From e2d4385a4f37c8a5ad2020a91013a7603725e3ea Mon Sep 17 00:00:00 2001 From: TimothyBlynJacobs Date: Tue, 9 Nov 2021 19:00:01 +0000 Subject: [PATCH] REST API: Introduce Menu management endpoints. This commit introduces the `/wp/v2/menus`, `/wp/v2/menu-items` and `/wp/v2/menu-locations` REST API endpoints. These endpoints are fully available to users with the `edit_theme_options` capability, but can be read by any user who can edit a REST API available post type. The `nav_menu` taxonomy and `nav_menu_item` post type now map their capabilities to the `edit_theme_options` primitive capability. This allows developers to provide more fine-grained access control. However, if a developer is currently dynamically removing the `edit_theme_options` capability using `map_meta_cap`, they should use the `user_has_cap` filter instead. The `wp_update_nav_menu_item()` function has been adjusted to return an error if saving the menu item post or assigning the menu item to a menu generate an error. Lastly, a new menu item type is introduced, `block`, that can be used to store a Block as a menu item. Props andraganescu, antonvlasenko, dingo_d, dlh, isabel_brison, kadamwhite, Mamaduka, NateWr, noisysocks, peterwilsoncc, ryelle, schlessera, soean, Spacedmonkey, talldanwp, TimothyBlynJacobs, tobifjellner, westonruter, wpscholar, zieladam. Fixes #40878. Built from https://develop.svn.wordpress.org/trunk@52079 git-svn-id: http://core.svn.wordpress.org/trunk@51671 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/nav-menu.php | 24 +- wp-includes/post.php | 37 +- wp-includes/rest-api.php | 4 + .../class-wp-rest-menu-items-controller.php | 1073 +++++++++++++++++ ...lass-wp-rest-menu-locations-controller.php | 301 +++++ .../class-wp-rest-menus-controller.php | 568 +++++++++ .../class-wp-rest-posts-controller.php | 2 +- wp-includes/taxonomy.php | 25 +- wp-includes/version.php | 2 +- wp-settings.php | 3 + 10 files changed, 2017 insertions(+), 22 deletions(-) create mode 100644 wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php create mode 100644 wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php create mode 100644 wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php diff --git a/wp-includes/nav-menu.php b/wp-includes/nav-menu.php index 2aa147f867..8fceeb750e 100644 --- a/wp-includes/nav-menu.php +++ b/wp-includes/nav-menu.php @@ -406,10 +406,11 @@ function wp_update_nav_menu_object( $menu_id = 0, $menu_data = array() ) { /** * Save the properties of a menu item or create a new one. * - * The menu-item-title, menu-item-description, and menu-item-attr-title are expected - * to be pre-slashed since they are passed directly into `wp_insert_post()`. + * The menu-item-title, menu-item-description, menu-item-attr-title, and menu-item-content are expected + * to be pre-slashed since they are passed directly to APIs that expect slashed data. * * @since 3.0.0 + * @since 5.9.0 Added the menu-item-content parameter. * * @param int $menu_id The ID of the menu. Required. If "0", makes the menu item a draft orphan. * @param int $menu_item_db_id The ID of the menu item. If "0", creates a new menu item. @@ -448,6 +449,7 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item 'menu-item-attr-title' => '', 'menu-item-target' => '', 'menu-item-classes' => '', + 'menu-item-content' => '', 'menu-item-xfn' => '', 'menu-item-status' => '', 'menu-item-post-date' => '', @@ -526,7 +528,7 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item if ( ! $update ) { $post['ID'] = 0; $post['post_status'] = 'publish' === $args['menu-item-status'] ? 'publish' : 'draft'; - $menu_item_db_id = wp_insert_post( $post ); + $menu_item_db_id = wp_insert_post( $post, true ); if ( ! $menu_item_db_id || is_wp_error( $menu_item_db_id ) ) { return $menu_item_db_id; } @@ -548,7 +550,10 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item // Associate the menu item with the menu term. // Only set the menu term if it isn't set to avoid unnecessary wp_get_object_terms(). if ( $menu_id && ( ! $update || ! is_object_in_term( $menu_item_db_id, 'nav_menu', (int) $menu->term_id ) ) ) { - wp_set_object_terms( $menu_item_db_id, array( $menu->term_id ), 'nav_menu' ); + $update_terms = wp_set_object_terms( $menu_item_db_id, array( $menu->term_id ), 'nav_menu' ); + if ( is_wp_error( $update_terms ) ) { + return $update_terms; + } } if ( 'custom' === $args['menu-item-type'] ) { @@ -569,6 +574,7 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] ); update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] ); update_post_meta( $menu_item_db_id, '_menu_item_url', esc_url_raw( $args['menu-item-url'] ) ); + update_post_meta( $menu_item_db_id, '_menu_item_content', $args['menu-item-content'] ); if ( 0 == $menu_id ) { update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() ); @@ -580,7 +586,11 @@ function wp_update_nav_menu_item( $menu_id = 0, $menu_item_db_id = 0, $menu_item if ( $update ) { $post['ID'] = $menu_item_db_id; $post['post_status'] = ( 'draft' === $args['menu-item-status'] ) ? 'draft' : 'publish'; - wp_update_post( $post ); + + $update_post = wp_update_post( $post, true ); + if ( is_wp_error( $update_post ) ) { + return $update_post; + } } /** @@ -903,6 +913,10 @@ function wp_setup_nav_menu_item( $menu_item ) { $menu_item->title = ( '' === $menu_item->post_title ) ? $original_title : $menu_item->post_title; + } elseif ( 'block' === $menu_item->type ) { + $menu_item->type_label = __( 'Block' ); + $menu_item->title = $menu_item->post_title; + $menu_item->menu_item_content = ! isset( $menu_item->menu_item_content ) ? get_post_meta( $menu_item->ID, '_menu_item_content', true ) : $menu_item->menu_item_content; } else { $menu_item->type_label = __( 'Custom Link' ); $menu_item->title = $menu_item->post_title; diff --git a/wp-includes/post.php b/wp-includes/post.php index 96ed177773..c40597dbb1 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -126,16 +126,39 @@ function create_initial_post_types() { register_post_type( 'nav_menu_item', array( - 'labels' => array( + 'labels' => array( 'name' => __( 'Navigation Menu Items' ), 'singular_name' => __( 'Navigation Menu Item' ), ), - 'public' => false, - '_builtin' => true, /* internal use only. don't use this when registering your own post type. */ - 'hierarchical' => false, - 'rewrite' => false, - 'delete_with_user' => false, - 'query_var' => false, + 'public' => false, + '_builtin' => true, /* internal use only. don't use this when registering your own post type. */ + 'hierarchical' => false, + 'rewrite' => false, + 'delete_with_user' => false, + 'query_var' => false, + 'map_meta_cap' => true, + 'capability_type' => array( 'edit_theme_options', 'edit_theme_options' ), + 'capabilities' => array( + // Meta Capabilities. + 'edit_post' => 'edit_post', + 'read_post' => 'read_post', + 'delete_post' => 'delete_post', + // Primitive Capabilities. + 'edit_posts' => 'edit_theme_options', + 'edit_others_posts' => 'edit_theme_options', + 'delete_posts' => 'edit_theme_options', + 'publish_posts' => 'edit_theme_options', + 'read_private_posts' => 'edit_theme_options', + 'read' => 'read', + 'delete_private_posts' => 'edit_theme_options', + 'delete_published_posts' => 'edit_theme_options', + 'delete_others_posts' => 'edit_theme_options', + 'edit_private_posts' => 'edit_theme_options', + 'edit_published_posts' => 'edit_theme_options', + ), + 'show_in_rest' => true, + 'rest_base' => 'menu-items', + 'rest_controller_class' => 'WP_REST_Menu_Items_Controller', ) ); diff --git a/wp-includes/rest-api.php b/wp-includes/rest-api.php index b2df5ad62d..4efb69dbf3 100644 --- a/wp-includes/rest-api.php +++ b/wp-includes/rest-api.php @@ -345,6 +345,10 @@ function create_initial_rest_routes() { // URL Details. $controller = new WP_REST_URL_Details_Controller(); $controller->register_routes(); + + // Menu Locations. + $controller = new WP_REST_Menu_Locations_Controller(); + $controller->register_routes(); } /** diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php new file mode 100644 index 0000000000..a461a937e5 --- /dev/null +++ b/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php @@ -0,0 +1,1073 @@ +get_post( $id ); + if ( is_wp_error( $post ) ) { + return $post; + } + + return wp_setup_nav_menu_item( $post ); + } + + /** + * Checks if a given request has access to read menu items. