class.json-api-site-base.php — Jetpack – WP Security, Backup, Speed, & Growth 8.2.1

jetpack / sal / class.json-api-site-base.php

jetpack / sal Last commit date

class.json-api-date.php 9 years ago class.json-api-links.php 6 years ago class.json-api-metadata.php 9 years ago class.json-api-platform-jetpack.php 9 years ago class.json-api-platform.php 9 years ago class.json-api-post-base.php 6 years ago class.json-api-post-jetpack.php 9 years ago class.json-api-site-base.php 6 years ago class.json-api-site-jetpack-base.php 7 years ago class.json-api-site-jetpack.php 6 years ago class.json-api-token.php 9 years ago

class.json-api-site-base.php

662 lines

1	<?php
2
3	require_once dirname( __FILE__ ) . '/class.json-api-date.php';
4	require_once dirname( __FILE__ ) . '/class.json-api-post-base.php';
5
6	/**
7	* Base class for the Site Abstraction Layer (SAL)
8	* Note that this is the site "as seen by user $user_id with token $token", which
9	* is why we pass the token to the platform; these site instances are value objects
10	* to be used in the context of a single request for a single user.
11	* Also note that at present this class _assumes_ you've "switched to"
12	* the site in question, and functions like `get_bloginfo( 'name' )` will
13	* therefore return the correct value
14	**/
15	abstract class SAL_Site {
16	public $blog_id;
17	public $platform;
18
19	public function __construct( $blog_id, $platform ) {
20	$this->blog_id = $blog_id;
21	$this->platform = $platform;
22	}
23
24	public function get_id() {
25	return $this->blog_id;
26	}
27
28	public function get_name() {
29	return (string) htmlspecialchars_decode( get_bloginfo( 'name' ), ENT_QUOTES );
30	}
31
32	public function get_description() {
33	return (string) htmlspecialchars_decode( get_bloginfo( 'description' ), ENT_QUOTES );
34	}
35
36	public function get_url() {
37	return (string) home_url();
38	}
39
40	public function get_post_count() {
41	return (int) wp_count_posts( 'post' )->publish;
42	}
43
44	public function get_quota() {
45	return null;
46	}
47
48	abstract public function has_videopress();
49
50	abstract public function upgraded_filetypes_enabled();
51
52	abstract public function is_mapped_domain();
53
54	abstract public function get_unmapped_url();
55
56	abstract public function is_redirect();
57
58	abstract public function is_headstart_fresh();
59
60	abstract public function featured_images_enabled();
61
62	abstract public function has_wordads();
63
64	abstract public function get_frame_nonce();
65
66	abstract public function get_jetpack_frame_nonce();
67
68	abstract public function allowed_file_types();
69
70	abstract public function get_post_formats();
71
72	abstract public function is_private();
73
74	abstract public function is_following();
75
76	abstract public function get_subscribers_count();
77
78	abstract public function get_locale();
79
80	abstract public function is_jetpack();
81
82	abstract public function get_jetpack_modules();
83
84	abstract public function is_module_active( $module );
85
86	abstract public function is_vip();
87
88	abstract public function is_multisite();
89
90	abstract public function is_single_user_site();
91
92	abstract public function get_plan();
93
94	abstract public function get_ak_vp_bundle_enabled();
95
96	abstract public function get_podcasting_archive();
97
98	abstract public function get_import_engine();
99
100	abstract public function get_jetpack_seo_front_page_description();
101
102	abstract public function get_jetpack_seo_title_formats();
103
104	abstract public function get_verification_services_codes();
105
106	abstract public function before_render();
107
108	abstract public function after_render( &$response );
109
110	// TODO - factor this out? Seems an odd thing to have on a site
111	abstract public function after_render_options( &$options );
112
113	// wrap a WP_Post object with SAL methods
114	abstract public function wrap_post( $post, $context );
115
116	abstract protected function is_a8c_publication( $post_id );
117
118	public function is_automated_transfer() {
119	/**
120	* Filter if a site is an automated-transfer site.
121	*
122	* @module json-api
123	*
124	* @since 6.4.0
125	*
126	* @param bool is_automated_transfer( $this->blog_id )
127	* @param int $blog_id Blog identifier.
