2
class WPCOM_JSON_API_Update_Post_Endpoint extends WPCOM_JSON_API_Post_Endpoint {
3
function __construct( $args ) {
4
parent::__construct( $args );
5
if ( $this->api->ends_with( $this->path, '/delete' ) ) {
6
$this->post_object_format['status']['deleted'] = 'The post has been deleted permanently.';
10
// /sites/%s/posts/new -> $blog_id
11
// /sites/%s/posts/%d -> $blog_id, $post_id
12
// /sites/%s/posts/%d/delete -> $blog_id, $post_id
13
// /sites/%s/posts/%d/restore -> $blog_id, $post_id
14
function callback( $path = '', $blog_id = 0, $post_id = 0 ) {
15
$blog_id = $this->api->switch_to_blog_and_validate_user( $this->api->get_blog_id( $blog_id ) );
16
if ( is_wp_error( $blog_id ) ) {
20
if ( $this->api->ends_with( $path, '/delete' ) ) {
21
return $this->delete_post( $path, $blog_id, $post_id );
22
} elseif ( $this->api->ends_with( $path, '/restore' ) ) {
23
return $this->restore_post( $path, $blog_id, $post_id );
25
return $this->write_post( $path, $blog_id, $post_id );
29
// /sites/%s/posts/new -> $blog_id
30
// /sites/%s/posts/%d -> $blog_id, $post_id
31
function write_post( $path, $blog_id, $post_id ) {
32
$new = $this->api->ends_with( $path, '/new' );
33
$args = $this->query_args();
35
// unhook publicize, it's hooked again later -- without this, skipping services is impossible
36
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
37
remove_action( 'save_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ), 100, 2 );
38
add_action( 'rest_api_inserted_post', array( $GLOBALS['publicize_ui']->publicize, 'async_publicize_post' ) );
42
$input = $this->input( true );
44
if ( 'revision' === $input['type'] ) {
45
if ( ! isset( $input['parent'] ) ) {
46
return new WP_Error( 'invalid_input', 'Invalid request input', 400 );
48
$input['status'] = 'inherit'; // force inherit for revision type
49
$input['slug'] = $input['parent'] . '-autosave-v1';
51
elseif ( !isset( $input['title'] ) && !isset( $input['content'] ) && !isset( $input['excerpt'] ) ) {
52
return new WP_Error( 'invalid_input', 'Invalid request input', 400 );
56
if ( empty( $input['type'] ) )
57
$input['type'] = 'post';
59
$post_type = get_post_type_object( $input['type'] );
61
if ( ! $this->is_post_type_allowed( $input['type'] ) ) {
62
return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 );
65
if ( ! empty( $input['author'] ) ) {
66
$author_id = $this->parse_and_set_author( $input['author'], $input['type'] );
67
unset( $input['author'] );
68
if ( is_wp_error( $author_id ) )
72
if ( 'publish' === $input['status'] ) {
73
if ( ! current_user_can( $post_type->cap->publish_posts ) ) {
74
if ( current_user_can( $post_type->cap->edit_posts ) ) {
75
$input['status'] = 'pending';
77
return new WP_Error( 'unauthorized', 'User cannot publish posts', 403 );
81
if ( !current_user_can( $post_type->cap->edit_posts ) ) {
82
return new WP_Error( 'unauthorized', 'User cannot edit posts', 403 );
86
$input = $this->input( false );
88
if ( !is_array( $input ) || !$input ) {
89
return new WP_Error( 'invalid_input', 'Invalid request input', 400 );
92
if ( isset( $input['status'] ) && 'trash' === $input['status'] && ! current_user_can( 'delete_post', $post_id ) ) {
93
return new WP_Error( 'unauthorized', 'User cannot delete post', 403 );
96
$post = get_post( $post_id );
97
$_post_type = ( ! empty( $input['type'] ) ) ? $input['type'] : $post->post_type;
98
$post_type = get_post_type_object( $_post_type );
99
if ( !$post || is_wp_error( $post ) ) {
100
return new WP_Error( 'unknown_post', 'Unknown post', 404 );
103
if ( !current_user_can( 'edit_post', $post->ID ) ) {
104
return new WP_Error( 'unauthorized', 'User cannot edit post', 403 );
107
if ( ! empty( $input['author'] ) ) {
108
$author_id = $this->parse_and_set_author( $input['author'], $_post_type );
109
unset( $input['author'] );
110
if ( is_wp_error( $author_id ) )
114
if ( ( isset( $input['status'] ) && 'publish' === $input['status'] ) && 'publish' !== $post->post_status && !current_user_can( 'publish_post', $post->ID ) ) {
115
$input['status'] = 'pending';
117
$last_status = $post->post_status;
118
$new_status = isset( $input['status'] ) ? $input['status'] : $last_status;
120
// Make sure that drafts get the current date when transitioning to publish if not supplied in the post.
