diff options
Diffstat (limited to 'plugins/jetpack/json-endpoints/class.wpcom-json-api-get-site-endpoint.php')
-rw-r--r-- | plugins/jetpack/json-endpoints/class.wpcom-json-api-get-site-endpoint.php | 61 |
1 files changed, 35 insertions, 26 deletions
diff --git a/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-site-endpoint.php b/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-site-endpoint.php index f7ab0795..59316fc0 100644 --- a/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-site-endpoint.php +++ b/plugins/jetpack/json-endpoints/class.wpcom-json-api-get-site-endpoint.php @@ -51,6 +51,7 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { 'meta' => '(object) Meta data', 'quota' => '(array) An array describing how much space a user has left for uploads', 'launch_status' => '(string) A string describing the launch status of a site', + 'is_fse_active' => '(bool) If the site has Full Site Editing active or not.', ); protected static $no_member_fields = array( @@ -70,6 +71,7 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { 'is_following', 'meta', 'launch_status', + 'is_fse_active', ); protected static $site_options_format = array( @@ -131,6 +133,7 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { 'design_type', 'site_goals', 'site_segment', + 'import_engine', ); protected static $jetpack_response_field_additions = array( @@ -153,6 +156,10 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { 'jetpack_frame_nonce', 'design_type', 'wordads', + // Use the site registered date from wpcom, since it is only available in a multisite context + // and defaults to `0000-00-00T00:00:00+00:00` from the Jetpack site. + // See https://github.com/Automattic/jetpack/blob/58638f46094b36f5df9cbc4570006544f0ad300c/sal/class.json-api-site-base.php#L387. + 'created_at', ); private $site; @@ -220,44 +227,44 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { array_intersect( $default_fields, $this->fields_to_include ) : $default_fields; - if ( ! $this->has_blog_access( $this->api->token_details, $blog_id ) ) { + $has_blog_access = $this->has_blog_access( $this->api->token_details ); + $has_user_access = $this->has_user_access(); + + if ( ! $has_user_access && ! $has_blog_access ) { + // Public access without user or blog auth, only return `$no_member_fields`. $response_keys = array_intersect( $response_keys, self::$no_member_fields ); + } elseif ( $has_user_access && ! current_user_can( 'edit_posts' ) ) { + // Subscriber level user, don't return site options. + $response_keys = array_diff( $response_keys, array( 'options' ) ); } return $this->render_response_keys( $response_keys ); } /** - * Checks that the current user has access to the current blog, - * and failing that checks that we have a valid blog token. + * Checks that the current user has access to the current blog. * - * @param $token_details array Details obtained from the authorization token - * @param $blog_id int The server-side blog id on wordpress.com + * @return bool Whether or not the current user can access the current blog. + */ + private function has_user_access() { + return is_user_member_of_blog( get_current_user_id(), get_current_blog_id() ); + } + + /** + * Checks if the request has a valid blog token for the current blog. * + * @param array $token_details Access token for the api request. * @return bool */ - private function has_blog_access( $token_details, $blog_id ) { - $current_blog_id = ( defined( 'IS_WPCOM' ) && IS_WPCOM ) ? - $blog_id : - get_current_blog_id(); - - if ( is_user_member_of_blog( get_current_user_id(), $current_blog_id ) ) { - return true; - } - + private function has_blog_access( $token_details ) { $token_details = (array) $token_details; if ( ! isset( $token_details['access'], $token_details['auth'], $token_details['blog_id'] ) ) { return false; } - if ( - 'jetpack' === $token_details['auth'] && + return 'jetpack' === $token_details['auth'] && 'blog' === $token_details['access'] && - $current_blog_id === $token_details['blog_id'] - ) { - return true; - } - return false; + get_current_blog_id() === $token_details['blog_id']; } private function render_response_keys( &$response_keys ) { @@ -373,16 +380,15 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { case 'launch_status' : $response[ $key ] = $this->site->get_launch_status(); break; + case 'is_fse_active': + $response[ $key ] = $this->site->is_fse_active(); + break; } do_action( 'post_render_site_response_key', $key ); } protected function render_option_keys( &$options_response_keys ) { - if ( ! current_user_can( 'edit_posts' ) ) { - return array(); - } - $options = array(); $site = $this->site; @@ -576,6 +582,9 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { case 'site_segment': $options[ $key ] = $site->get_site_segment(); break; + case 'import_engine': + $options[ $key ] = $site->get_import_engine(); + break; } } @@ -615,7 +624,7 @@ class WPCOM_JSON_API_GET_Site_Endpoint extends WPCOM_JSON_API_Endpoint { $response->{ $key } = $value; } - if ( $this->has_blog_access( $this->api->token_details, $response->ID ) ) { + if ( $this->has_user_access() || $this->has_blog_access( $this->api->token_details ) ) { $wpcom_member_response = $this->render_response_keys( self::$jetpack_response_field_member_additions ); foreach( $wpcom_member_response as $key => $value ) { |