BP_REST_Group_Membership_Request_Endpoint::get_items_permissions_check( WP_REST_Request $request )

Check if a given request has access to fetch group membership requests.

Description

Parameters

$request

(WP_REST_Request) (Required) Full details about the request.

Return

(bool|WP_Error)

Source

File: bp-groups/classes/class-bp-rest-group-membership-request-endpoint.php

	public function get_items_permissions_check( $request ) {
		$retval      = true;
		$user_id     = bp_loggedin_user_id();
		$user_id_arg = $request['user_id'];
		$group       = $this->groups_endpoint->get_group_object( $request['group_id'] );

		// If the query is not restricted by group or user, limit it to the current user, if not an admin.
		if ( ! $request['group_id'] && ! $request['user_id'] && ! bp_current_user_can( 'bp_moderate' ) ) {
			$user_id_arg = $user_id;
		}
		$user = bp_rest_get_user( $user_id_arg );

		if ( ! $user_id ) {
			$retval = new WP_Error(
				'bp_rest_authorization_required',
				__( 'Sorry, you need to be logged in to view membership requests.', 'buddyboss' ),
				array(
					'status' => rest_authorization_required_code(),
				)
			);
		}

		// If a group ID has been passed, check that it is valid.
		if ( true === $retval && $request['group_id'] && ! $group instanceof BP_Groups_Group ) {
			$retval = new WP_Error(
				'bp_rest_group_invalid_id',
				__( 'Invalid group ID.', 'buddyboss' ),
				array(
					'status' => 404,
				)
			);
		}

		// If a user ID has been passed, check that it is valid.
		if ( true === $retval && $user_id_arg && ! $user instanceof WP_User ) {
			$retval = new WP_Error(
				'bp_rest_member_invalid_id',
				__( 'Invalid member ID.', 'buddyboss' ),
				array(
					'status' => 404,
				)
			);
		}

		// Site administrators can do anything. Otherwise, the user must manage the subject group or be the requester.
		if (
			true === $retval
			&& ! bp_current_user_can( 'bp_moderate' )
			&& ! ( $request['group_id'] && groups_is_user_admin( $user_id, $request['group_id'] ) )
			&& $user_id_arg !== $user_id
		) {
			$retval = new WP_Error(
				'bp_rest_group_membership_requests_cannot_get_items',
				__( 'Sorry, you are not allowed to view membership requests.', 'buddyboss' ),
				array(
					'status' => 500,
				)
			);
		}

		/**
		 * Filter the `get_items` permissions check.
		 *
		 * @param bool|WP_Error $retval Whether the request can continue.
		 * @param WP_REST_Request $request The request sent to the API.
		 *
		 * @since 0.1.0
		 */
		return apply_filters( 'bp_rest_group_membership_requests_get_items_permissions_check', $retval, $request );
	}

Changelog

Changelog
Version Description
0.1.0 Introduced.

Questions?

We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.