/notes endpoint. * * @author WooThemes * @category API * @package WooCommerce/API * @since 2.6.0 */ if ( ! defined( 'ABSPATH' ) ) { exit; } /** * REST API Order Notes controller class. * * @package WooCommerce/API * @extends WC_REST_Controller */ class WC_REST_Order_Notes_Controller extends WC_REST_Controller { /** * Endpoint namespace. * * @var string */ protected $namespace = 'wc/v2'; /** * Route base. * * @var string */ protected $rest_base = 'orders/(?P[\d]+)/notes'; /** * Post type. * * @var string */ protected $post_type = 'shop_order'; /** * Register the routes for order notes. */ public function register_routes() { register_rest_route( $this->namespace, '/' . $this->rest_base, array( 'args' => array( 'order_id' => array( 'description' => __( 'The order ID.', 'woocommerce' ), 'type' => 'integer', ), ), array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_items' ), 'permission_callback' => array( $this, 'get_items_permissions_check' ), 'args' => $this->get_collection_params(), ), array( 'methods' => WP_REST_Server::CREATABLE, 'callback' => array( $this, 'create_item' ), 'permission_callback' => array( $this, 'create_item_permissions_check' ), 'args' => array_merge( $this->get_endpoint_args_for_item_schema( WP_REST_Server::CREATABLE ), array( 'note' => array( 'type' => 'string', 'description' => __( 'Order note content.', 'woocommerce' ), 'required' => true, ), ) ), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P[\d]+)', array( 'args' => array( 'id' => array( 'description' => __( 'Unique identifier for the resource.', 'woocommerce' ), 'type' => 'integer', ), 'order_id' => array( 'description' => __( 'The order ID.', 'woocommerce' ), 'type' => 'integer', ), ), array( 'methods' => WP_REST_Server::READABLE, 'callback' => array( $this, 'get_item' ), 'permission_callback' => array( $this, 'get_item_permissions_check' ), 'args' => array( 'context' => $this->get_context_param( array( 'default' => 'view' ) ), ), ), array( 'methods' => WP_REST_Server::DELETABLE, 'callback' => array( $this, 'delete_item' ), 'permission_callback' => array( $this, 'delete_item_permissions_check' ), 'args' => array( 'force' => array( 'default' => false, 'type' => 'boolean', 'description' => __( 'Required to be true, as resource does not support trashing.', 'woocommerce' ), ), ), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); } /** * Check whether a given request has permission to read order notes. * * @param WP_REST_Request $request Full details about the request. * @return WP_Error|boolean */ public function get_items_permissions_check( $request ) { if ( ! wc_rest_check_post_permissions( $this->post_type, 'read' ) ) { return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Check if a given request has access create order notes. * * @param WP_REST_Request $request Full details about the request. * @return boolean */ public function create_item_permissions_check( $request ) { if ( ! wc_rest_check_post_permissions( $this->post_type, 'create' ) ) { return new WP_Error( 'woocommerce_rest_cannot_create', __( 'Sorry, you are not allowed to create resources.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Check if a given request has access to read a order note. * * @param WP_REST_Request $request Full details about the request. * @return WP_Error|boolean */ public function get_item_permissions_check( $request ) { $post = get_post( (int) $request['order_id'] ); if ( $post && ! wc_rest_check_post_permissions( $this->post_type, 'read', $post->ID ) ) { return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Check if a given request has access delete a order note. * * @param WP_REST_Request $request Full details about the request. * @return boolean */ public function delete_item_permissions_check( $request ) { $post = get_post( (int) $request['order_id'] ); if ( $post && ! wc_rest_check_post_permissions( $this->post_type, 'delete', $post->ID ) ) { return new WP_Error( 'woocommerce_rest_cannot_delete', __( 'Sorry, you are not allowed to delete this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Get order notes from an order. * * @param WP_REST_Request $request * @return array */ public function get_items( $request ) { $order = get_post( (int) $request['order_id'] ); if ( empty( $order->post_type ) || $this->post_type !