-
Notifications
You must be signed in to change notification settings - Fork 4.3k
/
Copy pathclass-wp-rest-customizer-nonces.php
73 lines (67 loc) · 2.05 KB
/
class-wp-rest-customizer-nonces.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?php
/**
* WP_Rest_Customizer_Nonces class.
*
* @package gutenberg
*/
/**
* Class that returns the customizer "save" nonce that's required for the
* batch save operation using the customizer API endpoint.
*/
class WP_Rest_Customizer_Nonces extends WP_REST_Controller {
/**
* Constructor.
*/
public function __construct() {
$this->namespace = '__experimental';
$this->rest_base = 'customizer-nonces';
}
/**
* Registers the necessary REST API routes.
*
* @access public
*/
public function register_routes() {
register_rest_route(
$this->namespace,
'/' . $this->rest_base . '/get-save-nonce',
array(
array(
'methods' => WP_REST_Server::READABLE,
'callback' => array( $this, 'get_save_nonce' ),
'permission_callback' => array( $this, 'permissions_check' ),
'args' => $this->get_collection_params(),
),
'schema' => array( $this, 'get_public_item_schema' ),
)
);
}
/**
* Checks if a given request has access to read menu items if they have access to edit them.
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function permissions_check( $request ) {
$post_type = get_post_type_object( 'nav_menu_item' );
if ( ! current_user_can( $post_type->cap->edit_posts ) ) {
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit posts in this post type.', 'gutenberg' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
}
/**
* Returns the nonce required to request the customizer API endpoint.
*
* @access public
*/
public function get_save_nonce() {
require_once ABSPATH . 'wp-includes/class-wp-customize-manager.php';
$wp_customize = new WP_Customize_Manager();
$nonce = wp_create_nonce( 'save-customize_' . $wp_customize->get_stylesheet() );
return array(
'success' => true,
'nonce' => $nonce,
'stylesheet' => $wp_customize->get_stylesheet(),
);
}
}