WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

WP_REST_Abilities_V1_Run_Controller::check_ability_permissions()

WP_REST_Abilities_V1_Run_Controller::check_ability_permissions( WP_REST_Request $request ): true|WP_Error

In this article

Back to top

Checks if a given request has permission to execute a specific ability.

Parameters

$requestWP_REST_Requestrequired
Full details about the request.

Return

true|WP_Error True if the request has execution permission, WP_Error object otherwise.

Source

public function check_ability_permissions( $request ) {
	$ability = wp_get_ability( $request['name'] );
	if ( ! $ability || ! $ability->get_meta_item( 'show_in_rest' ) ) {
		return new WP_Error(
			'rest_ability_not_found',
			__( 'Ability not found.' ),
			array( 'status' => 404 )
		);
	}

	$is_valid = $this->validate_request_method(
		$request->get_method(),
		$ability->get_meta_item( 'annotations' )
	);
	if ( is_wp_error( $is_valid ) ) {
		return $is_valid;
	}

	$input    = $this->get_input_from_request( $request );
	$input    = $ability->normalize_input( $input );
	$is_valid = $ability->validate_input( $input );
	if ( is_wp_error( $is_valid ) ) {
		$is_valid->add_data( array( 'status' => 400 ) );
		return $is_valid;
	}

	$result = $ability->check_permissions( $input );
	if ( is_wp_error( $result ) ) {
		$result->add_data( array( 'status' => rest_authorization_required_code() ) );
		return $result;
	}
	if ( ! $result ) {
		return new WP_Error(
			'rest_ability_cannot_execute',
			__( 'Sorry, you are not allowed to execute this ability.' ),
			array( 'status' => rest_authorization_required_code() )
		);
	}

	return true;
}

View all references View on Trac View on GitHub

UsesDescription
wp_get_ability()wp-includes/abilities-api.php

Retrieves a registered ability.

WP_REST_Abilities_V1_Run_Controller::validate_request_method()wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php

Validates if the HTTP method matches the expected method for the ability based on its annotations.

WP_REST_Abilities_V1_Run_Controller::get_input_from_request()wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php

Extracts input parameters from the request.

rest_authorization_required_code()wp-includes/rest-api.php

Returns a contextual HTTP error code for authorization failure.

__()wp-includes/l10n.php

Retrieves the translation of $text.

is_wp_error()wp-includes/load.php

Checks whether the given variable is a WordPress Error.

WP_Error::__construct()wp-includes/class-wp-error.php

Initializes the error.

Show 4 moreShow less

Changelog

VersionDescription
6.9.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.