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	169
Duplicated Lines	0 %

Test Coverage

Coverage

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
wmc	32
eloc	81
c	1
b	0
f	0
dl	0
loc	169
ccs	0
cts	98
cp	0
rs	9.84

8 Methods

Rating	Name	Size	Complexity
A	update_item_permissions_check()	28	5
A	create_item_permissions_check()	19	5
A	delete_item_permissions_check()	16	3
A	get_items_permissions_check()	16	4
A	get_item_permissions_check()	16	3
A	has_read_permission()	9	4
A	has_assign_terms_permission()	12	4
A	has_edit_others_permission()	12	4

<?php

namespace GeminiLabs\SiteReviews\Controllers\Api\Version1\Permissions;

use GeminiLabs\SiteReviews\Helpers\Arr;
use GeminiLabs\SiteReviews\Review;

trait ReviewPermissions
{
    /**
     * @param \WP_REST_Request $request
     *
     * @return true|\WP_Error
     */
    public function create_item_permissions_check($request)
    {
        if (!empty($request['id'])) {
            $error = _x('Cannot create existing review.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_review_exists', $error, ['status' => 400]);
        }
        if (!glsr()->can('create_posts')) {
            $error = _x('Sorry, you are not allowed to create reviews as this user.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_create', $error, ['status' => rest_authorization_required_code()]);
        }
        if (!$this->has_edit_others_permission($request)) {
            $error = _x('Sorry, you are not allowed to create reviews as this review author.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_edit_others', $error, ['status' => rest_authorization_required_code()]);
        }
        if (!$this->has_assign_terms_permission($request)) {
            $error = _x('Sorry, you are not allowed to assign the provided terms.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_assign_term', $error, ['status' => rest_authorization_required_code()]);
        }
        return true;
    }

    /**
     * @param \WP_REST_Request $request
     *
     * @return true|\WP_Error
     */
    public function delete_item_permissions_check($request)
    {
        $review = glsr_get_review($request['id']);
        if (!$review->isValid()) {
            $message = _x('Invalid review ID.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_review_invalid_id', $message, [
                'status' => 404,
            ]);
        }
        if (!glsr()->can('delete_post', $review->ID)) {
            $message = _x('Sorry, you are not allowed to delete this review.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_delete', $message, [
                'status' => rest_authorization_required_code(),
            ]);
        }
        return true;
    }

    /**
     * @param \WP_REST_Request $request
     *
     * @return true|\WP_Error
     */
    public function get_item_permissions_check($request)
    {
        $review = glsr_get_review($request['id']);
        if (!$review->isValid()) {
            $message = _x('Invalid review ID.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_review_invalid_id', $message, [
                'status' => 404
            ]);
        }
        if (!$this->has_read_permission($review)) {
            $message = _x('Sorry, you are not allowed to view this review.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_view', $message, [
                'status' => rest_authorization_required_code()
            ]);
        }
        return true;
    }

    /**
     * @param \WP_REST_Request $request
     *
     * @return true|\WP_Error
     */
    public function get_items_permissions_check($request)
    {
        if (!is_user_logged_in()) {
            $message = _x('Sorry, you do not have permission to access reviews.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_forbidden_context', $message, [
                'status' => rest_authorization_required_code(),
            ]);
        }
        $context = $request['context'] ?? 'edit';
        if ('edit' === $context && !glsr()->can('edit_posts')) {
            $message = _x('Sorry, you are not allowed to edit reviews.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_forbidden_context', $message, [
                'status' => rest_authorization_required_code(),
            ]);
        }
        return true;
    }