128	*/
129	return apply_filters(
130	'jetpack_site_automated_transfer',
131	false,
132	$this->blog_id
133	);
134	}
135
136	public function is_wpcom_atomic() {
137	return false;
138	}
139
140	public function is_wpcom_store() {
141	return false;
142	}
143
144	public function woocommerce_is_active() {
145	return false;
146	}
147
148	public function get_post_by_id( $post_id, $context ) {
149	// Remove the skyword tracking shortcode for posts returned via the API.
150	remove_shortcode( 'skyword-tracking' );
151	add_shortcode( 'skyword-tracking', '__return_empty_string' );
152
153	$post = get_post( $post_id, OBJECT, $context );
154
155	if ( ! $post ) {
156	return new WP_Error( 'unknown_post', 'Unknown post', 404 );
157	}
158
159	$wrapped_post = $this->wrap_post( $post, $context );
160
161	// validate access
162	return $this->validate_access( $wrapped_post );
163	}
164
165	/**
166	* Validate current user can access the post
167	*
168	* @return WP_Error or post
169	*/
170	private function validate_access( $post ) {
171	$context = $post->context;
172
173	if (
174	! $this->is_post_type_allowed( $post->post_type )
175	&& ! $this->is_a8c_publication( $post->ID )
176	) {
177	return new WP_Error( 'unknown_post', 'Unknown post', 404 );
178	}
179
180	switch ( $context ) {
181	case 'edit' :
182	if ( ! current_user_can( 'edit_post', $post->ID ) ) {
183	return new WP_Error( 'unauthorized', 'User cannot edit post', 403 );
184	}
185	break;
186	case 'display' :
187	$can_view = $this->user_can_view_post( $post );
188	if ( is_wp_error( $can_view ) ) {
189	return $can_view;
190	}
191	break;
192	default :
193	return new WP_Error( 'invalid_context', 'Invalid API CONTEXT', 400 );
194	}
195
196	return $post;
197	}
198
199	public function current_user_can_access_post_type( $post_type, $context ) {
200	$post_type_object = $this->get_post_type_object( $post_type );
201	if ( ! $post_type_object ) {
202	return false;
203	}
204
205	switch( $context ) {
206	case 'edit':
207	return current_user_can( $post_type_object->cap->edit_posts );
208	case 'display':
209	return $post_type_object->public \|\| current_user_can( $post_type_object->cap->read_private_posts );
210	default:
211	return false;
212	}
213	}
214
215	protected function get_post_type_object( $post_type ) {
216	return get_post_type_object( $post_type );
217	}
218
219	// copied from class.json-api-endpoints.php
220	public function is_post_type_allowed( $post_type ) {
221	// if the post type is empty, that's fine, WordPress will default to post
222	if ( empty( $post_type ) ) {
223	return true;
224	}
225
226	// allow special 'any' type
227	if ( 'any' == $post_type ) {
228	return true;
229	}
230
231	// check for allowed types
232	if ( in_array( $post_type, $this->get_whitelisted_post_types() ) ) {
233	return true;
234	}
235
236	if ( $post_type_object = get_post_type_object( $post_type ) ) {
237	if ( ! empty( $post_type_object->show_in_rest ) ) {
238	return $post_type_object->show_in_rest;
239	}
240	if ( ! empty( $post_type_object->publicly_queryable ) ) {
241	return $post_type_object->publicly_queryable;
242	}
243	}
244
245	return ! empty( $post_type_object->public );
246	}
247
248	// copied from class.json-api-endpoints.php
249	/**
250	* Gets the whitelisted post types that JP should allow access to.
251	*
252	* @return array Whitelisted post types.
253	*/
254	public function get_whitelisted_post_types() {
255	$allowed_types = array( 'post', 'page', 'revision' );
256
257	/**
258	* Filter the post types Jetpack has access to, and can synchronize with WordPress.com.
259	*
260	* @module json-api
261	*
262	* @since 2.2.3
263	*
264	* @param array $allowed_types Array of whitelisted post types. Default to `array( 'post', 'page', 'revision' )`.
