Contents

Code Reference Classes BP_REST_XProfile_Data_Endpoint BP_REST_XProfile_Data_Endpoint::get_item_permissions_check()

BP_REST_XProfile_Data_Endpoint::get_item_permissions_check( WP_REST_Request $request )

Check if a given request has access to get users’s data.

Description

Parameters

$request

(Required) Full data about the request.

Return

(WP_Error|bool)

Source

File: bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php

147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
public function get_item_permissions_check( $request ) {
    $retval = true;
 
    if ( function_exists( 'bp_enable_private_network' ) && true !== bp_enable_private_network() && ! is_user_logged_in() ) {
        $retval = new WP_Error(
            'bp_rest_authorization_required',
            __( 'Sorry, Restrict access to only logged-in members.', 'buddyboss' ),
            array(
                'status' => rest_authorization_required_code(),
            )
        );
    }
 
    // Check the field exists.
    $field = $this->get_xprofile_field_object( $request->get_param( 'field_id' ) );
 
    if ( true === $retval && empty( $field->id ) ) {
        $retval = new WP_Error(
            'bp_rest_invalid_id',
            __( 'Invalid field ID.', 'buddyboss' ),
            array(
                'status' => 404,
            )
        );
    }
 
    if ( true === $retval && ! bp_current_user_can( 'bp_moderate' ) ) {
        $retval = $this->fields_endpoint->get_xprofile_field_display_permission( $retval, $field->id );
    }
 
    // Check the requested user exists.
    if ( true === $retval && ! bp_rest_get_user( $request->get_param( 'user_id' ) ) ) {
        $retval = new WP_Error(
            'bp_rest_member_invalid_id',
            __( 'Invalid member ID.', 'buddyboss' ),
            array(
                'status' => 404,
            )
        );
    }
 
    // Check the user can view this field value.
    $hidden_user_fields = bp_xprofile_get_hidden_fields_for_user( $request->get_param( 'user_id' ) );
 
    if ( true === $retval && in_array( $field->id, $hidden_user_fields, true ) ) {
        $retval = new WP_Error(
            'bp_rest_hidden_profile_field',
            __( 'Sorry, the profile field value is not viewable for this user.', 'buddyboss' ),
            array(
                'status' => 403,
            )
        );
    }
 
    /**
     * Filter the XProfile data `get_item` permissions check.
     *
     * @param bool|WP_Error $retval Returned value.
     * @param WP_REST_Request $request The request sent to the API.
     *
     * @since 0.1.0
     */
    return apply_filters( 'bp_rest_xprofile_data_get_item_permissions_check', $retval, $request );
}

Expand full source code Collapse full source code

Changelog

Changelog
Version Description
0.1.0 Introduced.

Uses

Uses
Uses Description
bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php: BP_REST_XProfile_Data_Endpoint::get_xprofile_field_object()

Get XProfile field object.
bp-xprofile/classes/class-bp-rest-xprofile-data-endpoint.php: bp_rest_xprofile_data_get_item_permissions_check

Filter the XProfile data get_item permissions check.
bp-core/bp-core-rest-api.php: bp_rest_get_user()

Get the user object, if the ID is valid.
bp-xprofile/bp-xprofile-functions.php: bp_xprofile_get_hidden_fields_for_user()

Get the ids of fields that are hidden for this displayed/loggedin user pair.
bp-core/bp-core-caps.php: bp_current_user_can()

Check whether the current user has a given capability.
bp-core/bp-core-options.php: bp_enable_private_network()

Enable private network for site owner.
Show 1 more use Hide more uses

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.