Merge pull request petenelson#38 from petenelson/feature/37-custom-po…

…st-types

Feature/37 custom post types

README.md

@@ -1,6 +1,6 @@
 # REST API Toolbox #
 **Contributors:** gungeekatx  
-**Tags:** rest api, rest, wp rest api  
+**Tags:** rest api, rest, wp rest api, json api  
 **Donate link:** https://petenelson.io/  
 **Requires at least:** 4.4  
 **Tested up to:** 4.7  
@@ -50,8 +50,9 @@ Have any questions?  We can answer them here?
 ## Changelog ##
 
 ### 1.4.0 January 11th, 2017 ###
-* Added link to settings page from the plugins list page.
+* Added support for removing or requiring authentication for custom post types.
 * Updated Settings UI for better clarity.
+* Added link to settings page from the plugins list page.
 
 ### 1.3.0 December 12th, 2016 ###
 * Added option to require authentication for core endpoints.

includes/class-rest-api-toolbox-common.php

@@ -19,12 +19,12 @@ static public function plugins_loaded() {
 			add_filter( 'rest_jsonp_enabled',           array( __CLASS__, 'rest_jsonp_disabled_filter' ), 100 );
 
 			// Filter hook to force SSL.
-			add_filter( 'rest_pre_dispatch',            array( __CLASS__, 'disallow_non_ssl' ), 100, 3 );
+			add_filter( 'rest_pre_dispatch',            array( __CLASS__, 'disallow_non_ssl_filter' ), 100, 3 );
 
 			// Filter hooks to remove endpoints.
-			add_filter( 'rest_index',                   array( __CLASS__, 'remove_wordpress_core_namespace' ), 100, 3 );
-			add_filter( 'rest_endpoints',               array( __CLASS__, 'remove_all_core_endpoints'), 100, 1 );
-			add_filter( 'rest_endpoints',               array( __CLASS__, 'remove_selected_core_endpoints'), 100, 1 );
+			add_filter( 'rest_index',                   array( __CLASS__, 'remove_wordpress_core_namespace_filter' ), 100, 3 );
+			add_filter( 'rest_endpoints',               array( __CLASS__, 'remove_all_core_endpoints_filter'), 100, 1 );
+			add_filter( 'rest_endpoints',               array( __CLASS__, 'remove_selected_endpoints_filter'), 100, 1 );
 
 			// Filter hook to require authentication for specific endpoints.
 			add_filter( 'rest_pre_dispatch',            array( __CLASS__, 'endpoint_requires_authentication_filter' ), 100, 3 );
@@ -153,7 +153,7 @@ static public function rest_jsonp_disabled_filter( $enabled ) {
 		}
 
 
-		static public function disallow_non_ssl( $response, $server, $request ) {
+		static public function disallow_non_ssl_filter( $response, $server, $request ) {
 			if ( ! is_ssl() ) {
 
 				$require_ssl = REST_API_Toolbox_Settings::setting_is_enabled( 'ssl', 'require-ssl' );
@@ -167,7 +167,7 @@ static public function disallow_non_ssl( $response, $server, $request ) {
 		}
 
 
-		static public function remove_wordpress_core_namespace( $response ) {
+		static public function remove_wordpress_core_namespace_filter( $response ) {
 
 			$remove_all = REST_API_Toolbox_Settings::setting_is_enabled( 'core', 'remove-all-core-routes' );
 			if ( $remove_all ) {
@@ -185,7 +185,7 @@ static public function remove_wordpress_core_namespace( $response ) {
 		}
 
 
-		static public function remove_all_core_endpoints( $routes ) {
+		static public function remove_all_core_endpoints_filter( $routes ) {
 
 			$remove_all = REST_API_Toolbox_Settings::setting_is_enabled( 'core', 'remove-all-core-routes' );
 
@@ -197,15 +197,23 @@ static public function remove_all_core_endpoints( $routes ) {
 		}
 
 
-		static public function remove_selected_core_endpoints( $routes ) {
+		static public function remove_selected_endpoints_filter( $routes ) {
 
+			// Get the list of core endpoints.
 			$core_settings = get_option( REST_API_Toolbox_Settings::options_key( 'core' ) );
 			$core_settings = ! is_array( $core_settings ) ? array() : $core_settings;
 