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True if the request has read access, WP_Error object otherwise. + */ + public function get_items_permissions_check( $request ) { + $has_permission = parent::get_items_permissions_check( $request ); + + if ( true !== $has_permission ) { + return $has_permission; + } + + return $this->check_has_read_only_access( $request ); + } + + /** + * Checks if a given request has access to read a menu item if they have access to edit them. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise. + */ + public function get_item_permissions_check( $request ) { + $permission_check = parent::get_item_permissions_check( $request ); + + if ( true !== $permission_check ) { + return $permission_check; + } + + return $this->check_has_read_only_access( $request ); + } + + /** + * Checks whether the current user has read permission for the endpoint. + * + * This allows for any user that can `edit_theme_options` or edit any REST API available post type. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return bool|WP_Error Whether the current user has permission. + */ + protected function check_has_read_only_access( $request ) { + if ( current_user_can( 'edit_theme_options' ) ) { + return true; + } + + if ( current_user_can( 'edit_posts' ) ) { + return true; + } + + foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { + if ( current_user_can( $post_type->cap->edit_posts ) ) { + return true; + } + } + + return new WP_Error( + 'rest_cannot_view', + __( 'Sorry, you are not allowed to view menu items.' ), + array( 'status' => rest_authorization_required_code() ) + ); + } + + /** + * Creates a single post. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function create_item( $request ) { + if ( ! empty( $request['id'] ) ) { + return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) ); + } + + $prepared_nav_item = $this->prepare_item_for_database( $request ); + + if ( is_wp_error( $prepared_nav_item ) ) { + return $prepared_nav_item; + } + $prepared_nav_item = (array) $prepared_nav_item; + + $nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], wp_slash( $prepared_nav_item ) ); + if ( is_wp_error( $nav_menu_item_id ) ) { + if ( 'db_insert_error' === $nav_menu_item_id->get_error_code() ) { + $nav_menu_item_id->add_data( array( 'status' => 500 ) ); + } else { + $nav_menu_item_id->add_data( array( 'status' => 400 ) ); + } + + return $nav_menu_item_id; + } + + $nav_menu_item = $this->get_nav_menu_item( $nav_menu_item_id ); + if ( is_wp_error( $nav_menu_item ) ) { + $nav_menu_item->add_data( array( 'status' => 404 ) ); + + return $nav_menu_item; + } + + /** + * Fires after a single menu item is created or updated via the REST API. + * + * @since 5.9.0 + * + * @param object $nav_menu_item Inserted or updated menu item object. + * @param WP_REST_Request $request Request object. + * @param bool $creating True when creating a menu item, false when updating. + */ + do_action( 'rest_insert_nav_menu_item', $nav_menu_item, $request, true ); + + $schema = $this->get_item_schema(); + + if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { + $meta_update = $this->meta->update_value( $request['meta'], $nav_menu_item_id ); + + if ( is_wp_error( $meta_update ) ) { + return $meta_update; + } + } + + $nav_menu_item = $this->get_nav_menu_item( $nav_menu_item_id ); + $fields_update = $this->update_additional_fields_for_object( $nav_menu_item, $request ); + + if ( is_wp_error( $fields_update ) ) { + return $fields_update; + } + + $request->set_param( 'context', 'edit' ); + + /** + * Fires after a single menu item is completely created or updated via the REST API. + * + * @since 5.9.0 + * + * @param object $nav_menu_item Inserted or updated menu item object. + * @param WP_REST_Request $request Request object. + * @param bool $creating True when creating a menu item, false when updating. + */ + do_action( 'rest_after_insert_nav_menu_item', $nav_menu_item, $request, true ); + + $response = $this->prepare_item_for_response( get_post( $nav_menu_item_id ), $request ); + $response = rest_ensure_response( $response ); + + $response->set_status( 201 ); + $response->header( 'Location', rest_url( sprintf( '%s/%s/%d', $this->namespace, $this->rest_base, $nav_menu_item_id ) ) ); + + return $response; + } + + /** + * Updates a single nav menu item. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function update_item( $request ) { + $valid_check = $this->get_nav_menu_item( $request['id'] ); + if ( is_wp_error( $valid_check ) ) { + return $valid_check; + } + + $prepared_nav_item = $this->prepare_item_for_database( $request ); + + if ( is_wp_error( $prepared_nav_item ) ) { + return $prepared_nav_item; + } + + $prepared_nav_item = (array) $prepared_nav_item; + + $nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id'], $prepared_nav_item['menu-item-db-id'], wp_slash( $prepared_nav_item ) ); + + if ( is_wp_error( $nav_menu_item_id ) ) { + if ( 'db_update_error' === $nav_menu_item_id->get_error_code() ) { + $nav_menu_item_id->add_data( array( 'status' => 500 ) ); + } else { + $nav_menu_item_id->add_data( array( 'status' => 400 ) ); + } + + return $nav_menu_item_id; + } + + $nav_menu_item = $this->get_nav_menu_item( $nav_menu_item_id ); + if ( is_wp_error( $nav_menu_item ) ) { + $nav_menu_item->add_data( array( 'status' => 404 ) ); + + return $nav_menu_item; + } + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php */ + do_action( 'rest_insert_nav_menu_item', $nav_menu_item, $request, false ); + + $schema = $this->get_item_schema(); + + if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { + $meta_update = $this->meta->update_value( $request['meta'], $nav_menu_item->ID ); + + if ( is_wp_error( $meta_update ) ) { + return $meta_update; + } + } + + $nav_menu_item = $this->get_nav_menu_item( $nav_menu_item_id ); + $fields_update = $this->update_additional_fields_for_object( $nav_menu_item, $request ); + + if ( is_wp_error( $fields_update ) ) { + return $fields_update; + } + + $request->set_param( 'context', 'edit' ); + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php */ + do_action( 'rest_after_insert_nav_menu_item', $nav_menu_item, $request, false ); + + $response = $this->prepare_item_for_response( get_post( $nav_menu_item_id ), $request ); + + return rest_ensure_response( $response ); + } + + /** + * Deletes a single menu item. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error True on success, or WP_Error object on failure. + */ + public function delete_item( $request ) { + $menu_item = $this->get_nav_menu_item( $request['id'] ); + if ( is_wp_error( $menu_item ) ) { + return $menu_item; + } + + // We don't support trashing for menu items. + if ( ! $request['force'] ) { + /* translators: %s: force=true */ + return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Menu items do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); + } + + $previous = $this->prepare_item_for_response( get_post( $request['id'] ), $request ); + + $result = wp_delete_post( $request['id'], true ); + + if ( ! $result ) { + return new WP_Error( 'rest_cannot_delete', __( 'The post cannot be deleted.' ), array( 'status' => 500 ) ); + } + + $response = new WP_REST_Response(); + $response->set_data( + array( + 'deleted' => true, + 'previous' => $previous->get_data(), + ) + ); + + /** + * Fires immediately after a single menu item is deleted via the REST API. + * + * @since 5.9.0 + * + * @param object $nav_menu_item Inserted or updated menu item object. + * @param WP_REST_Response $response The response data. + * @param WP_REST_Request $request Request object. + */ + do_action( 'rest_delete_nav_menu_item', $menu_item, $response, $request ); + + return $response; + } + + /** + * Prepares a single post for create or update. