allow api access only to logged in users
This commit is contained in:
GotPPay
@@ -32,22 +32,23 @@ class Wiass_REST_Delivery_Process_API {
|
|||||||
|
|
||||||
Used for some fast test and check
|
Used for some fast test and check
|
||||||
|
|
||||||
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)', array(
|
|
||||||
'methods' => 'GET',
|
|
||||||
'callback' => array(__CLASS__, 'get_form_entry'),
|
|
||||||
) );
|
|
||||||
|
|
||||||
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)/field/(?P<field_id>\d+(.\d+)?)', array(
|
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)/field/(?P<field_id>\d+(.\d+)?)', array(
|
||||||
'methods' => 'GET',
|
'methods' => 'GET',
|
||||||
'callback' => array(__CLASS__, 'get_field_value_from_entry'),
|
'callback' => array(__CLASS__, 'get_field_value_from_entry'),
|
||||||
) );
|
) );
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)', array(
|
||||||
|
'methods' => 'GET',
|
||||||
|
'callback' => array(__CLASS__, 'get_form_entry'),
|
||||||
|
) );
|
||||||
|
|
||||||
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)', array(
|
register_rest_route( self::$namespace, 'gravity-form-entry/(?P<entry_id>\d+)', array(
|
||||||
'methods' => 'PUT',
|
'methods' => 'PUT',
|
||||||
'callback' => array(__CLASS__, 'update_entry'),
|
'callback' => array(__CLASS__, 'update_entry'),
|
||||||
) );
|
) );
|
||||||
|
|
||||||
*/
|
|
||||||
|
|
||||||
register_rest_route( self::$namespace, 'customer-acceptance/(?P<entry_id>\d+)', array(
|
register_rest_route( self::$namespace, 'customer-acceptance/(?P<entry_id>\d+)', array(
|
||||||
'methods' => 'POST',
|
'methods' => 'POST',
|
||||||
@@ -108,7 +109,9 @@ class Wiass_REST_Delivery_Process_API {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static function get_customer_acceptance($data){
|
public static function get_customer_acceptance($data){
|
||||||
//TODO: check for permissions
|
if (!is_user_logged_in()){
|
||||||
|
return self::generate_error("You don't have permission to read this entry", 401);
|
||||||
|
}
|
||||||
|
|
||||||
$entry = GFAPI::get_entry($data['entry_id']);
|
$entry = GFAPI::get_entry($data['entry_id']);
|
||||||
if (!$entry){
|
if (!$entry){
|
||||||
@@ -144,8 +147,14 @@ class Wiass_REST_Delivery_Process_API {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static function update_customer_acceptance($data){
|
public static function update_customer_acceptance($data){
|
||||||
//TODO : check for permissions
|
if (!is_user_logged_in()){
|
||||||
|
return self::generate_error("You don't have permission to read this entry", 401);
|
||||||
|
}
|
||||||
|
|
||||||
$entry = GFAPI::get_entry($data['entry_id']);
|
$entry = GFAPI::get_entry($data['entry_id']);
|
||||||
|
if (!$entry){
|
||||||
|
return self::generate_error('Customer acceptance entry not found', 404);
|
||||||
|
}
|
||||||
|
|
||||||
$entry[self::$DECLINE_REASON_FIELD_ID] = $_POST['declineReason'];
|
$entry[self::$DECLINE_REASON_FIELD_ID] = $_POST['declineReason'];
|
||||||
$entry[self::$ACCEPTANCE_STATUS_FIELD_ID] = $_POST['actionType'];
|
$entry[self::$ACCEPTANCE_STATUS_FIELD_ID] = $_POST['actionType'];
|
||||||
@@ -155,7 +164,9 @@ class Wiass_REST_Delivery_Process_API {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static function upload_file($data){
|
public static function upload_file($data){
|
||||||
//TODO : Check permissions
|
if (!is_user_logged_in()){
|
||||||
|
return self::generate_error("You don't have permission to read this entry", 401);
|
||||||
|
}
|
||||||
|
|
||||||
$input_name = "file";
|
$input_name = "file";
|
||||||
if (!$_FILES[$input_name]){
|
if (!$_FILES[$input_name]){
|
||||||
@@ -227,10 +238,7 @@ class Wiass_REST_Delivery_Process_API {
|
|||||||
|
|
||||||
//Used for testing and checking
|
//Used for testing and checking
|
||||||
/*
|
/*
|
||||||
public static function get_form_entry($data) {
|
|
||||||
//TODO: check for permissions
|
|
||||||
return GFAPI::get_entry($data['entry_id']);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static function get_field_value_from_entry($data){
|
public static function get_field_value_from_entry($data){
|
||||||
//TODO : check for permissions
|
//TODO : check for permissions
|
||||||
@@ -239,8 +247,16 @@ class Wiass_REST_Delivery_Process_API {
|
|||||||
return new WP_REST_Response ($result);
|
return new WP_REST_Response ($result);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
//TODO: Remove this function
|
||||||
|
public static function get_form_entry($data) {
|
||||||
|
return GFAPI::get_entry($data['entry_id']);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
//TODO: Remove this function
|
||||||
public static function update_entry($data){
|
public static function update_entry($data){
|
||||||
//TODO : check for permissions
|
|
||||||
$entry = GFAPI::get_entry($data['entry_id']);
|
$entry = GFAPI::get_entry($data['entry_id']);
|
||||||
$new_values = json_decode($data->get_body());
|
$new_values = json_decode($data->get_body());
|
||||||
if ($new_values === NULL) {
|
if ($new_values === NULL) {
|
||||||
@@ -254,7 +270,7 @@ class Wiass_REST_Delivery_Process_API {
|
|||||||
return new WP_REST_Response ($result);
|
return new WP_REST_Response ($result);
|
||||||
}
|
}
|
||||||
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
//Helper function
|
//Helper function
|
||||||
|
|||||||
Reference in New Issue
Block a user