http://wordpress.tv/2016/12/07/matt-mullenweg-state-of-the-word-2016/
http://wordpress.tv/2016/12/07/matt-mullenweg-state-of-the-word-2016/
wp/v2/users
endpoint to support Multisite functionality
wp/v2/sites
endpoint for access to sites in a network
wp/v2/networks
endpoint for access to networks) → Later
wp/v2/users
endpoint
wp/v2/users
This is wrong, but implementing a solid solution will take time.
→ Quick fix: Remove the functionality now!
✅ Fixed in https://core.trac.wordpress.org/changeset/40106 (4.7.3)
wp/v2/users
In 4.7 the capabilities checked in the REST API when updating a user are wrong.
→ That has not been discussed yet.
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
if ( ! empty( $request['roles'] ) && ! current_user_can( 'edit_users' ) ) {
return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
Possible fix
if ( ! empty( $request['roles'] ) ) {
if ( ! current_user_can( 'promote_user', $user->ID ) ) {
return new WP_Error( 'rest_cannot_edit_roles', __( 'Sorry, you are not allowed to edit roles of this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
$request_params = $request->get_params();
if ( count( $request_params ) === 2 ) {
return true;
}
}
if ( ! current_user_can( 'edit_user', $user->ID ) ) {
return new WP_Error( 'rest_cannot_edit', __( 'Sorry, you are not allowed to edit this user.' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
wp/v2/users
Current state:
The latter two features were discussed and disabled in Ticket #38962 prior to 4.7.
Possible solution: Introduce a global
parameter.
GET wp/v2/users
will list users from the current site.
GET wp/v2/users?global=true
will list all users.
GET wp/v2/users/<id>
displays a user from the current site.
GET wp/v2/users/<id>?global=true
displays any user.
POST/PUT/PATCH wp/v2/users/<id>
allows editing a user of the current site.
POST/PUT/PATCH wp/v2/users/<id>?global=true
allows editing a user from any site.
POST wp/v2/users
creates a new user and adds it to the current site.
POST wp/v2/users?email=<existing-email-address>
adds an existing user to the current site.
→ This is not very clear and we might need to find a better solution.
Related problem: Site administrators can create users, but not edit them. ¯\_(ツ)_/¯
DELETE wp/v2/users/<id>
removes a user from the current site.
DELETE wp/v2/users/<id>?global=true
deletes a user completely.
wp/v2/sites
endpoint
Getting the REST API
ready for Multisite
A WordPress Core case study
Getting Multisite
ready for the REST API
A WordPress Core case study
WP_Site
class
WP_Site_Query
class
wpmu_create_blog( $domain, $path, $title, $user_id, $meta, $site_id )
function
wp_insert_site( $args )
wp_install_site( $site_id, $args )
update_blog_details( $blog_id, $details )
function
wp_update_site( $site_id, $args )
wpmu_delete_blog( $blog_id, $drop )
function
wp_delete_site( $site_id )
wp_uninstall_site( $site_id )
Current state:
switch_to_blog()
function.
wp_options
tables.
Possible solution:
wp_posts
→ wp_postmeta
wp_comments
→ wp_commentmeta
wp_users
→ wp_usermeta
wp_terms
→ wp_termmeta
wp_site
→ wp_sitemeta
(Networks!)
wp_blogs
→ wp_blogmeta
? (Sites!)
Initial plan: Determine a whitelist of options that should be migrated to the new site metadata table.
Currently discussed: Introduce a site meta table independently from options, as this will open up the new `wp/v2/sites` endpoint to developers.
Looking at the current state of network data in WordPress:
wp_sitemeta
.
wpmu_create_blog()
accepts a $meta
array, and the values in it are then stored as options.
¯\_(ツ)_/¯
→ We're working on that as well.
Plugin Developer / Core Committer / Freelancer