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Request object. + * + * @return object|WP_Error + */ + protected function prepare_item_for_database( $request ) { + $menu_item_db_id = $request['id']; + $menu_item_obj = $this->get_nav_menu_item( $menu_item_db_id ); + // Need to persist the menu item data. See https://core.trac.wordpress.org/ticket/28138 + if ( ! is_wp_error( $menu_item_obj ) ) { + // Correct the menu position if this was the first item. See https://core.trac.wordpress.org/ticket/28140 + $position = ( 0 === $menu_item_obj->menu_order ) ? 1 : $menu_item_obj->menu_order; + + $prepared_nav_item = array( + 'menu-item-db-id' => $menu_item_db_id, + 'menu-item-object-id' => $menu_item_obj->object_id, + 'menu-item-object' => $menu_item_obj->object, + 'menu-item-parent-id' => $menu_item_obj->menu_item_parent, + 'menu-item-position' => $position, + 'menu-item-type' => $menu_item_obj->type, + 'menu-item-title' => $menu_item_obj->title, + 'menu-item-url' => $menu_item_obj->url, + 'menu-item-description' => $menu_item_obj->description, + 'menu-item-content' => $menu_item_obj->menu_item_content, + 'menu-item-attr-title' => $menu_item_obj->attr_title, + 'menu-item-target' => $menu_item_obj->target, + 'menu-item-classes' => $menu_item_obj->classes, + // Stored in the database as a string. + 'menu-item-xfn' => explode( ' ', $menu_item_obj->xfn ), + 'menu-item-status' => $menu_item_obj->post_status, + 'menu-id' => $this->get_menu_id( $menu_item_db_id ), + ); + } else { + $prepared_nav_item = array( + 'menu-id' => 0, + 'menu-item-db-id' => 0, + 'menu-item-object-id' => 0, + 'menu-item-object' => '', + 'menu-item-parent-id' => 0, + 'menu-item-position' => 1, + 'menu-item-type' => 'custom', + 'menu-item-title' => '', + 'menu-item-url' => '', + 'menu-item-description' => '', + 'menu-item-content' => '', + 'menu-item-attr-title' => '', + 'menu-item-target' => '', + 'menu-item-classes' => array(), + 'menu-item-xfn' => array(), + 'menu-item-status' => 'publish', + ); + } + + $mapping = array( + 'menu-item-db-id' => 'id', + 'menu-item-object-id' => 'object_id', + 'menu-item-object' => 'object', + 'menu-item-parent-id' => 'parent', + 'menu-item-position' => 'menu_order', + 'menu-item-type' => 'type', + 'menu-item-url' => 'url', + 'menu-item-description' => 'description', + 'menu-item-attr-title' => 'attr_title', + 'menu-item-target' => 'target', + 'menu-item-classes' => 'classes', + 'menu-item-xfn' => 'xfn', + 'menu-item-status' => 'status', + ); + + $schema = $this->get_item_schema(); + + foreach ( $mapping as $original => $api_request ) { + if ( isset( $request[ $api_request ] ) ) { + $prepared_nav_item[ $original ] = $request[ $api_request ]; + } + } + + $taxonomy = get_taxonomy( 'nav_menu' ); + $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; + // If menus submitted, cast to int. + if ( ! empty( $request[ $base ] ) ) { + $prepared_nav_item['menu-id'] = absint( $request[ $base ] ); + } + + // Nav menu title. + if ( ! empty( $schema['properties']['title'] ) && isset( $request['title'] ) ) { + if ( is_string( $request['title'] ) ) { + $prepared_nav_item['menu-item-title'] = $request['title']; + } elseif ( ! empty( $request['title']['raw'] ) ) { + $prepared_nav_item['menu-item-title'] = $request['title']['raw']; + } + } + + // Nav menu content. + if ( ! empty( $schema['properties']['content'] ) && isset( $request['content'] ) ) { + if ( is_string( $request['content'] ) ) { + $prepared_nav_item['menu-item-content'] = $request['content']; + } elseif ( isset( $request['content']['raw'] ) ) { + $prepared_nav_item['menu-item-content'] = $request['content']['raw']; + } + } + + $error = new WP_Error(); + + // Check if object id exists before saving. + if ( ! $prepared_nav_item['menu-item-object'] ) { + // If taxonomy, check if term exists. + if ( 'taxonomy' === $prepared_nav_item['menu-item-type'] ) { + $original = get_term( absint( $prepared_nav_item['menu-item-object-id'] ) ); + if ( empty( $original ) || is_wp_error( $original ) ) { + $error->add( 'rest_term_invalid_id', __( 'Invalid term ID.' ), array( 'status' => 400 ) ); + } else { + $prepared_nav_item['menu-item-object'] = get_term_field( 'taxonomy', $original ); + } + // If post, check if post object exists. + } elseif ( 'post_type' === $prepared_nav_item['menu-item-type'] ) { + $original = get_post( absint( $prepared_nav_item['menu-item-object-id'] ) ); + if ( empty( $original ) ) { + $error->add( 'rest_post_invalid_id', __( 'Invalid post ID.' ), array( 'status' => 400 ) ); + } else { + $prepared_nav_item['menu-item-object'] = get_post_type( $original ); + } + } + } + + // If post type archive, check if post type exists. + if ( 'post_type_archive' === $prepared_nav_item['menu-item-type'] ) { + $post_type = $prepared_nav_item['menu-item-object'] ? $prepared_nav_item['menu-item-object'] : false; + $original = get_post_type_object( $post_type ); + if ( ! $original ) { + $error->add( 'rest_post_invalid_type', __( 'Invalid post type.' ), array( 'status' => 400 ) ); + } + } + + // Check if menu item is type custom, then title and url are required. + if ( 'custom' === $prepared_nav_item['menu-item-type'] ) { + if ( '' === $prepared_nav_item['menu-item-title'] ) { + $error->add( 'rest_title_required', __( 'The title is required when using a custom menu item type.' ), array( 'status' => 400 ) ); + } + if ( empty( $prepared_nav_item['menu-item-url'] ) ) { + $error->add( 'rest_url_required', __( 'The url is required when using a custom menu item type.' ), array( 'status' => 400 ) ); + } + } + + // If menu item is type block, then content is required. + if ( 'block' === $prepared_nav_item['menu-item-type'] && empty( $prepared_nav_item['menu-item-content'] ) ) { + $error->add( 'rest_content_required', __( 'The content is required when using a block menu item type.' ), array( 'status' => 400 ) ); + } + + if ( $error->has_errors() ) { + return $error; + } + + // The xfn and classes properties are arrays, but passed to wp_update_nav_menu_item as a string. + foreach ( array( 'menu-item-xfn', 'menu-item-classes' ) as $key ) { + $prepared_nav_item[ $key ] = implode( ' ', $prepared_nav_item[ $key ] ); + } + + // Only draft / publish are valid post status for menu items. + if ( 'publish' !== $prepared_nav_item['menu-item-status'] ) { + $prepared_nav_item['menu-item-status'] = 'draft'; + } + + $prepared_nav_item = (object) $prepared_nav_item; + + /** + * Filters a menu item before it is inserted via the REST API. + * + * @since 5.9.0 + * + * @param object $prepared_nav_item An object representing a single menu item prepared + * for inserting or updating the database. + * @param WP_REST_Request $request Request object. + */ + return apply_filters( 'rest_pre_insert_nav_menu_item', $prepared_nav_item, $request ); + } + + /** + * Prepares a single post output for response. + * + * @since 5.9.0 + * + * @param WP_Post $item Post object. + * @param WP_REST_Request $request Request object. + * @return WP_REST_Response Response object. + */ + public function prepare_item_for_response( $item, $request ) { + // Base fields for every post. + $fields = $this->get_fields_for_response( $request ); + $menu_item = $this->get_nav_menu_item( $item->ID ); + $data = array(); + + if ( rest_is_field_included( 'id', $fields ) ) { + $data['id'] = $menu_item->ID; + } + + if ( rest_is_field_included( 'title', $fields ) ) { + $data['title'] = array(); + } + + if ( rest_is_field_included( 'title.raw', $fields ) ) { + $data['title']['raw'] = $menu_item->title; + } + + if ( rest_is_field_included( 'title.rendered', $fields ) ) { + add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); + + /** This filter is documented in wp-includes/post-template.php */ + $title = apply_filters( 'the_title', $menu_item->title, $menu_item->ID ); + + $data['title']['rendered'] = $title; + + remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); + } + + if ( rest_is_field_included( 'status', $fields ) ) { + $data['status'] = $menu_item->post_status; + } + + if ( rest_is_field_included( 'url', $fields ) ) { + $data['url'] = $menu_item->url; + } + + if ( rest_is_field_included( 'attr_title', $fields ) ) { + // Same as post_excerpt. + $data['attr_title'] = $menu_item->attr_title; + } + + if ( rest_is_field_included( 'description', $fields ) ) { + // Same as post_content. + $data['description'] = $menu_item->description; + } + + if ( rest_is_field_included( 'type', $fields ) ) { + $data['type'] = $menu_item->type; + } + + if ( rest_is_field_included( 'type_label', $fields ) ) { + $data['type_label'] = $menu_item->type_label; + } + + if ( rest_is_field_included( 'object', $fields ) ) { + $data['object'] = $menu_item->object; + } + + if ( rest_is_field_included( 'object_id', $fields ) ) { + // It is stored as a string, but should be exposed as an integer. + $data['object_id'] = absint( $menu_item->object_id ); + } + + if ( rest_is_field_included( 'content', $fields ) ) { + $data['content'] = array(); + } + + if ( rest_is_field_included( 'content.raw', $fields ) ) { + $data['content']['raw'] = $menu_item->menu_item_content; + } + + if ( rest_is_field_included( 'content.rendered', $fields ) ) { + /** This filter is documented in wp-includes/post-template.php */ + $data['content']['rendered'] = apply_filters( 'the_content', $menu_item->menu_item_content ); + } + + if ( rest_is_field_included( 'content.block_version', $fields ) ) { + $data['content']['block_version'] = block_version( $menu_item->menu_item_content ); + } + + if ( rest_is_field_included( 'parent', $fields ) ) { + // Same as post_parent, exposed as an integer. + $data['parent'] = (int) $menu_item->menu_item_parent; + } + + if ( rest_is_field_included( 'menu_order', $fields ) ) { + // Same as post_parent, exposed as an integer. + $data['menu_order'] = (int) $menu_item->menu_order; + } + + if ( rest_is_field_included( 'target', $fields ) ) { + $data['target'] = $menu_item->target; + } + + if ( rest_is_field_included( 'classes', $fields ) ) { + $data['classes'] = (array) $menu_item->classes; + } + + if ( rest_is_field_included( 'xfn', $fields ) ) { + $data['xfn'] = array_map( 'sanitize_html_class', explode( ' ', $menu_item->xfn ) ); + } + + if ( rest_is_field_included( 'invalid', $fields ) ) { + $data['invalid'] = (bool) $menu_item->_invalid; + } + + if ( rest_is_field_included( 'meta', $fields ) ) { + $data['meta'] = $this->meta->get_value( $menu_item->ID, $request ); + } + + $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); + + foreach ( $taxonomies as $taxonomy ) { + $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; + + if ( rest_is_field_included( $base, $fields ) ) { + $terms = get_the_terms( $item, $taxonomy->name ); + if ( ! is_array( $terms ) ) { + continue; + } + $term_ids = $terms ? array_values( wp_list_pluck( $terms, 'term_id' ) ) : array(); + if ( 'nav_menu' === $taxonomy->name ) { + $data[ $base ] = $term_ids ? array_shift( $term_ids ) : 0; + } else { + $data[ $base ] = $term_ids; + } + } + } + + $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; + $data = $this->add_additional_fields_to_object( $data, $request ); + $data = $this->filter_response_by_context( $data, $context ); + + // Wrap the data in a response object. + $response = rest_ensure_response( $data ); + + $links = $this->prepare_links( $item ); + $response->add_links( $links ); + + if ( ! empty( $links['self']['href'] ) ) { + $actions = $this->get_available_actions( $item, $request ); + + $self = $links['self']['href']; + + foreach ( $actions as $rel ) { + $response->add_link( $rel, $self ); + } + } + + /** + * Filters the menu item data for a REST API response. + * + * @since 5.9.0 + * + * @param WP_REST_Response $response The response object. + * @param object $menu_item Menu item setup by {@see wp_setup_nav_menu_item()}. + * @param WP_REST_Request $request Request object. + */ + return apply_filters( 'rest_prepare_nav_menu_item', $response, $menu_item, $request ); + } + + /** + * Prepares links for the request. + * + * @since 5.9.0 + * + * @param WP_Post $post Post object. + * @return array Links for the given post. + */ + protected function prepare_links( $post ) { + $links = parent::prepare_links( $post ); + $menu_item = $this->get_nav_menu_item( $post->ID ); + + if ( empty( $menu_item->object_id ) ) { + return $links; + } + + $path = ''; + $type = ''; + $key = $menu_item->type; + if ( 'post_type' === $menu_item->type ) { + $path = rest_get_route_for_post( $menu_item->object_id ); + $type = get_post_type( $menu_item->object_id ); + } elseif ( 'taxonomy' === $menu_item->type ) { + $path = rest_get_route_for_term( $menu_item->object_id ); + $type = get_term_field( 'taxonomy', $menu_item->object_id ); + } + + if ( $path && $type ) { + $links['https://api.w.org/menu-item-object'][] = array( + 'href' => rest_url( $path ), + $key => $type, + 'embeddable' => true, + ); + } + + return $links; + } + + /** + * Retrieve Link Description Objects that should be added to the Schema for the posts collection. + * + * @since 5.9.0 + * + * @return array + */ + protected function get_schema_links() { + $links = parent::get_schema_links(); + $href = rest_url( "{$this->namespace}/{$this->rest_base}/{id}" ); + $links[] = array( + 'rel' => 'https://api.w.org/menu-item-object', + 'title' => __( 'Get linked object.' ), + 'href' => $href, + 'targetSchema' => array( + 'type' => 'object', + 'properties' => array( + 'object' => array( + 'type' => 'integer', + ), + ), + ), + ); + + return $links; + } + + /** + * Retrieves the term's schema, conforming to JSON Schema. + * + * @since 5.9.0 + * + * @return array Item schema data. + */ + public function get_item_schema() { + $schema = array( + '$schema' => 'http://json-schema.org/draft-04/schema#', + 'title' => $this->post_type, + 'type' => 'object', + ); + + $schema['properties']['title'] = array( + 'description' => __( 'The title for the object.' ), + 'type' => array( 'string', 'object' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'properties' => array( + 'raw' => array( + 'description' => __( 'Title for the object, as it exists in the database.' ), + 'type' => 'string', + 'context' => array( 'edit' ), + ), + 'rendered' => array( + 'description' => __( 'HTML title for the object, transformed for display.' ), + 'type' => 'string', + 'context' => array( 'view', 'edit', 'embed' ), + 'readonly' => true, + ), + ), + ); + + $schema['properties']['id'] = array( + 'description' => __( 'Unique identifier for the object.' ), + 'type' => 'integer', + 'default' => 0, + 'minimum' => 0, + 'context' => array( 'view', 'edit', 'embed' ), + 'readonly' => true, + ); + + $schema['properties']['type_label'] = array( + 'description' => __( 'Name of type.' ), + 'type' => 'string', + 'context' => array( 'view', 'edit', 'embed' ), + 'readonly' => true, + ); + + $schema['properties']['type'] = array( + 'description' => __( 'The family of objects originally represented, such as "post_type" or "taxonomy".' ), + 'type' => 'string', + 'enum' => array( 'taxonomy', 'post_type', 'post_type_archive', 'custom', 'block' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'default' => 'custom', + ); + + $schema['properties']['status'] = array( + 'description' => __( 'A named status for the object.' ), + 'type' => 'string', + 'enum' => array_keys( get_post_stati( array( 'internal' => false ) ) ), + 'default' => 'publish', + 'context' => array( 'view', 'edit', 'embed' ), + ); + + $schema['properties']['parent'] = array( + 'description' => __( 'The ID for the parent of the object.' ), + 'type' => 'integer', + 'minimum' => 0, + 'default' => 0, + 'context' => array( 'view', 'edit', 'embed' ), + ); + + $schema['properties']['attr_title'] = array( + 'description' => __( 'Text for the title attribute of the link element for this menu item.' ), + 'type' => 'string', + 'context' => array( 'view', 'edit', 'embed' ), + 'arg_options' => array( + 'sanitize_callback' => 'sanitize_text_field', + ), + ); + + $schema['properties']['classes'] = array( + 'description' => __( 'Class names for the link element of this menu item.' ), + 'type' => 'array', + 'items' => array( + 'type' => 'string', + ), + 'context' => array( 'view', 'edit', 'embed' ), + 'arg_options' => array( + 'sanitize_callback' => function ( $value ) { + return array_map( 'sanitize_html_class', wp_parse_list( $value ) ); + }, + ), + ); + + $schema['properties']['description'] = array( + 'description' => __( 'The description of this menu item.' ), + 'type' => 'string', + 'context' => array( 'view', 'edit', 'embed' ), + 'arg_options' => array( + 'sanitize_callback' => 'sanitize_text_field', + ), + ); + + $schema['properties']['menu_order'] = array( + 'description' => __( 'The DB ID of the nav_menu_item that is this item\'s menu parent, if any, otherwise 0.' