Permissions::user_can_list() - Code Metrics - Inspection of "Tidy up permission checks" - woocommerce/woocommerce-rest-api - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 5bd17a...71a32c )

by Mike

created 2019-06-18 15:06 UTC

Permissions::user_can_list() A

↳ Parent: Permissions

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	3
nc	1
nop	1
dl	0
loc	5
rs	10
c	0
b	0
f	0

<?php
/**
 * Permissions.
 *
 * Handles permission checks for endpoints.
 *
 * @package WooCommerce/RestApi
 */

namespace WooCommerce\RestApi\Controllers\Version4\Utilities;

defined( 'ABSPATH' ) || exit;

/**
 * Permissions class.
 */
class Permissions {

	/**
	 * Items not defined here will default to manage_woocommerce permission.
	 *
	 * @var array
	 */
	protected static $capabilities = array(
		'shop_coupon'            => [
			'read'   => 'read_shop_coupon',
			'list'   => 'read_private_shop_coupons',
			'create' => 'publish_shop_coupons',
			'edit'   => 'edit_shop_coupon',
			'delete' => 'delete_shop_coupon',
			'batch'  => 'edit_others_shop_coupons',
		],
		'customer_download'      => [
			'read'   => 'read_shop_order',
			'list'   => 'read_private_shop_orders',
			'create' => 'publish_shop_orders',
			'edit'   => 'edit_shop_order',
			'delete' => 'delete_shop_order',
			'batch'  => 'edit_others_shop_orders',
		],
		'customer'               => [
			'read'   => 'list_users',
			'list'   => 'list_users',
			'create' => 'promote_users',
			'edit'   => 'edit_users',
			'delete' => 'delete_users',
			'batch'  => 'promote_users',
		],
		'shop_order'             => [
			'read'   => 'read_shop_order',
			'list'   => 'read_private_shop_orders',
			'create' => 'publish_shop_orders',
			'edit'   => 'edit_shop_order',
			'delete' => 'delete_shop_order',
			'batch'  => 'edit_others_shop_orders',
		],
		'product_attribute'      => 'edit_product_terms',
		'product_attribute_term' => [
			'read'   => 'manage_product_terms',
			'list'   => 'manage_product_terms',
			'create' => 'edit_product_terms',
			'edit'   => 'edit_product_terms',
			'delete' => 'delete_product_terms',
			'batch'  => 'edit_product_terms',
		],
		'product_cat'            => [
			'read'   => 'manage_product_terms',
			'list'   => 'manage_product_terms',
			'create' => 'edit_product_terms',
			'edit'   => 'edit_product_terms',
			'delete' => 'delete_product_terms',
			'batch'  => 'edit_product_terms',
		],
		'product_review'         => 'moderate_comments',
		'product'                => [
			'read'   => 'read_product',
			'list'   => 'read_private_products',
			'create' => 'publish_products',
			'edit'   => 'edit_product',
			'delete' => 'delete_product',
			'batch'  => 'edit_others_products',
		],
		'product_shipping_class' => [
			'read'   => 'manage_product_terms',
			'list'   => 'manage_product_terms',
			'create' => 'edit_product_terms',
			'edit'   => 'edit_product_terms',
			'delete' => 'delete_product_terms',
			'batch'  => 'edit_product_terms',
		],
		'product_tag'            => [
			'read'   => 'manage_product_terms',
			'list'   => 'manage_product_terms',
			'create' => 'edit_product_terms',
			'edit'   => 'edit_product_terms',
			'delete' => 'delete_product_terms',
			'batch'  => 'edit_product_terms',
		],
		'product_variation'      => [
			'read'   => 'read_product',
			'list'   => 'read_private_products',
			'create' => 'publish_products',
			'edit'   => 'edit_product',
			'delete' => 'delete_product',
			'batch'  => 'edit_others_products',
		],
	);

