WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

WP_HTTP_Polling_Sync_Server::can_user_sync_entity_type()

WP_HTTP_Polling_Sync_Server::can_user_sync_entity_type( string $entity_kind, string $entity_name, string|null $object_id ): bool

In this article

Back to top

This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only by core. It is listed here for completeness.

Checks if the current user can sync a specific entity type.

Parameters

$entity_kindstringrequired
The entity kind, e.g. 'postType', 'taxonomy', 'root'.
$entity_namestringrequired
The entity name, e.g. 'post', 'category', 'site'.
$object_idstring|nullrequired
The numeric object ID / entity key for single entities, null for collections.

Return

bool True if user has permission, otherwise false.

Source

private function can_user_sync_entity_type( string $entity_kind, string $entity_name, ?string $object_id ): bool {
	if ( is_string( $object_id ) ) {
		if ( ! ctype_digit( $object_id ) ) {
			return false;
		}
		$object_id = (int) $object_id;
	}
	if ( null !== $object_id && $object_id <= 0 ) {
		// Object ID must be numeric if provided.
		return false;
	}

	// Validate permissions for the provided object ID.
	if ( is_int( $object_id ) ) {
		// Handle single post type entities with a defined object ID.
		if ( 'postType' === $entity_kind ) {
			if ( get_post_type( $object_id ) !== $entity_name ) {
				// Post is not of the specified post type.
				return false;
			}
			return current_user_can( 'edit_post', $object_id );
		}

		// Handle single taxonomy term entities with a defined object ID.
		if ( 'taxonomy' === $entity_kind ) {
			$term_exists = term_exists( $object_id, $entity_name );
			if ( ! is_array( $term_exists ) || ! isset( $term_exists['term_id'] ) ) {
				// Either term doesn't exist OR term is not in specified taxonomy.
				return false;
			}

			return current_user_can( 'edit_term', $object_id );
		}

		// Handle single comment entities with a defined object ID.
		if ( 'root' === $entity_kind && 'comment' === $entity_name ) {
			return current_user_can( 'edit_comment', $object_id );
		}
	}

	// All the remaining checks are for collections. If an object ID is provided,
	// reject the request.
	if ( null !== $object_id ) {
		return false;
	}

	// For postType collections, check if the user can edit posts of this type.
	if ( 'postType' === $entity_kind ) {
		$post_type_object = get_post_type_object( $entity_name );
		if ( ! isset( $post_type_object->cap->edit_posts ) ) {
			return false;
		}

		return current_user_can( $post_type_object->cap->edit_posts );
	}

	// Collection syncing does not exchange entity data. It only signals if
	// another user has updated an entity in the collection. Therefore, we only
	// compare against an allow list of collection types.
	$allowed_collection_entity_kinds = array(
		'postType',
		'root',
		'taxonomy',
	);

	return in_array( $entity_kind, $allowed_collection_entity_kinds, true );
}

View all references View on Trac View on GitHub

UsesDescription
term_exists()wp-includes/taxonomy.php

Determines whether a taxonomy term exists.

get_post_type()wp-includes/post.php

Retrieves the post type of the current post or of a given post.

current_user_can()wp-includes/capabilities.php

Returns whether the current user has the specified capability.

get_post_type_object()wp-includes/post.php

Retrieves a post type object by name.

Show 2 moreShow less
Used byDescription
WP_HTTP_Polling_Sync_Server::check_permissions()wp-includes/collaboration/class-wp-http-polling-sync-server.php

Checks if the current user has permission to access a room.

Changelog

VersionDescription
7.0.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.