) );
register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<id>[\d]+)', array(
+ 'args' => array(
+ 'id' => array(
+ 'description' => __( 'Unique identifier for the user.' ),
+ 'type' => 'integer',
+ ),
+ ),
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_item' ),
return $response;
}
+ /**
+ * Get the user, if the ID is valid.
+ *
+ * @since 4.7.2
+ *
+ * @param int $id Supplied ID.
+ * @return WP_User|WP_Error True if ID is valid, WP_Error otherwise.
+ */
+ protected function get_user( $id ) {
+ $error = new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
+ if ( (int) $id <= 0 ) {
+ return $error;
+ }
+
+ $user = get_userdata( (int) $id );
+ if ( empty( $user ) || ! $user->exists() ) {
+ return $error;
+ }
+
+ return $user;
+ }
+
/**
* Checks if a given request has access to read a user.
*
* @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
*/
public function get_item_permissions_check( $request ) {
+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
- $id = (int) $request['id'];
- $user = get_userdata( $id );
$types = get_post_types( array( 'show_in_rest' => true ), 'names' );
- if ( empty( $id ) || empty( $user->ID ) ) {
- return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
- }
-
- if ( get_current_user_id() === $id ) {
+ if ( get_current_user_id() === $user->ID ) {
return true;
}
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
- } elseif ( ! count_user_posts( $id, $types ) && ! current_user_can( 'edit_user', $id ) && ! current_user_can( 'list_users' ) ) {
+ } elseif ( ! count_user_posts( $user->ID, $types ) && ! current_user_can( 'edit_user', $user->ID ) && ! current_user_can( 'list_users' ) ) {
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to list users.' ), array( 'status' => rest_authorization_required_code() ) );
}
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function get_item( $request ) {
- $id = (int) $request['id'];
- $user = get_userdata( $id );
-
- if ( empty( $id ) || empty( $user->ID ) ) {
- return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
}
$user = $this->prepare_item_for_response( $user, $request );
* @return true|WP_Error True if the request has access to update the item, WP_Error object otherwise.
*/
public function update_item_permissions_check( $request ) {
+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
- $id = (int) $request['id'];
-
- if ( ! current_user_can( 'edit_user', $id ) ) {
+ if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
* @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
*/
public function update_item( $request ) {
- $id = (int) $request['id'];
- $user = get_userdata( $id );
+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
+
+ $id = $user->ID;
if ( ! $user ) {
return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
* @return true|WP_Error True if the request has access to delete the item, WP_Error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
- $id = (int) $request['id'];
-
- if ( ! current_user_can( 'delete_user', $id ) ) {
+ if ( ! current_user_can( 'delete_user', $user->ID ) ) {
return new WP_Error( 'rest_user_cannot_delete', __( 'Sorry, you are not allowed to delete this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( is_multisite() ) {
return new WP_Error( 'rest_cannot_delete', __( 'The user cannot be deleted.' ), array( 'status' => 501 ) );
}
+ $user = $this->get_user( $request['id'] );
+ if ( is_wp_error( $user ) ) {
+ return $user;
+ }
- $id = (int) $request['id'];
+ $id = $user->ID;
$reassign = false === $request['reassign'] ? null : absint( $request['reassign'] );
$force = isset( $request['force'] ) ? (bool) $request['force'] : false;
return new WP_Error( 'rest_trash_not_supported', __( 'Users do not support trashing. Set force=true to delete.' ), array( 'status' => 501 ) );
}
- $user = get_userdata( $id );
-
- if ( ! $user ) {
- return new WP_Error( 'rest_user_invalid_id', __( 'Invalid user ID.' ), array( 'status' => 404 ) );
- }
-
if ( ! empty( $reassign ) ) {
if ( $reassign === $id || ! get_userdata( $reassign ) ) {
return new WP_Error( 'rest_user_invalid_reassign', __( 'Invalid user ID for reassignment.' ), array( 'status' => 400 ) );