Opal-Estate-Pro/inc/api/class-opalestate-base-api.php

<?php

/**
 * Abstract class to define/implement base methods for all controller classes
 *
 * @package    Opal_Job
 * @subpackage Opal_Job/controllers
 */
abstract class Opalestate_Base_API {

	/**
	 * The unique identifier of this plugin.
	 *
	 * @access   protected
	 * @var      string $plugin_base_name The string used to uniquely identify this plugin.
	 */
	public $base;

	/**
	 * Post type.
	 *
	 * @var string
	 */
	protected $post_type = '';

	/**
	 * The unique identifier of this plugin.
	 *
	 * @access   protected
	 * @var      string $plugin_base_name The string used to uniquely identify this plugin.
	 */
	public $namespace = 'estate-api/v1';

	/**
	 * Definition
	 *
	 * Register all Taxonomy related to Job post type as location, category, Specialism, Types
	 */
	public function __construct() {
		add_action( 'rest_api_init', [ $this, 'register_routes' ] );
	}

	/**
	 * Definition
	 *
	 * Register all Taxonomy related to Job post type as location, category, Specialism, Types
	 */
	public function register_routes() {


	}

	public function get_response( $code, $output ) {

		$response = [];

		$response['status'] = $code;
		$response           = array_merge( $response, $output );

		return new WP_REST_Response( $response );
	}

	public function output( $code ) {

		$this->data['status'] = $code;

		return new WP_REST_Response( $this->data );
	}

	/**
	 * Validate the API request.
	 *
	 * @param \WP_REST_Request $request
	 * @return bool|\WP_Error
	 */
	public function validate_request( WP_REST_Request $request ) {

		return true;
		$response = [];

		// Make sure we have both user and api key
		$api_admin = Opalestate_API_Admin::get_instance();

		if ( empty( $request['token'] ) || empty( $request['key'] ) ) {
			return $this->missing_auth();
		}

		// Retrieve the user by public API key and ensure they exist
		if ( ! ( $user = $api_admin->get_user( $request['key'] ) ) ) {

			$this->invalid_key();

		} else {

			$token  = urldecode( $request['token'] );
			$secret = $api_admin->get_user_secret_key( $user );
			$public = urldecode( $request['key'] );

			if ( hash_equals( md5( $secret . $public ), $token ) ) {
				return true;
			} else {
				$this->invalid_auth();
			}
		}

		return false;
	}

	/**
	 * Get page number
	 *
	 * @access public
	 * @return int $wp_query->query_vars['page'] if page number returned (default: 1)
	 * @global $wp_query
	 */
	public function get_paged() {
		global $wp_query;

		return isset( $wp_query->query_vars['page'] ) ? $wp_query->query_vars['page'] : 1;
	}


	/**
	 * Number of results to display per page
	 *
	 * @access public
	 * @return int $per_page Results to display per page (default: 10)
	 * @global $wp_query
	 */
	public function per_page() {
		global $wp_query;

		$per_page = isset( $wp_query->query_vars['number'] ) ? $wp_query->query_vars['number'] : 10;

		return apply_filters( 'opalestate_api_results_per_page', $per_page );
	}

	/**
	 * Get object.
	 *
	 * @param int $id Object ID.
	 * @return object WC_Data object or WP_Error object.
	 */
	protected function get_object( $id ) {
		// translators: %s: Class method name.
		return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'opalestate-pro' ), __METHOD__ ), [ 'status' => 405 ] );
	}

	/**
	 * Displays a missing authentication error if all the parameters aren't
	 * provided
	 *
	 * @access private
	 * @return WP_Error with message key rest_forbidden
	 */
	private function missing_auth() {
		return new WP_Error( 'rest_forbidden', esc_html__( 'You must specify both a token and API key!' ), [ 'status' => rest_authorization_required_code() ] );
	}