121
$date_in_past = ( strtotime($post->post_date_gmt) < time() );
122
if ( 'publish' === $new_status && 'draft' === $last_status && ! isset( $input['date_gmt'] ) && $date_in_past ) {
123
$input['date_gmt'] = gmdate( 'Y-m-d H:i:s' );
127
if ( function_exists( 'wpcom_switch_to_locale' ) ) {
128
// fixes calypso-pre-oss #12476: respect blog locale when creating the post slug
129
wpcom_switch_to_locale( get_blog_lang_code( $blog_id ) );
132
// If date was set, $this->input will set date_gmt, date still needs to be adjusted for the blog's offset
133
if ( isset( $input['date_gmt'] ) ) {
134
$gmt_offset = get_option( 'gmt_offset' );
135
$time_with_offset = strtotime( $input['date_gmt'] ) + $gmt_offset * HOUR_IN_SECONDS;
136
$input['date'] = date( 'Y-m-d H:i:s', $time_with_offset );
139
if ( ! empty( $author_id ) && get_current_user_id() != $author_id ) {
140
if ( ! current_user_can( $post_type->cap->edit_others_posts ) ) {
141
return new WP_Error( 'unauthorized', "User is not allowed to publish others' posts.", 403 );
142
} elseif ( ! user_can( $author_id, $post_type->cap->edit_posts ) ) {
143
return new WP_Error( 'unauthorized', 'Assigned author cannot publish post.', 403 );
147
if ( !is_post_type_hierarchical( $post_type->name ) && 'revision' !== $post_type->name ) {
148
unset( $input['parent'] );
151
$tax_input = array();
153
foreach ( array( 'categories' => 'category', 'tags' => 'post_tag' ) as $key => $taxonomy ) {
154
if ( ! isset( $input[ $key ] ) ) {
158
$tax_input[ $taxonomy ] = array();
160
$is_hierarchical = is_taxonomy_hierarchical( $taxonomy );
162
if ( is_array( $input[$key] ) ) {
163
$terms = $input[$key];
165
$terms = explode( ',', $input[$key] );
168
foreach ( $terms as $term ) {
170
* `curl --data 'category[]=123'` should be interpreted as a category ID,
171
* not a category whose name is '123'.
173
* Consequence: To add a category/tag whose name is '123', the client must
174
* first look up its ID.
176
$term = (string) $term; // ctype_digit compat
177
if ( ctype_digit( $term ) ) {
181
$term_info = term_exists( $term, $taxonomy );
183
if ( ! $term_info ) {
184
// A term ID that doesn't already exist. Ignore it: we don't know what name to give it.