265	*/
266	$allowed_types = apply_filters( 'rest_api_allowed_post_types', $allowed_types );
267
268	return array_unique( $allowed_types );
269	}
270
271	// copied and modified a little from class.json-api-endpoints.php
272	private function user_can_view_post( $post ) {
273	if ( !$post \|\| is_wp_error( $post ) ) {
274	return false;
275	}
276
277	if ( 'inherit' === $post->post_status ) {
278	$parent_post = get_post( $post->post_parent );
279	$post_status_obj = get_post_status_object( $parent_post->post_status );
280	} else {
281	$post_status_obj = get_post_status_object( $post->post_status );
282	}
283
284	$authorized = (
285	$post_status_obj->public \|\|
286	( is_user_logged_in() &&
287	(
288	( $post_status_obj->protected && current_user_can( 'edit_post', $post->ID ) ) \|\|
289	( $post_status_obj->private && current_user_can( 'read_post', $post->ID ) ) \|\|
290	( 'trash' === $post->post_status && current_user_can( 'edit_post', $post->ID ) ) \|\|
291	'auto-draft' === $post->post_status
292	)
293	)
294	);
295
296	if ( ! $authorized ) {
297	return new WP_Error( 'unauthorized', 'User cannot view post', 403 );
298	}
299
300	if (
301	-1 == get_option( 'blog_public' ) &&
302	/**
303	* Filter access to a specific post.
304	*
305	* @module json-api
306	*
307	* @since 3.4.0
308	*
309	* @param bool current_user_can( 'read_post', $post->ID ) Can the current user access the post.
310	* @param WP_Post $post Post data.
311	*/
312	! apply_filters(
313	'wpcom_json_api_user_can_view_post',
314	current_user_can( 'read_post', $post->ID ),
315	$post
316	)
317	) {
318	return new WP_Error( 'unauthorized', 'User cannot view post', array( 'status_code' => 403, 'error' => 'private_blog' ) );
319	}
320
321	if ( strlen( $post->post_password ) && !current_user_can( 'edit_post', $post->ID ) ) {
322	return new WP_Error( 'unauthorized', 'User cannot view password protected post', array( 'status_code' => 403, 'error' => 'password_protected' ) );
323	}
324
325	return true;
326	}
327
328	/**
329	* Get post ID by name
330	*
331	* Attempts to match name on post title and page path
332	*
333	* @param string $name
334	*
335	* @return int\|object Post ID on success, WP_Error object on failure
336	*/
337	public function get_post_id_by_name( $name ) {
338	$name = sanitize_title( $name );
339
340	if ( ! $name ) {
341	return new WP_Error( 'invalid_post', 'Invalid post', 400 );
342	}
343
344	$posts = get_posts( array(
345	'name' => $name,
346	'numberposts' => 1,
347	'post_type' => $this->get_whitelisted_post_types(),
348	) );
349
350	if ( ! $posts \|\| ! isset( $posts[0]->ID ) \|\| ! $posts[0]->ID ) {
351	$page = get_page_by_path( $name );
352
353	if ( ! $page ) {
354	return new WP_Error( 'unknown_post', 'Unknown post', 404 );
355	}
356
357	return $page->ID;
358	}
359
360	return (int) $posts[0]->ID;
361	}
362
363	/**
364	* Get post by name
365	*
366	* Attempts to match name on post title and page path
367	*
368	* @param string $name
369	* @param string $context (display or edit)
370	*
371	* @return object Post object on success, WP_Error object on failure
372	**/
373	public function get_post_by_name( $name, $context ) {
