Skip to content

Commit a830dbc

Browse files
kadamwhitekadamwhite
committed
REST API: Support meta registration for specific object subtypes.
Introduce an `object_subtype` argument to the args array for `register_meta()` which can be used to limit meta registration to a single subtype (e.g. a custom post type or taxonomy, vs all posts or taxonomies). Introduce `register_post_meta()` and `register_term_meta()` wrapper methods for `register_meta` to provide a convenient interface for the common case of registering meta for a specific taxonomy or post type. These methods work the way plugin developers have often expected `register_meta` to function, and should be used in place of direct `register_meta` where possible. Props flixos90, tharsheblows, spacedmonkey. Fixes #38323. git-svn-id: https://develop.svn.wordpress.org/trunk@43378 602fd350-edb4-49c9-b593-d223f7449a82
1 parent cdd9910 commit a830dbc

14 files changed

Lines changed: 1043 additions & 165 deletions

src/wp-includes/capabilities.php

Lines changed: 71 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -281,45 +281,9 @@ function map_meta_cap( $cap, $user_id ) {
281281
list( $_, $object_type, $_ ) = explode( '_', $cap );
282282
$object_id = (int) $args[0];
283283

284-
switch ( $object_type ) {
285-
case 'post':
286-
$post = get_post( $object_id );
287-
if ( ! $post ) {
288-
break;
289-
}
290-
291-
$sub_type = get_post_type( $post );
292-
break;
293-
294-
case 'comment':
295-
$comment = get_comment( $object_id );
296-
if ( ! $comment ) {
297-
break;
298-
}
299-
300-
$sub_type = empty( $comment->comment_type ) ? 'comment' : $comment->comment_type;
301-
break;
302-
303-
case 'term':
304-
$term = get_term( $object_id );
305-
if ( ! $term instanceof WP_Term ) {
306-
break;
307-
}
308-
309-
$sub_type = $term->taxonomy;
310-
break;
284+
$object_subtype = get_object_subtype( $object_type, $object_id );
311285

312-
case 'user':
313-
$user = get_user_by( 'id', $object_id );
314-
if ( ! $user ) {
315-
break;
316-
}
317-
318-
$sub_type = 'user';
319-
break;
320-
}
321-
322-
if ( empty( $sub_type ) ) {
286+
if ( empty( $object_subtype ) ) {
323287
$caps[] = 'do_not_allow';
324288
break;
325289
}
@@ -328,55 +292,79 @@ function map_meta_cap( $cap, $user_id ) {
328292