185
if ( is_int( $term ) ){
188
// only add a new tag/cat if the user has access to
189
$tax = get_taxonomy( $taxonomy );
191
// see https://core.trac.wordpress.org/ticket/26409
192
if ( 'category' === $taxonomy && ! current_user_can( $tax->cap->edit_terms ) ) {
194
} else if ( ! current_user_can( $tax->cap->assign_terms ) ) {
198
$term_info = wp_insert_term( $term, $taxonomy );
201
if ( ! is_wp_error( $term_info ) ) {
202
if ( $is_hierarchical ) {
203
// Categories must be added by ID
204
$tax_input[$taxonomy][] = (int) $term_info['term_id'];
206
// Tags must be added by name
207
if ( is_int( $term ) ) {
208
$term = get_term( $term, $taxonomy );
209
$tax_input[$taxonomy][] = $term->name;
211
$tax_input[$taxonomy][] = $term;
218
if ( isset( $input['categories'] ) && empty( $tax_input['category'] ) && 'revision' !== $post_type->name ) {
219
$tax_input['category'][] = get_option( 'default_category' );
222
unset( $input['tags'], $input['categories'] );
226
if ( !empty( $input['slug'] ) ) {
227
$insert['post_name'] = $input['slug'];
228
unset( $input['slug'] );
231
if ( isset( $input['comments_open'] ) ) {
232
$insert['comment_status'] = ( true === $input['comments_open'] ) ? 'open' : 'closed';
235
if ( isset( $input['pings_open'] ) ) {
236
$insert['ping_status'] = ( true === $input['pings_open'] ) ? 'open' : 'closed';
239
unset( $input['comments_open'], $input['pings_open'] );
241
if ( isset( $input['menu_order'] ) ) {
242
$insert['menu_order'] = $input['menu_order'];
243
unset( $input['menu_order'] );
246
$publicize = isset( $input['publicize'] ) ? $input['publicize'] : null;
247
unset( $input['publicize'] );
249
$publicize_custom_message = isset( $input['publicize_message'] ) ? $input['publicize_message'] : null;
250
unset( $input['publicize_message'] );
252
if ( isset( $input['featured_image'] ) ) {
253
$featured_image = trim( $input['featured_image'] );
254
$delete_featured_image = empty( $featured_image );
255
unset( $input['featured_image'] );
258
$metadata = isset( $input['metadata'] ) ? $input['metadata'] : null;
259
unset( $input['metadata'] );
261
$likes = isset( $input['likes_enabled'] ) ? $input['likes_enabled'] : null;
262
unset( $input['likes_enabled'] );
264
$sharing = isset( $input['sharing_enabled'] ) ? $input['sharing_enabled'] : null;
265
unset( $input['sharing_enabled'] );
267
$sticky = isset( $input['sticky'] ) ? $input['sticky'] : null;
268
unset( $input['sticky'] );
270
foreach ( $input as $key => $value ) {
271
$insert["post_$key"] = $value;
274
if ( ! empty( $author_id ) ) {
275
$insert['post_author'] = absint( $author_id );
278
if ( ! empty( $tax_input ) ) {
279
$insert['tax_input'] = $tax_input;
282
$has_media = isset( $input['media'] ) && $input['media'] ? count( $input['media'] ) : false;
283
$has_media_by_url = isset( $input['media_urls'] ) && $input['media_urls'] ? count( $input['media_urls'] ) : false;
287
if ( isset( $input['content'] ) && ! has_shortcode( $input['content'], 'gallery' ) && ( $has_media || $has_media_by_url ) ) {
288
switch ( ( $has_media + $has_media_by_url ) ) {
290
// No images - do nothing.