== $order->post_type ) { return new WP_Error( "woocommerce_rest_{$this->post_type}_invalid_id", __( 'Invalid order ID.', 'woocommerce' ), array( 'status' => 404 ) ); } $args = array( 'post_id' => $order->ID, 'approve' => 'approve', 'type' => 'order_note', ); // Allow filter by order note type. if ( 'customer' === $request['type'] ) { $args['meta_query'] = array( array( 'key' => 'is_customer_note', 'value' => 1, 'compare' => '=', ), ); } elseif ( 'internal' === $request['type'] ) { $args['meta_query'] = array( array( 'key' => 'is_customer_note', 'compare' => 'NOT EXISTS', ), ); } remove_filter( 'comments_clauses', array( 'WC_Comments', 'exclude_order_comments' ), 10, 1 ); $notes = get_comments( $args ); add_filter( 'comments_clauses', array( 'WC_Comments', 'exclude_order_comments' ), 10, 1 ); $data = array(); foreach ( $notes as $note ) { $order_note = $this->prepare_item_for_response( $note, $request ); $order_note = $this->prepare_response_for_collection( $order_note ); $data[] = $order_note; } return rest_ensure_response( $data ); } /** * Create a single order note. * * @param WP_REST_Request $request Full details about the request. * @return WP_Error|WP_REST_Response */ public function create_item( $request ) { if ( ! empty( $request['id'] ) ) { /* translators: %s: post type */ return new WP_Error( "woocommerce_rest_{$this->post_type}_exists", sprintf( __( 'Cannot create existing %s.', 'woocommerce' ), $this->post_type ), array( 'status' => 400 ) ); } $order = get_post( (int) $request['order_id'] ); if ( empty( $order->post_type ) || $this->post_type !== $order->post_type ) { return new WP_Error( 'woocommerce_rest_order_invalid_id', __( 'Invalid order ID.', 'woocommerce' ), array( 'status' => 404 ) ); } $order = wc_get_order( $order ); // Create the note. $note_id = $order->add_order_note( $request['note'], $request['customer_note'] ); if ( ! $note_id ) { return new WP_Error( 'woocommerce_api_cannot_create_order_note', __( 'Cannot create order note, please try again.', 'woocommerce' ), array( 'status' => 500 ) ); } $note = get_comment( $note_id ); $this->update_additional_fields_for_object( $note, $request ); /** * Fires after a order note is created or updated via the REST API. * * @param WP_Comment $note New order note object. * @param WP_REST_Request $request Request object. * @param boolean $creating True when creating item, false when updating. */ do_action( 'woocommerce_rest_insert_order_note', $note, $request, true ); $request->set_param( 'context', 'edit' ); $response = $this->prepare_item_for_response( $note, $request ); $response = rest_ensure_response( $response ); $response->set_status( 201 ); $response->header( 'Location', rest_url( sprintf( '/%s/%s/%d', $this->namespace, str_replace( '(?P[\d]+)', $order->get_id(), $this->rest_base ), $note_id ) ) ); return $response; } /** * Get a single order note. * * @param WP_REST_Request $request Full details about the request. * @return WP_Error|WP_REST_Response */ public function get_item( $request ) { $id = (int) $request['id']; $order = get_post( (int) $request['order_id'] ); if ( empty( $order->post_type ) || $this->post_type !== $order->post_type ) { return new WP_Error( 'woocommerce_rest_order_invalid_id', __( 'Invalid order ID.', 'woocommerce' ), array( 'status' => 404 ) ); } $note = get_comment( $id ); if ( empty( $id ) || empty( $note ) || intval( $note->comment_post_ID ) !== intval( $order->ID ) ) { return new WP_Error( 'woocommerce_rest_invalid_id', __( 'Invalid resource ID.', 'woocommerce' ), array( 'status' => 404 ) ); } $order_note = $this->prepare_item_for_response( $note, $request ); $response = rest_ensure_response( $order_note ); return $response; } /** * Delete a single order note. * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error */ public function delete_item( $request ) { $id = (int) $request['id']; $force = isset( $request['force'] ) ? (bool) $request['force'] : false; // We don't support trashing for this type, error out. if ( ! $force ) { return new WP_Error( 'woocommerce_rest_trash_not_supported', __( 'Webhooks do not support trashing.', 'woocommerce' ), array( 'status' => 501 ) ); } $order = get_post( (int) $request['order_id'] ); if ( empty( $order->post_type ) || $this->post_type !== $order->post_type ) { return new WP_Error( 'woocommerce_rest_order_invalid_id', __( 'Invalid order ID.', 'woocommerce' ), array( 'status' => 404 ) ); } $note = get_comment( $id ); if ( empty( $id ) || empty( $note ) || intval( $note->comment_post_ID ) !