	/**
	 * Displays an authentication failed error if the user failed to provide valid
	 * credentials
	 *
	 * @access private
	 * @return WP_Error with message key rest_forbidden
	 */
	private function invalid_auth() {
		return new WP_Error( 'rest_forbidden', esc_html__( 'Your request could not be authenticated!', 'opaljob' ), [ 'status' => 403 ] );
	}

	/**
	 * Displays an invalid API key error if the API key provided couldn't be
	 * validated
	 *
	 * @access private
	 * @return WP_Error with message key rest_forbidden
	 */
	private function invalid_key() {
		return new WP_Error( 'rest_forbidden', esc_html__( 'Invalid API key!' ), [ 'status' => rest_authorization_required_code() ] );
	}

	/**
	 * Check if a given request has access to read items.
	 *
	 * @param WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function get_items_permissions_check( $request ) {
		$is_valid = $this->is_valid_api_key( $request );

		if ( is_wp_error( $is_valid ) ) {
			return $is_valid;
		} else {
			$route    = $request->get_route();
			$endpoint = explode( '/', $route );
			$endpoint = end( $endpoint );

			if ( in_array( $endpoint, [ 'properties', 'agencies', 'agents' ] ) ) {
				return true;
			}

			if ( ! opalestate_rest_check_post_permissions( $this->post_type, 'read' ) ) {
				return new WP_Error( 'opalestate_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
			}
		}

		return true;
	}

	/**
	 * Check if a given request has access.
	 *
	 * @param WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function is_valid_api_key( $request ) {
		if ( isset( $request['consumer_key'] ) && $request['consumer_secret'] ) {
			$user = opalestate_get_user_data_by_consumer_key( $request['consumer_key'] );

			if ( $user ) {
				if ( $request['consumer_secret'] === $user->consumer_secret ) {
					return true;
				}
			}
		}

		return new WP_Error( 'opalestate_rest_cannot_access', __( 'Sorry, you cannot list resources. Invalid keys!', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
	}

	/**
	 * Check if is request to our REST API.
	 *
	 * @return bool
	 */
	protected function is_request_to_rest_api() {
		if ( empty( $_SERVER['REQUEST_URI'] ) ) {
			return false;
		}

		$rest_prefix = trailingslashit( rest_get_url_prefix() );
		$request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );

		// Check if the request is to the Opalestate API endpoints.
		$opalestate = ( false !== strpos( $request_uri, $rest_prefix . 'estate-api/' ) );

		// Allow third party plugins use our authentication methods.
		$third_party = ( false !== strpos( $request_uri, $rest_prefix . 'estate-api-' ) );

		return apply_filters( 'opalestate_rest_is_request_to_rest_api', $opalestate || $third_party );
	}

	/**
	 * Check if a given request has access to read an item.
	 *
	 * @param WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function get_item_permissions_check( $request ) {
		$object = $this->get_object( (int) $request['id'] );

		if ( $object && 0 !== $object->get_id() && ! opalestate_rest_check_post_permissions( $this->post_type, 'read', $object->get_id() ) ) {
			return new WP_Error( 'opalestate_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
		}

		return true;
	}

	/**
	 * Check if a given request has access to create an item.
	 *
	 * @param WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function create_item_permissions_check( $request ) {
		if ( ! opalestate_rest_check_post_permissions( $this->post_type, 'create' ) ) {
			return new WP_Error( 'opalestate_rest_cannot_create', __( 'Sorry, you are not allowed to create resources.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
		}

		return true;
	}

	/**
	 * Check if a given request has access to update an item.
	 *
	 * @param WP_REST_Request $request Full details about the request.
	 * @return WP_Error|boolean
	 */
	public function update_item_permissions_check( $request ) {
		$object = $this->get_object( (int) $request['id'] );

		if ( $object && 0 !== $object->get_id() && ! opalestate_rest_check_post_permissions( $this->post_type, 'edit', $object->get_id() ) ) {
			return new WP_Error( 'opalestate_rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );
		}