	/**
	 * Get capabilities required for a resource for a given context.
	 *
	 * @param string $type Item/resource type. Comes from schema title.
	 * @param string $context Read, edit, delete, batch, create.
	 * @return array List of caps to check. Defaults to manage_woocommerce.
	 */
	protected static function get_capabilities_for_type( $type, $context = 'read' ) {
		if ( isset( self::$capabilities[ $type ][ $context ] ) ) {
			$caps = self::$capabilities[ $type ][ $context ];
		} elseif ( isset( self::$capabilities[ $type ] ) ) {
			$caps = self::$capabilities[ $type ];
		} else {
			$caps = 'manage_woocommerce';
		}
		return is_array( $caps ) ? $caps : array( $caps );
	}

	/**
	 * Check if user has a list of caps.
	 *
	 * @param array $capabilities List of caps to check.
	 * @param int   $object_id Object ID to check. Optional.
	 * @return boolean
	 */
	protected static function has_required_capabilities( $capabilities, $object_id = null ) {
		$permission = true;

		foreach ( $capabilities as $capability ) {
			if ( ! current_user_can( $capability, $object_id ) ) {
				$permission = false;
			}
		}

		return $permission;
	}

	/**
	 * Check if user can list a collection of resources.
	 *
	 * @param string $type Item/resource type. Comes from schema title.
	 * @return bool True on success.
	 */
	public static function user_can_list( $type ) {
		$capabilities = self::get_capabilities_for_type( $type, 'list' );
		$permission   = self::has_required_capabilities( $capabilities );

		return apply_filters( 'woocommerce_rest_user_can_list', $permission, $type );
	}

	/**
	 * Check if user can read a resource.
	 *
	 * @param string $type Item/resource type. Comes from schema title.
	 * @param int    $object_id Resource ID. 0 to check access to read all.
	 * @return bool True on success.
	 */
	public static function user_can_read( $type, $object_id = 0 ) {
		if ( 0 === $object_id ) {
			return false;
		}

		$capabilities = self::get_capabilities_for_type( $type, 'read' );
		$permission   = self::has_required_capabilities( $capabilities, $object_id );

		return apply_filters( 'woocommerce_rest_user_can_read', $permission, $type, $object_id );
	}

	/**
	 * Check if user can read a resource.
	 *
	 * @param string $type Item/resource type. Comes from schema title.
	 * @param int    $object_id Resource ID.
	 * @return bool True on success.
	 */
	public static function user_can_edit( $type, $object_id ) {
		if ( 0 === $object_id ) {
			return false;
		}

		$capabilities = self::get_capabilities_for_type( $type, 'edit' );
		$permission   = self::has_required_capabilities( $capabilities, $object_id );

		return apply_filters( 'woocommerce_rest_user_can_edit', $permission, $type, $object_id );
	}

	/**
	 * Check if user can create a resource.
	 *
	 * @param string $type Item/resource type. Comes from schema title.
	 * @return bool True on success.
	 */
	public static function user_can_create( $type ) {
		$capabilities = self::get_capabilities_for_type( $type, 'create' );
		$permission   = self::has_required_capabilities( $capabilities );

		return apply_filters( 'woocommerce_rest_user_can_create', $permission, $type );
	}

	/**
	 * Check if user can delete a resource.
	 *
	 * @param string $type Item/resource type. Comes from schema title.
	 * @param int    $object_id Resource ID.
	 * @return bool True on success.
	 */
	public static function user_can_delete( $type, $object_id ) {
		if ( 0 === $object_id ) {
			return false;
		}

		$capabilities = self::get_capabilities_for_type( $type, 'delete' );
		$permission   = self::has_required_capabilities( $capabilities, $object_id );

		return apply_filters( 'woocommerce_rest_user_can_delete', $permission, $type, $object_id );
	}

	/**
	 * Check if user can batch update a resource.
	 *
	 * @param string $type Item/resource type. Comes from schema title.
	 * @return bool True on success.
	 */
	public static function user_can_batch( $type ) {
		$capabilities = self::get_capabilities_for_type( $type, 'batch' );
		$permission   = self::has_required_capabilities( $capabilities );

		return apply_filters( 'woocommerce_rest_user_can_batch', $permission, $type );
	}
}


