Checks if the current user has permission to access a room.
Parameters
$requestWP_REST_Requestrequired- The REST request.
Source
public function check_permissions( WP_REST_Request $request ) {
// Minimum cap check. Is user logged in with a contributor role or higher?
if ( ! current_user_can( 'edit_posts' ) ) {
return new WP_Error(
'rest_cannot_edit',
__( 'You do not have permission to perform this action' ),
array( 'status' => rest_authorization_required_code() )
);
}
$rooms = $request['rooms'];
$wp_user_id = get_current_user_id();
foreach ( $rooms as $room ) {
$client_id = $room['client_id'];
$room = $room['room'];
// Check that the client_id is not already owned by another user.
$existing_awareness = $this->storage->get_awareness_state( $room );
foreach ( $existing_awareness as $entry ) {
if ( $client_id === $entry['client_id'] && $wp_user_id !== $entry['wp_user_id'] ) {
return new WP_Error(
'rest_cannot_edit',
__( 'Client ID is already in use by another user.' ),
array( 'status' => rest_authorization_required_code() )
);
}
}
$type_parts = explode( '/', $room, 2 );
$object_parts = explode( ':', $type_parts[1] ?? '', 2 );
$entity_kind = $type_parts[0];
$entity_name = $object_parts[0];
$object_id = $object_parts[1] ?? null;
if ( ! $this->can_user_sync_entity_type( $entity_kind, $entity_name, $object_id ) ) {
return new WP_Error(
'rest_cannot_edit',
sprintf(
/* translators: %s: The room name encodes the current entity being synced. */
__( 'You do not have permission to sync this entity: %s.' ),
$room
),
array( 'status' => rest_authorization_required_code() )
);
}
}
return true;
}
Changelog
| Version | Description |
|---|---|
| 7.0.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.