293
// 1 image - make it big
294
$insert['post_content'] = $input['content'] = "[gallery size=full columns=1]\n\n" . $input['content'];
297
// Several images - 3 column gallery
298
$insert['post_content'] = $input['content'] = "[gallery]\n\n" . $input['content'];
303
$post_id = wp_insert_post( add_magic_quotes( $insert ), true );
305
$insert['ID'] = $post->ID;
307
// wp_update_post ignores date unless edit_date is set
308
// See: http://codex.wordpress.org/Function_Reference/wp_update_post#Scheduling_posts
309
// See: https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/post.php#L3302
310
if ( isset( $input['date_gmt'] ) || isset( $input['date'] ) ) {
311
$insert['edit_date'] = true;
314
// this two-step process ensures any changes submitted along with status=trash get saved before trashing
315
if ( isset( $input['status'] ) && 'trash' === $input['status'] ) {
316
// if we insert it with status='trash', it will get double-trashed, so insert it as a draft first
317
unset( $insert['status'] );
318
$post_id = wp_update_post( (object) $insert );
319
// now call wp_trash_post so post_meta gets set and any filters get called
320
wp_trash_post( $post_id );
322
$post_id = wp_update_post( (object) $insert );
327
if ( !$post_id || is_wp_error( $post_id ) ) {
331
// make sure this post actually exists and is not an error of some kind (ie, trying to load media in the posts endpoint)
332
$post_check = $this->get_post_by( 'ID', $post_id, $args['context'] );
333
if ( is_wp_error( $post_check ) ) {
338
$this->api->trap_wp_die( 'upload_error' );
339
foreach ( $input['media'] as $media_item ) {
340
$_FILES['.api.media.item.'] = $media_item;
341
// check for WP_Error if we ever actually need $media_id
342
$media_id = media_handle_upload( '.api.media.item.', $post_id );
344
$this->api->trap_wp_die( null );
346
unset( $_FILES['.api.media.item.'] );
349
if ( $has_media_by_url ) {
350
foreach ( $input['media_urls'] as $url ) {
351
$this->handle_media_sideload( $url, $post_id );
355
// Set like status for the post
356
/** This filter is documented in modules/likes.php */
357
$sitewide_likes_enabled = (bool) apply_filters( 'wpl_is_enabled_sitewide', ! get_option( 'disabled_likes' ) );
359
if ( $sitewide_likes_enabled ) {
360
if ( false === $likes ) {
361
update_post_meta( $post_id, 'switch_like_status', 1 );
363
delete_post_meta( $post_id, 'switch_like_status' );
367
update_post_meta( $post_id, 'switch_like_status', 1 );
369
delete_post_meta( $post_id, 'switch_like_status' );
373
if ( isset( $likes ) ) {
374
if ( $sitewide_likes_enabled ) {
375
if ( false === $likes ) {
376
update_post_meta( $post_id, 'switch_like_status', 1 );
378
delete_post_meta( $post_id, 'switch_like_status' );
381
if ( true === $likes ) {
382
update_post_meta( $post_id, 'switch_like_status', 1 );
384
delete_post_meta( $post_id, 'switch_like_status' );
390
// Set sharing status of the post
392
$sharing_enabled = isset( $sharing ) ? (bool) $sharing : true;
393
if ( false === $sharing_enabled ) {
394
update_post_meta( $post_id, 'sharing_disabled', 1 );
398
if ( isset( $sharing ) && true === $sharing ) {
399
delete_post_meta( $post_id, 'sharing_disabled' );
400
} else if ( isset( $sharing ) && false == $sharing ) {
401
update_post_meta( $post_id, 'sharing_disabled', 1 );
405
if ( isset( $sticky ) ) {
406
if ( true === $sticky ) {
407
stick_post( $post_id );
409
unstick_post( $post_id );
413
// WPCOM Specific (Jetpack's will get bumped elsewhere
414
// Tracks how many posts are published and sets meta
415
// so we can track some other cool stats (like likes & comments on posts published)
416
if ( defined( 'IS_WPCOM' ) && IS_WPCOM ) {
418
( $new && 'publish' == $input['status'] )
420
! $new && isset( $last_status )
421
&& 'publish' != $last_status
422
&& isset( $new_status )
423
&& 'publish' == $new_status
426
/** This action is documented in modules/widgets/social-media-icons.php */
427
do_action( 'jetpack_bump_stats_extras', 'api-insights-posts', $this->api->token_details['client_id'] );
428
update_post_meta( $post_id, '_rest_api_published', 1 );
429
update_post_meta( $post_id, '_rest_api_client_id', $this->api->token_details['client_id'] );
434
// We ask the user/dev to pass Publicize services he/she wants activated for the post, but Publicize expects us
435
// to instead flag the ones we don't want to be skipped. proceed with said logic.
