Skip to content

Commit

Permalink
Update LP_Jwt_Users_V1_Controller to restrict editing of username field
Browse files Browse the repository at this point in the history
  • Loading branch information
@daonham
daonham committed May 31, 2024
1 parent e324184 commit e8cdb53
Showing 1 changed file with 9 additions and 13 deletions.
22 changes: 9 additions & 13 deletions inc/jwt/rest-api/version1/class-lp-rest-users-v1-controller.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,14 +128,6 @@ public function register_routes() {
}

public function get_items_permissions_check( $request ) {
if ( ! empty( $request['roles'] ) && ! ( in_array( 'lp_teacher', $request['roles'] ) || in_array( 'subscriber', $request['roles'] ) ) && ! current_user_can( 'list_users' ) ) {
return new WP_Error(
'rest_user_cannot_view',
__( 'Sorry, you are not allowed to filter users by role.' ),
array( 'status' => rest_authorization_required_code() )
);
}

return true;
}

Expand Down Expand Up @@ -1018,7 +1010,9 @@ public function get_users_data( $user, $context = 'view' ) {
$data['id'] = $user->ID;
break;
case 'username':
$data['username'] = $user->user_login;
if ( current_user_can( 'list_users' ) || current_user_can( 'edit_user', $user->ID ) ) {
$data['username'] = $user->user_login;
}
break;
case 'name':
$data['name'] = $user->display_name;
Expand All @@ -1030,7 +1024,9 @@ public function get_users_data( $user, $context = 'view' ) {
$data['last_name'] = $user->last_name;
break;
case 'email':
$data['email'] = $user->user_email;
if ( current_user_can( 'list_users' ) || current_user_can( 'edit_user', $user->ID ) ) {
$data['email'] = $user->user_email;
}
break;
case 'url':
$data['url'] = $user->user_url;
Expand Down Expand Up @@ -1308,7 +1304,7 @@ public function get_item_schema() {
'username' => array(
'description' => __( 'Login name for the user.' ),
'type' => 'string',
'context' => array( 'edit' ),
'context' => array( 'view', 'edit' ),
'required' => true,
'arg_options' => array(
'sanitize_callback' => array( $this, 'check_username' ),
Expand Down Expand Up @@ -1342,7 +1338,7 @@ public function get_item_schema() {
'description' => __( 'The email address for the user.' ),
'type' => 'string',
'format' => 'email',
'context' => array( 'edit' ),
'context' => array( 'view', 'edit' ),
'required' => true,
),
'url' => array(
Expand Down Expand Up @@ -1372,7 +1368,7 @@ public function get_item_schema() {
'nickname' => array(
'description' => __( 'The nickname for the user.' ),
'type' => 'string',
'context' => array( 'edit' ),
'context' => array( 'view', 'edit' ),
'arg_options' => array(
'sanitize_callback' => 'sanitize_text_field',
),
Expand Down

0 comments on commit e8cdb53

Please sign in to comment.