		return true;
	}

	/**
	 * Get the query params for collections of attachments.
	 *
	 * @return array
	 */
	public function get_collection_params() {
		$params['page']     = [
			'description'       => __( 'Current page of the collection.', 'opalestate-pro' ),
			'type'              => 'integer',
			'default'           => 1,
			'sanitize_callback' => 'absint',
			'validate_callback' => 'rest_validate_request_arg',
			'minimum'           => 1,
		];
		$params['per_page'] = [
			'description'       => __( 'Maximum number of items to be returned in result set.', 'opalestate-pro' ),
			'type'              => 'integer',
			'default'           => 10,
			'minimum'           => 1,
			'maximum'           => 100,
			'sanitize_callback' => 'absint',
			'validate_callback' => 'rest_validate_request_arg',
		];

		return $params;
	}
}
uapte 2019-09-28 11:39:55 +02:00			`<?php`
Fix email templates. 2019-10-21 08:24:14 +02:00
uapte 2019-09-28 11:39:55 +02:00			`/**`
			`* Abstract class to define/implement base methods for all controller classes`
			`*`
			`* @package Opal_Job`
			`* @subpackage Opal_Job/controllers`
			`*/`
Update API 2019-10-04 08:26:00 +02:00			`abstract class Opalestate_Base_API {`
Fix email templates. 2019-10-21 08:24:14 +02:00
uapte 2019-09-28 11:39:55 +02:00			`/**`
			`* The unique identifier of this plugin.`
			`*`
			`* @access protected`
			`* @var string $plugin_base_name The string used to uniquely identify this plugin.`
			`*/`
Fix email templates. 2019-10-21 08:24:14 +02:00			`public $base;`
Update API. 2019-10-03 10:45:46 +02:00
			`/**`
			`* Post type.`
			`*`
			`* @var string`
			`*/`
			`protected $post_type = '';`
uapte 2019-09-28 11:39:55 +02:00
			`/**`
			`* The unique identifier of this plugin.`
			`*`
			`* @access protected`
			`* @var string $plugin_base_name The string used to uniquely identify this plugin.`
			`*/`
Fix email templates. 2019-10-21 08:24:14 +02:00			`public $namespace = 'estate-api/v1';`

uapte 2019-09-28 11:39:55 +02:00			`/**`
			`* Definition`
			`*`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* Register all Taxonomy related to Job post type as location, category, Specialism, Types`
uapte 2019-09-28 11:39:55 +02:00			`*/`
Fix email templates. 2019-10-21 08:24:14 +02:00			`public function __construct() {`
			`add_action( 'rest_api_init', [ $this, 'register_routes' ] );`
uapte 2019-09-28 11:39:55 +02:00			`}`

			`/**`
			`* Definition`
			`*`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* Register all Taxonomy related to Job post type as location, category, Specialism, Types`
uapte 2019-09-28 11:39:55 +02:00			`*/`
			`public function register_routes() {`
Fix email templates. 2019-10-21 08:24:14 +02:00

uapte 2019-09-28 11:39:55 +02:00			`}`

Fix email templates. 2019-10-21 08:24:14 +02:00			`public function get_response( $code, $output ) {`

			`$response = [];`

uapte 2019-09-28 11:39:55 +02:00			`$response['status'] = $code;`
Fix email templates. 2019-10-21 08:24:14 +02:00			`$response = array_merge( $response, $output );`
uapte 2019-09-28 11:39:55 +02:00
			`return new WP_REST_Response( $response );`
			`}`

Fix email templates. 2019-10-21 08:24:14 +02:00			`public function output( $code ) {`