    /**
     * @param \WP_REST_Request $request
     *
     * @return true|\WP_Error
     */
    public function update_item_permissions_check($request)
    {
        $review = glsr_get_review($request['id']);
        if (!$review->isValid()) {
            $message = _x('Invalid review ID.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_review_invalid_id', $message, [
                'status' => 404,
            ]);
        }
        if (!glsr()->can('edit_post', $review->ID)) {
            $message = _x('Sorry, you are not allowed to edit this review.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_edit', $message, [
                'status' => rest_authorization_required_code(),
            ]);
        }
        if (!$this->has_edit_others_permission($request)) {
            $message = _x('Sorry, you are not allowed to update the review as this user.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_edit_others', $message, [
                'status' => rest_authorization_required_code(),
            ]);
        }
        if (!$this->has_assign_terms_permission($request)) {
            $message = _x('Sorry, you are not allowed to assign the provided terms.', 'admin-text', 'site-reviews');
            return new \WP_Error('rest_cannot_assign_term', $message, [
                'status' => rest_authorization_required_code(),
            ]);
        }
        return true;
    }

    protected function has_assign_terms_permission(\WP_REST_Request $request): bool
    {
        $terms = Arr::consolidate($request['assigned_terms']);
        foreach ($terms as $termId) {
            if (!get_term($termId, glsr()->taxonomy)) {
                continue; // Invalid terms will be rejected later
            }
            if (!current_user_can('assign_term', (int) $termId)) {
                return false;
            }
        }
        return true;
    }

    protected function has_edit_others_permission(\WP_REST_Request $request): bool
    {
        if (empty($request['author'])) {
            return true;
        }
        if (get_current_user_id() === $request['author']) {
            return true;
        }
        if (glsr()->can('edit_others_posts')) {
            return true;
        }
        return false;
    }

    protected function has_read_permission(Review $review): bool
    {
        if (!is_user_logged_in()) {
            return false;
        }
        if(!$review->is_approved && !glsr()->can('read_post', $review->ID)) {
            return false;
        }
        return true;
    }
}


