PluginProbe ʕ •ᴥ•ʔ
Jetpack – WP Security, Backup, Speed, & Growth / 15.9-a.7
Jetpack – WP Security, Backup, Speed, & Growth v15.9-a.7
15.9-a.7 15.9-a.5 15.9-a.3 15.9-a.1 15.8 15.8-beta 15.8-a.7 15.8-a.5 5.2.5 5.3.4 5.4.4 5.5.5 5.6.5 5.7.5 5.8.4 5.9.4 6.0.4 6.1 6.1.1 6.1.2 6.1.3 6.1.4 6.1.5 6.2 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.3.6 6.3.7 6.4 6.4.1 6.4.2 6.4.3 6.4.4 6.4.5 6.4.6 6.5 6.5.1 6.5.2 6.5.3 6.5.4 6.6 6.6.1 6.6.2 6.6.3 6.6.4 6.6.5 6.7 6.7.1 6.7.2 6.7.3 6.7.4 6.8 6.8.1 6.8.2 6.8.3 6.8.4 6.8.5 6.9 6.9.1 6.9.2 6.9.3 6.9.4 7.0 7.0.1 7.0.2 7.0.3 7.0.4 7.0.5 7.1 7.1.1 7.1.2 7.1.3 7.1.4 7.1.5 7.2 7.2.1 7.2.1.1 7.2.2 7.2.3 7.2.4 7.2.5 7.3 7.3.0.1 7.3.1 7.3.1.1 7.3.2 7.3.3 7.3.4 7.3.5 7.4 7.4.1 7.4.2 7.4.3 7.4.4 7.4.5 7.5 7.5.0.1 7.5.1 7.5.2 7.5.3 7.5.4 7.5.5 7.5.6 7.5.7 7.6 7.6.1 7.6.2 7.6.3 7.6.4 7.7 7.7.1 7.7.2 7.7.3 7.7.4 7.7.5 7.7.6 7.8 7.8.1 7.8.2 7.8.3 7.8.4 7.9 7.9.1 7.9.2 7.9.3 7.9.4 8.0 8.0.1 8.0.2 8.0.3 8.1 8.1.1 8.1.2 8.1.3 8.1.4 8.2 8.2.0.1 8.2.1 8.2.2 8.2.3 8.2.4 8.2.5 8.2.6 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.4.3 8.4.4 8.4.5 8.5 8.5.1 8.5.2 8.5.3 8.6 8.6.1 8.6.2 8.6.3 8.6.4 8.7 8.7.0.1 8.7.1 8.7.2 8.7.3 8.7.4 8.8 8.8.1 8.8.2 8.8.3 8.8.4 8.8.5 8.9 8.9.1 8.9.2 8.9.3 8.9.4 9.0 9.0.1 9.0.2 9.0.3 9.0.4 9.0.5 9.1 9.1.1 9.1.2 9.1.3 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 15.7-beta.2 9.7.3 15.7.1 9.8 15.8-a.1 9.8.1 15.8-a.3 9.8.2 2.0.9 9.8.3 2.1.7 9.9 2.2.10 9.9.1 2.3.10 9.9.2 2.4.7 9.9.3 2.5.5 2.6.6 2.7.5 2.8.5 2.9.6 3.0.6 3.1.5 3.2.5 3.3.6 3.4.6 3.5.6 3.6.4 3.7.5 3.8.5 3.9.10 4.0.7 4.1.4 4.2.5 4.3.5 4.4.5 4.5.3 4.6.3 4.7.4 4.8.5 4.9.3 5.0.3 5.1.4 trunk 10.0 10.0.1 10.0.2 10.1 10.1.1 10.1.2 10.2 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.4 10.4.1 10.4.2 10.5 10.5.1 10.5.2 10.5.3 10.6 10.6.1 10.6.2 10.7 10.7.1 10.7.2 10.8 10.8.1 10.8.2 10.9 10.9.1 10.9.2 10.9.3 11.0 11.0.1 11.0.2 11.1 11.1.1 11.1.2 11.1.3 11.1.4 11.2 11.2.1 11.2.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.2 11.5.3 11.6 11.6.1 11.6.2 11.7 11.7.1 11.7.2 11.7.3 11.8 11.8.3 11.8.4 11.8.5 11.8.6 11.9 11.9.1 11.9.2 11.9.3 12.0 12.0.1 12.0.2 12.1 12.1.1 12.1.2 12.2 12.2.1 12.2.2 12.3 12.3.1 12.4 12.4.1 12.5 12.5.1 12.6 12.6.1 12.6.2 12.6.3 12.7 12.7.1 12.7.2 12.8 12.8.1 12.8.2 12.9 12.9.1 12.9.2 12.9.3 12.9.4 13.0 13.0.1 13.1 13.1.1 13.1.2 13.1.3 13.1.4 13.2 13.2.1 13.2.2 13.2.3 13.3 13.3.1 13.3.2 13.4 13.4.1 13.4.2 13.4.3 13.4.4 13.5 13.5.1 13.6 13.6.1 13.7 13.7.1 13.8 13.8.1 13.8.2 13.9 13.9.1 14.0 14.1 14.2 14.2.1 14.3 14.4 14.4.1 14.5 14.6 14.7 14.8 14.9 14.9.1 15.0 15.0.1 15.0.2 15.1 15.1.1 15.2 15.3 15.3.1 15.4 15.5 15.6 15.7 15.7-a.1 15.7-a.3 15.7-a.5 15.7-a.7 15.7-beta
jetpack / json-endpoints / class.wpcom-json-api-update-user-endpoint.php
jetpack / json-endpoints Last commit date
