WP_REST_Server::respond_to_request( WP_REST_Request $request, string $route, array $handler, WP_Error|null $response ): WP_REST_Response

Source

protected function respond_to_request( $request, $route, $handler, $response ) {
	/**
	 * Filters the response before executing any REST API callbacks.
	 *
	 * Allows plugins to perform additional validation after a
	 * request is initialized and matched to a registered route,
	 * but before it is executed.
	 *
	 * Note that this filter will not be called for requests that
	 * fail to authenticate or match to a registered route.
	 *
	 * @since 4.7.0
	 *
	 * @param WP_REST_Response|WP_HTTP_Response|WP_Error|mixed $response Result to send to the client.
	 *                                                                   Usually a WP_REST_Response or WP_Error.
	 * @param array                                            $handler  Route handler used for the request.
	 * @param WP_REST_Request                                  $request  Request used to generate the response.
	 */
	$response = apply_filters( 'rest_request_before_callbacks', $response, $handler, $request );

	// Check permission specified on the route.
	if ( ! is_wp_error( $response ) && ! empty( $handler['permission_callback'] ) ) {
		$permission = call_user_func( $handler['permission_callback'], $request );

		if ( is_wp_error( $permission ) ) {
			$response = $permission;
		} elseif ( false === $permission || null === $permission ) {
			$response = new WP_Error(
				'rest_forbidden',
				__( 'Sorry, you are not allowed to do that.' ),
				array( 'status' => rest_authorization_required_code() )
			);
		}
	}

	if ( ! is_wp_error( $response ) ) {
		/**
		 * Filters the REST API dispatch request result.
		 *
		 * Allow plugins to override dispatching the request.
		 *
		 * @since 4.4.0
		 * @since 4.5.0 Added `$route` and `$handler` parameters.
		 *
		 * @param mixed           $dispatch_result Dispatch result, will be used if not empty.
		 * @param WP_REST_Request $request         Request used to generate the response.
		 * @param string          $route           Route matched for the request.
		 * @param array           $handler         Route handler used for the request.
		 */
		$dispatch_result = apply_filters( 'rest_dispatch_request', null, $request, $route, $handler );

		// Allow plugins to halt the request via this filter.
		if ( null !== $dispatch_result ) {
			$response = $dispatch_result;
		} else {
			$response = call_user_func( $handler['callback'], $request );
		}
	}

	/**
	 * Filters the response immediately after executing any REST API
	 * callbacks.
	 *
	 * Allows plugins to perform any needed cleanup, for example,
	 * to undo changes made during the 'rest_request_before_callbacks'
	 * filter.
	 *
	 * Note that this filter will not be called for requests that
	 * fail to authenticate or match to a registered route.
	 *
	 * Note that an endpoint's `permission_callback` can still be
	 * called after this filter - see `rest_send_allow_header()`.
	 *
	 * @since 4.7.0
	 *
	 * @param WP_REST_Response|WP_HTTP_Response|WP_Error|mixed $response Result to send to the client.
	 *                                                                   Usually a WP_REST_Response or WP_Error.
	 * @param array                                            $handler  Route handler used for the request.
	 * @param WP_REST_Request                                  $request  Request used to generate the response.
	 */
	$response = apply_filters( 'rest_request_after_callbacks', $response, $handler, $request );

	if ( is_wp_error( $response ) ) {
		$response = $this->error_to_response( $response );
	} else {
		$response = rest_ensure_response( $response );
	}

	$response->set_matched_route( $route );
	$response->set_matched_handler( $handler );

	return $response;
}

View all references View on Trac View on GitHub