PluginProbe ʕ •ᴥ•ʔ
GiveWP – Donation Plugin and Fundraising Platform / 4.13.2
GiveWP – Donation Plugin and Fundraising Platform v4.13.2
4.16.4 4.16.3 4.16.2 4.16.1 4.16.0 4.15.5 4.15.4 4.15.3 4.15.2 4.15.1 4.15.0 2.3.0 2.3.1 2.3.2 2.30.0 2.31.0 2.31.1 2.32.0 2.33.0 2.33.1 2.33.2 2.33.3 2.33.4 2.33.5 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.5.0 2.5.1 2.5.10 2.5.11 2.5.12 2.5.13 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.6.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.1.0 3.1.1 3.1.2 3.10.0 3.11.0 3.12.0 3.12.1 3.12.2 3.12.3 3.13.0 3.14.0 3.14.1 3.14.2 3.15.0 3.15.1 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.17.0 3.17.1 3.17.2 3.18.0 3.19.0 3.19.1 3.19.2 3.19.3 3.19.4 3.2.0 3.2.1 3.2.2 3.20.0 3.21.0 3.21.1 3.22.0 3.22.1 3.22.2 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.5.1 3.6.0 3.6.1 3.6.2 3.7.0 3.8.0 3.9.0 4.0.0 4.1.0 4.1.1 4.10.0 4.10.1 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.14.5 4.14.6 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.1 4.7.0 4.7.1 4.8.0 4.8.1 4.9.0 trunk 1.9.0 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.14.0 2.15.0 2.16.0 2.16.1 2.17.0 2.17.1 2.17.3 2.18.0 2.18.1 2.19.1 2.19.2 2.19.3 2.19.4 2.19.5 2.19.6 2.19.7 2.19.8 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.20.0 2.20.1 2.20.2 2.21.0 2.21.1 2.21.2 2.21.3 2.21.4 2.22.0 2.22.1 2.22.2 2.22.3 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.24.2 2.25.0 2.25.1 2.25.2 2.25.3 2.26.0 2.27.0 2.27.1 2.27.2 2.27.3 2.28.0 2.29.0 2.29.1 2.29.2
give / src / API / REST / V3 / Routes / Subscriptions / Permissions / SubscriptionPermissions.php
give / src / API / REST / V3 / Routes / Subscriptions / Permissions Last commit date
SubscriptionPermissions.php 10 months ago
SubscriptionPermissions.php
120 lines
1 <?php
2
3 namespace Give\API\REST\V3\Routes\Subscriptions\Permissions;
4
5 use Give\API\REST\V3\Routes\Donors\ValueObjects\DonorAnonymousMode;
6 use WP_Error;
7 use WP_REST_Request;
8
9 /**
10 * @since 4.8.0
11 */
12 class SubscriptionPermissions
13 {
14 /**
15 * Check if current user can edit subscriptions.
16 *
17 * @since 4.8.0
18 */
19 public static function canEdit(): bool
20 {
21 return current_user_can('manage_options')
22 || (
23 current_user_can('edit_give_payments')
24 && current_user_can('view_give_payments')
25 );
26 }
27
28 /**
29 * Check if current user can delete subscriptions.
30 *
31 * @since 4.8.0
32 */
33 public static function canDelete(): bool
34 {
35 return current_user_can('manage_options') || current_user_can('delete_give_payments');
36 }
37
38 /**
39 * @since 4.8.0
40 */
41 public static function authorizationStatusCode(): int
42 {
43 return is_user_logged_in() ? 403 : 401;
44 }
45
46 /**
47 * @since 4.8.0
48 *
49 * @param WP_REST_Request $request
50 *
51 * @return true|WP_Error
52 */
53 public static function validationForGetMethods(WP_REST_Request $request)
54 {
55 $isAdmin = self::canEdit();
56
57 $includeSensitiveData = $request->get_param('includeSensitiveData');
58 if ( ! $isAdmin && $includeSensitiveData) {
59 return new WP_Error(
60 'rest_forbidden',
61 esc_html__('You do not have permission to include sensitive data.', 'give'),
62 ['status' => self::authorizationStatusCode()]
63 );
64 }
65
66 if ($request->get_param('anonymousDonors') !== null) {
67 $donorAnonymousMode = new DonorAnonymousMode($request->get_param('anonymousDonors'));
68 if ( ! $isAdmin && $donorAnonymousMode->isIncluded()) {
69 return new WP_Error(
70 'rest_forbidden',
71 esc_html__('You do not have permission to include anonymous donors.', 'give'),
72 ['status' => self::authorizationStatusCode()]
73 );
74 }
75 }
76
77 return true;
78 }
79
80 /**
81 * @since 4.8.0
82 *
83 * @param WP_REST_Request $request
84 *
85 * @return true|WP_Error
86 */
87 public static function validationForUpdateMethod(WP_REST_Request $request)
88 {
89 if (! self::canEdit()) {
90 return new WP_Error(
91 'rest_forbidden',
92 esc_html__('You do not have permission to update subscriptions.', 'give'),
93 ['status' => self::authorizationStatusCode()]
94 );
95 }
96
97 return true;
98 }
99
100 /**
101 * @since 4.8.0
102 *
103 * @param WP_REST_Request $request
104 *
105 * @return true|WP_Error
106 */
107 public static function validationForDeleteMethods(WP_REST_Request $request)
108 {
109 if ( ! self::canDelete()) {
110 return new WP_Error(
111 'rest_forbidden',
112 esc_html__('You do not have permission to delete subscriptions.', 'give'),
113 ['status' => self::authorizationStatusCode()]
114 );
115 }
116
117 return true;
118 }
119 }
120