Code Coverage for projects/plugins/jetpack/json-endpoints/class.wpcom-json-api-site-user-endpoint.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 144	0.00% covered (danger)	0.00%	0 / 3	CRAP	0.00% covered (danger)	0.00%	0 / 1
WPCOM_JSON_API_Site_User_Endpoint	0.00% covered (danger)	0.00%	0 / 66	0.00% covered (danger)	0.00%	0 / 3	1122	0.00% covered (danger)	0.00%	0 / 1
callback	0.00% covered (danger)	0.00%	0 / 18	0.00% covered (danger)	0.00%	0 / 1	90
get_user	0.00% covered (danger)	0.00%	0 / 7	0.00% covered (danger)	0.00%	0 / 1	30
update_user	0.00% covered (danger)	0.00%	0 / 41	0.00% covered (danger)	0.00%	0 / 1	380

1	<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2
3	if ( ! defined( 'ABSPATH' ) ) {
4	exit( 0 );
5	}
6
7	new WPCOM_JSON_API_Site_User_Endpoint(
8	array(
9	'description' => 'Get details of a user of a site by ID.',
10	'group' => '__do_not_document', // 'users'
11	'stat' => 'sites:1:user',
12	'method' => 'GET',
13	'path' => '/sites/%s/users/%d',
14	'path_labels' => array(
15	'$site' => '(int\|string) Site ID or domain',
16	'$user_id' => '(int) User ID',
17	),
18	'response_format' => WPCOM_JSON_API_Site_User_Endpoint::$user_format,
19	'example_request' => 'https://public-api.wordpress.com/rest/v1/sites/30434183/user/23',
20	'example_request_data' => array(
21	'headers' => array(
22	'authorization' => 'Bearer YOUR_API_TOKEN',
23	),
24	),
25	'example_response' => '{
26	"ID": 18342963,
27	"login": "binarysmash",
28	"email": false,
29	"name": "binarysmash",
30	"URL": "http:\/\/binarysmash.wordpress.com",
31	"avatar_URL": "http:\/\/0.gravatar.com\/avatar\/a178ebb1731d432338e6bb0158720fcc?s=96&d=identicon&r=G",
32	"profile_URL": "http:\/\/gravatar.com\/binarysmash",
33	"roles": [ "administrator" ]
34	}',
35	)
36	);
37
38	new WPCOM_JSON_API_Site_User_Endpoint(
39	array(
40	'description' => 'Get details of a user of a site by login.',
41	'group' => 'users',
42	'stat' => 'sites:1:user',
43	'method' => 'GET',
44	'path' => '/sites/%s/users/login:%s',
45	'path_labels' => array(
46	'$site' => '(int\|string) The site ID or domain.',
47	'$user_id' => '(string) The user\'s login.',
48	),
49	'response_format' => WPCOM_JSON_API_Site_User_Endpoint::$user_format,
50	'example_request' => 'https://public-api.wordpress.com/rest/v1/sites/30434183/user/login:binarysmash',
51	'example_request_data' => array(
52	'headers' => array(
53	'authorization' => 'Bearer YOUR_API_TOKEN',
54	),
55	),
56	'example_response' => '{
57	"ID": 18342963,
58	"login": "binarysmash",
59	"email": false,
60	"name": "binarysmash",
61	"URL": "http:\/\/binarysmash.wordpress.com",
62	"avatar_URL": "http:\/\/0.gravatar.com\/avatar\/a178ebb1731d432338e6bb0158720fcc?s=96&d=identicon&r=G",
63	"profile_URL": "http:\/\/gravatar.com\/binarysmash",
64	"roles": [ "administrator" ]
65	}',
66	)
67	);
68
69	new WPCOM_JSON_API_Site_User_Endpoint(
70	array(
71	'description' => 'Update details of a user of a site.',
72	'group' => 'users',
73	'stat' => 'sites:1:user',
74	'method' => 'POST',
75	'path' => '/sites/%s/users/%d',
76	'path_labels' => array(
77	'$site' => '(int\|string) The site ID or domain.',
78	'$user_id' => '(int) The user\'s ID.',
79	),
80	'request_format' => WPCOM_JSON_API_Site_User_Endpoint::$user_format,
81	'response_format' => WPCOM_JSON_API_Site_User_Endpoint::$user_format,
82	'example_request' => 'https://public-api.wordpress.com/rest/v1/sites/30434183/user/23',
83	'example_request_data' => array(
84	'headers' => array(
85	'authorization' => 'Bearer YOUR_API_TOKEN',
86	),
87	'body' => array(
88	'roles' => array(
89	array(
90	'administrator',
91	),
92	),
93	'first_name' => 'Rocco',
94	'last_name' => 'Tripaldi',
95	),
96	),
97	'example_response' => '{
98	"ID": 18342963,
99	"login": "binarysmash",
100	"email": false,
101	"name": "binarysmash",
102	"URL": "http:\/\/binarysmash.wordpress.com",
103	"avatar_URL": "http:\/\/0.gravatar.com\/avatar\/a178ebb1731d432338e6bb0158720fcc?s=96&d=identicon&r=G",
104	"profile_URL": "http:\/\/gravatar.com\/binarysmash",
105	"roles": [ "administrator" ]
106	}',
107	)
108	);
109
110	/**
111	* Site user endpoint class.
112	*
113	* /sites/%s/users/%d -> $blog_id, $user_id
114	*
115	* @phan-constructor-used-for-side-effects
116	*/
117	class WPCOM_JSON_API_Site_User_Endpoint extends WPCOM_JSON_API_Endpoint {
118
119	/**
120	* User format.
