In [43437], the link definition implementation caused attachment links to be unexpectedly nested under an attributes key. This changeset restores the prior behavior.
Merges [43681] to trunk.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44750.
git-svn-id: https://develop.svn.wordpress.org/trunk@43973 602fd350-edb4-49c9-b593-d223f7449a82
Requires wp-admin/includes/image.php to make `wp_read_image_metadata()` function available. Fixes error introduced in [43589].
Props ocean90, soulseekah.
Fixes#43757.
git-svn-id: https://develop.svn.wordpress.org/trunk@43604 602fd350-edb4-49c9-b593-d223f7449a82
Requires wp-admin/includes/ms.php to make `upload_is_user_over_quota()` function available to multisite users uploading files.
Props JakePT, rachelbaker.
Fixes#44864.
git-svn-id: https://develop.svn.wordpress.org/trunk@43603 602fd350-edb4-49c9-b593-d223f7449a82
Narrow the scope of the included wp-admin files loaded for `wp_generate_attachment_metadata()`, `wp_handle_upload()`, `wp_tempnam()`, and `wp_handle_sideload()`. Requires only wp-admin/includes/file.php and wp-admin/includes/image.php instead of wp-admin/includes/admin.php.
Props lonelyvegan, soulseekah, pratikthink.
Fixes#43757.
git-svn-id: https://develop.svn.wordpress.org/trunk@43589 602fd350-edb4-49c9-b593-d223f7449a82
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Fixes#40510.
git-svn-id: https://develop.svn.wordpress.org/trunk@43584 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
[43437] included some new methods, which were incorrectly tagged as being `@since 4.9.7`. This updates them to `4.9.8`.
Props danielbachhuber.
Fixes 44287.
git-svn-id: https://develop.svn.wordpress.org/trunk@43463 602fd350-edb4-49c9-b593-d223f7449a82
When the REST API is in use on WordPress multisite, the `WP_REST_Attachments_Controller` should respect the "Max upload file size" and "Site upload space" site options.
Props flixos90, danielbachhuber.
Fixes#43751.
git-svn-id: https://develop.svn.wordpress.org/trunk@43462 602fd350-edb4-49c9-b593-d223f7449a82
To match behaviour in the Classic Editor, we need to slightly loosen permissions on taxonomy and term endpoints. This allows users to create terms to assign to a post that they're editing.
Props danielbachhuber.
Fixes#44096.
git-svn-id: https://develop.svn.wordpress.org/trunk@43440 602fd350-edb4-49c9-b593-d223f7449a82
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs.
Fixes#44321.
git-svn-id: https://develop.svn.wordpress.org/trunk@43439 602fd350-edb4-49c9-b593-d223f7449a82
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
git-svn-id: https://develop.svn.wordpress.org/trunk@43437 602fd350-edb4-49c9-b593-d223f7449a82
Introduce an `object_subtype` argument to the args array for `register_meta()` which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies).
Introduce `register_post_meta()` and `register_term_meta()` wrapper methods for `register_meta` to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected `register_meta` to function, and should be used in place of direct `register_meta` where possible.
Props flixos90, tharsheblows, spacedmonkey.
Fixes#38323.
git-svn-id: https://develop.svn.wordpress.org/trunk@43378 602fd350-edb4-49c9-b593-d223f7449a82
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Props danielbachhuber.
See #43874.
git-svn-id: https://develop.svn.wordpress.org/trunk@43087 602fd350-edb4-49c9-b593-d223f7449a82
For the block editor to be able to expose the Preview button correctly, it needs to know the `is_post_type_viewable()` setting, this change adds it to the Post Type response.
Props danielbachhuber.
Fixes#43739.
git-svn-id: https://develop.svn.wordpress.org/trunk@43007 602fd350-edb4-49c9-b593-d223f7449a82
Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).
This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.
Props danielbachhuber.
Fixes#42202.
git-svn-id: https://develop.svn.wordpress.org/trunk@43001 602fd350-edb4-49c9-b593-d223f7449a82
This was originally added to allow Gutenberg to do permalink editing, but is no longer required. It's also superceded by #41014.
Reverts [42142].
Fixes#42465.
git-svn-id: https://develop.svn.wordpress.org/trunk@42997 602fd350-edb4-49c9-b593-d223f7449a82
This tag has been used in the past, but should no longer be used. Just using the `static` keyword in code is enough for PhpDocumentor on PHP5+ to recognize static variables and methods, and PhpDocumentor will mark them as static.
Props birgire.
See #42803.
git-svn-id: https://develop.svn.wordpress.org/trunk@42746 602fd350-edb4-49c9-b593-d223f7449a82
For Gutenberg and other admin-type interfaces, it's useful to be able to see the visibility settings for taxonomies.
Props joehoyle, pento.
Fixes#42707.
git-svn-id: https://develop.svn.wordpress.org/trunk@42729 602fd350-edb4-49c9-b593-d223f7449a82
Use the `rest_authorization_required_code()` function to return a 401 status code when a permission callback fails due to a user not being logged in.
