Introduce GET only API endpoints
[MAILPOET-2378]
This commit is contained in:
Ján Mikláš
committed by
Jack Kitterhing
Jack Kitterhing
parent
c450efa4df
commit
0bd46d72e0
@ -1,6 +1,7 @@
|
||||
<?php
|
||||
namespace MailPoet\API\JSON;
|
||||
|
||||
use MailPoet\API\JSON\Endpoint;
|
||||
use MailPoet\Config\AccessControl;
|
||||
use MailPoet\Settings\SettingsController;
|
||||
use MailPoet\Subscription\Captcha;
|
||||
@ -18,6 +19,7 @@ class API {
|
||||
private $_request_endpoint;
|
||||
private $_request_method;
|
||||
private $_request_token;
|
||||
private $_request_type;
|
||||
private $_request_endpoint_class;
|
||||
private $_request_data = [];
|
||||
private $_endpoint_namespaces = [];
|
||||
@ -79,10 +81,11 @@ class API {
|
||||
|
||||
function setupAjax() {
|
||||
$this->wp->doAction('mailpoet_api_setup', [$this]);
|
||||
|
||||
if (isset($_POST['api_version'])) {
|
||||
$this->setRequestData($_POST);
|
||||
$this->setRequestData($_POST, Endpoint::TYPE_POST);
|
||||
} else {
|
||||
$this->setRequestData($_GET);
|
||||
$this->setRequestData($_GET, Endpoint::TYPE_GET);
|
||||
}
|
||||
|
||||
$ignoreToken = (
|
||||
@ -101,7 +104,7 @@ class API {
|
||||
$response->send();
|
||||
}
|
||||
|
||||
function setRequestData($data) {
|
||||
function setRequestData($data, $request_type) {
|
||||
$this->_request_api_version = !empty($data['api_version']) ? $data['api_version'] : false;
|
||||
|
||||
$this->_request_endpoint = isset($data['endpoint'])
|
||||
@ -113,6 +116,7 @@ class API {
|
||||
$this->_request_method = isset($data[$method_param_name])
|
||||
? Helpers::underscoreToCamelCase(trim($data[$method_param_name]))
|
||||
: null;
|
||||
$this->_request_type = $request_type;
|
||||
|
||||
$this->_request_token = isset($data['token'])
|
||||
? trim($data['token'])
|
||||
@ -170,6 +174,10 @@ class API {
|
||||
throw new \Exception(__('Invalid API endpoint method.', 'mailpoet'));
|
||||
}
|
||||
|
||||
if (!$endpoint->isMethodAllowed($this->_request_method, $this->_request_type)) {
|
||||
throw new \Exception(__('HTTP request method not allowed.', 'mailpoet'));
|
||||
}
|
||||
|
||||
if (class_exists(Debugger::class)) {
|
||||
ApiPanel::init($endpoint, $this->_request_method, $this->_request_data);
|
||||
DIPanel::init();
|
||||
|
||||
@ -6,11 +6,16 @@ use MailPoet\Config\AccessControl;
|
||||
use MailPoet\WP\Functions as WPFunctions;
|
||||
|
||||
abstract class Endpoint {
|
||||
const TYPE_POST = 'POST';
|
||||
const TYPE_GET = 'GET';
|
||||
|
||||
public $permissions = [
|
||||
'global' => AccessControl::PERMISSION_MANAGE_SETTINGS,
|
||||
'methods' => [],
|
||||
];
|
||||
|
||||
protected static $get_methods = [];
|
||||
|
||||
function successResponse(
|
||||
$data = [], $meta = [], $status = Response::STATUS_OK
|
||||
) {
|
||||
@ -36,4 +41,14 @@ abstract class Endpoint {
|
||||
}
|
||||
return new ErrorResponse($errors, $meta, Response::STATUS_BAD_REQUEST);
|
||||
}
|
||||
|
||||
public function isMethodAllowed($name, $type) {
|
||||
if ($type === self::TYPE_GET && !in_array($name, static::$get_methods)) {
|
||||
return false;
|
||||
}
|
||||
if ($type === self::TYPE_POST && in_array($name, static::$get_methods)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -13,6 +13,10 @@ class NewsletterTemplates extends APIEndpoint {
|
||||
'global' => AccessControl::PERMISSION_MANAGE_EMAILS,
|
||||
];
|
||||
|
||||
protected static $get_methods = [
|
||||
'getAll',
|
||||
];
|
||||
|
||||
function get($data = []) {
|
||||
$id = (isset($data['id']) ? (int)$data['id'] : false);
|
||||
$template = NewsletterTemplate::findOne($id);
|
||||
|
||||
Reference in New Issue
Block a user