== intval( $order->ID ) ) { return new WP_Error( 'woocommerce_rest_invalid_id', __( 'Invalid resource ID.', 'woocommerce' ), array( 'status' => 404 ) ); } $request->set_param( 'context', 'edit' ); $response = $this->prepare_item_for_response( $note, $request ); $result = wp_delete_comment( $note->comment_ID, true ); if ( ! $result ) { return new WP_Error( 'woocommerce_rest_cannot_delete', sprintf( __( 'The %s cannot be deleted.', 'woocommerce' ), 'order_note' ), array( 'status' => 500 ) ); } /** * Fires after a order note is deleted or trashed via the REST API. * * @param WP_Comment $note The deleted or trashed order note. * @param WP_REST_Response $response The response data. * @param WP_REST_Request $request The request sent to the API. */ do_action( 'woocommerce_rest_delete_order_note', $note, $response, $request ); return $response; } /** * Prepare a single order note output for response. * * @param WP_Comment $note Order note object. * @param WP_REST_Request $request Request object. * @return WP_REST_Response $response Response data. */ public function prepare_item_for_response( $note, $request ) { $data = array( 'id' => (int) $note->comment_ID, 'date_created' => wc_rest_prepare_date_response( $note->comment_date_gmt ), 'note' => $note->comment_content, 'customer_note' => (bool) get_comment_meta( $note->comment_ID, 'is_customer_note', true ), ); $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; $data = $this->add_additional_fields_to_object( $data, $request ); $data = $this->filter_response_by_context( $data, $context ); // Wrap the data in a response object. $response = rest_ensure_response( $data ); $response->add_links( $this->prepare_links( $note ) ); /** * Filter order note object returned from the REST API. * * @param WP_REST_Response $response The response object. * @param WP_Comment $note Order note object used to create response. * @param WP_REST_Request $request Request object. */ return apply_filters( 'woocommerce_rest_prepare_order_note', $response, $note, $request ); } /** * Prepare links for the request. * * @param WP_Comment $note Delivery order_note object. * @return array Links for the given order note. */ protected function prepare_links( $note ) { $order_id = (int) $note->comment_post_ID; $base = str_replace( '(?P[\d]+)', $order_id, $this->rest_base ); $links = array( 'self' => array( 'href' => rest_url( sprintf( '/%s/%s/%d', $this->namespace, $base, $note->comment_ID ) ), ), 'collection' => array( 'href' => rest_url( sprintf( '/%s/%s', $this->namespace, $base ) ), ), 'up' => array( 'href' => rest_url( sprintf( '/%s/orders/%d', $this->namespace, $order_id ) ), ), ); return $links; } /** * Get the Order Notes schema, conforming to JSON Schema. * * @return array */ public function get_item_schema() { $schema = array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'order_note', 'type' => 'object', 'properties' => array( 'id' => array( 'description' => __( 'Unique identifier for the resource.', 'woocommerce' ), 'type' => 'integer', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'date_created' => array( 'description' => __( "The date the order note was created, in the site's timezone.", 'woocommerce' ), 'type' => 'date-time', 'context' => array( 'view', 'edit' ), 'readonly' => true, ), 'note' => array( 'description' => __( 'Order note.', 'woocommerce' ), 'type' => 'string', 'context' => array( 'view', 'edit' ), ), 'customer_note' => array( 'description' => __( 'Shows/define if the note is only for reference or for the customer (the user will be notified).', 'woocommerce' ), 'type' => 'boolean', 'default' => false, 'context' => array( 'view', 'edit' ), ), ), ); return $this->add_additional_fields_schema( $schema ); } /** * Get the query params for collections. * * @return array */ public function get_collection_params() { $params = array(); $params['context'] = $this->get_context_param( array( 'default' => 'view' ) ); $params['type'] = array( 'default' => 'any', 'description' => __( 'Limit result to customers or internal notes.', 'woocommerce' ), 'type' => 'string', 'enum' => array( 'any', 'customer', 'internal' ), 'sanitize_callback' => 'sanitize_key', 'validate_callback' => 'rest_validate_request_arg', ); return $params; } }