diff --git a/includes/classes/ExternalConnections/WordPressExternalConnection.php b/includes/classes/ExternalConnections/WordPressExternalConnection.php index 7f452d3c7..f7039f651 100644 --- a/includes/classes/ExternalConnections/WordPressExternalConnection.php +++ b/includes/classes/ExternalConnections/WordPressExternalConnection.php @@ -804,65 +804,42 @@ public function check_connections() { $can_get = array(); $can_post = array(); - $blacklisted_types = [ 'dt_subscription' ]; - - foreach ( $types as $type_key => $type ) { - - if ( in_array( $type_key, $blacklisted_types, true ) ) { - continue; - } + $permission_url = untrailingslashit( $this->base_url ) . '/' . self::$namespace . 'distributor/post-types-permissions'; + + if ( function_exists( 'vip_safe_wp_remote_get' ) && \Distributor\Utils\is_vip_com() ) { + $permission_response = vip_safe_wp_remote_get( + $permission_url, + false, + 3, + 3, + 10, + $this->auth_handler->format_get_args() + ); + } else { - $link = $this->parse_type_items_link( $type ); - if ( empty( $link ) ) { - continue; - } + $permission_response = wp_remote_get( + $permission_url, + $this->auth_handler->format_get_args( + array( + 'timeout' => self::$timeout, + ) + ) + ); + } + $permission_body = wp_remote_retrieve_body( $permission_response ); - $route = str_replace( untrailingslashit( $this->base_url ), '', $link ); - - if ( ! empty( $routes[ $route ] ) ) { - if ( in_array( 'GET', $routes[ $route ]['methods'], true ) ) { - if ( function_exists( 'vip_safe_wp_remote_get' ) && \Distributor\Utils\is_vip_com() ) { - $type_response = vip_safe_wp_remote_get( - $link, - false, - 3, - 3, - 10, - $this->auth_handler->format_get_args() - ); - } else { - $type_response = wp_remote_get( $link, $this->auth_handler->format_get_args( array( 'timeout' => self::$timeout ) ) ); - } - - if ( ! is_wp_error( $type_response ) ) { - $code = (int) wp_remote_retrieve_response_code( $type_response ); - - if ( 401 !== $code ) { - $can_get[] = $type_key; - } - } - } - - if ( in_array( 'POST', $routes[ $route ]['methods'], true ) ) { - $type_response = wp_remote_post( - $link, - $this->auth_handler->format_post_args( - array( - 'timeout' => self::$timeout, - 'body' => array( 'test' => 1 ), - ) - ) - ); - - if ( ! is_wp_error( $type_response ) ) { - $code = (int) wp_remote_retrieve_response_code( $type_response ); - - if ( 401 !== $code ) { - $can_post[] = $type_key; - } - } - } - } + if ( is_wp_error( $permission_response ) || empty( $permission_body ) ) { + $output['errors']['no_permissions'] = 'no_permissions'; + } else { + $permissions = json_decode( $permission_body ); + $can_get = array_filter( + $permissions->can_get, + [ $this, 'not_distributor_internal_post_type' ] + ); + $can_post = array_filter( + $permissions->can_post, + [ $this, 'not_distributor_internal_post_type' ] + ); } $output['can_get'] = $can_get; @@ -873,6 +850,19 @@ public function check_connections() { return $output; } + + /** + * Whether if the post type is not distibutor internal post type. + * + * @param string $post_type Post type + * + * @return bool + */ + private function not_distributor_internal_post_type( $post_type ) { + return 'dt_subscription' !== $post_type; + } + + /** * Convert array to WP_Post object suitable for insert/update. * diff --git a/includes/rest-api.php b/includes/rest-api.php index e752ccc82..b45a1e468 100644 --- a/includes/rest-api.php +++ b/includes/rest-api.php @@ -19,6 +19,7 @@ function setup() { 'init', function() { add_action( 'rest_api_init', __NAMESPACE__ . '\register_endpoints' ); + add_action( 'rest_api_init', __NAMESPACE__ . '\register_rest_routes' ); $post_types = get_post_types( array( @@ -128,6 +129,20 @@ function process_distributor_attributes( $post, $request, $update ) { do_action( 'dt_process_distributor_attributes', $post, $request, $update ); } +/** + * Register custom routes to handle distributor specific functionality. + */ +function register_rest_routes() { + register_rest_route( + 'wp/v2', + 'distributor/post-types-permissions', + array( + 'methods' => 'GET', + 'callback' => __NAMESPACE__ . '\check_post_types_permissions', + ) + ); +} + /** * Filter the data requested over REST API when a post is pulled. * @@ -253,3 +268,28 @@ function register_endpoints() { ) ); } + +/** + * Check user permissions for available post types + */ +function check_post_types_permissions() { + $types = get_post_types( + array( + 'show_in_rest' => true, + ), + 'objects' + ); + $response = array( + 'can_get' => array(), + 'can_post' => array(), + ); + foreach ( $types as $type ) { + $caps = $type->cap; + $response['can_get'][] = $type->name; + + if ( current_user_can( $caps->edit_posts ) && current_user_can( $caps->create_posts ) && current_user_can( $caps->publish_posts ) ) { + $response['can_post'][] = $type->name; + } + } + return $response; +}