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'type' => 'integer', + 'minimum' => 1, + 'default' => 1, + ); + + $schema['properties']['object'] = array( + 'description' => __( 'The type of object originally represented, such as "category," "post", or "attachment."' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'type' => 'string', + 'arg_options' => array( + 'sanitize_callback' => 'sanitize_key', + ), + ); + + $schema['properties']['object_id'] = array( + 'description' => __( 'The database ID of the original object this menu item represents, for example the ID for posts or the term_id for categories.' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'type' => 'integer', + 'minimum' => 0, + 'default' => 0, + ); + + $schema['properties']['content'] = array( + 'description' => __( 'HTML content to display for this block menu item.' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'type' => array( 'string', 'object' ), + 'properties' => array( + 'raw' => array( + 'description' => __( 'HTML content, as it exists in the database.' ), + 'type' => 'string', + 'context' => array( 'edit' ), + ), + 'rendered' => array( + 'description' => __( 'HTML content, transformed for display.' ), + 'type' => 'string', + 'context' => array( 'view', 'edit' ), + 'readonly' => true, + ), + 'block_version' => array( + 'description' => __( 'Version of the block format used in the HTML content.' ), + 'type' => 'integer', + 'context' => array( 'edit' ), + 'readonly' => true, + ), + ), + ); + + $schema['properties']['target'] = array( + 'description' => __( 'The target attribute of the link element for this menu item.' ), + 'type' => 'string', + 'context' => array( 'view', 'edit', 'embed' ), + 'enum' => array( + '_blank', + '', + ), + ); + + $schema['properties']['type_label'] = array( + 'description' => __( 'The singular label used to describe this type of menu item.' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'type' => 'string', + 'readonly' => true, + ); + + $schema['properties']['url'] = array( + 'description' => __( 'The URL to which this menu item points.' ), + 'type' => 'string', + 'format' => 'uri', + 'context' => array( 'view', 'edit', 'embed' ), + 'arg_options' => array( + 'validate_callback' => static function ( $url ) { + if ( '' === $url ) { + return true; + } + + if ( esc_url_raw( $url ) ) { + return true; + } + + return new WP_Error( + 'rest_invalid_url', + __( 'Invalid URL.' ) + ); + }, + ), + ); + + $schema['properties']['xfn'] = array( + 'description' => __( 'The XFN relationship expressed in the link of this menu item.' ), + 'type' => 'array', + 'items' => array( + 'type' => 'string', + ), + 'context' => array( 'view', 'edit', 'embed' ), + 'arg_options' => array( + 'sanitize_callback' => function ( $value ) { + return array_map( 'sanitize_html_class', wp_parse_list( $value ) ); + }, + ), + ); + + $schema['properties']['invalid'] = array( + 'description' => __( 'Whether the menu item represents an object that no longer exists.' ), + 'context' => array( 'view', 'edit', 'embed' ), + 'type' => 'boolean', + 'readonly' => true, + ); + + $taxonomies = wp_list_filter( get_object_taxonomies( $this->post_type, 'objects' ), array( 'show_in_rest' => true ) ); + + foreach ( $taxonomies as $taxonomy ) { + $base = ! empty( $taxonomy->rest_base ) ? $taxonomy->rest_base : $taxonomy->name; + $schema['properties'][ $base ] = array( + /* translators: %s: taxonomy name */ + 'description' => sprintf( __( 'The terms assigned to the object in the %s taxonomy.' ), $taxonomy->name ), + 'type' => 'array', + 'items' => array( + 'type' => 'integer', + ), + 'context' => array( 'view', 'edit' ), + ); + + if ( 'nav_menu' === $taxonomy->name ) { + $schema['properties'][ $base ]['type'] = 'integer'; + unset( $schema['properties'][ $base ]['items'] ); + } + } + + $schema['properties']['meta'] = $this->meta->get_field_schema(); + + $schema_links = $this->get_schema_links(); + + if ( $schema_links ) { + $schema['links'] = $schema_links; + } + + return $this->add_additional_fields_schema( $schema ); + } + + /** + * Retrieves the query params for the posts collection. + * + * @since 5.9.0 + * + * @return array Collection parameters. + */ + public function get_collection_params() { + $query_params = parent::get_collection_params(); + + $query_params['menu_order'] = array( + 'description' => __( 'Limit result set to posts with a specific menu_order value.' ), + 'type' => 'integer', + ); + + $query_params['order'] = array( + 'description' => __( 'Order sort attribute ascending or descending.' ), + 'type' => 'string', + 'default' => 'asc', + 'enum' => array( 'asc', 'desc' ), + ); + + $query_params['orderby'] = array( + 'description' => __( 'Sort collection by object attribute.' ), + 'type' => 'string', + 'default' => 'menu_order', + 'enum' => array( + 'author', + 'date', + 'id', + 'include', + 'modified', + 'parent', + 'relevance', + 'slug', + 'include_slugs', + 'title', + 'menu_order', + ), + ); + // Change default to 100 items. + $query_params['per_page']['default'] = 100; + + return $query_params; + } + + /** + * Determines the allowed query_vars for a get_items() response and prepares + * them for WP_Query. + * + * @since 5.9.0 + * + * @param array $prepared_args Optional. Prepared WP_Query arguments. Default empty array. + * @param WP_REST_Request $request Optional. Full details about the request. + * @return array Items query arguments. + */ + protected function prepare_items_query( $prepared_args = array(), $request = null ) { + $query_args = parent::prepare_items_query( $prepared_args, $request ); + + // Map to proper WP_Query orderby param. + if ( isset( $query_args['orderby'], $request['orderby'] ) ) { + $orderby_mappings = array( + 'id' => 'ID', + 'include' => 'post__in', + 'slug' => 'post_name', + 'include_slugs' => 'post_name__in', + 'menu_order' => 'menu_order', + ); + + if ( isset( $orderby_mappings[ $request['orderby'] ] ) ) { + $query_args['orderby'] = $orderby_mappings[ $request['orderby'] ]; + } + } + + return $query_args; + } + + /** + * Gets the id of the menu that the given menu item belongs to. + * + * @since 5.9.0 + * + * @param int $menu_item_id Menu item id. + * @return int + */ + protected function get_menu_id( $menu_item_id ) { + $menu_ids = wp_get_post_terms( $menu_item_id, 'nav_menu', array( 'fields' => 'ids' ) ); + $menu_id = 0; + if ( $menu_ids && ! is_wp_error( $menu_ids ) ) { + $menu_id = array_shift( $menu_ids ); + } + + return $menu_id; + } +} diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php new file mode 100644 index 0000000000..17903fcd33 --- /dev/null +++ b/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php @@ -0,0 +1,301 @@ +namespace = 'wp/v2'; + $this->rest_base = 'menu-locations'; + } + + /** + * Registers the routes for the objects of the controller. + * + * @since 5.9.0 + * + * @see register_rest_route() + */ + public function register_routes() { + register_rest_route( + $this->namespace, + '/' . $this->rest_base, + array( + array( + 'methods' => WP_REST_Server::READABLE, + 'callback' => array( $this, 'get_items' ), + 'permission_callback' => array( $this, 'get_items_permissions_check' ), + 'args' => $this->get_collection_params(), + ), + 'schema' => array( $this, 'get_public_item_schema' ), + ) + ); + + register_rest_route( + $this->namespace, + '/' . $this->rest_base . '/(?P[\w-]+)', + array( + 'args' => array( + 'location' => array( + 'description' => __( 'An alphanumeric identifier for the menu location.' ), + 'type' => 'string', + ), + ), + array( + 'methods' => WP_REST_Server::READABLE, + 'callback' => array( $this, 'get_item' ), + 'permission_callback' => array( $this, 'get_item_permissions_check' ), + 'args' => array( + 'context' => $this->get_context_param( array( 'default' => 'view' ) ), + ), + ), + 'schema' => array( $this, 'get_public_item_schema' ), + ) + ); + } + + /** + * Checks whether a given request has permission to read menu locations. