Cavemanon/piratepoet
7
Fork 0
Code Pull Requests Actions Releases 16 Activity

Revert "Check post-types validity for requests"

Browse Source 
This reverts commit b800cf189f.
This commit is contained in:
Rodrigo Primo
2022-04-11 15:59:36 -03:00
parent fbcfa6db82
commit fdb4663ca1
3 changed files with 5 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
mailpoet/lib/API/JSON/v1/AutomatedLatestContent.php
View File

@ -4,33 +4,23 @@ namespace MailPoet\API\JSON\v1;
use MailPoet\API\JSON\Endpoint as APIEndpoint; use MailPoet\API\JSON\Endpoint as APIEndpoint;
use MailPoet\Config\AccessControl; use MailPoet\Config\AccessControl;
use MailPoet\Newsletter\AutomatedLatestContent as ALC;
use MailPoet\Util\APIPermissionHelper;
use MailPoet\WP\Functions as WPFunctions; use MailPoet\WP\Functions as WPFunctions;
use MailPoet\WP\Posts as WPPosts; use MailPoet\WP\Posts as WPPosts;
class AutomatedLatestContent extends APIEndpoint { class AutomatedLatestContent extends APIEndpoint {
/** @var ALC */ /** @var \MailPoet\Newsletter\AutomatedLatestContent */
public $ALC; public $ALC;
/*** @var WPFunctions */
private $wp; private $wp;
/*** @var APIPermissionHelper */
private $permissionHelper;
public $permissions = [ public $permissions = [
'global' => AccessControl::PERMISSION_MANAGE_EMAILS, 'global' => AccessControl::PERMISSION_MANAGE_EMAILS,
]; ];
public function __construct( public function __construct(
ALC $alc, \MailPoet\Newsletter\AutomatedLatestContent $alc,
APIPermissionHelper $permissionHelper,
WPFunctions $wp WPFunctions $wp
) { ) {
$this->ALC = $alc; $this->ALC = $alc;
$this->wp = $wp; $this->wp = $wp;
$this->permissionHelper = $permissionHelper;
} }
public function getPostTypes() { public function getPostTypes() {
@ -75,24 +65,14 @@ class AutomatedLatestContent extends APIEndpoint {
return $this->successResponse(array_values($terms)); return $this->successResponse(array_values($terms));
} }
/**
* @param \WP_Post[] $posts
* @return \WP_Post[]
*/
private function getPermittedPosts($posts) {
return array_filter($posts, function ($post) {
return $this->permissionHelper->checkReadPermission($post);
});
}
public function getPosts($data = []) { public function getPosts($data = []) {
return $this->successResponse( return $this->successResponse(
$this->getPermittedPosts($this->ALC->getPosts($data)) $this->ALC->getPosts($data)
); );
} }
public function getTransformedPosts($data = []) { public function getTransformedPosts($data = []) {
$posts = $this->getPermittedPosts($this->ALC->getPosts($data)); $posts = $this->ALC->getPosts($data);
return $this->successResponse( return $this->successResponse(
$this->ALC->transformPosts($data, $posts) $this->ALC->transformPosts($data, $posts)
); );
@ -103,7 +83,7 @@ class AutomatedLatestContent extends APIEndpoint {
$renderedPosts = []; $renderedPosts = [];
foreach ($data['blocks'] as $block) { foreach ($data['blocks'] as $block) {
$posts = $this->getPermittedPosts($this->ALC->getPosts($block, $usedPosts)); $posts = $this->ALC->getPosts($block, $usedPosts);
$renderedPosts[] = $this->ALC->transformPosts($block, $posts); $renderedPosts[] = $this->ALC->transformPosts($block, $posts);
foreach ($posts as $post) { foreach ($posts as $post) {

1
mailpoet/lib/DI/ContainerConfigurator.php
View File

@ -84,7 +84,6 @@ class ContainerConfigurator implements IContainerConfigurator {
$container->autowire(\MailPoet\API\JSON\v1\SubscriberStats::class)->setPublic(true); $container->autowire(\MailPoet\API\JSON\v1\SubscriberStats::class)->setPublic(true);
$container->autowire(\MailPoet\API\JSON\v1\Subscribers::class)->setPublic(true); $container->autowire(\MailPoet\API\JSON\v1\Subscribers::class)->setPublic(true);
$container->autowire(\MailPoet\API\JSON\v1\WoocommerceSettings::class)->setPublic(true); $container->autowire(\MailPoet\API\JSON\v1\WoocommerceSettings::class)->setPublic(true);
$container->autowire(\MailPoet\Util\APIPermissionHelper::class)->setPublic(true);
// API response builders // API response builders
$container->autowire(\MailPoet\API\JSON\ResponseBuilders\NewslettersResponseBuilder::class)->setPublic(true); $container->autowire(\MailPoet\API\JSON\ResponseBuilders\NewslettersResponseBuilder::class)->setPublic(true);
$container->autowire(\MailPoet\API\JSON\ResponseBuilders\NewsletterTemplatesResponseBuilder::class); $container->autowire(\MailPoet\API\JSON\ResponseBuilders\NewsletterTemplatesResponseBuilder::class);

35
mailpoet/lib/Util/APIPermissionHelper.php
View File

@ -1,35 +0,0 @@
<?php
namespace MailPoet\Util;
if (!class_exists('\WP_REST_Posts_Controller')) {
require_once ABSPATH . '/wp-includes/rest-api/endpoints/class-wp-rest-controller.php';
require_once ABSPATH . '/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php';
}
class APIPermissionHelper extends \WP_REST_Posts_Controller {
public function __construct() {
// constructor is needed to override parent constructor
}
public function checkReadPermission(\WP_Post $post): bool {
return parent::check_read_permission($post);
}
/**
* Checks if a given post type can be viewed or managed.
* Refrain from checking `show_in_rest` contrary to what parent::check_is_post_type_allowed does
*
* @param \WP_Post_Type|string $post_type Post type name or object.
* @return bool Whether the post type is allowed in REST.
* @see parent::check_is_post_type_allowed
*/
// phpcs:disable PSR1.Methods.CamelCapsMethodName
protected function check_is_post_type_allowed($post_type) {
if (!is_object($post_type)) {
$post_type = get_post_type_object($post_type);
}
return !empty($post_type) && $post_type->public;
}
}