WP_REST_Abilities_V1_Run_Controller::validate_request_methodpublicWP 6.9.0

Validates if the HTTP method matches the expected method for the ability based on its annotations.

Method of the class: WP_REST_Abilities_V1_Run_Controller{}

No Hooks.

Returns

true|WP_Error. True on success, or WP_Error object on failure.

Usage

$WP_REST_Abilities_V1_Run_Controller = new WP_REST_Abilities_V1_Run_Controller();
$WP_REST_Abilities_V1_Run_Controller->validate_request_method( $request_method, $annotations );
$request_method(string) (required)
The HTTP method of the request.
$annotations(array) (required)
.

Changelog

Since 6.9.0 Introduced.

WP_REST_Abilities_V1_Run_Controller::validate_request_method() code WP 6.9

wp-includes/rest-api/endpoints/class-wp-rest-abilities-v1-run-controller.php 
public function validate_request_method( string $request_method, array $annotations ) {
	$expected_method = 'POST';
	if ( ! empty( $annotations['readonly'] ) ) {
		$expected_method = 'GET';
	} elseif ( ! empty( $annotations['destructive'] ) && ! empty( $annotations['idempotent'] ) ) {
		$expected_method = 'DELETE';
	}

	if ( $expected_method === $request_method ) {
		return true;
	}

	$error_message = __( 'Abilities that perform updates require POST method.' );
	if ( 'GET' === $expected_method ) {
		$error_message = __( 'Read-only abilities require GET method.' );
	} elseif ( 'DELETE' === $expected_method ) {
		$error_message = __( 'Abilities that perform destructive actions require DELETE method.' );
	}
	return new WP_Error(
		'rest_ability_invalid_method',
		$error_message,
		array( 'status' => 405 )
	);
}