class.wpcom-json-api-list-users-endpoint.php — Jetpack – WP Security, Backup, Speed, & Growth 13.8.2

jetpack / json-endpoints / class.wpcom-json-api-list-users-endpoint.php

jetpack / json-endpoints Last commit date

class.wpcom-json-api-list-users-endpoint.php

258 lines

1	<?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2
3	/**
4	* List users endpoint.
5	*/
6	new WPCOM_JSON_API_List_Users_Endpoint(
7	array(
8	'description' => 'List the users of a site.',
9	'group' => 'users',
10	'stat' => 'users:list',
11
12	'method' => 'GET',
13	'path' => '/sites/%s/users',
14	'path_labels' => array(
15	'$site' => '(int\|string) Site ID or domain',
16	),
17
18	'query_parameters' => array(
19	'number' => '(int=20) Limit the total number of authors returned.',
20	'offset' => '(int=0) The first n authors to be skipped in the returned array.',
21	'order' => array(
22	'DESC' => 'Return authors in descending order.',
23	'ASC' => 'Return authors in ascending order.',
24	),
25	'order_by' => array(
26	'ID' => 'Order by ID (default).',
27	'login' => 'Order by username.',
28	'nicename' => 'Order by nicename.',
29	'email' => 'Order by author email address.',
30	'url' => 'Order by author URL.',
31	'registered' => 'Order by registered date.',
32	'display_name' => 'Order by display name.',
33	'post_count' => 'Order by number of posts published.',
34	),
35	'authors_only' => '(bool) Set to true to fetch authors only',
36	'include_viewers' => '(bool) Set to true to include viewers for Simple sites. When you pass in this parameter, order, order_by and search_columns are ignored. Currently, `search` is limited to the first page of results.',
37	'type' => "(string) Specify the post type to query authors for. Only works when combined with the `authors_only` flag. Defaults to 'post'. Post types besides post and page need to be whitelisted using the <code>rest_api_allowed_post_types</code> filter.",
38	'search' => '(string) Find matching users.',
39	'search_columns' => "(array) Specify which columns to check for matching users. Can be any of 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', and 'display_name'. Only works when combined with `search` parameter.",
40	'role' => '(string) Specify a specific user role to fetch.',
41	'capability' => '(string) Specify a specific capability to fetch. You can specify multiple by comma separating them, in which case the user needs to match all capabilities provided.',
42	),
43
44	'response_format' => array(
45	'found' => '(int) The total number of authors found that match the request (ignoring limits and offsets).',
46	'authors' => '(array:author) Array of author objects.',
47	),
48
49	'example_response' => '{
50	"found": 1,
51	"users": [
52	{
53	"ID": 78972699,
54	"login": "apiexamples",
55	"email": "justin+apiexamples@a8c.com",
56	"name": "apiexamples",
57	"first_name": "",
58	"last_name": "",
59	"nice_name": "apiexamples",
60	"URL": "http://apiexamples.wordpress.com",
61	"avatar_URL": "https://1.gravatar.com/avatar/a2afb7b6c0e23e5d363d8612fb1bd5ad?s=96&d=identicon&r=G",
62	"profile_URL": "https://gravatar.com/apiexamples",
63	"site_ID": 82974409,
64	"roles": [
65	"administrator"
66	],
67	"is_super_admin": false
68	}
69	]
70	}',
71
72	'example_request' => 'https://public-api.wordpress.com/rest/v1/sites/82974409/users',
73	'example_request_data' => array(
74	'headers' => array(
75	'authorization' => 'Bearer YOUR_API_TOKEN',
76	),
77	),
78	)
79	);
80
81	/**
82	* List users endpoint class.
83	*
84	* /sites/%s/users/ -> $blog_id
85	*/
86	class WPCOM_JSON_API_List_Users_Endpoint extends WPCOM_JSON_API_Endpoint {
87
88	/**
89	* The response format.
90	*
91	* @var array
92	*/
93	public $response_format = array(
94	'found' => '(int) The total number of authors found that match the request (ignoring limits and offsets).',
95	'users' => '(array:author) Array of user objects',
96	);
97
98	/**
99	* API callback.
100	*
101	* @param string $path - the path.
102	* @param string $blog_id - the blog ID.
103	*/
104	public function callback( $path = '', $blog_id = 0 ) {
105	$blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) );
106	if ( is_wp_error( $blog_id ) ) {
107	return $blog_id;
108	}
109
110	$args = $this->query_args();
111
112	$authors_only = ( ! empty( $args['authors_only'] ) );
113
114	if ( $args['number'] < 1 ) {
115	$args['number'] = 20;
116	} elseif ( 1000 < $args['number'] ) {
117	return new WP_Error( 'invalid_number', 'The NUMBER parameter must be less than or equal to 1000.', 400 );
