Contents

Code Reference Classes BP_REST_XProfile_Data_Endpoint BP_REST_XProfile_Data_Endpoint::get_item_permissions_check()

BP_REST_XProfile_Data_Endpoint::get_item_permissions_check( WP_REST_Request $request )

Check if a given request has access to get users’s data.

Description

Parameters

$request

(Required) Full data about the request.

Return

(WP_Error|bool)

Source

File: bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php 

	public function get_item_permissions_check( $request ) {
		$retval = true;

		if ( function_exists( 'bp_enable_private_network' ) && true !== bp_enable_private_network() && ! is_user_logged_in() ) {
			$retval = new WP_Error(
				'bp_rest_authorization_required',
				__( 'Sorry, Restrict access to only logged-in members.', 'buddyboss' ),
				array(
					'status' => rest_authorization_required_code(),
				)
			);
		}

		// Check the field exists.
		$field = $this->get_xprofile_field_object( $request->get_param( 'field_id' ) );

		if ( true === $retval && empty( $field->id ) ) {
			$retval = new WP_Error(
				'bp_rest_invalid_id',
				__( 'Invalid field ID.', 'buddyboss' ),
				array(
					'status' => 404,
				)
			);
		}

		if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) {
			$retval = $this->fields_endpoint->get_xprofile_field_display_permission( $retval, $field->id );
		}

		// Check the requested user exists.
		if ( true === $retval && ! bp_rest_get_user( $request->get_param( 'user_id' ) ) ) {
			$retval = new WP_Error(
				'bp_rest_member_invalid_id',
				__( 'Invalid member ID.', 'buddyboss' ),
				array(
					'status' => 404,
				)
			);
		}

		// Check the user can view this field value.
		$hidden_user_fields = bp_xprofile_get_hidden_fields_for_user( $request->get_param( 'user_id' ) );

		if ( true === $retval && in_array( $field->id, $hidden_user_fields, true ) ) {
			$retval = new WP_Error(
				'bp_rest_hidden_profile_field',
				__( 'Sorry, the profile field value is not viewable for this user.', 'buddyboss' ),
				array(
					'status' => 403,
				)
			);
		}

		/**
		 * Filter the XProfile data `get_item` permissions check.
		 *
		 * @param bool|WP_Error $retval Returned value.
		 * @param WP_REST_Request $request The request sent to the API.
		 *
		 * @since 0.1.0
		 */
		return apply_filters( 'bp_rest_xprofile_data_get_item_permissions_check', $retval, $request );
	}

Expand full source code Collapse full source code

Changelog

Changelog
Version Description
0.1.0 Introduced.

Uses

Uses
Uses Description
bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php: BP_REST_XProfile_Data_Endpoint::get_xprofile_field_object()

Get XProfile field object.
bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php: bp_rest_xprofile_data_get_item_permissions_check

Filter the XProfile data get_item permissions check.
bp-core/bp-core-rest-api.php: bp_rest_get_user()

Get the user object, if the ID is valid.
bp-xprofile/bp-xprofile-functions.php: bp_xprofile_get_hidden_fields_for_user()

Get the ids of fields that are hidden for this displayed/loggedin user pair.
bp-core/bp-core-caps.php: bp_current_user_can()

Check whether the current user has a given capability.
bp-core/bp-core-options.php: bp_enable_private_network()

Enable private network for site owner.
Show 1 more use Hide more uses

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.