, 'type' => 'string', 'default' => '', ), 'content' => array( 'description' => __( 'Edited post content.', 'jetpack-publicize-pkg' ), 'type' => 'string', 'default' => '', ), ), ), ), 'schema' => array( $this, 'get_public_item_schema' ), ) ); } /** * Retrieves the JSON schema for a single rendered-message item. * * @return array Schema data. */ public function get_item_schema() { return array( '$schema' => 'http://json-schema.org/draft-04/schema#', 'title' => 'publicize-render-messages-item', 'type' => 'object', 'properties' => array( 'connection_id' => array( 'description' => __( 'Connection identifier echoed back from the request.', 'jetpack-publicize-pkg' ), 'type' => 'string', 'readonly' => true, 'context' => array( 'view', 'edit' ), ), 'rendered_message' => array( 'description' => __( 'The rendered message for this item. Absent when the item failed to render.', 'jetpack-publicize-pkg' ), 'type' => 'string', 'readonly' => true, 'context' => array( 'view', 'edit' ), ), 'error' => array( 'description' => __( 'Per-item error. Present only when this item failed to render.', 'jetpack-publicize-pkg' ), 'type' => 'object', 'readonly' => true, 'context' => array( 'view', 'edit' ), 'properties' => array( 'code' => array( 'type' => 'string' ), 'message' => array( 'type' => 'string' ), ), ), ), ); } /** * Permission check. * * Preserves the blog-token proxy path via Base_Controller::publicize_permissions_check() * (which returns true for authorized blog requests when allow_requests_as_blog is set), * and enforces post-level `edit_post` capability for regular user requests. * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if authorized, WP_Error otherwise. */ public function permissions_check( $request ) { $base_check = $this->publicize_permissions_check(); if ( is_wp_error( $base_check ) ) { return $base_check; } // Blog-token proxy requests don't have a user context; the publicize check // above already returned true for those. if ( self::is_authorized_blog_request() ) { return true; } $post_id = (int) $request->get_param( 'post_id' ); if ( ! $post_id || ! current_user_can( 'edit_post', $post_id ) ) { return new WP_Error( 'invalid_user_permission_publicize', __( 'Sorry, you are not allowed to access Jetpack Social data for this post.', 'jetpack-publicize-pkg' ), array( 'status' => rest_authorization_required_code() ) ); } return true; } /** * Render the messages for the given post and items. * * Top-level errors (feature off, post not found) short-circuit the whole batch. * Per-item failures are returned as `{ id, error: { code, message } }` so a * single bad item never fails the batch. * * @param WP_REST_Request $request The request object. * @return mixed The rendered items array, or a WP_Error for top-level failures. */ public function render_messages( $request ) { if ( Utils::is_wpcom() ) { require_lib( 'publicize/util/message-templates' ); if ( ! \Publicize\is_message_templates_enabled() ) { return new WP_Error( 'feature_not_enabled', __( 'Publicize message templates are not enabled for this site.', 'jetpack-publicize-pkg' ), array( 'status' => 403 ) ); } $post_id = (int) $request->get_param( 'post_id' ); $items = (array) $request->get_param( 'items' ); $intent = (array) $request->get_param( 'post_intent' ); $post = get_post( $post_id ); if ( ! $post ) { return new WP_Error( 'post_not_found', __( 'Post not found.', 'jetpack-publicize-pkg' ), array( 'status' => 404 ) ); } return rest_ensure_response( \Publicize\render_messages( $post, $items, $intent ) ); } // Self-hosted Jetpack: proxy the request body to WPCOM. return rest_ensure_response( $this->proxy_request_to_wpcom_as_blog( $request ) ); } }