BP_REST_XProfile_Data_Endpoint::get_item_permissions_check( WP_REST_Request $request )
Check if a given request has access to get users’s data.
Description Description
Parameters Parameters
- $request
-
(Required) Full data about the request.
Return Return
(true|WP_Error)
Source Source
File: bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php
public function get_item_permissions_check( $request ) {
$retval = true;
// Check the field exists.
$field = $this->get_xprofile_field_object( $request['field_id'] );
if ( empty( $field->id ) ) {
$retval = new WP_Error(
'bp_rest_invalid_id',
__( 'Invalid field ID.', 'buddypress' ),
array(
'status' => 404,
)
);
}
// Check the requested user exists.
if ( true === $retval && ! bp_rest_get_user( $request['user_id'] ) ) {
$retval = new WP_Error(
'bp_rest_member_invalid_id',
__( 'Invalid member ID.', 'buddypress' ),
array(
'status' => 404,
)
);
}
// Check the user can view this field value.
$hidden_user_fields = bp_xprofile_get_hidden_fields_for_user( $request['user_id'] );
if ( true === $retval && in_array( $field->id, $hidden_user_fields, true ) ) {
$retval = new WP_Error(
'bp_rest_hidden_profile_field',
__( 'Sorry, the profile field value is not viewable for this user.', 'buddypress' ),
array(
'status' => 403,
)
);
}
/**
* Filter the XProfile data `get_item` permissions check.
*
* @since 5.0.0
*
* @param bool|WP_Error $retval Returned value.
* @param WP_REST_Request $request The request sent to the API.
*/
return apply_filters( 'bp_rest_xprofile_data_get_item_permissions_check', $retval, $request );
}
Changelog Changelog
| Version | Description |
|---|---|
| 5.0.0 | Introduced. |