jetpack 1 week ago class.wpcom-json-api-add-widget-endpoint.php 6 months ago class.wpcom-json-api-autosave-post-v1-1-endpoint.php 6 months ago class.wpcom-json-api-bulk-delete-post-endpoint.php 6 months ago class.wpcom-json-api-bulk-restore-post-endpoint.php 6 months ago class.wpcom-json-api-bulk-update-comments-endpoint.php 1 week ago class.wpcom-json-api-comment-endpoint.php 6 months ago class.wpcom-json-api-delete-media-endpoint.php 6 months ago class.wpcom-json-api-delete-media-v1-1-endpoint.php 6 months ago class.wpcom-json-api-edit-media-v1-2-endpoint.php 1 week ago class.wpcom-json-api-get-autosave-v1-1-endpoint.php 6 months ago class.wpcom-json-api-get-comment-counts-endpoint.php 6 months ago class.wpcom-json-api-get-comment-endpoint.php 6 months ago class.wpcom-json-api-get-comment-history-endpoint.php 6 months ago class.wpcom-json-api-get-comments-tree-endpoint.php 6 months ago class.wpcom-json-api-get-comments-tree-v1-1-endpoint.php 6 months ago class.wpcom-json-api-get-comments-tree-v1-2-endpoint.php 6 months ago class.wpcom-json-api-get-customcss.php 6 months ago class.wpcom-json-api-get-media-endpoint.php 6 months ago class.wpcom-json-api-get-media-v1-1-endpoint.php 6 months ago class.wpcom-json-api-get-media-v1-2-endpoint.php 6 months ago class.wpcom-json-api-get-post-counts-v1-1-endpoint.php 6 months ago class.wpcom-json-api-get-post-endpoint.php 6 months ago class.wpcom-json-api-get-post-v1-1-endpoint.php 6 months ago class.wpcom-json-api-get-site-endpoint.php 4 weeks ago class.wpcom-json-api-get-site-v1-2-endpoint.php 3 months ago class.wpcom-json-api-get-taxonomies-endpoint.php 1 month ago class.wpcom-json-api-get-taxonomy-endpoint.php 6 months ago class.wpcom-json-api-get-term-endpoint.php 6 months ago class.wpcom-json-api-list-comments-endpoint.php 1 week ago class.wpcom-json-api-list-dropdown-pages-endpoint.php 6 months ago class.wpcom-json-api-list-embeds-endpoint.php 6 months ago class.wpcom-json-api-list-media-endpoint.php 6 months ago class.wpcom-json-api-list-media-v1-1-endpoint.php 1 week ago class.wpcom-json-api-list-media-v1-2-endpoint.php 6 months ago class.wpcom-json-api-list-post-type-taxonomies-endpoint.php 6 months ago class.wpcom-json-api-list-post-types-endpoint.php 6 months ago class.wpcom-json-api-list-posts-endpoint.php 1 week ago class.wpcom-json-api-list-posts-v1-1-endpoint.php 1 week ago class.wpcom-json-api-list-posts-v1-2-endpoint.php 1 week ago class.wpcom-json-api-list-roles-endpoint.php 6 months ago class.wpcom-json-api-list-shortcodes-endpoint.php 6 months ago class.wpcom-json-api-list-terms-endpoint.php 6 months ago class.wpcom-json-api-list-users-endpoint.php 6 months ago class.wpcom-json-api-menus-v1-1-endpoint.php 1 week ago class.wpcom-json-api-post-endpoint.php 6 months ago class.wpcom-json-api-post-v1-1-endpoint.php 1 month ago class.wpcom-json-api-render-embed-endpoint.php 6 months ago class.wpcom-json-api-render-embed-reversal-endpoint.php 6 months ago class.wpcom-json-api-render-endpoint.php 2 weeks ago class.wpcom-json-api-render-shortcode-endpoint.php 6 months ago class.wpcom-json-api-sharing-buttons-endpoint.php 1 week ago class.wpcom-json-api-site-settings-endpoint.php 2 months ago class.wpcom-json-api-site-settings-v1-2-endpoint.php 6 months ago class.wpcom-json-api-site-settings-v1-3-endpoint.php 6 months ago class.wpcom-json-api-site-settings-v1-4-endpoint.php 2 months ago class.wpcom-json-api-site-user-endpoint.php 