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_Error|bool True if the request has read access, WP_Error object otherwise. + */ + public function get_items_permissions_check( $request ) { + if ( ! current_user_can( 'edit_theme_options' ) ) { + return new WP_Error( + 'rest_cannot_view', + __( 'Sorry, you are not allowed to view menu locations.' ), + array( 'status' => rest_authorization_required_code() ) + ); + } + + return true; + } + + /** + * Retrieves all menu locations, depending on user context. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. + */ + public function get_items( $request ) { + $data = array(); + + foreach ( get_registered_nav_menus() as $name => $description ) { + $location = new stdClass(); + $location->name = $name; + $location->description = $description; + + $location = $this->prepare_item_for_response( $location, $request ); + $data[ $name ] = $this->prepare_response_for_collection( $location ); + } + + return rest_ensure_response( $data ); + } + + /** + * Checks if a given request has access to read a menu location. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_Error|bool True if the request has read access for the item, WP_Error object otherwise. + */ + public function get_item_permissions_check( $request ) { + if ( ! current_user_can( 'edit_theme_options' ) ) { + return new WP_Error( + 'rest_cannot_view', + __( 'Sorry, you are not allowed to view menu locations.' ), + array( 'status' => rest_authorization_required_code() ) + ); + } + + return true; + } + + /** + * Retrieves a specific menu location. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. + */ + public function get_item( $request ) { + $registered_menus = get_registered_nav_menus(); + if ( ! array_key_exists( $request['location'], $registered_menus ) ) { + return new WP_Error( 'rest_menu_location_invalid', __( 'Invalid menu location.' ), array( 'status' => 404 ) ); + } + + $location = new stdClass(); + $location->name = $request['location']; + $location->description = $registered_menus[ $location->name ]; + + $data = $this->prepare_item_for_response( $location, $request ); + + return rest_ensure_response( $data ); + } + + /** + * Prepares a menu location object for serialization. + * + * @since 5.9.0 + * + * @param stdClass $item Post status data. + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response Menu location data. + */ + public function prepare_item_for_response( $item, $request ) { + // Restores the more descriptive, specific name for use within this method. + $location = $item; + $locations = get_nav_menu_locations(); + $menu = isset( $locations[ $location->name ] ) ? $locations[ $location->name ] : 0; + + $fields = $this->get_fields_for_response( $request ); + $data = array(); + + if ( rest_is_field_included( 'name', $fields ) ) { + $data['name'] = $location->name; + } + + if ( rest_is_field_included( 'description', $fields ) ) { + $data['description'] = $location->description; + } + + if ( rest_is_field_included( 'menu', $fields ) ) { + $data['menu'] = (int) $menu; + } + + $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; + $data = $this->add_additional_fields_to_object( $data, $request ); + $data = $this->filter_response_by_context( $data, $context ); + + $response = rest_ensure_response( $data ); + + $response->add_links( $this->prepare_links( $location ) ); + + /** + * Filters menu location data returned from the REST API. + * + * @since 5.9.0 + * + * @param WP_REST_Response $response The response object. + * @param object $location The original location object. + * @param WP_REST_Request $request Request used to generate the response. + */ + return apply_filters( 'rest_prepare_menu_location', $response, $location, $request ); + } + + /** + * Retrieves the menu location's schema, conforming to JSON Schema. + * + * @since 5.9.0 + * + * @return array Item schema data. + */ + public function get_item_schema() { + if ( $this->schema ) { + return $this->add_additional_fields_schema( $this->schema ); + } + + $this->schema = array( + '$schema' => 'http://json-schema.org/draft-04/schema#', + 'title' => 'menu-location', + 'type' => 'object', + 'properties' => array( + 'name' => array( + 'description' => __( 'The name of the menu location.' ), + 'type' => 'string', + 'context' => array( 'embed', 'view', 'edit' ), + 'readonly' => true, + ), + 'description' => array( + 'description' => __( 'The description of the menu location.' ), + 'type' => 'string', + 'context' => array( 'embed', 'view', 'edit' ), + 'readonly' => true, + ), + 'menu' => array( + 'description' => __( 'The ID of the assigned menu.' ), + 'type' => 'integer', + 'context' => array( 'embed', 'view', 'edit' ), + 'readonly' => true, + ), + ), + ); + + return $this->add_additional_fields_schema( $this->schema ); + } + + /** + * Retrieves the query params for collections. + * + * @since 5.9.0 + * + * @return array Collection parameters. + */ + public function get_collection_params() { + return array( + 'context' => $this->get_context_param( array( 'default' => 'view' ) ), + ); + } + + /** + * Prepares links for the request. + * + * @since 5.9.0 + * + * @param stdClass $location Menu location. + * @return array Links for the given menu location. + */ + protected function prepare_links( $location ) { + $base = sprintf( '%s/%s', $this->namespace, $this->rest_base ); + + // Entity meta. + $links = array( + 'self' => array( + 'href' => rest_url( trailingslashit( $base ) . $location->name ), + ), + 'collection' => array( + 'href' => rest_url( $base ), + ), + ); + + $locations = get_nav_menu_locations(); + $menu = isset( $locations[ $location->name ] ) ? $locations[ $location->name ] : 0; + if ( $menu ) { + $path = rest_get_route_for_term( $menu ); + if ( $path ) { + $url = rest_url( $path ); + + $links['https://api.w.org/menu'][] = array( + 'href' => $url, + 'embeddable' => true, + ); + } + } + + return $links; + } +} diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php new file mode 100644 index 0000000000..9f723c473d --- /dev/null +++ b/wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php @@ -0,0 +1,568 @@ +check_has_read_only_access( $request ); + } + + /** + * Checks if a request has access to read or edit the specified menu. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return bool|WP_Error True if the request has read access for the item, otherwise false or WP_Error object. + */ + public function get_item_permissions_check( $request ) { + $has_permission = parent::get_item_permissions_check( $request ); + + if ( true !== $has_permission ) { + return $has_permission; + } + + return $this->check_has_read_only_access( $request ); + } + + /** + * Gets the term, if the ID is valid. + * + * @since 5.9.0 + * + * @param int $id Supplied ID. + * @return WP_Term|WP_Error Term object if ID is valid, WP_Error otherwise. + */ + protected function get_term( $id ) { + $term = parent::get_term( $id ); + + if ( is_wp_error( $term ) ) { + return $term; + } + + $nav_term = wp_get_nav_menu_object( $term ); + $nav_term->auto_add = $this->get_menu_auto_add( $nav_term->term_id ); + + return $nav_term; + } + + /** + * Checks whether the current user has read permission for the endpoint. + * + * This allows for any user that can `edit_theme_options` or edit any REST API available post type. