The REST API supports filtering by terms across multiple taxonomies using an AND relation. This adds support for an OR relation by adding "tax_relation=OR" as a query parameter.
Props earnjam.
Fixes#44326.
git-svn-id: https://develop.svn.wordpress.org/trunk@46646 602fd350-edb4-49c9-b593-d223f7449a82
Ensures that the ::get_rest_controller() method will always return an instanceof the expected controller class, or null.
Removes unused private static property $post_type_controllers.
Props dlh, TimothyBlynJacobs.
Fixes#45677.
git-svn-id: https://develop.svn.wordpress.org/trunk@46435 602fd350-edb4-49c9-b593-d223f7449a82
Cache REST controller references on their associated post type object to prevent unnecessary controller re-instantiation, which previously caused "rest_prepare_{$post_type}" and "rest_{$post_type}_query" to run twice per request.
Props TimothyBlynJacobs, patrelentlesstechnologycom.
Fixes#45677.
git-svn-id: https://develop.svn.wordpress.org/trunk@46272 602fd350-edb4-49c9-b593-d223f7449a82
Expose a date_floating property on all status objects to permit clients (including the block editor) to make correct decisions about date handling for posts of varying status.
Props mnelson4, earnjam, kadamwhite, jnylen0, nerrad, pento.
See #39953.
git-svn-id: https://develop.svn.wordpress.org/trunk@46252 602fd350-edb4-49c9-b593-d223f7449a82
Enable clients to opt-in to receipt of one or more specific sub-properties within a response, and not other sub-properties.
Skip potentially expensive filtering and processing for post resources which were explicitly not requested.
Props kadamwhite, TimothyBlynJacobs, dlh.
Fixes#42094.
git-svn-id: https://develop.svn.wordpress.org/trunk@46184 602fd350-edb4-49c9-b593-d223f7449a82
Caches the output of get_item_schema() to avoid redundant recomputation of translatable strings and other computed values. This method is called many times per item in each REST request, and the results of the method should not vary between calls.
Additional schema fields are not cached.
Props kadamwhite, joehoyle, TimothyBlynJacobs.
Fixes#47871.
git-svn-id: https://develop.svn.wordpress.org/trunk@45811 602fd350-edb4-49c9-b593-d223f7449a82
The sample permalink will now only be generated if the derivative `permalink_template` or `generated_slug` fields are to be included in the response, preventing an unnecessary database request for each post (via `wp_unique_post_slug()`) when those fields are not requested.
Props dlh.
See #45605.
git-svn-id: https://develop.svn.wordpress.org/trunk@45705 602fd350-edb4-49c9-b593-d223f7449a82
Use of `date()` in core depends on PHP timezone set to UTC and not changed by third party code (which cannot be guaranteed).
`gmdate()` is functionally equivalent, but is not affected by PHP timezone setting: it's always UTC, which is the exact behavior the core needs.
Props nielsdeblaauw, Rarst.
Fixes#46438. See #44491.
git-svn-id: https://develop.svn.wordpress.org/trunk@45424 602fd350-edb4-49c9-b593-d223f7449a82
Passing all received query arguments through urlencode_deep ensures that the full set of query arguments are encoded in the same way.
Props dmsnell.
Fixes#46199
git-svn-id: https://develop.svn.wordpress.org/trunk@45267 602fd350-edb4-49c9-b593-d223f7449a82
The `block_version` denotes which version of Blocks the `post_content` contains. Introduces new `block_version()` function for versioning Blocks.
Merges [43770] from the 5.0 branch to trunk.
Props danielbachhuber, birgire.
Fixes#43887.
git-svn-id: https://develop.svn.wordpress.org/trunk@44127 602fd350-edb4-49c9-b593-d223f7449a82
The existing `rest_insert_*` actions are fired before meta and additional fields are updated. These new `rest_after_*` actions fire after all write operations have completed.
Props timothyblynjacobs, danielbachhuber.
Merges [43737] to trunk.