436
// any posts coming from Path (client ID 25952) should also not publicize
437
if ( $publicize === false || ( isset( $this->api->token_details['client_id'] ) && 25952 == $this->api->token_details['client_id'] ) ) {
438
// No publicize at all, skip all by ID
439
foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) {
440
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name );
441
$service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name );
442
if ( ! $service_connections ) {
445
foreach ( $service_connections as $service_connection ) {
446
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 );
449
} else if ( is_array( $publicize ) && ( count ( $publicize ) > 0 ) ) {
450
foreach ( $GLOBALS['publicize_ui']->publicize->get_services( 'all' ) as $name => $service ) {
452
* We support both indexed and associative arrays:
453
* * indexed are to pass entire services
454
* * associative are to pass specific connections per service
456
* We do support mixed arrays: mixed integer and string keys (see 3rd example below).
458
* EG: array( 'twitter', 'facebook') will only publicize to those, ignoring the other available services
459
* Form data: publicize[]=twitter&publicize[]=facebook
460
* EG: array( 'twitter' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3', 'facebook' => (int) $pub_conn_id_7 ) will publicize to two Twitter accounts, and one Facebook connection, of potentially many.
461
* Form data: publicize[twitter]=$pub_conn_id_0,$pub_conn_id_3&publicize[facebook]=$pub_conn_id_7
462
* EG: array( 'twitter', 'facebook' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3' ) will publicize to all available Twitter accounts, but only 2 of potentially many Facebook connections
463
* Form data: publicize[]=twitter&publicize[facebook]=$pub_conn_id_0,$pub_conn_id_3
466
// Delete any stale SKIP value for the service by name. We'll add it back by ID.
467
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name );
469
// Get the user's connections
470
$service_connections = $GLOBALS['publicize_ui']->publicize->get_connections( $name );
472
// if the user doesn't have any connections for this service, move on
473
if ( ! $service_connections ) {
477
if ( !in_array( $name, $publicize ) && !array_key_exists( $name, $publicize ) ) {
478
// Skip the whole service by adding each connection ID
479
foreach ( $service_connections as $service_connection ) {
480
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 );
482
} else if ( !empty( $publicize[ $name ] ) ) {
483
// Seems we're being asked to only push to [a] specific connection[s].
484
// Explode the list on commas, which will also support a single passed ID
485
$requested_connections = explode( ',', ( preg_replace( '/[\s]*/', '', $publicize[ $name ] ) ) );
486
// Flag the connections we can't match with the requested list to be skipped.
487
foreach ( $service_connections as $service_connection ) {
488
if ( !in_array( $service_connection->meta['connection_data']->id, $requested_connections ) ) {
489
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1 );
491
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id );
495
// delete all SKIP values; it's okay to publish to all connected IDs for this service
496
foreach ( $service_connections as $service_connection ) {
497
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id );
503
if ( ! is_null( $publicize_custom_message ) ) {
504
if ( empty( $publicize_custom_message ) ) {
505
delete_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS );
507
update_post_meta( $post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS, trim( $publicize_custom_message ) );
511
if ( ! empty( $insert['post_format'] ) ) {
512
if ( 'default' !== strtolower( $insert['post_format'] ) ) {
513
set_post_format( $post_id, $insert['post_format'] );
516
set_post_format( $post_id, get_option( 'default_post_format' ) );
520
if ( isset( $featured_image ) ) {
521
$this->parse_and_set_featured_image( $post_id, $delete_featured_image, $featured_image );
524
if ( ! empty( $metadata ) ) {
525
foreach ( (array) $metadata as $meta ) {
527
$meta = (object) $meta;
529
// Custom meta description can only be set on sites that have a business subscription.