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return bool|WP_Error Whether the current user has permission. + */ + protected function check_has_read_only_access( $request ) { + if ( current_user_can( 'edit_theme_options' ) ) { + return true; + } + + if ( current_user_can( 'edit_posts' ) ) { + return true; + } + + foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { + if ( current_user_can( $post_type->cap->edit_posts ) ) { + return true; + } + } + + return new WP_Error( + 'rest_cannot_view', + __( 'Sorry, you are not allowed to view menus.' ), + array( 'status' => rest_authorization_required_code() ) + ); + } + + /** + * Prepares a single term output for response. + * + * @since 5.9.0 + * + * @param WP_Term $term Term object. + * @param WP_REST_Request $request Request object. + * @return WP_REST_Response Response object. + */ + public function prepare_item_for_response( $term, $request ) { + $nav_menu = wp_get_nav_menu_object( $term ); + $response = parent::prepare_item_for_response( $nav_menu, $request ); + + $fields = $this->get_fields_for_response( $request ); + $data = $response->get_data(); + + if ( rest_is_field_included( 'locations', $fields ) ) { + $data['locations'] = $this->get_menu_locations( $nav_menu->term_id ); + } + + if ( rest_is_field_included( 'auto_add', $fields ) ) { + $data['auto_add'] = $this->get_menu_auto_add( $nav_menu->term_id ); + } + + $context = ! empty( $request['context'] ) ? $request['context'] : 'view'; + $data = $this->add_additional_fields_to_object( $data, $request ); + $data = $this->filter_response_by_context( $data, $context ); + + $response = rest_ensure_response( $data ); + $response->add_links( $this->prepare_links( $term ) ); + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ + return apply_filters( "rest_prepare_{$this->taxonomy}", $response, $term, $request ); + } + + /** + * Prepares links for the request. + * + * @since 5.9.0 + * + * @param WP_Term $term Term object. + * @return array Links for the given term. + */ + protected function prepare_links( $term ) { + $links = parent::prepare_links( $term ); + + $locations = $this->get_menu_locations( $term->term_id ); + foreach ( $locations as $location ) { + $url = rest_url( sprintf( 'wp/v2/menu-locations/%s', $location ) ); + + $links['https://api.w.org/menu-location'][] = array( + 'href' => $url, + 'embeddable' => true, + ); + } + + return $links; + } + + /** + * Prepares a single term for create or update. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Request object. + * @return object Prepared term data. + */ + public function prepare_item_for_database( $request ) { + $prepared_term = parent::prepare_item_for_database( $request ); + + $schema = $this->get_item_schema(); + + if ( isset( $request['name'] ) && ! empty( $schema['properties']['name'] ) ) { + $prepared_term->{'menu-name'} = $request['name']; + } + + return $prepared_term; + } + + /** + * Creates a single term in a taxonomy. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function create_item( $request ) { + if ( isset( $request['parent'] ) ) { + if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) { + return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Cannot set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) ); + } + + $parent = wp_get_nav_menu_object( (int) $request['parent'] ); + + if ( ! $parent ) { + return new WP_Error( 'rest_term_invalid', __( 'Parent term does not exist.' ), array( 'status' => 400 ) ); + } + } + + $prepared_term = $this->prepare_item_for_database( $request ); + + $term = wp_update_nav_menu_object( 0, wp_slash( (array) $prepared_term ) ); + + if ( is_wp_error( $term ) ) { + /* + * If we're going to inform the client that the term already exists, + * give them the identifier for future use. + */ + + if ( in_array( 'menu_exists', $term->get_error_codes(), true ) ) { + $existing_term = get_term_by( 'name', $prepared_term->{'menu-name'}, $this->taxonomy ); + $term->add_data( $existing_term->term_id, 'menu_exists' ); + $term->add_data( + array( + 'status' => 400, + 'term_id' => $existing_term->term_id, + ) + ); + } else { + $term->add_data( array( 'status' => 400 ) ); + } + + return $term; + } + + $term = $this->get_term( $term ); + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ + do_action( "rest_insert_{$this->taxonomy}", $term, $request, true ); + + $schema = $this->get_item_schema(); + if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { + $meta_update = $this->meta->update_value( $request['meta'], $term->term_id ); + + if ( is_wp_error( $meta_update ) ) { + return $meta_update; + } + } + + $locations_update = $this->handle_locations( $term->term_id, $request ); + + if ( is_wp_error( $locations_update ) ) { + return $locations_update; + } + + $this->handle_auto_add( $term->term_id, $request ); + + $fields_update = $this->update_additional_fields_for_object( $term, $request ); + + if ( is_wp_error( $fields_update ) ) { + return $fields_update; + } + + $request->set_param( 'context', 'view' ); + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ + do_action( "rest_after_insert_{$this->taxonomy}", $term, $request, true ); + + $response = $this->prepare_item_for_response( $term, $request ); + $response = rest_ensure_response( $response ); + + $response->set_status( 201 ); + $response->header( 'Location', rest_url( $this->namespace . '/' . $this->rest_base . '/' . $term->term_id ) ); + + return $response; + } + + /** + * Updates a single term from a taxonomy. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function update_item( $request ) { + $term = $this->get_term( $request['id'] ); + if ( is_wp_error( $term ) ) { + return $term; + } + + if ( isset( $request['parent'] ) ) { + if ( ! is_taxonomy_hierarchical( $this->taxonomy ) ) { + return new WP_Error( 'rest_taxonomy_not_hierarchical', __( 'Cannot set parent term, taxonomy is not hierarchical.' ), array( 'status' => 400 ) ); + } + + $parent = get_term( (int) $request['parent'], $this->taxonomy ); + + if ( ! $parent ) { + return new WP_Error( 'rest_term_invalid', __( 'Parent term does not exist.' ), array( 'status' => 400 ) ); + } + } + + $prepared_term = $this->prepare_item_for_database( $request ); + + // Only update the term if we have something to update. + if ( ! empty( $prepared_term ) ) { + if ( ! isset( $prepared_term->{'menu-name'} ) ) { + // wp_update_nav_menu_object() requires that the menu-name is always passed. + $prepared_term->{'menu-name'} = $term->name; + } + + $update = wp_update_nav_menu_object( $term->term_id, wp_slash( (array) $prepared_term ) ); + + if ( is_wp_error( $update ) ) { + return $update; + } + } + + $term = get_term( $term->term_id, $this->taxonomy ); + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ + do_action( "rest_insert_{$this->taxonomy}", $term, $request, false ); + + $schema = $this->get_item_schema(); + if ( ! empty( $schema['properties']['meta'] ) && isset( $request['meta'] ) ) { + $meta_update = $this->meta->update_value( $request['meta'], $term->term_id ); + + if ( is_wp_error( $meta_update ) ) { + return $meta_update; + } + } + + $locations_update = $this->handle_locations( $term->term_id, $request ); + + if ( is_wp_error( $locations_update ) ) { + return $locations_update; + } + + $this->handle_auto_add( $term->term_id, $request ); + + $fields_update = $this->update_additional_fields_for_object( $term, $request ); + + if ( is_wp_error( $fields_update ) ) { + return $fields_update; + } + + $request->set_param( 'context', 'view' ); + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ + do_action( "rest_after_insert_{$this->taxonomy}", $term, $request, false ); + + $response = $this->prepare_item_for_response( $term, $request ); + + return rest_ensure_response( $response ); + } + + /** + * Deletes a single term from a taxonomy. + * + * @since 5.9.