WP_HTTP_Polling_Sync_Server::check_permissionspublicWP 7.0.0

Checks if the current user has permission to access a room.

Method of the class: WP_HTTP_Polling_Sync_Server{}

No Hooks.

Returns

true|false|WP_Error. True if user has permission, otherwise WP_Error with details.

Usage

$WP_HTTP_Polling_Sync_Server = new WP_HTTP_Polling_Sync_Server();
$WP_HTTP_Polling_Sync_Server->check_permissions( $request );
$request(WP_REST_Request) (required)
The REST request.

Changelog

Since 7.0.0 Introduced.

WP_HTTP_Polling_Sync_Server::check_permissions() code WP 7.0

wp-includes/collaboration/class-wp-http-polling-sync-server.php 
public function check_permissions( WP_REST_Request $request ) {
	// Minimum cap check. Is user logged in with a contributor role or higher?
	if ( ! current_user_can( 'edit_posts' ) ) {
		return new WP_Error(
			'rest_cannot_edit',
			__( 'You do not have permission to perform this action' ),
			array( 'status' => rest_authorization_required_code() )
		);
	}

	$rooms      = $request['rooms'];
	$wp_user_id = get_current_user_id();

	foreach ( $rooms as $room ) {
		$client_id = $room['client_id'];
		$room      = $room['room'];

		// Check that the client_id is not already owned by another user.
		$existing_awareness = $this->storage->get_awareness_state( $room );
		foreach ( $existing_awareness as $entry ) {
			if ( $client_id === $entry['client_id'] && $wp_user_id !== $entry['wp_user_id'] ) {
				return new WP_Error(
					'rest_cannot_edit',
					__( 'Client ID is already in use by another user.' ),
					array( 'status' => rest_authorization_required_code() )
				);
			}
		}

		$type_parts   = explode( '/', $room, 2 );
		$object_parts = explode( ':', $type_parts[1] ?? '', 2 );

		$entity_kind = $type_parts[0];
		$entity_name = $object_parts[0];
		$object_id   = $object_parts[1] ?? null;

		if ( ! $this->can_user_sync_entity_type( $entity_kind, $entity_name, $object_id ) ) {
			return new WP_Error(
				'rest_cannot_edit',
				sprintf(
					/* translators: %s: The room name encodes the current entity being synced. */
					__( 'You do not have permission to sync this entity: %s.' ),
					$room
				),
				array( 'status' => rest_authorization_required_code() )
			);
		}
	}

	return true;
}