Fix error messages for order endpoints.
This commit is contained in:
Peter Fabian
parent
78892dcbe4
commit
c4b965e543
|
|
@ -97,10 +97,16 @@ class WC_API_Resource {
|
|||
}
|
||||
|
||||
// Only custom post types have per-post type/permission checks
|
||||
if ( 'customer' !== $type ) {
|
||||
if ( 'customer' === $type ) {
|
||||
return $id;
|
||||
}
|
||||
|
||||
$post = get_post( $id );
|
||||
|
||||
// Orders request are a special case.
|
||||
$is_invalid_orders_request = ( 'shop_order' === $type && ( ! $post || ! is_a ( $post, 'WP_Post' ) || 'shop_order' !== $post->post_type ) && ! wc_rest_check_post_permissions( 'shop_order', 'read' ) );
|
||||
|
||||
if ( ! $is_invalid_orders_request ) {
|
||||
if ( null === $post ) {
|
||||
return new WP_Error( "woocommerce_api_no_{$resource_name}_found", sprintf( __( 'No %1$s found with the ID equal to %2$s', 'woocommerce' ), $resource_name, $id ), array( 'status' => 404 ) );
|
||||
}
|
||||
|
|
@ -112,29 +118,29 @@ class WC_API_Resource {
|
|||
if ( $type !== $post_type ) {
|
||||
return new WP_Error( "woocommerce_api_invalid_{$resource_name}", sprintf( __( 'Invalid %s', 'woocommerce' ), $resource_name ), array( 'status' => 404 ) );
|
||||
}
|
||||
}
|
||||
|
||||
// Validate permissions
|
||||
switch ( $context ) {
|
||||
|
||||
case 'read':
|
||||
if ( ! $this->is_readable( $post ) ) {
|
||||
if ( $is_invalid_orders_request || ! $this->is_readable( $post ) ) {
|
||||
return new WP_Error( "woocommerce_api_user_cannot_read_{$resource_name}", sprintf( __( 'You do not have permission to read this %s', 'woocommerce' ), $resource_name ), array( 'status' => 401 ) );
|
||||
}
|
||||
break;
|
||||
|
||||
case 'edit':
|
||||
if ( ! $this->is_editable( $post ) ) {
|
||||
if ( $is_invalid_orders_request || ! $this->is_editable( $post ) ) {
|
||||
return new WP_Error( "woocommerce_api_user_cannot_edit_{$resource_name}", sprintf( __( 'You do not have permission to edit this %s', 'woocommerce' ), $resource_name ), array( 'status' => 401 ) );
|
||||
}
|
||||
break;
|
||||
|
||||
case 'delete':
|
||||
if ( ! $this->is_deletable( $post ) ) {
|
||||
if ( $is_invalid_orders_request || ! $this->is_deletable( $post ) ) {
|
||||
return new WP_Error( "woocommerce_api_user_cannot_delete_{$resource_name}", sprintf( __( 'You do not have permission to delete this %s', 'woocommerce' ), $resource_name ), array( 'status' => 401 ) );
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $id;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -906,6 +906,54 @@ class WC_REST_Orders_V1_Controller extends WC_REST_Posts_Controller {
|
|||
return $order_statuses;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a given request has access to read an item.
|
||||
*
|
||||
* @param WP_REST_Request $request Full details about the request.
|
||||
* @return WP_Error|boolean
|
||||
*/
|
||||
public function get_item_permissions_check( $request ) {
|
||||
$object = wc_get_order( (int) $request['id'] );
|
||||
|
||||
if ( ( ! $object || 0 === $object->get_id() ) && ! wc_rest_check_post_permissions( $this->post_type, 'read' ) ) {
|
||||
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
return parent::get_item_permissions_check( $request );
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a given request has access to update an item.
|
||||
*
|
||||
* @param WP_REST_Request $request Full details about the request.
|
||||
* @return WP_Error|boolean
|
||||
*/
|
||||
public function update_item_permissions_check( $request ) {
|
||||
$object = wc_get_order( (int) $request['id'] );
|
||||
|
||||
if ( ( ! $object || 0 === $object->get_id() ) && ! wc_rest_check_post_permissions( $this->post_type, 'read' ) ) {
|
||||
return new WP_Error( 'woocommerce_rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
return parent::update_item_permissions_check( $request );
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a given request has access to delete an item.
|
||||
*
|
||||
* @param WP_REST_Request $request Full details about the request.
|
||||
* @return bool|WP_Error
|
||||
*/
|
||||
public function delete_item_permissions_check( $request ) {
|
||||
$object = wc_get_order( (int) $request['id'] );
|
||||
|
||||
if ( ( ! $object || 0 === $object->get_id() ) && ! wc_rest_check_post_permissions( $this->post_type, 'read' ) ) {
|
||||
return new WP_Error( 'woocommerce_rest_cannot_delete', __( 'Sorry, you are not allowed to delete this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
return parent::delete_item_permissions_check( $request );
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the Order's schema, conforming to JSON Schema.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -149,6 +149,54 @@ class WC_REST_Orders_V2_Controller extends WC_REST_CRUD_Controller {
|
|||
return $order;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a given request has access to read an item.
|
||||
*
|
||||
* @param WP_REST_Request $request Full details about the request.
|
||||
* @return WP_Error|boolean
|
||||
*/
|
||||
public function get_item_permissions_check( $request ) {
|
||||
$object = $this->get_object( (int) $request['id'] );
|
||||
|
||||
if ( ( ! $object || 0 === $object->get_id() ) && ! wc_rest_check_post_permissions( $this->post_type, 'read' ) ) {
|
||||
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
return parent::get_item_permissions_check( $request );
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a given request has access to update an item.
|
||||
*
|
||||
* @param WP_REST_Request $request Full details about the request.
|
||||
* @return WP_Error|boolean
|
||||
*/
|
||||
public function update_item_permissions_check( $request ) {
|
||||
$object = $this->get_object( (int) $request['id'] );
|
||||
|
||||
if ( ( ! $object || 0 === $object->get_id() ) && ! wc_rest_check_post_permissions( $this->post_type, 'read' ) ) {
|
||||
return new WP_Error( 'woocommerce_rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
return parent::update_item_permissions_check( $request );
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if a given request has access to delete an item.
|
||||
*
|
||||
* @param WP_REST_Request $request Full details about the request.
|
||||
* @return bool|WP_Error
|
||||
*/
|
||||
public function delete_item_permissions_check( $request ) {
|
||||
$object = $this->get_object( (int) $request['id'] );
|
||||
|
||||
if ( ( ! $object || 0 === $object->get_id() ) && ! wc_rest_check_post_permissions( $this->post_type, 'read' ) ) {
|
||||
return new WP_Error( 'woocommerce_rest_cannot_delete', __( 'Sorry, you are not allowed to delete this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||
}
|
||||
|
||||
return parent::delete_item_permissions_check( $request );
|
||||
}
|
||||
|
||||
/**
|
||||
* Expands an order item to get its data.
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in New Issue