6 months ago class.wpcom-json-api-taxonomy-endpoint.php 6 months ago class.wpcom-json-api-update-comment-endpoint.php 4 months ago class.wpcom-json-api-update-customcss.php 6 months ago class.wpcom-json-api-update-media-endpoint.php 6 months ago class.wpcom-json-api-update-media-v1-1-endpoint.php 1 week ago class.wpcom-json-api-update-post-endpoint.php 1 week ago class.wpcom-json-api-update-post-v1-1-endpoint.php 1 week ago class.wpcom-json-api-update-post-v1-2-endpoint.php 1 week ago class.wpcom-json-api-update-site-homepage-endpoint.php 6 months ago class.wpcom-json-api-update-site-logo-endpoint.php 6 months ago class.wpcom-json-api-update-taxonomy-endpoint.php 5 months ago class.wpcom-json-api-update-term-endpoint.php 6 months ago class.wpcom-json-api-update-user-endpoint.php 6 months ago class.wpcom-json-api-upload-media-endpoint.php 6 months ago class.wpcom-json-api-upload-media-v1-1-endpoint.php 6 months ago
class.wpcom-json-api-update-user-endpoint.php
203 lines
1 <?php // phpcs:ignore WordPress.Files.FileName.InvalidClassFileName
2 /**
3 * Update site users API endpoint.
4 *
5 * Endpoint: /sites/%s/users/%d/delete
6 */
7
8 if ( ! defined( 'ABSPATH' ) ) {
9 exit( 0 );
10 }
11
12 new WPCOM_JSON_API_Update_User_Endpoint(
13 array(
14 'description' => 'Deletes or removes a user of a site.',
15 'group' => 'users',
16 'stat' => 'users:delete',
17
18 'method' => 'POST',
19 'path' => '/sites/%s/users/%d/delete',
20 'path_labels' => array(
21 '$site' => '(int|string) The site ID or domain.',
22 '$user_ID' => '(int) The user\'s ID',
23 ),
24
25 'request_format' => array(
26 'reassign' => '(int) An optional id of a user to reassign posts to.',
27 ),
28
29 'response_format' => array(
30 'success' => '(bool) Was the deletion of user successful?',
31 ),
32
33 'example_request' => 'https://public-api.wordpress.com/rest/v1/sites/82974409/users/1/delete',
34 'example_request_data' => array(
35 'headers' => array(
36 'authorization' => 'Bearer YOUR_API_TOKEN',
37 ),
38 ),
39
40 'example_response' => '
41 {
42 "success": true
43 }',
44 )
45 );
46
47 /**
48 * Update site users API class.
49 *
50 * @phan-constructor-used-for-side-effects
51 */
52 class WPCOM_JSON_API_Update_User_Endpoint extends WPCOM_JSON_API_Endpoint {
53 /**
54 * Update site users API callback.
55 *
56 * @param string $path API path.
57 * @param int $blog_id Blog ID.
58 * @param int $user_id User ID.
59 */
60 public function callback( $path = '', $blog_id = 0, $user_id = 0 ) {
61 $blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) );
62 if ( is_wp_error( $blog_id ) ) {
63 return $blog_id;
64 }
65
66 if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
67 if ( (int) wpcom_get_blog_owner( $blog_id ) === (int) $user_id ) {
68 return new WP_Error( 'forbidden', 'A site owner cannot be removed through this endpoint.', 403 );
69 }
70 }
71
72 if ( $this->api->ends_with( $path, '/delete' ) ) {
73 return $this->delete_or_remove_user( $user_id );
74 }
75
76 return false;
77 }
78
79 /**
80 * Checks if a user exists by checking to see if a WP_User object exists for a user ID.
