remove private filter and meta from api response

it was showing up in metadata and filters_order

src/api/endpoints/class-tainacan-rest-collections-controller.php

@@ -255,6 +255,44 @@ class REST_Collections_Controller extends REST_Controller {
 				$item_arr['total_items']['private'] = $total_items->private;
 			}
 
+			// Clear private metadata from metadata_order
+			if ( is_array( $item_arr['metadata_order'] ) && ! current_user_can( 'tnc_col_' . $item->get_id() . '_read_private_metadata' ) ) {
+
+				$metadata = $item->get_metadata();
+				$meta_ids = array_map(
+					function($m) {
+						return $m->get_id();
+					},
+					$metadata,
+				);
+				$item_arr['metadata_order'] = \array_values( \array_filter(
+					$item_arr['metadata_order'],
+					function($el) use ($meta_ids) {
+						return in_array($el['id'], $meta_ids);
+					}
+				) );
+
+			}
+
+			// Clear private filters from filters_order
+			if ( is_array( $item_arr['filters_order'] ) && ! current_user_can( 'tnc_col_' . $item->get_id() . '_read_private_filters' ) ) {
+
+				$filters = $item->get_filters();
+				$filters_ids = array_map(
+					function($f) {
+						return $f->get_id();
+					},
+					$filters,
+				);
+				$item_arr['filters_order'] = \array_values( \array_filter(
+					$item_arr['filters_order'],
+					function($el) use ($filters_ids) {
+						return in_array($el['id'], $filters_ids);
+					}
+				) );
+
+			}
+
 			/**
 			 * Use this filter to add additional post_meta to the api response
 			 * Use the $request object to get the context of the request and other variables

tests/test-api-filters.php

@@ -744,6 +744,101 @@ class TAINACAN_REST_Terms_Controller extends TAINACAN_UnitApiTestCase {
 
 	}
 
+	/**
+	 * @group leo
+	 */
+	public function test_private_filter_ids_not_in_filter_order(){
+		$collection = $this->tainacan_entity_factory->create_entity(
+			'collection',
+			array(
+				'name'        => 'Statement',
+				'description' => 'No Statement',
+				'status'      => 'publish',
+			),
+			true
+		);
+
+		$metadatumA = $this->tainacan_entity_factory->create_entity(
+			'metadatum',
+			array(
+				'name'        => 'Data',
+				'description' => 'Descreve valor do campo data.',
+				'collection'  => $collection,
+				'status'      => 'publish',
+				'metadata_type'  => 'Tainacan\Metadata_Types\Text',
+			), true
+		);
+
+		$metadatumB = $this->tainacan_entity_factory->create_entity(
+			'metadatum',
+			array(
+				'name'        => 'Data',
+				'description' => 'Descreve valor do campo data.',
+				'collection'  => $collection,
+				'status'      => 'private',
+				'metadata_type'  => 'Tainacan\Metadata_Types\Text',
+			), true
+		);
+
+		$filterA = $this->tainacan_entity_factory->create_entity(
+			'filter',
+			array(
+				'name'   => 'test',
+				'status' => 'publish',
+				'collection' => $collection,
+				'metadatum' => $metadatumA,
+				'filter_type'  => 'Tainacan\Filter_Types\Autocomplete',
+			),
+			true
+		);
+
+		$filterB = $this->tainacan_entity_factory->create_entity(
+			'filter',
+			array(
+				'name'   => 'test',
+				'status' => 'private',
+				'collection' => $collection,
+				'metadatum' => $metadatumA,
+				'filter_type'  => 'Tainacan\Filter_Types\Autocomplete',
+			),
+			true
+		);
+
+		$order = array();
+
+		$filters = $collection->get_filters();
+
+		foreach ( $filters as $f ) {
+			$order[] = [
+				'id' => $f->get_id(),
+				'enabled' => true,
+			];
+		}
+
+		$collection->set_filters_order($order);
+		$collection->validate();
+		\tainacan_collections()->insert($collection);
+
+		$request = new \WP_REST_Request('GET', $this->namespace . '/collections/' . $collection->get_id());
+
+		$response = $this->server->dispatch($request);
+		$data = $response->get_data();
+
+		$this->assertEquals(2, count($data['filters_order']));
+
+		wp_logout();
+		wp_set_current_user(0);
+
+		$request = new \WP_REST_Request('GET', $this->namespace . '/collections/' . $collection->get_id());
+
+		$response = $this->server->dispatch($request);
+		$data = $response->get_data();
+
+		$this->assertEquals(1, count($data['filters_order']));
+		$this->assertNotEquals($filterB->get_id(), $data['filters_order'][0]['id']);
+
+	}
+
 }
 
 ?>

tests/test-api-metadata.php

@@ -770,6 +770,81 @@ class TAINACAN_REST_Metadata_Controller extends TAINACAN_UnitApiTestCase {
 		$this->assertNotEquals($metadatumB->get_id(), $data[2]['id']);
 	}
 
+	/**
+	 * @group leo
+	 */
+	public function test_private_meta_ids_not_in_metadata_order(){
+		$collection = $this->tainacan_entity_factory->create_entity(
+			'collection',
+			array(
+				'name'        => 'Statement',
+				'description' => 'No Statement',
+				'status'      => 'publish',
+			),
+			true
+		);
+
+		$metadatumA = $this->tainacan_entity_factory->create_entity(
+			'metadatum',
+			array(
+				'name'        => 'Data',
+				'description' => 'Descreve valor do campo data.',
+				'collection'  => $collection,
+				'status'      => 'publish',
+				'metadata_type'  => 'Tainacan\Metadata_Types\Text',
+			), true
+		);
+
+		$metadatumB = $this->tainacan_entity_factory->create_entity(
+			'metadatum',
+			array(
+				'name'        => 'Data',
+				'description' => 'Descreve valor do campo data.',
+				'collection'  => $collection,
+				'status'      => 'private',
+				'metadata_type'  => 'Tainacan\Metadata_Types\Text',
+			), true
+		);
+
+		$order = array();
+
+		$metas = $collection->get_metadata();
+
+		foreach ( $metas as $m ) {
+			$order[] = [
+				'id' => $m->get_id(),
+				'enabled' => true,
+			];
+		}
+
+		$collection->set_metadata_order($order);
+		$collection->validate();
+		\tainacan_collections()->insert($collection);
+
+
+
+		$request = new \WP_REST_Request('GET', $this->namespace . '/collections/' . $collection->get_id());
+
+		$response = $this->server->dispatch($request);
+		$data = $response->get_data();
+
+		$this->assertEquals(4, count($data['metadata_order']));
+
+		wp_logout();
+		wp_set_current_user(0);
+
+		$request = new \WP_REST_Request('GET', $this->namespace . '/collections/' . $collection->get_id());
+
+		$response = $this->server->dispatch($request);
+		$data = $response->get_data();
+
+		$this->assertEquals(3, count($data['metadata_order']));
+		$this->assertNotEquals($metadatumB->get_id(), $data['metadata_order'][0]['id']);
+		$this->assertNotEquals($metadatumB->get_id(), $data['metadata_order'][1]['id']);
+		$this->assertNotEquals($metadatumB->get_id(), $data['metadata_order'][2]['id']);
+
+	}
+
 
 }