woocommerce/includes/admin/class-wc-admin-api-keys.php

229 lines
6.1 KiB
PHP
Raw Normal View History

2015-05-16 02:03:24 +00:00
<?php
/**
2015-11-03 13:53:50 +00:00
* WooCommerce Admin API Keys Class
2015-05-16 02:03:24 +00:00
*
* @package WooCommerce\Admin
* @version 2.4.0
2015-05-16 02:03:24 +00:00
*/
2018-02-10 06:38:33 +00:00
defined( 'ABSPATH' ) || exit;
2015-05-16 02:03:24 +00:00
/**
* WC_Admin_API_Keys.
2015-05-16 02:03:24 +00:00
*/
class WC_Admin_API_Keys {
/**
* Initialize the API Keys admin actions.
2015-05-16 02:03:24 +00:00
*/
public function __construct() {
add_action( 'admin_init', array( $this, 'actions' ) );
add_action( 'woocommerce_settings_page_init', array( $this, 'screen_option' ) );
}
2015-05-16 02:03:24 +00:00
/**
* Check if is API Keys settings page.
2018-02-10 06:38:33 +00:00
*
* @return bool
*/
private function is_api_keys_settings_page() {
return isset( $_GET['page'], $_GET['tab'], $_GET['section'] ) && 'wc-settings' === $_GET['page'] && 'advanced' === $_GET['tab'] && 'keys' === $_GET['section']; // WPCS: input var okay, CSRF ok.
2015-05-16 02:03:24 +00:00
}
/**
* Page output.
2015-05-16 02:03:24 +00:00
*/
public static function page_output() {
2018-02-10 06:38:33 +00:00
// Hide the save button.
2015-05-16 02:03:24 +00:00
$GLOBALS['hide_save_button'] = true;
if ( isset( $_GET['create-key'] ) || isset( $_GET['edit-key'] ) ) {
2018-02-10 06:38:33 +00:00
$key_id = isset( $_GET['edit-key'] ) ? absint( $_GET['edit-key'] ) : 0; // WPCS: input var okay, CSRF ok.
$key_data = self::get_key_data( $key_id );
2018-02-10 06:38:33 +00:00
include 'settings/views/html-keys-edit.php';
2015-05-16 02:03:24 +00:00
} else {
self::table_list_output();
}
}
/**
* Add screen option.
*/
public function screen_option() {
global $keys_table_list;
2018-02-10 06:38:33 +00:00
if ( ! isset( $_GET['create-key'] ) && ! isset( $_GET['edit-key'] ) && $this->is_api_keys_settings_page() ) { // WPCS: input var okay, CSRF ok.
$keys_table_list = new WC_Admin_API_Keys_Table_List();
// Add screen option.
add_screen_option(
'per_page', array(
'default' => 10,
'option' => 'woocommerce_keys_per_page',
)
);
}
}
2015-05-16 02:03:24 +00:00
/**
* Table list output.
2015-05-16 02:03:24 +00:00
*/
private static function table_list_output() {
global $wpdb, $keys_table_list;
echo '<h2>' . esc_html__( 'REST API', 'woocommerce' ) . ' <a href="' . esc_url( admin_url( 'admin.php?page=wc-settings&tab=advanced&section=keys&create-key=1' ) ) . '" class="add-new-h2">' . esc_html__( 'Add key', 'woocommerce' ) . '</a></h2>';
2015-05-16 02:03:24 +00:00
2018-02-10 06:38:33 +00:00
// Get the API keys count.
$count = $wpdb->get_var( "SELECT COUNT(key_id) FROM {$wpdb->prefix}woocommerce_api_keys WHERE 1 = 1;" );
if ( absint( $count ) && $count > 0 ) {
$keys_table_list->prepare_items();
2015-05-16 02:03:24 +00:00
echo '<input type="hidden" name="page" value="wc-settings" />';
echo '<input type="hidden" name="tab" value="api" />';
echo '<input type="hidden" name="section" value="keys" />';
2015-05-16 02:03:24 +00:00
$keys_table_list->views();
$keys_table_list->search_box( __( 'Search key', 'woocommerce' ), 'key' );
$keys_table_list->display();
} else {
2017-04-27 11:23:16 +00:00
echo '<div class="woocommerce-BlankState woocommerce-BlankState--api">';
?>
2018-02-10 06:38:33 +00:00
<h2 class="woocommerce-BlankState-message"><?php esc_html_e( 'The WooCommerce REST API allows external apps to view and manage store data. Access is granted only to those with valid API keys.', 'woocommerce' ); ?></h2>
<a class="woocommerce-BlankState-cta button-primary button" href="<?php echo esc_url( admin_url( 'admin.php?page=wc-settings&tab=advanced&section=keys&create-key=1' ) ); ?>"><?php esc_html_e( 'Create an API key', 'woocommerce' ); ?></a>
2018-02-10 06:38:33 +00:00
<style type="text/css">#posts-filter .wp-list-table, #posts-filter .tablenav.top, .tablenav.bottom .actions { display: none; }</style>
<?php
}
2015-05-16 02:03:24 +00:00
}
2015-05-16 03:09:29 +00:00
/**
* Get key data.