374	$post_id = $this->get_post_id_by_name( $name );
375	if ( is_wp_error( $post_id ) ) {
376	return $post_id;
377	}
378
379	return $this->get_post_by_id( $post_id, $context );
380	}
381
382	function user_can_manage() {
383	current_user_can( 'manage_options' );
384	}
385
386	function get_xmlrpc_url() {
387	$xmlrpc_scheme = apply_filters( 'wpcom_json_api_xmlrpc_scheme', wp_parse_url( get_option( 'home' ), PHP_URL_SCHEME ) );
388	return site_url( 'xmlrpc.php', $xmlrpc_scheme );
389	}
390
391	function get_registered_date() {
392	if ( function_exists( 'get_blog_details' ) ) {
393	$blog_details = get_blog_details();
394	if ( ! empty( $blog_details->registered ) ) {
395	return WPCOM_JSON_API_Date::format_date( $blog_details->registered );
396	}
397	}
398
399	return '0000-00-00T00:00:00+00:00';
400	}
401
402	function get_capabilities() {
403	return array(
404	'edit_pages' => current_user_can( 'edit_pages' ),
405	'edit_posts' => current_user_can( 'edit_posts' ),
406	'edit_others_posts' => current_user_can( 'edit_others_posts' ),
407	'edit_others_pages' => current_user_can( 'edit_others_pages' ),
408	'delete_posts' => current_user_can( 'delete_posts' ),
409	'delete_others_posts' => current_user_can( 'delete_others_posts' ),
410	'edit_theme_options' => current_user_can( 'edit_theme_options' ),
411	'edit_users' => current_user_can( 'edit_users' ),
412	'list_users' => current_user_can( 'list_users' ),
413	'manage_categories' => current_user_can( 'manage_categories' ),
414	'manage_options' => current_user_can( 'manage_options' ),
415	'moderate_comments' => current_user_can( 'moderate_comments' ),
416	'activate_wordads' => wpcom_get_blog_owner() === (int) get_current_user_id(),
417	'promote_users' => current_user_can( 'promote_users' ),
418	'publish_posts' => current_user_can( 'publish_posts' ),
419	'upload_files' => current_user_can( 'upload_files' ),
420	'delete_users' => current_user_can( 'delete_users' ),
421	'remove_users' => current_user_can( 'remove_users' ),
422	/**
423	* Filter whether the Hosting section in Calypso should be available for site.
424	*
425	* @module json-api
426	*
427	* @since 8.2.0
428	*
429	* @param bool $view_hosting Can site access Hosting section. Default to false.
430	*/
431	'view_hosting' => apply_filters( 'jetpack_json_api_site_can_view_hosting', false ),
432	'view_stats' => stats_is_blog_user( $this->blog_id )
433	);
434	}
435
436	function is_visible() {
437	if ( is_user_logged_in() ) {
438	$current_user = wp_get_current_user();
439	$visible = (array) get_user_meta( $current_user->ID, 'blog_visibility', true );
440
441	$is_visible = true;
442	if ( isset( $visible[ $this->blog_id ] ) ) {
443	$is_visible = (bool) $visible[ $this->blog_id ];
444	}
445
446	// null and true are visible
447	return $is_visible;
448	}
449
450	return null;
451	}
452
453	function get_logo() {
454
455	// Set an empty response array.
456	$logo_setting = array(
457	'id' => (int) 0,
458	'sizes' => array(),
459	'url' => '',
460	);
461
462	// Get current site logo values.
463	$logo = get_option( 'site_logo' );
464
465	// Update the response array if there's a site logo currenty active.