118	}
119
120	if ( $authors_only ) {
121	if ( empty( $args['type'] ) ) {
122	$args['type'] = 'post';
123	}
124
125	if ( ! $this->is_post_type_allowed( $args['type'] ) ) {
126	return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 );
127	}
128
129	$post_type_object = get_post_type_object( $args['type'] );
130	if ( ! $post_type_object \|\| ! current_user_can( $post_type_object->cap->edit_others_posts ) ) {
131	return new WP_Error( 'unauthorized', 'User cannot view authors for specified post type', 403 );
132	}
133	} elseif ( ! current_user_can( 'list_users' ) ) {
134	return new WP_Error( 'unauthorized', 'User cannot view users for specified site', 403 );
135	}
136
137	$query = array(
138	'number' => $args['number'],
139	'offset' => $args['offset'],
140	'order' => $args['order'],
141	'orderby' => $args['order_by'],
142	'fields' => 'ID',
143	);
144
145	if ( $authors_only ) {
146	$query['capability'] = array( 'edit_posts' );
147	}
148
149	if ( ! empty( $args['search'] ) ) {
150	$query['search'] = $args['search'];
151	}
152
153	if ( ! empty( $args['search_columns'] ) ) {
154	// this `user_search_columns` filter is necessary because WP_User_Query does not allow `display_name` as a search column.
155	$this->search_columns = array_intersect( $args['search_columns'], array( 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', 'display_name' ) );
156	add_filter( 'user_search_columns', array( $this, 'api_user_override_search_columns' ), 10, 3 );
157	}
158
159	if ( ! empty( $args['role'] ) ) {
160	$query['role'] = $args['role'];
161	}
162
163	if ( ! empty( $args['capability'] ) ) {
164	$query['capability'] = $args['capability'];
165	}
166
167	$user_query = new WP_User_Query( $query );
168
169	remove_filter( 'user_search_columns', array( $this, 'api_user_override_search_columns' ) );
170
171	$is_wpcom = defined( 'IS_WPCOM' ) && IS_WPCOM;
172	$include_viewers = (bool) isset( $args['include_viewers'] ) && $args['include_viewers'] && $is_wpcom;
173
174	$page = ( (int) ( $args['offset'] / $args['number'] ) ) + 1;
175	$viewers = $include_viewers ? get_private_blog_users(
176	$blog_id,
177	array(
178	'page' => $page,
179	'per_page' => $args['number'],
180	)
181	) : array();
182	$viewers = array_map( array( $this, 'get_author' ), $viewers );
183
184	// we restrict search field to name when include_viewers is true.
185	if ( $include_viewers && ! empty( $args['search'] ) ) {
186	$viewers = array_filter(
187	$viewers,
188	function ( $viewer ) use ( $args ) {
189	// remove special database search characters from search term
190	$search_term = str_replace( '*', '', $args['search'] );
191	return strpos( $viewer->name, $search_term ) !== false;
192	}
193	);
194	}
195
196	$return = array();
197	foreach ( array_keys( $this->response_format ) as $key ) {
198	switch ( $key ) {
199	case 'found':
200	$user_count = (int) $user_query->get_total();
201
202	$viewer_count = 0;
203	if ( $include_viewers ) {
204	if ( empty( $args['search'] ) ) {
205	$viewer_count = (int) get_count_private_blog_users( $blog_id );
206	} else {
207	$viewer_count = count( $viewers );
208	}
209	}
210
211	$return[ $key ] = $user_count + $viewer_count;
212	break;
213	case 'users':
214	$users = array();
215	$is_multisite = is_multisite();
216	foreach ( $user_query->get_results() as $u ) {
217	$the_user = $this->get_author( $u, true );
218	if ( $the_user && ! is_wp_error( $the_user ) ) {
219	$userdata = get_userdata( $u );
220	$the_user->roles = ! is_wp_error( $userdata ) ? array_values( $userdata->roles ) : array();
221	if ( $is_multisite ) {
222	$the_user->is_super_admin = user_can( $the_user->ID, 'manage_network' );
223	}
224	$users[] = $the_user;
225	}
226	}
227
228	$combined_users = array_merge( $users, $viewers );
229
230	// When viewers are included, we ignore the order & orderby parameters.
231	if ( $include_viewers ) {
232	usort(
233	$combined_users,
234	function ( $a, $b ) {
235	return strcmp( strtolower( $a->name ), strtolower( $b->name ) );
236	}
237	);
238	}
239
240	$return[ $key ] = $combined_users;
241	break;
242	}
243	}
244
245	return $return;
246	}
247
248	/**
249	* Override search columns.
250	*
251	* @param array $search_columns - the search column we're overriding.
252	* @param array $search - the search query.
253	*/
254	public function api_user_override_search_columns( $search_columns, $search ) { // phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
255	return $this->search_columns;
256	}
257	}
258