allow api access only to logged in users
This commit is contained in:
GotPPay
@@ -32,22 +32,23 @@ class Wiass_REST_Delivery_Process_API {
|
||||
|
||||
Used for some fast test and check
|
||||
|
||||
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)', array(
|
||||
'methods' => 'GET',
|
||||
'callback' => array(__CLASS__, 'get_form_entry'),
|
||||
) );
|
||||
|
||||
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)/field/(?P<field_id>\d+(.\d+)?)', array(
|
||||
'methods' => 'GET',
|
||||
'callback' => array(__CLASS__, 'get_field_value_from_entry'),
|
||||
) );
|
||||
|
||||
*/
|
||||
|
||||
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)', array(
|
||||
'methods' => 'GET',
|
||||
'callback' => array(__CLASS__, 'get_form_entry'),
|
||||
) );
|
||||
|
||||
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)', array(
|
||||
'methods' => 'PUT',
|
||||
'callback' => array(__CLASS__, 'update_entry'),
|
||||
) );
|
||||
|
||||
*/
|
||||
|
||||
register_rest_route( self::$namespace, 'customer-acceptance/(?P<entry_id>\d+)', array(
|
||||
'methods' => 'POST',
|
||||
@@ -108,7 +109,9 @@ class Wiass_REST_Delivery_Process_API {
|
||||
}
|
||||
|
||||
public static function get_customer_acceptance($data){
|
||||
//TODO: check for permissions
|
||||
if (!is_user_logged_in()){
|
||||
return self::generate_error("You don't have permission to read this entry", 401);
|
||||
}
|
||||
|
||||
$entry = GFAPI::get_entry($data['entry_id']);
|
||||
if (!$entry){
|
||||
@@ -144,8 +147,14 @@ class Wiass_REST_Delivery_Process_API {
|
||||
}
|
||||
|
||||
public static function update_customer_acceptance($data){
|
||||
//TODO : check for permissions
|
||||
if (!is_user_logged_in()){
|
||||
return self::generate_error("You don't have permission to read this entry", 401);
|
||||
}
|
||||
|
||||
$entry = GFAPI::get_entry($data['entry_id']);
|
||||
if (!$entry){
|
||||
return self::generate_error('Customer acceptance entry not found', 404);
|
||||
}
|
||||
|
||||
$entry[self::$DECLINE_REASON_FIELD_ID] = $_POST['declineReason'];
|
||||
$entry[self::$ACCEPTANCE_STATUS_FIELD_ID] = $_POST['actionType'];
|
||||
@@ -155,7 +164,9 @@ class Wiass_REST_Delivery_Process_API {
|
||||
}
|
||||
|
||||
public static function upload_file($data){
|
||||
//TODO : Check permissions
|
||||
if (!is_user_logged_in()){
|
||||
return self::generate_error("You don't have permission to read this entry", 401);
|
||||
}
|
||||
|
||||
$input_name = "file";
|
||||
if (!$_FILES[$input_name]){
|
||||
@@ -227,10 +238,7 @@ class Wiass_REST_Delivery_Process_API {
|
||||
|
||||
//Used for testing and checking
|
||||
/*
|
||||
public static function get_form_entry($data) {
|
||||
//TODO: check for permissions
|
||||
return GFAPI::get_entry($data['entry_id']);
|
||||
}
|
||||
|
||||
|
||||
public static function get_field_value_from_entry($data){
|
||||
//TODO : check for permissions
|
||||
@@ -239,8 +247,16 @@ class Wiass_REST_Delivery_Process_API {
|
||||
return new WP_REST_Response ($result);
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
//TODO: Remove this function
|
||||
public static function get_form_entry($data) {
|
||||
return GFAPI::get_entry($data['entry_id']);
|
||||
}
|
||||
|
||||
|
||||
//TODO: Remove this function
|
||||
public static function update_entry($data){
|
||||
//TODO : check for permissions
|
||||
$entry = GFAPI::get_entry($data['entry_id']);
|
||||
$new_values = json_decode($data->get_body());
|
||||
if ($new_values === NULL) {
|
||||
@@ -254,7 +270,7 @@ class Wiass_REST_Delivery_Process_API {
|
||||
return new WP_REST_Response ($result);
|
||||
}
|
||||
|
||||
*/
|
||||
|
||||
|
||||
|
||||
//Helper function
|
||||
|
||||
Reference in New Issue
Block a user