			`$this->data['status'] = $code;`
uapte 2019-09-28 11:39:55 +02:00
			`return new WP_REST_Response( $this->data );`
			`}`
Update API 2019-10-04 08:26:00 +02:00
uapte 2019-09-28 11:39:55 +02:00			`/**`
Update API 2019-10-04 08:26:00 +02:00			`* Validate the API request.`
uapte 2019-09-28 11:39:55 +02:00			`*`
Update API 2019-10-04 08:26:00 +02:00			`* @param \WP_REST_Request $request`
			`* @return bool\|\WP_Error`
uapte 2019-09-28 11:39:55 +02:00			`*/`
			`public function validate_request( WP_REST_Request $request ) {`

			`return true;`
Fix email templates. 2019-10-21 08:24:14 +02:00			`$response = [];`
uapte 2019-09-28 11:39:55 +02:00
			`// Make sure we have both user and api key`
Fix email templates. 2019-10-21 08:24:14 +02:00			`$api_admin = Opalestate_API_Admin::get_instance();`
uapte 2019-09-28 11:39:55 +02:00
			`if ( empty( $request['token'] ) \|\| empty( $request['key'] ) ) {`
			`return $this->missing_auth();`
			`}`

			`// Retrieve the user by public API key and ensure they exist`
			`if ( ! ( $user = $api_admin->get_user( $request['key'] ) ) ) {`

			`$this->invalid_key();`

			`} else {`

			`$token = urldecode( $request['token'] );`
			`$secret = $api_admin->get_user_secret_key( $user );`
			`$public = urldecode( $request['key'] );`

			`if ( hash_equals( md5( $secret . $public ), $token ) ) {`
			`return true;`
			`} else {`
			`$this->invalid_auth();`
			`}`
			`}`

Fix email templates. 2019-10-21 08:24:14 +02:00			`return false;`
uapte 2019-09-28 11:39:55 +02:00			`}`

			`/**`
			`* Get page number`
			`*`
			`* @access public`
			`* @return int $wp_query->query_vars['page'] if page number returned (default: 1)`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* @global $wp_query`
uapte 2019-09-28 11:39:55 +02:00			`*/`
			`public function get_paged() {`
			`global $wp_query;`

			`return isset( $wp_query->query_vars['page'] ) ? $wp_query->query_vars['page'] : 1;`
			`}`


			`/**`
			`* Number of results to display per page`
			`*`
			`* @access public`
			`* @return int $per_page Results to display per page (default: 10)`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* @global $wp_query`
uapte 2019-09-28 11:39:55 +02:00			`*/`
			`public function per_page() {`
			`global $wp_query;`

			`$per_page = isset( $wp_query->query_vars['number'] ) ? $wp_query->query_vars['number'] : 10;`
Fix email templates. 2019-10-21 08:24:14 +02:00
uapte 2019-09-28 11:39:55 +02:00			`return apply_filters( 'opalestate_api_results_per_page', $per_page );`
			`}`

Update 2019-10-16 12:52:01 +02:00			`/**`
			`* Get object.`
			`*`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* @param int $id Object ID.`
Update 2019-10-16 12:52:01 +02:00			`* @return object WC_Data object or WP_Error object.`
			`*/`
			`protected function get_object( $id ) {`
			`// translators: %s: Class method name.`
Fix email templates. 2019-10-21 08:24:14 +02:00			`return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'opalestate-pro' ), __METHOD__ ), [ 'status' => 405 ] );`
Update 2019-10-16 12:52:01 +02:00			`}`

uapte 2019-09-28 11:39:55 +02:00			`/**`
			`* Displays a missing authentication error if all the parameters aren't`
			`* provided`
			`*`
			`* @access private`
			`* @return WP_Error with message key rest_forbidden`
			`*/`
Fix email templates. 2019-10-21 08:24:14 +02:00			`private function missing_auth() {`
			`return new WP_Error( 'rest_forbidden', esc_html__( 'You must specify both a token and API key!' ), [ 'status' => rest_authorization_required_code() ] );`
uapte 2019-09-28 11:39:55 +02:00			`}`