121	*
122	* @var array
123	*/
124	public static $user_format = array(
125	'ID' => '(int) The ID of the user',
126	'login' => '(string) The login username of the user',
127	'email' => '(string) The email of the user',
128	'name' => '(string) The name to display for the user',
129	'first_name' => '(string) The first name of the user',
130	'last_name' => '(string) The last name of the user',
131	'nice_name' => '(string) The nice_name to display for the user',
132	'URL' => '(string) The primary blog of the user',
133	'avatar_URL' => '(url) Gravatar image URL',
134	'profile_URL' => '(url) Gravatar Profile URL',
135	'site_ID' => '(int) ID of the user\'s primary blog',
136	'roles' => '(array\|string) The role or roles of the user',
137	);
138
139	/**
140	* API Callback.
141	*
142	* @param string $path - the path.
143	* @param int $blog_id - the blog ID.
144	* @param int $user_id - the user ID.
145	*
146	* @return array\|WP_Error
147	*/
148	public function callback( $path = '', $blog_id = 0, $user_id = 0 ) {
149	$blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) );
150	if ( is_wp_error( $blog_id ) ) {
151	return $blog_id;
152	}
153	if ( ! current_user_can_for_site( $blog_id, 'list_users' ) ) {
154	return new WP_Error( 'unauthorized', 'User cannot view users for specified site', 403 );
155	}
156
157	// Get the user by ID or login
158	$get_by = str_contains( $path, '/users/login:' ) ? 'login' : 'id';
159	$user = get_user_by( $get_by, $user_id );
160
161	if ( ! $user ) {
162	return new WP_Error( 'unknown_user', 'Unknown user', 404 );
163	}
164
165	if ( ! is_user_member_of_blog( $user->ID, $blog_id ) ) {
166	return new WP_Error( 'unknown_user_for_site', 'Unknown user for site', 404 );
167	}
168
169	if ( 'GET' === $this->api->method ) {
170	return $this->get_user( $user->ID );
171	} elseif ( 'POST' === $this->api->method ) {
172	if ( ! current_user_can_for_site( $blog_id, 'promote_users' ) ) {
173	return new WP_Error( 'unauthorized_no_promote_cap', 'User cannot promote users for specified site', 403 );
174	}
175	return $this->update_user( $user_id, $blog_id );
176	} else {
177	return new WP_Error( 'bad_request', 'An unsupported request method was used.' );
178	}
179	}
180
181	/**
182	* Get the user.
183	*
184	* @param int $user_id - the user ID.
185	*
186	* @return object
187	*/
188	public function get_user( $user_id ) {
189	$the_user = $this->get_author( $user_id, true );
190	if ( $the_user && ! is_wp_error( $the_user ) ) {
191	$userdata = get_userdata( $user_id );
192	$the_user->roles = ! is_wp_error( $userdata ) ? array_values( $userdata->roles ) : array();
193	if ( is_multisite() ) {
194	$the_user->is_super_admin = user_can( $the_user->ID, 'manage_network' );
195	}
196	}
197
198	return $the_user;
199	}
200
201	/**
202	* Updates user data.
203	*
204	* @param int $user_id - the user ID.
205	* @param int $blog_id - the blog ID.
206	*
207	* @return array\|WP_Error
208	*/
209	public function update_user( $user_id, $blog_id ) {
210	$user = array();
211	$input = $this->input();
212	$user['ID'] = $user_id;
213	$is_wpcom = defined( 'IS_WPCOM' ) && IS_WPCOM;
214
215	if ( get_current_user_id() === (int) $user_id && isset( $input['roles'] ) ) {
216	return new WP_Error( 'unauthorized', 'You cannot change your own role', 403 );
217	}
218
219	if ( $is_wpcom && $user_id !== get_current_user_id() && (int) $user_id === wpcom_get_blog_owner( $blog_id ) ) {
220	return new WP_Error( 'unauthorized_edit_owner', 'Current user cannot edit blog owner', 403 );
221	}
222
223	if ( ! $is_wpcom ) {
224	foreach ( $input as $key => $value ) {
225	if ( ! is_array( $value ) ) {
226	$value = trim( $value );
227	}
228	$value = wp_unslash( $value );
229	switch ( $key ) {
230	case 'first_name':
231	case 'last_name':
232	$user[ $key ] = $value;
233	break;
234	case 'display_name':
235	case 'name':
236	$user['display_name'] = $value;
237	break;
238	}
239	}
240	}
241
242	if ( isset( $input['roles'] ) ) {
243	// For now, we only use the first role in the array.
244	if ( is_array( $input['roles'] ) ) {
245	$user['role'] = $input['roles'][0];
246	} elseif ( is_string( $input['roles'] ) ) {
247	$user['role'] = $input['roles'];
248	} else {
249	return new WP_Error( 'invalid_input', __( 'The roles property must be a string or an array.', 'jetpack' ), 400 );
250	}
251
252	$editable_roles = array_keys( get_editable_roles() );
253	if ( ! in_array( $user['role'], $editable_roles, true ) ) {
254	return new WP_Error(
255	'invalid_input',
256	sprintf(
257	/* Translators: placeholder is an invalid role name */
258	esc_html__( '%s is not a valid role.', 'jetpack' ),
259	$editable_roles
260	),
261	400
262	);
263	}
264	}
265
266	$result = wp_update_user( $user );
267	if ( is_wp_error( $result ) ) {
268	return $result;
269	}
270	return $this->get_user( $user_id );
271	}
272	}