Props jaswrks.
Fixes#42828.
git-svn-id: https://develop.svn.wordpress.org/trunk@42421 602fd350-edb4-49c9-b593-d223f7449a82
The permissions error message when a request tries to fetch post statuses unauthenticated is incorrect. It was a copy/paste from elsewhere, as indicated by the use of "in this post type" where this is no post type referenced.
Props schlessera.
Fixes#42303.
git-svn-id: https://develop.svn.wordpress.org/trunk@42356 602fd350-edb4-49c9-b593-d223f7449a82
The 409 error code is intended for situations where it is expected that the user will resolve the conflict and resubmit the same request. We use 400 error codes for other routes when a duplicate request is made. The 400 status code tells the user they need to modify their request for it to be successful.
Props shooper.
Fixes#42781. See #41370.
git-svn-id: https://develop.svn.wordpress.org/trunk@42354 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
In r41727 the ability to sanitise and validate objects from JSON schema was added, with a whitelist approach. It was decided we should pass through all non-registered properties to reflect the behaviour of the root object in register_rest_route. To prevent arbitrary extra data via setting objects, we force additionalProperties to false in the settings endpoint.
See #38583.
git-svn-id: https://develop.svn.wordpress.org/trunk@42000 602fd350-edb4-49c9-b593-d223f7449a82
Also remove `enum` for validating allowed templates to allow plugins to dynamically supply their own templates for specific posts, even when they are not in the theme.
Props TimothyBlynJacobs, jnylen0, swissspidy.
Fixes#39996.
git-svn-id: https://develop.svn.wordpress.org/trunk@41979 602fd350-edb4-49c9-b593-d223f7449a82
Adds an "include_slug" orderby value for REST API collections to permit returning a collection filtered by slugs in the same order in which those slugs are specified.
Previously, the order of slugs provided with the ?slug query parameter had no effect on the order of the returned records.
Props wonderboymusic, ocean90, boonebgorges.
Fixes#40826.
git-svn-id: https://develop.svn.wordpress.org/trunk@41760 602fd350-edb4-49c9-b593-d223f7449a82
Enables register_setting to accept an object as its schema value, allowing settings to accept non-scalar values through the REST API.
This whitelists the added type in the settings controller, and passes properties from argument registration into the validation functions.
Props joehoyle.
See #38583.
git-svn-id: https://develop.svn.wordpress.org/trunk@41758 602fd350-edb4-49c9-b593-d223f7449a82
Fixes an issue where submitting a well-formed request to create a term inappropriately returns a 500 error status if that term already exists.
HTTP 5xx error codes should be reserved for unexpected server errors, so "409 Conflict" is a more appropriate response.
Props alibasheer, guzzilar, shooper.
Fixes#41370.
git-svn-id: https://develop.svn.wordpress.org/trunk@41737 602fd350-edb4-49c9-b593-d223f7449a82
Explicitly specifies that the REST API uses JSON Schema draft-04,
as JSON Schema has deprecated versionless schema URIs and recommends
the use of a specific draft version.
Props @TimothyBlynJacobs
Fixes#41734
git-svn-id: https://develop.svn.wordpress.org/trunk@41731 602fd350-edb4-49c9-b593-d223f7449a82
When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting.
See #38583.
Props TimothyBlynJacobs5.
git-svn-id: https://develop.svn.wordpress.org/trunk@41727 602fd350-edb4-49c9-b593-d223f7449a82
While site administrators cannot generally edit users in multisite, they have always been able to change the roles of users on their site. In the REST API however, this has not been possible so far. This changeset brings parity with how it is handled in the administration panel: A REST request to edit only a user's roles succeeds correctly, while a REST request to edit any further details of a user fails.
Props jnylen0.
Fixes#40263.
git-svn-id: https://develop.svn.wordpress.org/trunk@41226 602fd350-edb4-49c9-b593-d223f7449a82
Under certain circumstances, it can be necessary that a user should not be added to a site, beyond the restrictions that WordPress core applies. With the new `can_add_user_to_blog` filter, plugin developers can run custom checks and return an error in case of a failure, that will prevent the user from being added.
The user-facing parts and the REST API route that interact with `add_user_to_blog()` have been adjusted accordingly to provide appropriate error feedback when a user could not be added to a site. Furthermore, two existing error feedback messages in the site admin's "New User" screen have been adjusted to properly show inside an error notice instead of a success notice.
Props jmdodd.
Fixes#41101.
git-svn-id: https://develop.svn.wordpress.org/trunk@41225 602fd350-edb4-49c9-b593-d223f7449a82
The list of endpoint parameters should only include explicitly named and requested parameters.
Props flixos90, rmccue, jnylen0.
Fixes#40704.
git-svn-id: https://develop.svn.wordpress.org/trunk@41223 602fd350-edb4-49c9-b593-d223f7449a82