+			// Get the list of custom post types.
+			$cpt_settings  = get_option( REST_API_Toolbox_Settings::options_key( 'cpt' ) );
+			$cpt_settings  = ! is_array( $cpt_settings ) ? array() : $cpt_settings;
+
+			// Combine the list.
+			$settings = array_merge( $core_settings, $cpt_settings );
+
 			$pattern = "/remove-endpoint\\|(.+)/";
 			$endpoints = array();
 
-			foreach ( $core_settings as $setting => $enabled ) {
+			foreach ( $settings as $setting => $enabled ) {
 				if ( '1' === $enabled ) {
 					$matches = array();
 					if ( 1 === preg_match( $pattern, $setting, $matches ) ) {
@@ -249,13 +257,22 @@ static public function endpoint_requires_authentication_filter( $result, $rest_s
 			// Get the route for the request.
 			$route = $request->get_route();
 
-			// Get the settings for core.
+			// Get the list of core endpoints.
 			$core_settings = get_option( REST_API_Toolbox_Settings::options_key( 'core' ) );
+			$core_settings = ! is_array( $core_settings ) ? array() : $core_settings;
+
+			// Get the list of custom post types.
+			$cpt_settings  = get_option( REST_API_Toolbox_Settings::options_key( 'cpt' ) );
+			$cpt_settings  = ! is_array( $cpt_settings ) ? array() : $cpt_settings;
+
+			// Combine the list.
+			$settings = array_merge( $core_settings, $cpt_settings );
+
 			$key = 'require-authentication|' . $route;
 
 			// See if this route is configured to require authentication and
 			// if there is a current user logged in.
-			if ( ! empty( $core_settings ) && isset( $core_settings[ $key ] ) && '1' === $core_settings[ $key ] && ! is_user_logged_in() ) {
+			if ( ! empty( $settings ) && isset( $settings[ $key ] ) && '1' === $settings[ $key ] && ! is_user_logged_in() ) {
 
 				// Return a WP_Error is authentication is required but there
 				// is no current user logged in.
@@ -269,6 +286,27 @@ static public function endpoint_requires_authentication_filter( $result, $rest_s
 			return $result;
 		}
 
+
+		/**
+		 * Returns a list of custom post types that are exposed via the
+		 * REST API.
+		 *
+		 * @return array
+		 */
+		static public function get_custom_post_types() {
+
+			// Build the filters for the list of post types.
+			$args = array(
+				'show_in_rest' => true,
+				'_builtin' => false,
+				);
+
+			// Allow the return value to be filterable.
+			$post_types = apply_filters( 'rest-api-toolbox-custom-post-types', get_post_types( $args, 'objects' ) );
+
+			return $post_types;
+		}
+
 	}
 
 }

includes/settings/class-rest-api-toolbox-settings-base.php

@@ -245,7 +245,22 @@ static public function header( $title ) {
 			<?php
 		}
 
+		/**
+		 * Outputs the Remove Endpoints header.
+		 *
+		 * @return void
+		 */
+		static public function section_header_remove() {
+			self::header( __( 'Remove Endpoints', 'rest-api-toolbox' ) );
+		}
 
+		/**
+		 * Outputs the Require Authentication header.
+		 *
+		 * @return void
+		 */
+		static public function section_header_require_authentication() {
+			self::header( __( 'Require Authentication', 'rest-api-toolbox' ) );
+		}
 	}
-
 }

includes/settings/class-rest-api-toolbox-settings-core.php

@@ -62,24 +62,6 @@ static public function register_core_settings() {
 
 		}
 
-		/**
-		 * Outputs the Remove Endpoints header.
-		 *
-		 * @return void
-		 */
-		static public function section_header_remove() {
-			self::header( __( 'Remove Endpoints', 'rest-api-toolbox' ) );
-		}
-
-		/**
-		 * Outputs the Require Authentication header.
-		 *
-		 * @return void
-		 */
-		static public function section_header_require_authentication() {
-			self::header( __( 'Require Authentication', 'rest-api-toolbox' ) );
-		}
-
 		/**
 		 * Performs any necessary sanitation on core settings.
 		 *