Fixes#42864.
git-svn-id: https://develop.svn.wordpress.org/trunk@43987 602fd350-edb4-49c9-b593-d223f7449a82
In order for clients to present permalink previews, the REST API must share the computed results of get_sample_permalink(). These two values are now exposed as permalink_template and generated_slug for public, viewable post types, but only for context=edit.
Merges [43720] to trunk.
Props danielbachhuber, rahulsprajapati.
Fixes#45017.
git-svn-id: https://develop.svn.wordpress.org/trunk@43980 602fd350-edb4-49c9-b593-d223f7449a82
An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.
Props rachelbaker, soulseekah, twoelevenjay.
Moves [43694] from the 5.0 branch to trunk.
Fixes#43701.
git-svn-id: https://develop.svn.wordpress.org/trunk@43979 602fd350-edb4-49c9-b593-d223f7449a82
Because user capabilities can be modified at runtime, the REST API needs to expose them in some evaluated but declarative manner for clients to interpret. JSON Hyper Schema targetSchema provides an appropriate paradigm for doing so.
Merges [43682] to trunk.
Props timothyblynjacobs.
Fixes#45014.
git-svn-id: https://develop.svn.wordpress.org/trunk@43974 602fd350-edb4-49c9-b593-d223f7449a82
The original REST API revisions controller relied on `wp_get_post_revisions()`, getting all revisions of a post without any possibility to restrict the result. This changeset replaces that function call with a proper `WP_Query` setup, replicating how `wp_get_post_revisions()` works while offering parameters to alter the default behavior.
Props adamsilverstein, birgire, flixos90.
Fixes#40510.
git-svn-id: https://develop.svn.wordpress.org/trunk@43584 602fd350-edb4-49c9-b593-d223f7449a82
WPCS 1.0.0 includes a bunch of new auto-fixers, which drops the number of coding standards issues across WordPress significantly. Prior to running the auto-fixers, there were 15,312 issues detected. With this commit, we now drop to 4,769 issues.
This change includes three notable additions:
- Multiline function calls must now put each parameter on a new line.
- Auto-formatting files is now part of the `grunt precommit` script.
- Auto-fixable coding standards issues will now cause Travis failures.
Fixes#44600.
git-svn-id: https://develop.svn.wordpress.org/trunk@43571 602fd350-edb4-49c9-b593-d223f7449a82
[43437] included some new methods, which were incorrectly tagged as being `@since 4.9.7`. This updates them to `4.9.8`.
Props danielbachhuber.
Fixes 44287.
git-svn-id: https://develop.svn.wordpress.org/trunk@43463 602fd350-edb4-49c9-b593-d223f7449a82
So that REST API clients can show appropriate UI for a post's revisions, it needs to know how many revisions the post has, and what the latest revision ID is.
Props kadamwhite, danielbachhuber, birgire, TimothyBlynJacobs.
Fixes#44321.
git-svn-id: https://develop.svn.wordpress.org/trunk@43439 602fd350-edb4-49c9-b593-d223f7449a82
There are a variety of operations a WordPress user can only perform if they have the correct capabilities. A REST API client should only display UI for one of these operations if the WordPress user can perform the operation.
Rather than requiring REST API clients to calculate whether to display UI based on potentially complicated combinations of user capabilities, `targetSchema` allows us to expose a single flag to show whether the corresponding UI should be displayed.
This change also includes flags on post objects for the following actions:
- `action-publish`: The current user can publish this post.
- `action-sticky`: The current user can make this post sticky, and the post type supports sticking.
- `action-assign-author': The current user can change the author on this post.
- `action-assign-{$taxonomy}`: The current user can assign terms from the "$taxonomy" taxonomy to this post.
- `action-create-{$taxonomy}`: The current user can create terms int the "$taxonomy" taxonomy.
Props TimothyBlynJacobs, danielbachhuber.
Fixes#44287.
git-svn-id: https://develop.svn.wordpress.org/trunk@43437 602fd350-edb4-49c9-b593-d223f7449a82
Historically, the REST API would generate the entire response object, including running expensive filters, then it would apply the `_fields` parameter, discarding the fields that weren't specificed.