			`/**`
			`* Displays an authentication failed error if the user failed to provide valid`
			`* credentials`
			`*`
			`* @access private`
			`* @return WP_Error with message key rest_forbidden`
			`*/`
			`private function invalid_auth() {`
Fix email templates. 2019-10-21 08:24:14 +02:00			`return new WP_Error( 'rest_forbidden', esc_html__( 'Your request could not be authenticated!', 'opaljob' ), [ 'status' => 403 ] );`
uapte 2019-09-28 11:39:55 +02:00			`}`

			`/**`
			`* Displays an invalid API key error if the API key provided couldn't be`
			`* validated`
			`*`
			`* @access private`
			`* @return WP_Error with message key rest_forbidden`
			`*/`
			`private function invalid_key() {`
Fix email templates. 2019-10-21 08:24:14 +02:00			`return new WP_Error( 'rest_forbidden', esc_html__( 'Invalid API key!' ), [ 'status' => rest_authorization_required_code() ] );`
uapte 2019-09-28 11:39:55 +02:00			`}`
Update API. 2019-10-03 10:45:46 +02:00
			`/**`
			`* Check if a given request has access to read items.`
			`*`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* @param WP_REST_Request $request Full details about the request.`
Update API. 2019-10-03 10:45:46 +02:00			`* @return WP_Error\|boolean`
			`*/`
			`public function get_items_permissions_check( $request ) {`
Fix email templates. 2019-10-21 08:24:14 +02:00			`$is_valid = $this->is_valid_api_key( $request );`
Update API. 2019-10-22 12:07:45 +02:00
Fix email templates. 2019-10-21 08:24:14 +02:00			`if ( is_wp_error( $is_valid ) ) {`
			`return $is_valid;`
Update API. 2019-10-22 12:07:45 +02:00			`} else {`
			`$route = $request->get_route();`
			`$endpoint = explode( '/', $route );`
			`$endpoint = end( $endpoint );`

			`if ( in_array( $endpoint, [ 'properties', 'agencies', 'agents' ] ) ) {`
			`return true;`
			`}`
Fix email templates. 2019-10-21 08:24:14 +02:00
Update API. 2019-10-22 12:07:45 +02:00			`if ( ! opalestate_rest_check_post_permissions( $this->post_type, 'read' ) ) {`
			`return new WP_Error( 'opalestate_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );`
			`}`
Update API. 2019-10-03 10:45:46 +02:00			`}`

			`return true;`
			`}`

Fix email templates. 2019-10-21 08:24:14 +02:00			`/**`
			`* Check if a given request has access.`
			`*`
			`* @param WP_REST_Request $request Full details about the request.`
			`* @return WP_Error\|boolean`
			`*/`
			`public function is_valid_api_key( $request ) {`
			`if ( isset( $request['consumer_key'] ) && $request['consumer_secret'] ) {`
			`$user = opalestate_get_user_data_by_consumer_key( $request['consumer_key'] );`

			`if ( $user ) {`
			`if ( $request['consumer_secret'] === $user->consumer_secret ) {`
Update API. 2019-10-22 12:07:45 +02:00			`return true;`
Fix email templates. 2019-10-21 08:24:14 +02:00			`}`
			`}`
			`}`

Update API. 2019-10-22 12:07:45 +02:00			`return new WP_Error( 'opalestate_rest_cannot_access', __( 'Sorry, you cannot list resources. Invalid keys!', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );`
Fix email templates. 2019-10-21 08:24:14 +02:00			`}`

			`/**`
			`* Check if is request to our REST API.`
			`*`
			`* @return bool`
			`*/`
			`protected function is_request_to_rest_api() {`
			`if ( empty( $_SERVER['REQUEST_URI'] ) ) {`
			`return false;`
			`}`

			`$rest_prefix = trailingslashit( rest_get_url_prefix() );`
			`$request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );`