466	if ( $logo && 0 != $logo['id'] ) {
467	$logo_setting['id'] = $logo['id'];
468	$logo_setting['url'] = $logo['url'];
469
470	foreach ( $logo['sizes'] as $size => $properties ) {
471	$logo_setting['sizes'][ $size ] = $properties;
472	}
473	}
474
475	return $logo_setting;
476	}
477
478	function get_timezone() {
479	return (string) get_option( 'timezone_string' );
480	}
481
482	function get_gmt_offset() {
483	return (float) get_option( 'gmt_offset' );
484	}
485
486	function get_login_url() {
487	return wp_login_url();
488	}
489
490	function get_admin_url() {
491	return get_admin_url();
492	}
493
494	function get_theme_slug() {
495	return get_option( 'stylesheet' );
496	}
497
498	function get_header_image() {
499	return get_theme_mod( 'header_image_data' );
500	}
501
502	function get_background_color() {
503	return get_theme_mod( 'background_color' );
504	}
505
506	function get_image_default_link_type() {
507	return get_option( 'image_default_link_type' );
508	}
509
510	function get_image_thumbnail_width() {
511	return (int) get_option( 'thumbnail_size_w' );
512	}
513
514	function get_image_thumbnail_height() {
515	return (int) get_option( 'thumbnail_size_h' );
516	}
517
518	function get_image_thumbnail_crop() {
519	return get_option( 'thumbnail_crop' );
520	}
521
522	function get_image_medium_width() {
523	return (int) get_option( 'medium_size_w' );
524	}
525
526	function get_image_medium_height() {
527	return (int) get_option( 'medium_size_h' );
528	}
529
530	function get_image_large_width() {
531	return (int) get_option( 'large_size_w' );
532	}
533
534	function get_image_large_height() {
535	return (int) get_option( 'large_size_h' );
536	}
537
538	function get_permalink_structure() {
539	return get_option( 'permalink_structure' );
540	}
541
542	function get_default_post_format() {
543	return get_option( 'default_post_format' );
544	}
545
546	function get_default_category() {
547	return (int) get_option( 'default_category' );
548	}
549
550	function get_show_on_front() {
551	return get_option( 'show_on_front' );
552	}
553
554	function is_custom_front_page() {
555	return ( 'page' === $this->get_show_on_front() );
556	}
557
558	function get_default_likes_enabled() {
559	return (bool) apply_filters( 'wpl_is_enabled_sitewide', ! get_option( 'disabled_likes' ) );
560	}
561
562	function get_default_sharing_status() {
563	$default_sharing_status = false;
564	if ( class_exists( 'Sharing_Service' ) ) {
565	$ss = new Sharing_Service();
566	$blog_services = $ss->get_blog_services();
567	$default_sharing_status = ! empty( $blog_services['visible'] );
568	}
569	return (bool) $default_sharing_status;
570	}
571
572	function get_default_comment_status() {
573	return 'closed' !== get_option( 'default_comment_status' );
574	}
575
576	function default_ping_status() {
577	return 'closed' !== get_option( 'default_ping_status' );
578	}
579
580	function is_publicize_permanently_disabled() {
581	$publicize_permanently_disabled = false;
582	if ( function_exists( 'is_publicize_permanently_disabled' ) ) {
583	$publicize_permanently_disabled = is_publicize_permanently_disabled( $this->blog_id );
584	}
585	return $publicize_permanently_disabled;
586	}
587
588	function get_page_on_front() {
589	return (int) get_option( 'page_on_front' );
590	}
591
592	function get_page_for_posts() {
593	return (int) get_option( 'page_for_posts' );
594	}
595
596	function is_headstart() {
597	return get_option( 'headstart' );
598	}
599
600	function get_wordpress_version() {
601	global $wp_version;
602	return $wp_version;
603	}
604
605	function is_domain_only() {
606	$options = get_option( 'options' );
607	return ! empty ( $options['is_domain_only'] ) ? (bool) $options['is_domain_only'] : false;
608	}
609
610	function get_blog_public() {
611	return (int) get_option( 'blog_public' );
612	}
613
614	function has_pending_automated_transfer() {
615	/**
616	* Filter if a site is in pending automated transfer state.
617	*
618	* @module json-api
619	*
620	* @since 6.4.0
621	*
622	* @param bool has_site_pending_automated_transfer( $this->blog_id )
623	* @param int $blog_id Blog identifier.
624	*/
625	return apply_filters(
626	'jetpack_site_pending_automated_transfer',
627	false,
628	$this->blog_id
629	);
630	}
631
632	function signup_is_store() {
633	return $this->get_design_type() === 'store';
634	}
635
636	function get_roles() {
637	return new WP_Roles();
638	}
639
640	function get_design_type() {
641	$options = get_option( 'options' );
642	return empty( $options[ 'designType'] ) ? null : $options[ 'designType' ];
643	}
644
645	function get_site_goals() {
646	$options = get_option( 'options' );
647	return empty( $options[ 'siteGoals'] ) ? null : $options[ 'siteGoals' ];
648	}
649
650	function get_launch_status() {
651	return false;
652	}
653
654	function get_migration_status() {
655	return false;
656	}
657
658	function get_site_segment() {
659	return false;
660	}
661	}
662