This change causes `_fields` to be applied earlier, so that only requested fields are processed.
Props danielbachhuber.
See #43874.
git-svn-id: https://develop.svn.wordpress.org/trunk@43087 602fd350-edb4-49c9-b593-d223f7449a82
WordPress' code just... wasn't.
This is now dealt with.
Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes#41057.
git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
Also remove `enum` for validating allowed templates to allow plugins to dynamically supply their own templates for specific posts, even when they are not in the theme.
Props TimothyBlynJacobs, jnylen0, swissspidy.
Fixes#39996.
git-svn-id: https://develop.svn.wordpress.org/trunk@41979 602fd350-edb4-49c9-b593-d223f7449a82
Adds an "include_slug" orderby value for REST API collections to permit returning a collection filtered by slugs in the same order in which those slugs are specified.
Previously, the order of slugs provided with the ?slug query parameter had no effect on the order of the returned records.
Props wonderboymusic, ocean90, boonebgorges.
Fixes#40826.
git-svn-id: https://develop.svn.wordpress.org/trunk@41760 602fd350-edb4-49c9-b593-d223f7449a82
Explicitly specifies that the REST API uses JSON Schema draft-04,
as JSON Schema has deprecated versionless schema URIs and recommends
the use of a specific draft version.
Props @TimothyBlynJacobs
Fixes#41734
git-svn-id: https://develop.svn.wordpress.org/trunk@41731 602fd350-edb4-49c9-b593-d223f7449a82
When registering routes developers can now define their complex objects in the schema and benefit from the automatic validation and sanitization in the REST API. This also paves the way for support for complex object registration via register_meta and register_setting.
See #38583.
Props TimothyBlynJacobs5.
git-svn-id: https://develop.svn.wordpress.org/trunk@41727 602fd350-edb4-49c9-b593-d223f7449a82
Prior to about 2013, many class methods lacked even access modifiers which made the `@access` notations that much more useful. Now that we've gotten to a point where the codebase is more mature from a maintenance perspective and we can finally remove these notations. Notable exceptions to this change include standalone functions notated as private as well as some classes still considered to represent "private" APIs.
See #41452.
git-svn-id: https://develop.svn.wordpress.org/trunk@41162 602fd350-edb4-49c9-b593-d223f7449a82
These (and a few others that can be revisited later if needed) were present in
beta versions of the WP REST API but were removed during the merge to WP 4.7.
Props ChopinBach, jnylen0.
Fixes#38693.
git-svn-id: https://develop.svn.wordpress.org/trunk@40605 602fd350-edb4-49c9-b593-d223f7449a82
Avoid a PHP Error when attempting to embed the parent post of an attachment, when the parent post ID is invalid. Instead check if the parent post object exists before checking the read permission for the parent post.
Props GhostToast.
Fixes#39881.
git-svn-id: https://develop.svn.wordpress.org/trunk@40306 602fd350-edb4-49c9-b593-d223f7449a82
Previously, when getting posts from the API with `sticky=true`, if there were no sticky posts set, the query would return all posts as if the `sticky` argument was not set. In this situation, the query should return an empty array instead.
A `sticky=true` query that should return an empty array (in the previous situation, or with `include` and no intersecting post IDs) was also broken in that it would query the post with ID 1.
Finally, this commit significantly improves test coverage for the `sticky` filter argument, including direct testing of the `WHERE` clauses generated by `WP_Query`.
Props ryelle.
Fixes#39947.
git-svn-id: https://develop.svn.wordpress.org/trunk@40122 602fd350-edb4-49c9-b593-d223f7449a82
A `post_format` not used by the current theme, but supported by core is not a wrong/broken piece of information. It's just not used at this point in time. Therefore we should allow setting and retrieving any of the standard post formats supported in core, even if the current theme doesn't use them.
After this commit, a post's `format` value can survive a round trip through the API, which is a good general design principle for an API.
Props JPry, iseulde, davidakennedy, Drivingralle.
