Adds verification of capabilities to fetch all field values and modifies the response of invalid attributes on updates and posts
This commit is contained in:
parent
a56e677d98
commit
f9f5e831f3
|
@ -203,7 +203,10 @@ class Entity {
|
|||
) {
|
||||
$validation = $mapped['validation'];
|
||||
$prop_value = $this->get_mapped_property($prop);
|
||||
$message = ( isset( $mapped['on_error'] ) ) ? $mapped['on_error'] : $prop. __(' is invalid', 'tainacan');
|
||||
$message = [
|
||||
'error_message' => ( isset( $mapped['on_error'] ) ) ? $mapped['on_error'] : $prop. __(' is invalid', 'tainacan'),
|
||||
'attribute' => $prop
|
||||
];
|
||||
|
||||
if (is_array($prop_value)) {
|
||||
foreach ($prop_value as $val) {
|
||||
|
|
|
@ -600,35 +600,78 @@ class Fields extends Repository {
|
|||
// Clear the result cache
|
||||
$wpdb->flush();
|
||||
|
||||
$item_post_type = "%{$collection_id}_item";
|
||||
$item_post_type = "%%{$collection_id}_item";
|
||||
|
||||
$sql_string = (current_user_can( "read_private_tnc_col_{$collection_id}_items" ) && current_user_can( 'read_private_tainacan-collections' )) ? $wpdb->prepare(
|
||||
"SELECT item_id, field_id, mvalue
|
||||
FROM (
|
||||
SELECT ID as item_id
|
||||
FROM $wpdb->posts
|
||||
WHERE post_type LIKE %s
|
||||
) items
|
||||
JOIN (
|
||||
SELECT meta_key as field_id, meta_value as mvalue, post_id
|
||||
FROM $wpdb->postmeta
|
||||
) metas
|
||||
ON items.item_id = metas.post_id AND metas.field_id = %s", $item_post_type, $field_id
|
||||
) : $wpdb->prepare(
|
||||
"SELECT item_id, field_id, mvalue
|
||||
FROM (
|
||||
SELECT ID as item_id
|
||||
FROM $wpdb->posts
|
||||
WHERE post_type LIKE %s AND post_status <> 'private'
|
||||
) items
|
||||
JOIN (
|
||||
SELECT meta_key as field_id, meta_value as mvalue, post_id
|
||||
FROM $wpdb->postmeta
|
||||
) metas
|
||||
ON items.item_id = metas.post_id AND metas.field_id = %s", $item_post_type, $field_id
|
||||
);
|
||||
$collection = new Entities\Collection($collection_id);
|
||||
$capabilities = $collection->get_capabilities();
|
||||
|
||||
$results = $wpdb->get_results($sql_string, ARRAY_A);
|
||||
$results = [];
|
||||
|
||||
// If no has logged user or actual user can not read private posts
|
||||
if(get_current_user_id() === 0 || !current_user_can( $capabilities->read_private_posts)) {
|
||||
$args = [
|
||||
'exclude_from_search' => false,
|
||||
'public' => true,
|
||||
'private' => false,
|
||||
'internal' => false,
|
||||
];
|
||||
|
||||
$post_statuses = get_post_stati( $args, 'names', 'and' );
|
||||
|
||||
foreach ($post_statuses as $post_status) {
|
||||
$sql_string = $wpdb->prepare(
|
||||
"SELECT item_id, field_id, mvalue
|
||||
FROM (
|
||||
SELECT ID as item_id
|
||||
FROM $wpdb->posts
|
||||
WHERE post_type LIKE %s AND post_status = %s
|
||||
) items
|
||||
JOIN (
|
||||
SELECT meta_key as field_id, meta_value as mvalue, post_id
|
||||
FROM $wpdb->postmeta
|
||||
) metas
|
||||
ON items.item_id = metas.post_id AND metas.field_id = %d",
|
||||
$item_post_type, $post_status, $field_id
|
||||
);
|
||||
|
||||
$pre_result = $wpdb->get_results( $sql_string, ARRAY_A );
|
||||
|
||||
if (!empty($pre_result)) {
|
||||
$results[] = $pre_result[0];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if ( current_user_can( $capabilities->read_private_posts) ) {
|
||||
$args = [
|
||||
'exclude_from_search' => false,
|
||||
];
|
||||
|
||||
$post_statuses = get_post_stati( $args, 'names', 'and' );
|
||||
|
||||
foreach ($post_statuses as $post_status) {
|
||||
$sql_string = $wpdb->prepare(
|
||||
"SELECT item_id, field_id, mvalue
|
||||
FROM (
|
||||
SELECT ID as item_id
|
||||
FROM $wpdb->posts
|
||||
WHERE post_type LIKE %s AND post_status = %s
|
||||
) items
|
||||
JOIN (
|
||||
SELECT meta_key as field_id, meta_value as mvalue, post_id
|
||||
FROM $wpdb->postmeta
|
||||
) metas
|
||||
ON items.item_id = metas.post_id AND metas.field_id = %d",
|
||||
$item_post_type, $post_status, $field_id
|
||||
);
|
||||
|
||||
$pre_result = $wpdb->get_results( $sql_string, ARRAY_A );
|
||||
|
||||
if (!empty($pre_result)) {
|
||||
$results[] = $pre_result[0];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $results;
|
||||
}
|
||||
|
|
|
@ -477,6 +477,18 @@ class TAINACAN_REST_Metadata_Controller extends TAINACAN_UnitApiTestCase {
|
|||
|
||||
//=======================
|
||||
|
||||
// Set no one user
|
||||
wp_set_current_user(0);
|
||||
|
||||
$response1 = $this->server->dispatch($request);
|
||||
|
||||
$data1 = $response1->get_data();
|
||||
|
||||
$this->assertCount(1, $data1);
|
||||
$this->assertEquals('12/12/2017', $data1[0]['mvalue']);
|
||||
|
||||
//=======================
|
||||
|
||||
$new_user1 = $this->factory()->user->create(array( 'role' => 'subscriber' ));
|
||||
wp_set_current_user($new_user1);
|
||||
|
||||
|
|
Loading…
Reference in New Issue