WC_REST_Customers_V1_Controller::update_item_permissions_check()
Check if a given request has access update a customer.
Method of the class: WC_REST_Customers_V1_Controller{}
No Hooks.
Return
true|false|WP_Error.
Usage
$WC_REST_Customers_V1_Controller = new WC_REST_Customers_V1_Controller(); $WC_REST_Customers_V1_Controller->update_item_permissions_check( $request );
- $request(WP_REST_Request) (required)
- Full details about the request.
WC_REST_Customers_V1_Controller::update_item_permissions_check() WC REST Customers V1 Controller::update item permissions check code WC 9.8.1
public function update_item_permissions_check( $request ) {
$id = (int) $request['id'];
if ( ! wc_rest_check_user_permissions( 'edit', $id ) ) {
return new WP_Error( 'woocommerce_rest_cannot_edit', __( 'Sorry, you are not allowed to edit this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
}
$allowed_roles = $this->allowed_roles();
$customer = new WC_Customer( $id );
if ( $customer && ! in_array( $customer->get_role(), $allowed_roles, true ) ) {
// Check against existing props to be compatible with clients that will send the entire user object. Password shouldn't be sent anyway.
$non_editable_props = array( 'email', 'password' );
$customer_prop = array( 'email' => $customer->get_email() );
foreach ( $non_editable_props as $prop ) {
if ( isset( $request[ $prop ] ) && ( 'password' === $prop || $request[ $prop ] !== $customer_prop[ $prop ] ) ) {
return new WP_Error(
'woocommerce_rest_cannot_edit',
sprintf(
/* translators: 1s: name of the property (email, role), 2: Role of the user (administrator, customer). */
__( 'Sorry, %1$s cannot be updated via this endpoint for a user with role %2$s.', 'woocommerce' ),
$prop,
$customer->get_role()
),
array( 'status' => rest_authorization_required_code() )
);
}
}
}
return true;
}