2015-05-16 03:09:29 +00:00
*
2018-02-10 06:38:33 +00:00
* @param int $key_id API Key ID.
2015-05-16 03:09:29 +00:00
* @return array
*/
private static function get_key_data( $key_id ) {
global $wpdb;
$empty = array(
'key_id' => 0,
'user_id' => '',
'description' => '',
'permissions' => '',
'truncated_key' => '',
'last_access' => '',
2015-05-16 03:09:29 +00:00
);
if ( 0 === $key_id ) {
2015-05-16 03:09:29 +00:00
return $empty;
}
$key = $wpdb->get_row(
$wpdb->prepare(
"SELECT key_id, user_id, description, permissions, truncated_key, last_access
FROM {$wpdb->prefix}woocommerce_api_keys
WHERE key_id = %d",
$key_id
), ARRAY_A
);
2015-05-16 03:09:29 +00:00
if ( is_null( $key ) ) {
return $empty;
}
return $key;
}
/**
* API Keys admin actions.
*/
public function actions() {
if ( $this->is_api_keys_settings_page() ) {
// Revoke key.
if ( isset( $_GET['revoke-key'] ) ) { // WPCS: input var okay, CSRF ok.
2015-05-18 18:46:16 +00:00
$this->revoke_key();
}
// Bulk actions.
if ( isset( $_GET['action'] ) && isset( $_GET['key'] ) ) { // WPCS: input var okay, CSRF ok.
2015-05-18 19:12:47 +00:00
$this->bulk_actions();
}
}
}
/**
* Notices.
*/
public static function notices() {
if ( isset( $_GET['revoked'] ) && 1 === $_GET['revoked'] ) { // WPCS: input var okay, CSRF ok.
WC_Admin_Settings::add_message( __( 'API key revoked successfully.', 'woocommerce' ) );
}
}
2015-05-18 18:46:16 +00:00
/**
* Revoke key.
2015-05-18 18:46:16 +00:00
*/
private function revoke_key() {
check_admin_referer( 'revoke' );
if ( isset( $_GET['revoke-key'] ) ) { // WPCS: input var okay, CSRF ok.
$key_id = absint( $_GET['revoke-key'] ); // WPCS: input var okay, CSRF ok.
2015-05-18 18:46:16 +00:00
if ( $key_id ) {
$this->remove_key( $key_id );
}
}
2015-05-18 18:46:16 +00:00
wp_redirect( esc_url_raw( add_query_arg( array( 'revoked' => 1 ), admin_url( 'admin.php?page=wc-settings&tab=advanced&section=keys' ) ) ) );
2015-05-18 18:46:16 +00:00
exit();
}
2015-05-18 19:12:47 +00:00
/**
* Bulk actions.
2015-05-18 19:12:47 +00:00
*/
private function bulk_actions() {
check_admin_referer( 'woocommerce-settings' );
if ( ! current_user_can( 'manage_woocommerce' ) ) {
wp_die( esc_html__( 'You do not have permission to edit API Keys', 'woocommerce' ) );
2015-05-18 19:12:47 +00:00
}
if ( isset( $_GET['action'] ) ) { // WPCS: input var okay, CSRF ok.
$action = sanitize_text_field( wp_unslash( $_GET['action'] ) ); // WPCS: input var okay, CSRF ok.
$keys = isset( $_GET['key'] ) ? array_map( 'absint', (array) $_GET['key'] ) : array(); // WPCS: input var okay, CSRF ok.
2015-05-18 19:12:47 +00:00
if ( 'revoke' === $action ) {
$this->bulk_revoke_key( $keys );
}
2015-05-18 19:12:47 +00:00
}
}
/**
* Bulk revoke key.
2015-05-18 19:12:47 +00:00
*
* @param array $keys API Keys.
2015-05-18 19:12:47 +00:00
*/
private function bulk_revoke_key( $keys ) {
foreach ( $keys as $key_id ) {
$this->remove_key( $key_id );
}
}
/**
* Remove key.
2015-05-18 19:12:47 +00:00
*
* @param int $key_id API Key ID.
2015-05-18 19:12:47 +00:00
* @return bool
*/
private function remove_key( $key_id ) {
global $wpdb;
$delete = $wpdb->delete( $wpdb->prefix . 'woocommerce_api_keys', array( 'key_id' => $key_id ), array( '%d' ) );
return $delete;
}
2015-05-16 02:03:24 +00:00
}
new WC_Admin_API_Keys();