329293
$meta_key = isset( $args[1] ) ? $args[1] : false;
330294

331-
$has_filter = has_filter( "auth_{$object_type}_meta_{$meta_key}" ) || has_filter( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}" );
332-
if ( $meta_key && $has_filter ) {
333-
334-
/**
335-
* Filters whether the user is allowed to edit meta for specific object types.
336-
*
337-
* Return true to have the mapped meta caps from `edit_{$object_type}` apply.
338-
*
339-
* The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
340-
* The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
341-
*
342-
* @since 3.3.0 As `auth_post_meta_{$meta_key}`.
343-
* @since 4.6.0
344-
*
345-
* @param bool $allowed Whether the user can add the object meta. Default false.
346-
* @param string $meta_key The meta key.
347-
* @param int $object_id Object ID.
348-
* @param int $user_id User ID.
349-
* @param string $cap Capability name.
350-
* @param string[] $caps Array of the user's capabilities.
351-
*/
352-
$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", false, $meta_key, $object_id, $user_id, $cap, $caps );
353-
354-
/**
355-
* Filters whether the user is allowed to edit meta for specific object types/subtypes.
356-
*
357-
* Return true to have the mapped meta caps from `edit_{$object_type}` apply.
358-
*
359-
* The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
360-
* The dynamic portion of the hook name, `$sub_type` refers to the object subtype being filtered.
361-
* The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
362-
*
363-
* @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`.
364-
* @since 4.7.0
365-
*
366-
* @param bool $allowed Whether the user can add the object meta. Default false.
367-
* @param string $meta_key The meta key.
368-
* @param int $object_id Object ID.
369-
* @param int $user_id User ID.
370-
* @param string $cap Capability name.
371-
* @param string[] $caps Array of the user's capabilities.
372-
*/
373-
$allowed = apply_filters( "auth_{$object_type}_{$sub_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
295+
if ( $meta_key ) {
296+
$allowed = ! is_protected_meta( $meta_key, $object_type );
297+
298+
if ( ! empty( $object_subtype ) && has_filter( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" ) ) {
299+
300+
/**
301+
* Filters whether the user is allowed to edit a specific meta key of a specific object type and subtype.
302+
*
303+
* The dynamic portions of the hook name, `$object_type`, `$meta_key`,
304+
* and `$object_subtype`, refer to the metadata object type (comment, post, term or user),
305+
* the meta key value, and the object subtype respectively.
306+
*
307+
* @since 5.0.0
308+
*
309+
* @param bool $allowed Whether the user can add the object meta. Default false.
310+
* @param string $meta_key The meta key.
311+
* @param int $object_id Object ID.
312+
* @param int $user_id User ID.
313+
* @param string $cap Capability name.
314+
* @param string[] $caps Array of the user's capabilities.
315+
*/
316+
$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
317+
} else {
318+
319+
/**
320+
* Filters whether the user is allowed to edit a specific meta key of a specific object type.
321+
*
322+
* Return true to have the mapped meta caps from `edit_{$object_type}` apply.
323+
*
324+
* The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
325+
* The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
326+
*
327+
* @since 3.3.0 As `auth_post_meta_{$meta_key}`.
328+
* @since 4.6.0
329+
*
330+
* @param bool $allowed Whether the user can add the object meta. Default false.
331+
* @param string $meta_key The meta key.
332+
* @param int $object_id Object ID.
333+
* @param int $user_id User ID.
334+
* @param string $cap Capability name.
335+
* @param string[] $caps Array of the user's capabilities.
336+
*/
337+
$allowed = apply_filters( "auth_{$object_type}_meta_{$meta_key}", $allowed, $meta_key, $object_id, $user_id, $cap, $caps );
338+
}
339+
340+
if ( ! empty( $object_subtype ) ) {
341+
342+
/**
343+
* Filters whether the user is allowed to edit meta for specific object types/subtypes.
344+
*
345+
* Return true to have the mapped meta caps from `edit_{$object_type}` apply.
346+
*
347+
* The dynamic portion of the hook name, `$object_type` refers to the object type being filtered.
348+
* The dynamic portion of the hook name, `$object_subtype` refers to the object subtype being filtered.
349+
* The dynamic portion of the hook name, `$meta_key`, refers to the meta key passed to map_meta_cap().
350+
*
351+
* @since 4.6.0 As `auth_post_{$post_type}_meta_{$meta_key}`.
352+
* @since 4.7.0
353+
* @deprecated 5.0.0 Use `auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}`
354+
*
355+
* @param bool $allowed Whether the user can add the object meta. Default false.
356+
* @param string $meta_key The meta key.
357+
* @param int $object_id Object ID.
358+
* @param int $user_id User ID.
359+
* @param string $cap Capability name.
360+
* @param string[] $caps Array of the user's capabilities.
361+
*/
362+
$allowed = apply_filters_deprecated( "auth_{$object_type}_{$object_subtype}_meta_{$meta_key}", array( $allowed, $meta_key, $object_id, $user_id, $cap, $caps ), '5.0.0', "auth_{$object_type}_meta_{$meta_key}_for_{$object_subtype}" );
363+
}
374364

375365
if ( ! $allowed ) {
376366
$caps[] = $cap;
377367
}
378-
} elseif ( $meta_key && is_protected_meta( $meta_key, $object_type ) ) {
379-
$caps[] = $cap;
380368
}
381369
break;
382370
case 'edit_comment':

0 commit comments

Comments
 (0)