81 *
82 * @param int $user_id User ID.
83 * @return bool
84 */
85 public function user_exists( $user_id ) {
86 $user = get_user_by( 'id', $user_id );
87
88 return false !== $user && is_a( $user, 'WP_User' );
89 }
90
91 /**
92 * Return the domain name of a subscription.
93 *
94 * @param Store_Subscription $subscription Subscription object.
95 * @return string
96 */
97 protected function get_subscription_domain_name( $subscription ) {
98 return $subscription->meta;
99 }
100
101 /**
102 * Get a list of the domains owned by the given user.
103 *
104 * @param int $user_id User ID.
105 * @return array
106 */
107 protected function domain_subscriptions_for_site_owned_by_user( $user_id ) {
108 $subscriptions = WPCOM_Store::get_subscriptions( get_current_blog_id(), $user_id, domains::get_domain_products() );
109
110 $domains = array_unique( array_map( array( $this, 'get_subscription_domain_name' ), $subscriptions ) );
111
112 return array_values( $domains );
113 }
114
115 /**
116 * Validates user input and then decides whether to remove or delete a user.
117 *
118 * @param int $user_id User ID.
119 * @return array|WP_Error
120 */
121 public function delete_or_remove_user( $user_id ) {
122 if ( 0 === (int) $user_id ) {
123 return new WP_Error( 'invalid_input', 'A valid user ID must be specified.', 400 );
124 }
125
126 if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
127 $domains = $this->domain_subscriptions_for_site_owned_by_user( $user_id );
128 if ( ! empty( $domains ) ) {
129 $error = new WP_Error( 'user_owns_domain_subscription', implode( ', ', $domains ) );
130 $error->add_data( $domains, 'additional_data' );
131 return $error;
132 }
133
134 $active_user_subscriptions = WPCOM_Store::get_user_subscriptions( $user_id, get_current_blog_id() );
135 if ( ! empty( $active_user_subscriptions ) ) {
136 $product_names = array_values( wp_list_pluck( $active_user_subscriptions, 'product_name' ) );
137 $error = new WP_Error( 'user_has_active_subscriptions', 'User has active subscriptions' );
138 $error->add_data( $product_names, 'additional_data' );
139 return $error;
140 }
141 }
142
143 if ( ! $this->user_exists( $user_id ) ) {
144 return new WP_Error( 'invalid_input', 'A user does not exist with that ID.', 400 );
145 }
146
147 return is_multisite() ? $this->remove_user( $user_id ) : $this->delete_user( $user_id );
148 }
149
150 /**
151 * Removes a user from the current site.
152 *
153 * @param int $user_id User ID.
154 * @return array|WP_Error
155 */
156 public function remove_user( $user_id ) {
157 // Skip the check if the user is removing themselves.
158 if ( ! current_user_can( 'remove_users' ) && get_current_user_id() !== (int) $user_id ) {
159 return new WP_Error( 'unauthorized', 'User cannot remove users for specified site.', 403 );
160 }
161
162 if ( ! is_user_member_of_blog( $user_id, get_current_blog_id() ) ) {
163 return new WP_Error( 'invalid_input', 'User is not a member of the specified site.', 400 );
164 }
165
166 return array(
167 'success' => remove_user_from_blog( $user_id, get_current_blog_id() ),
168 );
169 }
170
171 /**
172 * Deletes a user and optionally reassigns posts to another user.
173 *
174 * @param int $user_id User ID.
175 * @return array|WP_Error
176 */
177 public function delete_user( $user_id ) {
178 // Skip the check if the user is deleting themselves.
179 if ( ! current_user_can( 'delete_users' ) && get_current_user_id() !== (int) $user_id ) {
180 return new WP_Error( 'unauthorized', 'User cannot delete users for specified site.', 403 );
181 }
182
183 $input = (array) $this->input();
184 $reassign = isset( $input['reassign'] ) ? (int) $input['reassign'] : null;
185
186 if ( $reassign !== null ) {
187 if ( (int) $user_id === $reassign ) {
188 return new WP_Error( 'invalid_input', 'Cannot reassign posts to user being deleted.', 400 );
189 }
190
191 if ( ! $this->user_exists( $reassign ) ) {
192 return new WP_Error( 'invalid_input', 'User specified in reassign argument is not a member of the specified site.', 400 );
193 }
194 }
195
196 $success = $reassign !== null ? wp_delete_user( $user_id, $reassign ) : wp_delete_user( $user_id );
197
198 return array(
199 'success' => $success,
200 );
201 }
202 }
203