BP_REST_Group_Membership_Request_Endpoint::get_items_permissions_check( WP_REST_Request $request )

Check if a given request has access to fetch group membership requests.

Contents

Description Description

Parameters Parameters

$request

(Required) Full details about the request.

Top ↑

Return Return

(true|WP_Error)

Top ↑

Source Source

File: bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php 

	public function get_items_permissions_check( $request ) {
		$retval      = true;
		$user_id     = bp_loggedin_user_id();
		$user_id_arg = $request['user_id'];
		$group       = $this->groups_endpoint->get_group_object( $request['group_id'] );

		// If the query is not restricted by group or user, limit it to the current user, if not an admin.
		if ( ! $request['group_id'] && ! $request['user_id'] && ! bp_current_user_can( 'bp_moderate' ) ) {
			$user_id_arg = $user_id;
		}
		$user = bp_rest_get_user( $user_id_arg );

		if ( ! $user_id ) {
			$retval = new WP_Error(
				'bp_rest_authorization_required',
				__( 'Sorry, you need to be logged in to view membership requests.', 'buddypress' ),
				array(
					'status' => rest_authorization_required_code(),
				)
			);
		}

		// If a group ID has been passed, check that it is valid.
		if ( true === $retval && $request['group_id'] && ! $group instanceof BP_Groups_Group ) {
			$retval = new WP_Error(
				'bp_rest_group_invalid_id',
				__( 'Invalid group ID.', 'buddypress' ),
				array(
					'status' => 404,
				)
			);
		}

		// If a user ID has been passed, check that it is valid.
		if ( true === $retval && $user_id_arg && ! $user instanceof WP_User ) {
			$retval = new WP_Error(
				'bp_rest_member_invalid_id',
				__( 'Invalid member ID.', 'buddypress' ),
				array(
					'status' => 404,
				)
			);
		}

		// Site administrators can do anything. Otherwise, the user must manage the subject group or be the requester.
		if ( true === $retval
			&& ! bp_current_user_can( 'bp_moderate' )
			&& ! ( $request['group_id'] && groups_is_user_admin( $user_id, $request['group_id'] ) )
			&& $user_id_arg !== $user_id ) {
			$retval = new WP_Error(
				'bp_rest_group_membership_requests_cannot_get_items',
				__( 'Sorry, you are not allowed to view membership requests.', 'buddypress' ),
				array(
					'status' => 500,
				)
			);
		}

		/**
		 * Filter the `get_items` permissions check.
		 *
		 * @since 5.0.0
		 *
		 * @param bool|WP_Error   $retval  Whether the request can continue.
		 * @param WP_REST_Request $request The request sent to the API.
		 */
		return apply_filters( 'bp_rest_group_membership_requests_get_items_permissions_check', $retval, $request );
	}

Expand full source code Collapse full source code

Top ↑

Changelog Changelog

Changelog
Version Description
5.0.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.