1			<?php
2
3			namespace GeminiLabs\SiteReviews\Controllers\Api\Version1\Permissions;
4
5			use GeminiLabs\SiteReviews\Helpers\Arr;
6			use GeminiLabs\SiteReviews\Review;
7
8			trait ReviewPermissions
9			{
10			/**
11			* @param \WP_REST_Request $request
12			*
13			* @return true\|\WP_Error
14			*/
15			public function create_item_permissions_check($request)
16			{
17			if (!empty($request['id'])) {
18			$error = _x('Cannot create existing review.', 'admin-text', 'site-reviews');
19			return new \WP_Error('rest_review_exists', $error, ['status' => 400]);
20			}
21			if (!glsr()->can('create_posts')) {
22			$error = _x('Sorry, you are not allowed to create reviews as this user.', 'admin-text', 'site-reviews');
23			return new \WP_Error('rest_cannot_create', $error, ['status' => rest_authorization_required_code()]);
24			}
25			if (!$this->has_edit_others_permission($request)) {
26			$error = _x('Sorry, you are not allowed to create reviews as this review author.', 'admin-text', 'site-reviews');
27			return new \WP_Error('rest_cannot_edit_others', $error, ['status' => rest_authorization_required_code()]);
28			}
29			if (!$this->has_assign_terms_permission($request)) {
30			$error = _x('Sorry, you are not allowed to assign the provided terms.', 'admin-text', 'site-reviews');
31			return new \WP_Error('rest_cannot_assign_term', $error, ['status' => rest_authorization_required_code()]);
32			}
33			return true;
34			}
35
36			/**
37			* @param \WP_REST_Request $request
38			*
39			* @return true\|\WP_Error
40			*/
41			public function delete_item_permissions_check($request)
42			{
43			$review = glsr_get_review($request['id']);
44			if (!$review->isValid()) {
45			$message = _x('Invalid review ID.', 'admin-text', 'site-reviews');
46			return new \WP_Error('rest_review_invalid_id', $message, [
47			'status' => 404,
48			]);
49			}
50			if (!glsr()->can('delete_post', $review->ID)) {
51			$message = _x('Sorry, you are not allowed to delete this review.', 'admin-text', 'site-reviews');
52			return new \WP_Error('rest_cannot_delete', $message, [
53			'status' => rest_authorization_required_code(),
54			]);
55			}
56			return true;
57			}
58
59			/**
60			* @param \WP_REST_Request $request
61			*
62			* @return true\|\WP_Error
63			*/
64			public function get_item_permissions_check($request)
65			{
66			$review = glsr_get_review($request['id']);
67			if (!$review->isValid()) {
68			$message = _x('Invalid review ID.', 'admin-text', 'site-reviews');
69			return new \WP_Error('rest_review_invalid_id', $message, [
70			'status' => 404
71			]);
72			}
73			if (!$this->has_read_permission($review)) {
74			$message = _x('Sorry, you are not allowed to view this review.', 'admin-text', 'site-reviews');
75			return new \WP_Error('rest_cannot_view', $message, [
76			'status' => rest_authorization_required_code()
77			]);
78			}
79			return true;
80			}
81
82			/**
83			* @param \WP_REST_Request $request
84			*
85			* @return true\|\WP_Error
86			*/
87			public function get_items_permissions_check($request)
88			{
89			if (!is_user_logged_in()) {
90			$message = _x('Sorry, you do not have permission to access reviews.', 'admin-text', 'site-reviews');
91			return new \WP_Error('rest_forbidden_context', $message, [
92			'status' => rest_authorization_required_code(),
93			]);
94			}
95			$context = $request['context'] ?? 'edit';
96			if ('edit' === $context && !glsr()->can('edit_posts')) {
97			$message = _x('Sorry, you are not allowed to edit reviews.', 'admin-text', 'site-reviews');
98			return new \WP_Error('rest_forbidden_context', $message, [
99			'status' => rest_authorization_required_code(),
100			]);
101			}
102			return true;
103			}
104
105			/**
106			* @param \WP_REST_Request $request
107			*
108			* @return true\|\WP_Error
109			*/
110			public function update_item_permissions_check($request)
111			{
112			$review = glsr_get_review($request['id']);
113			if (!$review->isValid()) {
114			$message = _x('Invalid review ID.', 'admin-text', 'site-reviews');
115			return new \WP_Error('rest_review_invalid_id', $message, [
116			'status' => 404,
117			]);
118			}
119			if (!glsr()->can('edit_post', $review->ID)) {
120			$message = _x('Sorry, you are not allowed to edit this review.', 'admin-text', 'site-reviews');
121			return new \WP_Error('rest_cannot_edit', $message, [
122			'status' => rest_authorization_required_code(),
123			]);
124			}
125			if (!$this->has_edit_others_permission($request)) {
126			$message = _x('Sorry, you are not allowed to update the review as this user.', 'admin-text', 'site-reviews');
127			return new \WP_Error('rest_cannot_edit_others', $message, [
128			'status' => rest_authorization_required_code(),
129			]);
130			}
131			if (!$this->has_assign_terms_permission($request)) {
132			$message = _x('Sorry, you are not allowed to assign the provided terms.', 'admin-text', 'site-reviews');
133			return new \WP_Error('rest_cannot_assign_term', $message, [
134			'status' => rest_authorization_required_code(),
135			]);
136			}
137			return true;
138			}
139
140			protected function has_assign_terms_permission(\WP_REST_Request $request): bool
141			{
142			$terms = Arr::consolidate($request['assigned_terms']);
143			foreach ($terms as $termId) {
144			if (!get_term($termId, glsr()->taxonomy)) {
145			continue; // Invalid terms will be rejected later
146			}
147			if (!current_user_can('assign_term', (int) $termId)) {
148			return false;
149			}
150			}
151			return true;
152			}
153
154			protected function has_edit_others_permission(\WP_REST_Request $request): bool
155			{
156			if (empty($request['author'])) {
157			return true;
158			}
159			if (get_current_user_id() === $request['author']) {
160			return true;
161			}
162			if (glsr()->can('edit_others_posts')) {
163			return true;
164			}
165			return false;
166			}
167
168			protected function has_read_permission(Review $review): bool
169			{
170			if (!is_user_logged_in()) {
171			return false;
172			}
173			if(!$review->is_approved && !glsr()->can('read_post', $review->ID)) {
174			return false;
175			}
176			return true;
177			}
178			}
179

pryley / site-reviews

Push — develop ( 6f3ffa...e1a061 )

ReviewPermissions A

Complexity

Size/Duplication

Test Coverage

Importance

8 Methods

Duplication Side-by-Side

Filter issues like