PluginProbe ʕ •ᴥ•ʔ
GiveWP – Donation Plugin and Fundraising Platform / trunk
GiveWP – Donation Plugin and Fundraising Platform vtrunk
4.16.4 4.16.3 4.16.2 4.16.1 4.16.0 4.15.5 4.15.4 4.15.3 4.15.2 4.15.1 4.15.0 2.3.0 2.3.1 2.3.2 2.30.0 2.31.0 2.31.1 2.32.0 2.33.0 2.33.1 2.33.2 2.33.3 2.33.4 2.33.5 2.4.0 2.4.1 2.4.2 2.4.3 2.4.4 2.4.5 2.4.6 2.4.7 2.5.0 2.5.1 2.5.10 2.5.11 2.5.12 2.5.13 2.5.2 2.5.3 2.5.4 2.5.5 2.5.6 2.5.7 2.5.8 2.5.9 2.6.0 2.6.1 2.6.2 2.6.3 2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.8.0 2.8.1 2.9.0 2.9.1 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.1.0 3.1.1 3.1.2 3.10.0 3.11.0 3.12.0 3.12.1 3.12.2 3.12.3 3.13.0 3.14.0 3.14.1 3.14.2 3.15.0 3.15.1 3.16.0 3.16.1 3.16.2 3.16.3 3.16.4 3.16.5 3.17.0 3.17.1 3.17.2 3.18.0 3.19.0 3.19.1 3.19.2 3.19.3 3.19.4 3.2.0 3.2.1 3.2.2 3.20.0 3.21.0 3.21.1 3.22.0 3.22.1 3.22.2 3.3.0 3.3.1 3.4.0 3.4.1 3.4.2 3.5.0 3.5.1 3.6.0 3.6.1 3.6.2 3.7.0 3.8.0 3.9.0 4.0.0 4.1.0 4.1.1 4.10.0 4.10.1 4.11.0 4.12.0 4.13.0 4.13.1 4.13.2 4.14.0 4.14.1 4.14.2 4.14.3 4.14.4 4.14.5 4.14.6 4.2.0 4.2.1 4.3.0 4.3.1 4.3.2 4.4.0 4.5.0 4.6.1 4.7.0 4.7.1 4.8.0 4.8.1 4.9.0 trunk 1.9.0 2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.1.0 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.1.6 2.1.7 2.1.8 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.11.0 2.11.1 2.11.2 2.11.3 2.12.0 2.12.1 2.12.2 2.12.3 2.13.0 2.13.1 2.13.2 2.13.3 2.13.4 2.14.0 2.15.0 2.16.0 2.16.1 2.17.0 2.17.1 2.17.3 2.18.0 2.18.1 2.19.1 2.19.2 2.19.3 2.19.4 2.19.5 2.19.6 2.19.7 2.19.8 2.2.0 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.20.0 2.20.1 2.20.2 2.21.0 2.21.1 2.21.2 2.21.3 2.21.4 2.22.0 2.22.1 2.22.2 2.22.3 2.23.0 2.23.1 2.23.2 2.24.0 2.24.1 2.24.2 2.25.0 2.25.1 2.25.2 2.25.3 2.26.0 2.27.0 2.27.1 2.27.2 2.27.3 2.28.0 2.29.0 2.29.1 2.29.2
give / src / API / REST / V3 / Routes / Donors / Permissions / DonorPermissions.php
give / src / API / REST / V3 / Routes / Donors / Permissions Last commit date
DonorPermissions.php 5 months ago
DonorPermissions.php
127 lines
1 <?php
2
3 namespace Give\API\REST\V3\Routes\Donors\Permissions;
4
5 use Give\API\REST\V3\Routes\Donors\ValueObjects\DonorAnonymousMode;
6 use Give\Donors\Models\Donor;
7 use Give\Framework\Permissions\Facades\UserPermissions;
8 use WP_Error;
9 use WP_REST_Request;
10
11 /**
12 * @since 4.14.0
13 */
14 class DonorPermissions
15 {
16 /**
17 * Check if current user can edit donors.
18 *
19 * @since 4.14.0
20 */
21 public static function canEdit(): bool
22 {
23 return UserPermissions::donors()->canEdit();
24 }
25
26
27 /**
28 * Check if current user can view donors.
29 *
30 * @since 4.14.0
31 */
32 public static function canView(): bool
33 {
34 return UserPermissions::donors()->canView();
35 }
36
37 /**
38 * Check if current user owns the donor (is the donor themselves).
39 *
40 * @since 4.14.0
41 *
42 * @since 4.14.0
43 */
44 public static function isOwner(int $donorId): bool
45 {
46 if (!is_user_logged_in()) {
47 return false;
48 }
49
50 $donor = Donor::find($donorId);
51 if (!$donor || !$donor->userId) {
52 return false;
53 }
54
55 return (int)$donor->userId === get_current_user_id();
56 }
57
58 /**
59 * @since 4.14.0
60 */
61 public static function authorizationStatusCode(): int
62 {
63 return is_user_logged_in() ? 403 : 401;
64 }
65
66 /**
67 * @since 4.14.0
68 *
69 * @param WP_REST_Request $request
70 *
71 * @return true|WP_Error
72 */
73 public static function validationForGetMethods(WP_REST_Request $request)
74 {
75 $isAdmin = self::canView();
76 $donorId = $request->get_param('id');
77 $isOwner = $donorId ? self::isOwner($donorId) : false;
78
79 $includeSensitiveData = $request->get_param('includeSensitiveData');
80 if (!$isAdmin && !$isOwner && $includeSensitiveData) {
81 return new WP_Error(
82 'rest_forbidden',
83 __('You do not have permission to include sensitive data.', 'give'),
84 ['status' => self::authorizationStatusCode()]
85 );
86 }
87
88 if ($request->get_param('anonymousDonors') !== null) {
89 $donorAnonymousMode = new DonorAnonymousMode($request->get_param('anonymousDonors'));
90 if (!$isAdmin && !$isOwner && $donorAnonymousMode->isIncluded()) {
91 return new WP_Error(
92 'rest_forbidden',
93 __('You do not have permission to include anonymous donors.', 'give'),
94 ['status' => self::authorizationStatusCode()]
95 );
96 }
97 }
98
99 return true;
100 }
101
102 /**
103 * @since 4.14.0 Allow donors to update their own data
104 *
105 * @param WP_REST_Request $request
106 *
107 * @return true|WP_Error
108 */
109 public static function validationForUpdateMethod(WP_REST_Request $request)
110 {
111 $isAdmin = self::canEdit();
112 $donorId = $request->get_param('id');
113 $isOwner = $donorId ? self::isOwner($donorId) : false;
114
115 // Allow access if user is admin or owns the donor
116 if (!$isAdmin && !$isOwner) {
117 return new WP_Error(
118 'rest_forbidden',
119 __('You do not have permission to update this donor.', 'give'),
120 ['status' => self::authorizationStatusCode()]
121 );
122 }
123
124 return true;
125 }
126 }
127