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. + */ + public function delete_item( $request ) { + $term = $this->get_term( $request['id'] ); + if ( is_wp_error( $term ) ) { + return $term; + } + + // We don't support trashing for terms. + if ( ! $request['force'] ) { + /* translators: %s: force=true */ + return new WP_Error( 'rest_trash_not_supported', sprintf( __( "Menus do not support trashing. Set '%s' to delete." ), 'force=true' ), array( 'status' => 501 ) ); + } + + $request->set_param( 'context', 'view' ); + + $previous = $this->prepare_item_for_response( $term, $request ); + + $result = wp_delete_nav_menu( $term ); + + if ( ! $result || is_wp_error( $result ) ) { + return new WP_Error( 'rest_cannot_delete', __( 'The menu cannot be deleted.' ), array( 'status' => 500 ) ); + } + + $response = new WP_REST_Response(); + $response->set_data( + array( + 'deleted' => true, + 'previous' => $previous->get_data(), + ) + ); + + /** This action is documented in wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php */ + do_action( "rest_delete_{$this->taxonomy}", $term, $response, $request ); + + return $response; + } + + /** + * Returns the value of a menu's auto_add setting. + * + * @since 5.9.0 + * + * @param int $menu_id The menu id to query. + * @return bool The value of auto_add. + */ + protected function get_menu_auto_add( $menu_id ) { + $nav_menu_option = (array) get_option( 'nav_menu_options', array( 'auto_add' => array() ) ); + + return in_array( $menu_id, $nav_menu_option['auto_add'], true ); + } + + /** + * Updates the menu's auto add from a REST request. + * + * @since 5.9.0 + * + * @param int $menu_id The menu id to update. + * @param WP_REST_Request $request Full details about the request. + * @return bool True if the auto add setting was successfully updated. + */ + protected function handle_auto_add( $menu_id, $request ) { + if ( ! isset( $request['auto_add'] ) ) { + return true; + } + + $nav_menu_option = (array) get_option( 'nav_menu_options', array( 'auto_add' => array() ) ); + + if ( ! isset( $nav_menu_option['auto_add'] ) ) { + $nav_menu_option['auto_add'] = array(); + } + + $auto_add = $request['auto_add']; + + $i = array_search( $menu_id, $nav_menu_option['auto_add'], true ); + + if ( $auto_add && false === $i ) { + $nav_menu_option['auto_add'][] = $menu_id; + } elseif ( ! $auto_add && false !== $i ) { + array_splice( $nav_menu_option['auto_add'], $i, 1 ); + } + + $update = update_option( 'nav_menu_options', $nav_menu_option ); + + /** This action is documented in wp-includes/nav-menu.php */ + do_action( 'wp_update_nav_menu', $menu_id ); + + return $update; + } + + /** + * Returns the names of the locations assigned to the menu. + * + * @since 5.9.0 + * + * @param int $menu_id The menu id. + * @return string[] The locations assigned to the menu. + */ + protected function get_menu_locations( $menu_id ) { + $locations = get_nav_menu_locations(); + $menu_locations = array(); + + foreach ( $locations as $location => $assigned_menu_id ) { + if ( $menu_id === $assigned_menu_id ) { + $menu_locations[] = $location; + } + } + + return $menu_locations; + } + + /** + * Updates the menu's locations from a REST request. + * + * @since 5.9.0 + * + * @param int $menu_id The menu id to update. + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True on success, a WP_Error on an error updating any of the locations. + */ + protected function handle_locations( $menu_id, $request ) { + if ( ! isset( $request['locations'] ) ) { + return true; + } + + $menu_locations = get_registered_nav_menus(); + $menu_locations = array_keys( $menu_locations ); + $new_locations = array(); + foreach ( $request['locations'] as $location ) { + if ( ! in_array( $location, $menu_locations, true ) ) { + return new WP_Error( + 'rest_invalid_menu_location', + __( 'Invalid menu location.' ), + array( + 'status' => 400, + 'location' => $location, + ) + ); + } + $new_locations[ $location ] = $menu_id; + } + $assigned_menu = get_nav_menu_locations(); + foreach ( $assigned_menu as $location => $term_id ) { + if ( $term_id === $menu_id ) { + unset( $assigned_menu[ $location ] ); + } + } + $new_assignments = array_merge( $assigned_menu, $new_locations ); + set_theme_mod( 'nav_menu_locations', $new_assignments ); + + return true; + } + + /** + * Retrieves the term's schema, conforming to JSON Schema. + * + * @since 5.9.0 + * + * @return array Item schema data. + */ + public function get_item_schema() { + $schema = parent::get_item_schema(); + unset( $schema['properties']['count'], $schema['properties']['link'], $schema['properties']['taxonomy'] ); + + $schema['properties']['locations'] = array( + 'description' => __( 'The locations assigned to the menu.' ), + 'type' => 'array', + 'items' => array( + 'type' => 'string', + ), + 'context' => array( 'view', 'edit' ), + 'arg_options' => array( + 'validate_callback' => function ( $locations, $request, $param ) { + $valid = rest_validate_request_arg( $locations, $request, $param ); + + if ( true !== $valid ) { + return $valid; + } + + $locations = rest_sanitize_request_arg( $locations, $request, $param ); + + foreach ( $locations as $location ) { + if ( ! array_key_exists( $location, get_registered_nav_menus() ) ) { + return new WP_Error( + 'rest_invalid_menu_location', + __( 'Invalid menu location.' ), + array( + 'location' => $location, + ) + ); + } + } + + return true; + }, + ), + ); + + $schema['properties']['auto_add'] = array( + 'description' => __( 'Whether to automatically add top level pages to this menu.' ), + 'context' => array( 'view', 'edit' ), + 'type' => 'boolean', + ); + + return $schema; + } +} diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php index fd7fa22b4c..4aa893e907 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php @@ -1551,7 +1551,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller { continue; } - foreach ( $request[ $base ] as $term_id ) { + foreach ( (array) $request[ $base ] as $term_id ) { // Invalid terms will be rejected later. if ( ! get_term( $term_id, $taxonomy->name ) ) { continue; diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index 36ec58cd38..848ba0a727 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -108,17 +108,26 @@ function create_initial_taxonomies() { 'nav_menu', 'nav_menu_item', array( - 'public' => false, - 'hierarchical' => false, - 'labels' => array( + 'public' => false, + 'hierarchical' => false, + 'labels' => array( 'name' => __( 'Navigation Menus' ), 'singular_name' => __( 'Navigation Menu' ), ), - 'query_var' => false, - 'rewrite' => false, - 'show_ui' => false, - '_builtin' => true, - 'show_in_nav_menus' => false, + 'query_var' => false, + 'rewrite' => false, + 'show_ui' => false, + '_builtin' => true, + 'show_in_nav_menus' => false, + 'capabilities' => array( + 'manage_terms' => 'edit_theme_options', + 'edit_terms' => 'edit_theme_options', + 'delete_terms' => 'edit_theme_options', + 'assign_terms' => 'edit_theme_options', + ), + 'show_in_rest' => true, + 'rest_base' => 'menus', + 'rest_controller_class' => 'WP_REST_Menus_Controller', ) ); diff --git a/wp-includes/version.php b/wp-includes/version.php index 4e8444fa51..2738cd67b3 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '5.9-alpha-52078'; +$wp_version = '5.9-alpha-52079'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. diff --git a/wp-settings.php b/wp-settings.php index 978b451415..1293c82208 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -262,6 +262,9 @@ require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-revisions-controlle require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-autosaves-controller.php'; require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-taxonomies-controller.php'; require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-terms-controller.php'; +require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-menu-items-controller.php'; +require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-menus-controller.php'; +require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-menu-locations-controller.php'; require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-users-controller.php'; require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-comments-controller.php'; require ABSPATH . WPINC . '/rest-api/endpoints/class-wp-rest-search-controller.php';