530
if ( Jetpack_SEO_Posts::DESCRIPTION_META_KEY == $meta->key && ! Jetpack_SEO_Utils::is_enabled_jetpack_seo() ) {
531
return new WP_Error( 'unauthorized', __( 'SEO tools are not enabled for this site.', 'jetpack' ), 403 );
534
$existing_meta_item = new stdClass;
536
if ( empty( $meta->operation ) )
537
$meta->operation = 'update';
539
if ( ! empty( $meta->value ) ) {
540
if ( 'true' == $meta->value )
542
if ( 'false' == $meta->value )
543
$meta->value = false;
546
if ( ! empty( $meta->id ) ) {
547
$meta->id = absint( $meta->id );
548
$existing_meta_item = get_metadata_by_mid( 'post', $meta->id );
549
if ( $post_id !== (int) $existing_meta_item->post_id ) {
550
// Only allow updates for metadata on this post
555
$unslashed_meta_key = wp_unslash( $meta->key ); // should match what the final key will be
556
$meta->key = wp_slash( $meta->key );
557
$unslashed_existing_meta_key = wp_unslash( $existing_meta_item->meta_key );
558
$existing_meta_item->meta_key = wp_slash( $existing_meta_item->meta_key );
560
// make sure that the meta id passed matches the existing meta key
561
if ( ! empty( $meta->id ) && ! empty( $meta->key ) ) {
562
$meta_by_id = get_metadata_by_mid( 'post', $meta->id );
563
if ( $meta_by_id->meta_key !== $meta->key ) {
564
continue; // skip this meta
568
switch ( $meta->operation ) {
571
if ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_existing_meta_key ) ) {
572
delete_metadata_by_mid( 'post', $meta->id );
573
} elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) {
574
delete_post_meta( $post_id, $meta->key, $meta->previous_value );
575
} elseif ( ! empty( $meta->key ) && current_user_can( 'delete_post_meta', $post_id, $unslashed_meta_key ) ) {
576
delete_post_meta( $post_id, $meta->key );
582
if ( ! empty( $meta->id ) || ! empty( $meta->previous_value ) ) {
584
} elseif ( ! empty( $meta->key ) && ! empty( $meta->value ) && ( current_user_can( 'add_post_meta', $post_id, $unslashed_meta_key ) ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) {
585
add_post_meta( $post_id, $meta->key, $meta->value );
591
if ( ! isset( $meta->value ) ) {
593
} elseif ( ! empty( $meta->id ) && ! empty( $existing_meta_item->meta_key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_existing_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) {
594
update_metadata_by_mid( 'post', $meta->id, $meta->value );
595
} elseif ( ! empty( $meta->key ) && ! empty( $meta->previous_value ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) {
596
update_post_meta( $post_id, $meta->key,$meta->value, $meta->previous_value );
597
} elseif ( ! empty( $meta->key ) && ( current_user_can( 'edit_post_meta', $post_id, $unslashed_meta_key ) || WPCOM_JSON_API_Metadata::is_public( $meta->key ) ) ) {
598
update_post_meta( $post_id, $meta->key, $meta->value );
608
* Fires when a post is created via the REST API.
614
* @param int $post_id Post ID.
615
* @param array $insert Data used to build the post.
616
* @param string $new New post URL suffix.