1			<?php
2			/**
3			* Permissions.
4			*
5			* Handles permission checks for endpoints.
6			*
7			* @package WooCommerce/RestApi
8			*/
9
10			namespace WooCommerce\RestApi\Controllers\Version4\Utilities;
11
12			defined( 'ABSPATH' ) \|\| exit;
13
14			/**
15			* Permissions class.
16			*/
17			class Permissions {
18
19			/**
20			* Items not defined here will default to manage_woocommerce permission.
21			*
22			* @var array
23			*/
24			protected static $capabilities = array(
25			'shop_coupon' => [
26			'read' => 'read_shop_coupon',
27			'list' => 'read_private_shop_coupons',
28			'create' => 'publish_shop_coupons',
29			'edit' => 'edit_shop_coupon',
30			'delete' => 'delete_shop_coupon',
31			'batch' => 'edit_others_shop_coupons',
32			],
33			'customer_download' => [
34			'read' => 'read_shop_order',
35			'list' => 'read_private_shop_orders',
36			'create' => 'publish_shop_orders',
37			'edit' => 'edit_shop_order',
38			'delete' => 'delete_shop_order',
39			'batch' => 'edit_others_shop_orders',
40			],
41			'customer' => [
42			'read' => 'list_users',
43			'list' => 'list_users',
44			'create' => 'promote_users',
45			'edit' => 'edit_users',
46			'delete' => 'delete_users',
47			'batch' => 'promote_users',
48			],
49			'shop_order' => [
50			'read' => 'read_shop_order',
51			'list' => 'read_private_shop_orders',
52			'create' => 'publish_shop_orders',
53			'edit' => 'edit_shop_order',
54			'delete' => 'delete_shop_order',
55			'batch' => 'edit_others_shop_orders',
56			],
57			'product_attribute' => 'edit_product_terms',
58			'product_attribute_term' => [
59			'read' => 'manage_product_terms',
60			'list' => 'manage_product_terms',
61			'create' => 'edit_product_terms',
62			'edit' => 'edit_product_terms',
63			'delete' => 'delete_product_terms',
64			'batch' => 'edit_product_terms',
65			],
66			'product_cat' => [
67			'read' => 'manage_product_terms',
68			'list' => 'manage_product_terms',
69			'create' => 'edit_product_terms',
70			'edit' => 'edit_product_terms',
71			'delete' => 'delete_product_terms',
72			'batch' => 'edit_product_terms',
73			],
74			'product_review' => 'moderate_comments',
75			'product' => [
76			'read' => 'read_product',
77			'list' => 'read_private_products',
78			'create' => 'publish_products',
79			'edit' => 'edit_product',
80			'delete' => 'delete_product',
81			'batch' => 'edit_others_products',
82			],
83			'product_shipping_class' => [
84			'read' => 'manage_product_terms',
85			'list' => 'manage_product_terms',
86			'create' => 'edit_product_terms',
87			'edit' => 'edit_product_terms',
88			'delete' => 'delete_product_terms',
89			'batch' => 'edit_product_terms',
90			],
91			'product_tag' => [
92			'read' => 'manage_product_terms',
93			'list' => 'manage_product_terms',
94			'create' => 'edit_product_terms',
95			'edit' => 'edit_product_terms',
96			'delete' => 'delete_product_terms',
97			'batch' => 'edit_product_terms',
98			],
99			'product_variation' => [
100			'read' => 'read_product',
101			'list' => 'read_private_products',
102			'create' => 'publish_products',
103			'edit' => 'edit_product',
104			'delete' => 'delete_product',
105			'batch' => 'edit_others_products',
106			],
107			);
108
109			/**
110			* Get capabilities required for a resource for a given context.
111			*
112			* @param string $type Item/resource type. Comes from schema title.
113			* @param string $context Read, edit, delete, batch, create.
114			* @return array List of caps to check. Defaults to manage_woocommerce.
115			*/
116			protected static function get_capabilities_for_type( $type, $context = 'read' ) {
117			if ( isset( self::$capabilities[ $type ][ $context ] ) ) {
118			$caps = self::$capabilities[ $type ][ $context ];
119			} elseif ( isset( self::$capabilities[ $type ] ) ) {
120			$caps = self::$capabilities[ $type ];
121			} else {
122			$caps = 'manage_woocommerce';
123			}
124			return is_array( $caps ) ? $caps : array( $caps );
125			}
126
127			/**
128			* Check if user has a list of caps.
129			*
