Skip to content

Commit

Permalink
Improve REST authentication method when registering fields (#7341)
Browse files Browse the repository at this point in the history
  • Loading branch information
sc0ttkclark authored Aug 28, 2024
2 parents 9a16ab9 + 5d26a32 commit 3a5cf0a
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
26 changes: 24 additions & 2 deletions classes/PodsRESTFields.php
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,28 @@ public function set_pod( $pod ) {
$this->pod = $pod;
}

/**
* Validates if a current user or application is logged in.
*
* @return bool
*/
public static function is_rest_authenticated(): bool {
$is_rest_authenticated = (bool) pods_static_cache_get( __FUNCTION__, __CLASS__ );

if ( $is_rest_authenticated ) {
return true;
}

$is_rest_authenticated = (
is_user_logged_in()
|| wp_validate_application_password( get_current_user_id() )
);

pods_static_cache_set( __FUNCTION__, (int) $is_rest_authenticated, __CLASS__ );

return $is_rest_authenticated;
}

/**
* Add fields, based on options to REST read/write requests
*
Expand Down Expand Up @@ -237,7 +259,7 @@ public static function field_allowed_to_extend( $field, $pod, $mode ) {

// Check if user must be logged in to access all fields and override whether they can use it.
if ( $all_fields_can_use_mode && $all_fields_access ) {
$all_fields_can_use_mode = is_user_logged_in();
$all_fields_can_use_mode = self::is_rest_authenticated();
}

// Maybe get the Field object from the Pod.
Expand Down Expand Up @@ -267,7 +289,7 @@ public static function field_allowed_to_extend( $field, $pod, $mode ) {

// Check if user must be logged in to access field and override whether they can use it.
if ( $can_use_mode && $access ) {
$can_use_mode = is_user_logged_in();
$can_use_mode = self::is_rest_authenticated();
}

return $can_use_mode;
Expand Down
2 changes: 2 additions & 0 deletions tests/codeception/wpunit/Pods/PodsRESTFieldsTest.php

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 3a5cf0a

Please sign in to comment.