Fixes#39232.
git-svn-id: https://develop.svn.wordpress.org/trunk@40120 602fd350-edb4-49c9-b593-d223f7449a82
Internally, WordPress uses a special `post_date_gmt` value of `0000-00-00 00:00:00` to indicate that a draft's date is "floating" and should be updated whenever the post is saved. This makes it much more difficult for API clients to know the correct date of a draft post.
This commit provides a best guess at a `date_gmt` value for draft posts in this situation using the `date` field and the site's current timezone offset.
Props joehoyle.
Fixes#38883.
git-svn-id: https://develop.svn.wordpress.org/trunk@40108 602fd350-edb4-49c9-b593-d223f7449a82
This commit modifies the `rest_get_date_with_gmt` function to correctly parse local and UTC timestamps with or without timezone information.
It also ensures that the REST API can edit the dates of draft posts by setting the `edit_date` flag to `wp_update_post`.
Overall this commit ensures that post and comment dates can be set and updated as expected.
Fixes#39256.
git-svn-id: https://develop.svn.wordpress.org/trunk@40101 602fd350-edb4-49c9-b593-d223f7449a82
Previously the status for a Post (or other post_types) was only exposed under the `edit` context, which doesn't really make much sense considering we support querying by post status without authentication. Originally introduced in v2.0 beta 1: 69f617d749 without any explanation in the commit message.
Props dhanendran, jnylen0, rachelbaker.
Fixes#39466.
git-svn-id: https://develop.svn.wordpress.org/trunk@40080 602fd350-edb4-49c9-b593-d223f7449a82
Return an error from the REST API if a page number larger than the total pages count is requested.
Props morganestes.
Fixes#39061.
git-svn-id: https://develop.svn.wordpress.org/trunk@39967 602fd350-edb4-49c9-b593-d223f7449a82
Rather than repeating ourselves, unifying the access into a single method keeps everything tidy. While we're at it, add in additional schema handling for common parameters.
See #38792.
git-svn-id: https://develop.svn.wordpress.org/trunk@39954 602fd350-edb4-49c9-b593-d223f7449a82
The `rest_{$taxonomy}_collection_params` filter in 4.7 is incorrectly using
single quotes instead of double quotes, which means it is not working correctly
as a dynamic filter. This fixes the quotes around the filter name, and also
updates the docblocks for the other 3 similar filters for better conformance to
the documentation standards.
Props shazahm1hotmailcom, JPry, jnylen0.
Fixes#39300.
git-svn-id: https://develop.svn.wordpress.org/trunk@39621 602fd350-edb4-49c9-b593-d223f7449a82
If `add_theme_support( 'post-formats' )` is called with no additional
arguments, then `get_theme_support( 'post-formats' )` returns `true` rather
than an array of supported formats. Avoid generating PHP warnings in this
situation.
Props dreamon11, ChopinBach.
Fixes#39293.
git-svn-id: https://develop.svn.wordpress.org/trunk@39620 602fd350-edb4-49c9-b593-d223f7449a82
Currently, `attachment` is the only post type exposed via the REST API that
does not support password protection, but it's possible for other post types to
remove password support.
Fixes#38977.
git-svn-id: https://develop.svn.wordpress.org/trunk@39595 602fd350-edb4-49c9-b593-d223f7449a82
Core requires the post password to view and create comments on password protected posts, so we must support a “password” param on the comments endpoint when fetch comments for a specific post and creating a comment on a password protected post.
Props flixos90, jnylen0.
Fixes#38692.
git-svn-id: https://develop.svn.wordpress.org/trunk@39349 602fd350-edb4-49c9-b593-d223f7449a82
Brings consistency to the `rest_insert_*` actions. Also includes some shuffling and clean-up as well including:
- Ensure we are passing the most current `$post` and `$user` objects to the `update_additional_fields_for_object()` callbacks.
- Changes the function signature of `handle_status_param()` in the Comments controller to accept just the comment_id as the 2nd parameter, instead of a full WP_Comment object. Only the comment_id is needed in the method, this avoids having to include another `get_comment()` call.
- Renames a variable in the `create_item()` method of the Posts controller from `$post` -> `$prepared_post` to be more explicit.
