BP_REST_Group_Membership_Request_Endpoint::get_items_permissions_check( WP_REST_Request $request )

Check if a given request has access to fetch group membership requests.

Description

Parameters

$request: (Required) Full details about the request.

Return

(bool|WP_Error)

Source

File: bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php

public function get_items_permissions_check( $request ) {
    $retval      = true;
    $user_id     = bp_loggedin_user_id();
    $user_id_arg = $request['user_id'];
    $group       = $this->groups_endpoint->get_group_object( $request['group_id'] );
 
    // If the query is not restricted by group or user, limit it to the current user, if not an admin.
    if ( ! $request['group_id'] && ! $request['user_id'] && ! bp_current_user_can( 'bp_moderate' ) ) {
        $user_id_arg = $user_id;
    }
    $user = bp_rest_get_user( $user_id_arg );
 
    if ( ! $user_id ) {
        $retval = new WP_Error(
            'bp_rest_authorization_required',
            __( 'Sorry, you need to be logged in to view membership requests.', 'buddyboss' ),
            array(
                'status' => rest_authorization_required_code(),
            )
        );
    }
 
    // If a group ID has been passed, check that it is valid.
    if ( true === $retval && $request['group_id'] && ! $group instanceof BP_Groups_Group ) {
        $retval = new WP_Error(
            'bp_rest_group_invalid_id',
            __( 'Invalid group ID.', 'buddyboss' ),
            array(
                'status' => 404,
            )
        );
    }
 
    // If a user ID has been passed, check that it is valid.
    if ( true === $retval && $user_id_arg && ! $user instanceof WP_User ) {
        $retval = new WP_Error(
            'bp_rest_member_invalid_id',
            __( 'Invalid member ID.', 'buddyboss' ),
            array(
                'status' => 404,
            )
        );
    }
 
    // Site administrators can do anything. Otherwise, the user must manage the subject group or be the requester.
    if (
        true === $retval
        && ! bp_current_user_can( 'bp_moderate' )
        && ! ( $request['group_id'] && groups_is_user_admin( $user_id, $request['group_id'] ) )
        && $user_id_arg !== $user_id
    ) {
        $retval = new WP_Error(
            'bp_rest_group_membership_requests_cannot_get_items',
            __( 'Sorry, you are not allowed to view membership requests.', 'buddyboss' ),
            array(
                'status' => 500,
            )
        );
    }
 
    /**
     * Filter the `get_items` permissions check.
     *
     * @param bool|WP_Error $retval Whether the request can continue.
     * @param WP_REST_Request $request The request sent to the API.
     *
     * @since 0.1.0
     */
    return apply_filters( 'bp_rest_group_membership_requests_get_items_permissions_check', $retval, $request );
}

Expand full source code Collapse full source code

Changelog

Changelog
Version	Description
0.1.0	Introduced.

Uses

Uses
Uses	Description
bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php: bp_rest_group_membership_requests_get_items_permissions_check	Filter the `get_items` permissions check.
bp-core/bp-core-rest-api.php: bp_rest_get_user()	Get the user object, if the ID is valid.
bp-groups/bp-groups-functions.php: groups_is_user_admin()	Check whether a user is an admin of a given group.
bp-core/bp-core-template.php: bp_loggedin_user_id()	Get the ID of the currently logged-in user.
bp-core/bp-core-caps.php: bp_current_user_can()	Check whether the current user has a given capability.

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.

Contents