			`// Check if the request is to the Opalestate API endpoints.`
			`$opalestate = ( false !== strpos( $request_uri, $rest_prefix . 'estate-api/' ) );`

			`// Allow third party plugins use our authentication methods.`
			`$third_party = ( false !== strpos( $request_uri, $rest_prefix . 'estate-api-' ) );`

			`return apply_filters( 'opalestate_rest_is_request_to_rest_api', $opalestate \|\| $third_party );`
			`}`

Update 2019-10-16 12:52:01 +02:00			`/**`
			`* Check if a given request has access to read an item.`
			`*`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* @param WP_REST_Request $request Full details about the request.`
Update 2019-10-16 12:52:01 +02:00			`* @return WP_Error\|boolean`
			`*/`
			`public function get_item_permissions_check( $request ) {`
			`$object = $this->get_object( (int) $request['id'] );`

			`if ( $object && 0 !== $object->get_id() && ! opalestate_rest_check_post_permissions( $this->post_type, 'read', $object->get_id() ) ) {`
Fix email templates. 2019-10-21 08:24:14 +02:00			`return new WP_Error( 'opalestate_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );`
Update 2019-10-16 12:52:01 +02:00			`}`

			`return true;`
			`}`

Update API. 2019-10-03 10:45:46 +02:00			`/**`
			`* Check if a given request has access to create an item.`
			`*`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* @param WP_REST_Request $request Full details about the request.`
Update API. 2019-10-03 10:45:46 +02:00			`* @return WP_Error\|boolean`
			`*/`
			`public function create_item_permissions_check( $request ) {`
			`if ( ! opalestate_rest_check_post_permissions( $this->post_type, 'create' ) ) {`
Fix email templates. 2019-10-21 08:24:14 +02:00			`return new WP_Error( 'opalestate_rest_cannot_create', __( 'Sorry, you are not allowed to create resources.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );`
Update API. 2019-10-03 10:45:46 +02:00			`}`

			`return true;`
			`}`
Update API 2019-10-03 12:24:12 +02:00
Update 2019-10-16 12:52:01 +02:00			`/**`
			`* Check if a given request has access to update an item.`
			`*`
Fix email templates. 2019-10-21 08:24:14 +02:00			`* @param WP_REST_Request $request Full details about the request.`
Update 2019-10-16 12:52:01 +02:00			`* @return WP_Error\|boolean`
			`*/`
			`public function update_item_permissions_check( $request ) {`
			`$object = $this->get_object( (int) $request['id'] );`

			`if ( $object && 0 !== $object->get_id() && ! opalestate_rest_check_post_permissions( $this->post_type, 'edit', $object->get_id() ) ) {`
Fix email templates. 2019-10-21 08:24:14 +02:00			`return new WP_Error( 'opalestate_rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'opalestate-pro' ), [ 'status' => rest_authorization_required_code() ] );`
Update 2019-10-16 12:52:01 +02:00			`}`

			`return true;`
			`}`

Update API 2019-10-03 12:24:12 +02:00			`/**`
			`* Get the query params for collections of attachments.`
			`*`
			`* @return array`
			`*/`
			`public function get_collection_params() {`
			`$params['page'] = [`
			`'description' => __( 'Current page of the collection.', 'opalestate-pro' ),`
			`'type' => 'integer',`
			`'default' => 1,`
			`'sanitize_callback' => 'absint',`
			`'validate_callback' => 'rest_validate_request_arg',`
			`'minimum' => 1,`
			`];`
			`$params['per_page'] = [`
			`'description' => __( 'Maximum number of items to be returned in result set.', 'opalestate-pro' ),`
			`'type' => 'integer',`
			`'default' => 10,`
			`'minimum' => 1,`
			`'maximum' => 100,`
			`'sanitize_callback' => 'absint',`
			`'validate_callback' => 'rest_validate_request_arg',`
			`];`

			`return $params;`
			`}`
Update API 2019-10-01 10:57:58 +02:00			`}`