BP_REST_Group_Invites_Endpoint::update_item_permissions_check( WP_REST_Request $request )

Check if a given request has access to accept a group invitation.

Description

Parameters

$request

(Required) Full details about the request.

Return

(bool|WP_Error)

Source

File: bp-groups/classes/class-bp-rest-group-invites-endpoint.php

	public function update_item_permissions_check( $request ) {
		$retval  = true;
		$user_id = bp_loggedin_user_id();
		$invite  = $this->fetch_single_invite( $request['invite_id'] );

		if ( ! $user_id ) {
			$retval = new WP_Error(
				'bp_rest_authorization_required',
				__( 'Sorry, you need to be logged in to see the group invitations.', 'buddyboss' ),
				array(
					'status' => rest_authorization_required_code(),
				)
			);
		}

		if ( true === $retval && ! $invite ) {
			$retval = new WP_Error(
				'bp_rest_group_invite_invalid_id',
				__( 'Invalid group invitation ID.', 'buddyboss' ),
				array(
					'status' => 404,
				)
			);
		}

		// Only the invitee or a site admin should be able to accept an invitation.
		if (
			true === $retval
			&& ! bp_current_user_can( 'bp_moderate' )
			&& $user_id !== $invite->user_id
		) {
			$retval = new WP_Error(
				'bp_rest_group_invite_cannot_update_item',
				__( 'Sorry, you are not allowed to accept the invitation as requested.', 'buddyboss' ),
				array(
					'status' => rest_authorization_required_code(),
				)
			);
		}

		/**
		 * Filter the group invites `update_item` permissions check.
		 *
		 * @param bool|WP_Error   $retval  Whether the request can continue.
		 * @param WP_REST_Request $request The request sent to the API.
		 *
		 * @since 0.1.0
		 */
		return apply_filters( 'bp_rest_group_invites_update_item_permissions_check', $retval, $request );
	}

Changelog

Changelog
Version Description
0.1.0 Introduced.

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.