- Minor fixes/clarifications to the rest_insert_* hook docs
Props rachelbaker, joehoyle
Fixes#38905.
git-svn-id: https://develop.svn.wordpress.org/trunk@39348 602fd350-edb4-49c9-b593-d223f7449a82
Sending a request to update a page with the template property set to an empty string resulted in an error because “” was not a valid value in the enum.
Props lucasstark, swissspidy.
Fixes#38877.
git-svn-id: https://develop.svn.wordpress.org/trunk@39343 602fd350-edb4-49c9-b593-d223f7449a82
There's a couple of places where we were missing type notes for arguments, which mainly affects documentation.
Props jnylen0.
Fixes#38792.
git-svn-id: https://develop.svn.wordpress.org/trunk@39250 602fd350-edb4-49c9-b593-d223f7449a82
Now all public query vars are not supoprted via `?filter` in the REST API, we can remove the get_allowed_query_vars() method and filter. To provide developers with a good altnerative to `filter`, the `"rest_{$this->post_type}_collection_params"` filter has been added.
Props rmccue, rachelbacker, danielbachhuber.
Fixes#38629.
git-svn-id: https://develop.svn.wordpress.org/trunk@39162 602fd350-edb4-49c9-b593-d223f7449a82
This filter was originally introduced in https://github.com/WP-API/WP-API/pull/2535 to support Customizer Changesets (née Transactions). This is a super broad filter and doesn't really fit with the design of the API, nor is it (arguably) the right level to do this.
Props rmccue.
Fixes#38701.
git-svn-id: https://develop.svn.wordpress.org/trunk@39161 602fd350-edb4-49c9-b593-d223f7449a82
This necessitates a change to our slashing code as well. Ah slashing, the cause of, and solution to, all of life's problems.
Props jnylen0.
Fixes#38609.
git-svn-id: https://develop.svn.wordpress.org/trunk@39155 602fd350-edb4-49c9-b593-d223f7449a82
Add the `deleted` property to the root of the Response object to communicate if the delete action was successful. Move the state of the resource prior to the delete request under a new `previous` property. As a result DELETE responses are now structured like so:
`{ deleted: true, previous: { ... } }`
Also includes helpful information to DELETE requests for resources that are not trashable.
Props timmydcrawford, rmccue, jnylen0.
Fixes#38494.
git-svn-id: https://develop.svn.wordpress.org/trunk@39126 602fd350-edb4-49c9-b593-d223f7449a82
Multiple post statuses can be specified by the usual CSV or array-propper format.
Props jnylen0, kadamwhite, websupporter.
Fixes#38420.
git-svn-id: https://develop.svn.wordpress.org/trunk@39104 602fd350-edb4-49c9-b593-d223f7449a82
Some parameters (`title`, `content`, etc) are objects in the output, but allow objects or strings to be sent in updates for a more ergonomic interface. This is pretty weird behaviour, so the default sanitisation doesn't handle this. We instead handle this ourselves in the preparation.
Props joehoyle, rachelbaker.
Fixes#38529.
git-svn-id: https://develop.svn.wordpress.org/trunk@39089 602fd350-edb4-49c9-b593-d223f7449a82
While it's valid to save any format to the database, and WordPress is totally fine with that, we should only include the formats specified by the theme in the schema.
Props danielbachhuber.
Fixes#38610.
git-svn-id: https://develop.svn.wordpress.org/trunk@39084 602fd350-edb4-49c9-b593-d223f7449a82
[39048] added CSV support to array types, this change explicitly parses term lists as IDs, and adds tests.
Props timmydcrawford, pento.
Fixes#38553.
git-svn-id: https://develop.svn.wordpress.org/trunk@39055 602fd350-edb4-49c9-b593-d223f7449a82
The password field was incorrectly only added to "post" post types, but is supported for all post types in the Dashboard UI.
Props jnylen0.
Fixes#38582.
git-svn-id: https://develop.svn.wordpress.org/trunk@39047 602fd350-edb4-49c9-b593-d223f7449a82
By allowing more fine-grained validation and sanitisation of endpoint args, we can ensure the correct data is being passed to endpoints.