618
do_action( 'rest_api_inserted_post', $post_id, $insert, $new );
620
$return = $this->get_post_by( 'ID', $post_id, $args['context'] );
621
if ( !$return || is_wp_error( $return ) ) {
625
if ( isset( $input['type'] ) && 'revision' === $input['type'] ) {
626
$return['preview_nonce'] = wp_create_nonce( 'post_preview_' . $input['parent'] );
629
if ( isset( $sticky ) ) {
630
// workaround for sticky test occasionally failing, maybe a race condition with stick_post() above
631
$return['sticky'] = ( true === $sticky );
634
/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */
635
do_action( 'wpcom_json_api_objects', 'posts' );
640
// /sites/%s/posts/%d/delete -> $blog_id, $post_id
641
function delete_post( $path, $blog_id, $post_id ) {
642
$post = get_post( $post_id );
643
if ( !$post || is_wp_error( $post ) ) {
644
return new WP_Error( 'unknown_post', 'Unknown post', 404 );
647
if ( ! $this->is_post_type_allowed( $post->post_type ) ) {
648
return new WP_Error( 'unknown_post_type', 'Unknown post type', 404 );
651
if ( !current_user_can( 'delete_post', $post->ID ) ) {
652
return new WP_Error( 'unauthorized', 'User cannot delete posts', 403 );
655
$args = $this->query_args();
656
$return = $this->get_post_by( 'ID', $post->ID, $args['context'] );
657
if ( !$return || is_wp_error( $return ) ) {
661
/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */
662
do_action( 'wpcom_json_api_objects', 'posts' );
664
// we need to call wp_trash_post so that untrash will work correctly for all post types
665
if ( 'trash' === $post->post_status )
666
wp_delete_post( $post->ID );
668
wp_trash_post( $post->ID );
670
$status = get_post_status( $post->ID );
671
if ( false === $status ) {
672
$return['status'] = 'deleted';
676
return $this->get_post_by( 'ID', $post->ID, $args['context'] );
679
// /sites/%s/posts/%d/restore -> $blog_id, $post_id
680
function restore_post( $path, $blog_id, $post_id ) {
681
$args = $this->query_args();
682
$post = get_post( $post_id );
684
if ( !$post || is_wp_error( $post ) ) {
685
return new WP_Error( 'unknown_post', 'Unknown post', 404 );
688
if ( !current_user_can( 'delete_post', $post->ID ) ) {
689
return new WP_Error( 'unauthorized', 'User cannot restore trashed posts', 403 );
692
/** This action is documented in json-endpoints/class.wpcom-json-api-site-settings-endpoint.php */
693
do_action( 'wpcom_json_api_objects', 'posts' );
695
wp_untrash_post( $post->ID );
697
return $this->get_post_by( 'ID', $post->ID, $args['context'] );
700
private function parse_and_set_featured_image( $post_id, $delete_featured_image, $featured_image ) {
701
if ( $delete_featured_image ) {
702
delete_post_thumbnail( $post_id );
706
$featured_image = (string) $featured_image;
708
// if we got a post ID, we can just set it as the thumbnail
709
if ( ctype_digit( $featured_image ) && 'attachment' == get_post_type( $featured_image ) ) {
710
set_post_thumbnail( $post_id, $featured_image );
711
return $featured_image;
714
$featured_image_id = $this->handle_media_sideload( $featured_image, $post_id, 'image' );
716
if ( empty( $featured_image_id ) || ! is_int( $featured_image_id ) )
719
set_post_thumbnail( $post_id, $featured_image_id );
720
return $featured_image_id;
723
private function parse_and_set_author( $author = null, $post_type = 'post' ) {
724
if ( empty( $author ) || ! post_type_supports( $post_type, 'author' ) )
725
return get_current_user_id();
727
$author = (string) $author;
728
if ( ctype_digit( $author ) ) {
729
$_user = get_user_by( 'id', $author );
730
if ( ! $_user || is_wp_error( $_user ) )
731
return new WP_Error( 'invalid_author', 'Invalid author provided' );
736
$_user = get_user_by( 'login', $author );
737
if ( ! $_user || is_wp_error( $_user ) )
738
return new WP_Error( 'invalid_author', 'Invalid author provided' );