includes/settings/class-rest-api-toolbox-settings-custom-post-types.php

@@ -0,0 +1,79 @@
+<?php
+
+if ( ! defined( 'ABSPATH' ) ) die( 'restricted access' );
+
+if ( ! class_exists( 'REST_API_Toolbox_Settings_Custom_Post_Types' ) ) {
+
+	class REST_API_Toolbox_Settings_Custom_Post_Types extends REST_API_Toolbox_Settings_Base {
+
+		static $settings_key  = 'rest-api-toolbox-settings-cpt';
+
+		/**
+		 * Hook up WordPress actions and filters.
+		 *
+		 * @return void
+		 */
+		static public function plugins_loaded() {
+			add_action( 'admin_init', array( __CLASS__, 'register_cpt_settings' ) );
+			add_filter( 'rest-api-toolbox-settings-tabs', array( __CLASS__, 'add_tab') );
+		}
+
+		static public function add_tab( $tabs ) {
+			$tabs[ self::$settings_key ] = __( 'Custom Post Types', 'rest-api-toolbox' );
+			return $tabs;
+		}
+
+		static public function register_cpt_settings() {
+			$key = self::$settings_key;
+
+			register_setting( $key, $key, array( __CLASS__, 'sanitize_cpt_settings') );
+
+			$section_remove = 'cpt-remove';
+			$section_auth = 'cpt-authentication';
+
+			add_settings_section( $section_remove, '', array( __CLASS__, 'section_header_remove' ), $key );
+			add_settings_section( $section_auth, '', array( __CLASS__, 'section_header_require_authentication' ), $key );
+
+			$namespace = REST_API_Toolbox_Common::core_namespace();
+
+			// Get the list of custom post types.
+			$post_types = REST_API_Toolbox_Common::get_custom_post_types();
+
+			// Build the list of endpoints based on each post type's rest_base.
+			foreach( $post_types as $post_type_object ) {
+				$endpoints[] = ! empty( $post_type_object->rest_base ) ? $post_type_object->rest_base : $post_type_object->name;
+			}
+
+			foreach( $endpoints as $endpoint ) {
+
+				// Add yes/no options to remove the endpoint.
+				$name = 'remove-endpoint|/' . $namespace . '/' . $endpoint;
+				add_settings_field( $name, sprintf( __( '%s', 'rest-api-toolbox' ), $endpoint),
+					array( __CLASS__, 'settings_checkbox' ),
+					$key,
+					$section_remove,
+					array( 'key' => $key, 'name' => $name, 'after' => '' )
+					);
+
+				// Add yes/no options to require authentication.
+				$name = 'require-authentication|/' . $namespace . '/' . $endpoint;
+				add_settings_field( $name, sprintf( __( '%s', 'rest-api-toolbox' ), $endpoint),
+					array( __CLASS__, 'settings_checkbox' ),
+					$key,
+					$section_auth,
+					array( 'key' => $key, 'name' => $name, 'after' => '' )
+					);
+			}
+		}
+
+		/**
+		 * Performs any necessary sanitation on custom post type settings.
+		 *
+		 * @param  array $settings Custom post type settings
+		 * @return array
+		 */
+		static public function sanitize_cpt_settings( $settings ) {
+			return $settings;
+		}
+	}
+}

readme.txt

@@ -1,6 +1,6 @@
 === REST API Toolbox ===
 Contributors: gungeekatx
-Tags: rest api, rest, wp rest api
+Tags: rest api, rest, wp rest api, json api
 Donate link: https://petenelson.io/
 Requires at least: 4.4
 Tested up to: 4.7
@@ -42,8 +42,9 @@ Have any questions?  We can answer them here?
 == Changelog ==
 
 = 1.4.0 January 11th, 2017 =
-* Added link to settings page from the plugins list page.
+* Added support for removing or requiring authentication for custom post types.
 * Updated Settings UI for better clarity.
+* Added link to settings page from the plugins list page.
 
 = 1.3.0 December 12th, 2016 =
 * Added option to require authentication for core endpoints.

rest-api-toolbox.php

@@ -39,6 +39,7 @@ static function get_required_files() {
 			'settings/class-rest-api-toolbox-settings',
 			'settings/class-rest-api-toolbox-settings-general',
 			'settings/class-rest-api-toolbox-settings-core',
+			'settings/class-rest-api-toolbox-settings-custom-post-types',
 			'settings/class-rest-api-toolbox-settings-ssl',
 			'settings/class-rest-api-toolbox-settings-help',
 			);
@@ -61,6 +62,7 @@ static function get_class_names() {
 			'REST_API_Toolbox_Settings',
 			'REST_API_Toolbox_Settings_General',
 			'REST_API_Toolbox_Settings_Core',
+			'REST_API_Toolbox_Settings_Custom_Post_Types',
 			'REST_API_Toolbox_Settings_SSL',
 			'REST_API_Toolbox_Settings_Help',
 			);