This can easily be extended to support new data types, such as CSV fields or objects.
Props joehoyle, rachelbaker, pento.
Fixes#38531.
git-svn-id: https://develop.svn.wordpress.org/trunk@39046 602fd350-edb4-49c9-b593-d223f7449a82
Hiding WP_Query params under the filter key (instead of allowing them to be top-level params) was one of our biggest complaints from users of v1 of our REST API. This walks back the re-introduction of the `filter` param during Beta 15, which introduced an "inconsistent mess" and "exposing WP_Query through filter has and will continue to be difficult to support." See https://github.com/WP-API/WP-API/issues/2799.
Props websupporter, rachelbaker.
Fixes#38378.
git-svn-id: https://develop.svn.wordpress.org/trunk@38968 602fd350-edb4-49c9-b593-d223f7449a82
Currently we are using a different validate callback, so the `enum` is not interpretted. We just have to fallback to the result of `rest_validate_request_arg` in our custom wrapper function.
Fixes#38417.
git-svn-id: https://develop.svn.wordpress.org/trunk@38911 602fd350-edb4-49c9-b593-d223f7449a82
REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:
- Posts: Read and write access to all post data, for all types of post-based data, including pages and media.
- Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.
- Terms: Read and write access to all term data.
- Users: Read and write access to all user data. This includes public access to some data for post authors.
- Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.
- Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.
Love your REST API, WordPress! The infrastructure says, "Let's do lunch!" but the content API endpoints say, "You're paying!"
Props rmccue, rachelbaker, danielbachhuber, joehoyle, adamsilverstein, afurculita, ahmadawais, airesvsg, alisspers, antisilent, apokalyptik, artoliukkonen, attitude, boonebgorges, bradyvercher, brianhogg, caseypatrickdriscoll, chopinbach, chredd, christianesperar, chrisvanpatten, claudiolabarbera, claudiosmweb, cmmarslender, codebykat, coderkevin, codfish, codonnell822, daggerhart, danielpunkass, davidbhayes, delphinus, desrosj, dimadin, dotancohen, DrewAPicture, Dudo1985, duncanjbrown, eherman24, eivhyl, eliorivero, elyobo, en-alis, ericandrewlewis, ericpedia, evansobkowicz, fjarrett, frozzare, georgestephanis, greatislander, guavaworks, hideokamoto, hkdobrev, hubdotcom, hurtige, iandunn, ircrash, ironpaperweight, iseulde, Japh, jaredcobb, JDGrimes, jdolan, jdoubleu, jeremyfelt, jimt, jjeaton, jmusal, jnylen0, johanmynhardt, johnbillion, jonathanbardo, jorbin, joshkadis, JPry, jshreve, jtsternberg, JustinSainton, kacperszurek, kadamwhite, kalenjohnson, kellbot, kjbenk, kokarn, krogsgard, kuchenundkakao, kuldipem, kwight, lgedeon, lukepettway, mantismamita, markoheijnen, matrixik, mattheu, mauteri, maxcutler, mayukojpn, michael-arestad, miyauchi, mjbanks, modemlooper, mrbobbybryant, NateWr, nathanrice, netweb, NikV, nullvariable, oskosk, oso96_2000, oxymoron, pcfreak30, pento, peterwilsoncc, Pezzab, phh, pippinsplugins, pjgalbraith, pkevan, pollyplummer, pushred, quasel, QWp6t, schlessera, schrapel, Shelob9, shprink, simonlampen, Soean, solal, tapsboy, tfrommen, tharsheblows, thenbrent, tierra, tlovett1, tnegri, tobych, Toddses, toro_unit, traversal, vanillalounge, vishalkakadiya, wanecek, web2style, webbgaraget, websupporter, westonruter, whyisjake, wonderboymusic, wpsmith, xknown, zyphonic.
Fixes#38373.
git-svn-id: https://develop.svn.wordpress.org/trunk@38832 602fd350-edb4-49c9-b593-d223f7449a82