130			* @param array $capabilities List of caps to check.
131			* @param int $object_id Object ID to check. Optional.
132			* @return boolean
133			*/
134			protected static function has_required_capabilities( $capabilities, $object_id = null ) {
135			$permission = true;
136
137			foreach ( $capabilities as $capability ) {
138			if ( ! current_user_can( $capability, $object_id ) ) {
139			$permission = false;
140			}
141			}
142
143			return $permission;
144			}
145
146			/**
147			* Check if user can list a collection of resources.
148			*
149			* @param string $type Item/resource type. Comes from schema title.
150			* @return bool True on success.
151			*/
152			public static function user_can_list( $type ) {
153			$capabilities = self::get_capabilities_for_type( $type, 'list' );
154			$permission = self::has_required_capabilities( $capabilities );
155
156			return apply_filters( 'woocommerce_rest_user_can_list', $permission, $type );
157			}
158
159			/**
160			* Check if user can read a resource.
161			*
162			* @param string $type Item/resource type. Comes from schema title.
163			* @param int $object_id Resource ID. 0 to check access to read all.
164			* @return bool True on success.
165			*/
166			public static function user_can_read( $type, $object_id = 0 ) {
167			if ( 0 === $object_id ) {
168			return false;
169			}
170
171			$capabilities = self::get_capabilities_for_type( $type, 'read' );
172			$permission = self::has_required_capabilities( $capabilities, $object_id );
173
174			return apply_filters( 'woocommerce_rest_user_can_read', $permission, $type, $object_id );
175			}
176
177			/**
178			* Check if user can read a resource.
179			*
180			* @param string $type Item/resource type. Comes from schema title.
181			* @param int $object_id Resource ID.
182			* @return bool True on success.
183			*/
184			public static function user_can_edit( $type, $object_id ) {
185			if ( 0 === $object_id ) {
186			return false;
187			}
188
189			$capabilities = self::get_capabilities_for_type( $type, 'edit' );
190			$permission = self::has_required_capabilities( $capabilities, $object_id );
191
192			return apply_filters( 'woocommerce_rest_user_can_edit', $permission, $type, $object_id );
193			}
194
195			/**
196			* Check if user can create a resource.
197			*
198			* @param string $type Item/resource type. Comes from schema title.
199			* @return bool True on success.
200			*/
201			public static function user_can_create( $type ) {
202			$capabilities = self::get_capabilities_for_type( $type, 'create' );
203			$permission = self::has_required_capabilities( $capabilities );
204
205			return apply_filters( 'woocommerce_rest_user_can_create', $permission, $type );
206			}
207
208			/**
209			* Check if user can delete a resource.
210			*
211			* @param string $type Item/resource type. Comes from schema title.
212			* @param int $object_id Resource ID.
213			* @return bool True on success.
214			*/
215			public static function user_can_delete( $type, $object_id ) {
216			if ( 0 === $object_id ) {
217			return false;
218			}
219
220			$capabilities = self::get_capabilities_for_type( $type, 'delete' );
221			$permission = self::has_required_capabilities( $capabilities, $object_id );
222
223			return apply_filters( 'woocommerce_rest_user_can_delete', $permission, $type, $object_id );
224			}
225
226			/**
227			* Check if user can batch update a resource.
228			*
229			* @param string $type Item/resource type. Comes from schema title.
230			* @return bool True on success.
231			*/
232			public static function user_can_batch( $type ) {
233			$capabilities = self::get_capabilities_for_type( $type, 'batch' );
234			$permission = self::has_required_capabilities( $capabilities );
235
236			return apply_filters( 'woocommerce_rest_user_can_batch', $permission, $type );
237			}
238			}
239

woocommerce / woocommerce-rest-api

Push — master ( 5bd17a...71a32c )

Permissions::user_can_list() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like