Skip to content

Commit 9acd073

Browse files
pfefferlepfefferle
committed
hide users that can not publish posts
fixes #230
1 parent 7d5b8e7 commit 9acd073

File tree

6 files changed

+46
-5
lines changed

6 files changed

+46
-5
lines changed

includes/class-activitypub.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,11 @@ public static function render_json_template( $template ) {
3838
return $template;
3939
}
4040

41+
// check if user can publish posts
42+
if ( \is_author() && ! user_can( \get_the_author_meta( 'ID' ), 'publish_posts' ) ) {
43+
return $template;
44+
}
45+
4146
if ( \is_author() ) {
4247
$json_template = \dirname( __FILE__ ) . '/../templates/author-json.php';
4348
} elseif ( \is_singular() ) {

includes/rest/class-followers.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,9 @@ public static function request_parameters() {
101101
$params['user_id'] = array(
102102
'required' => true,
103103
'type' => 'integer',
104+
'validate_callback' => function( $param, $request, $key ) {
105+
return user_can( $param, 'publish_posts' );
106+
},
104107
);
105108

106109
return $params;

includes/rest/class-following.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,9 @@ public static function request_parameters() {
9999
$params['user_id'] = array(
100100
'required' => true,
101101
'type' => 'integer',
102+
'validate_callback' => function( $param, $request, $key ) {
103+
return user_can( $param, 'publish_posts' );
104+
},
102105
);
103106

104107
return $params;

includes/rest/class-inbox.php

Lines changed: 31 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ public static function register_routes() {
3333
array(
3434
'methods' => \WP_REST_Server::EDITABLE,
3535
'callback' => array( '\Activitypub\Rest\Inbox', 'shared_inbox_post' ),
36-
'args' => self::shared_inbox_request_parameters(),
36+
'args' => self::shared_inbox_post_parameters(),
3737
'permission_callback' => '__return_true',
3838
),
3939
)
@@ -46,12 +46,13 @@ public static function register_routes() {
4646
array(
4747
'methods' => \WP_REST_Server::EDITABLE,
4848
'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_post' ),
49-
'args' => self::user_inbox_request_parameters(),
49+
'args' => self::user_inbox_post_parameters(),
5050
'permission_callback' => '__return_true',
5151
),
5252
array(
5353
'methods' => \WP_REST_Server::READABLE,
5454
'callback' => array( '\Activitypub\Rest\Inbox', 'user_inbox_get' ),
55+
'args' => self::user_inbox_get_parameters(),
5556
'permission_callback' => '__return_true',
5657
),
5758
)
@@ -195,7 +196,7 @@ public static function shared_inbox_post( $request ) {
195196
*
196197
* @return array list of parameters
197198
*/
198-
public static function user_inbox_request_parameters() {
199+
public static function user_inbox_get_parameters() {
199200
$params = array();
200201

201202
$params['page'] = array(
@@ -205,6 +206,32 @@ public static function user_inbox_request_parameters() {
205206
$params['user_id'] = array(
206207
'required' => true,
207208
'type' => 'integer',
209+
'validate_callback' => function( $param, $request, $key ) {
210+
return user_can( $param, 'publish_posts' );
211+
},
212+
);
213+
214+
return $params;
215+
}
216+
217+
/**
218+
* The supported parameters
219+
*
220+
* @return array list of parameters
221+
*/
222+
public static function user_inbox_post_parameters() {
223+
$params = array();
224+
225+
$params['page'] = array(
226+
'type' => 'integer',
227+
);
228+
229+
$params['user_id'] = array(
230+
'required' => true,
231+
'type' => 'integer',
232+
'validate_callback' => function( $param, $request, $key ) {
233+
return user_can( $param, 'publish_posts' );
234+
},
208235
);
209236

210237
$params['id'] = array(
@@ -243,7 +270,7 @@ public static function user_inbox_request_parameters() {
243270
*
244271
* @return array list of parameters
245272
*/
246-
public static function shared_inbox_request_parameters() {
273+
public static function shared_inbox_post_parameters() {
247274
$params = array();
248275

249276
$params['page'] = array(

includes/rest/class-outbox.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,9 @@ public static function request_parameters() {
138138
$params['user_id'] = array(
139139
'required' => true,
140140
'type' => 'integer',
141+
'validate_callback' => function( $param, $request, $key ) {
142+
return user_can( $param, 'publish_posts' );
143+
},
141144
);
142145

143146
return $params;

includes/rest/class-webfinger.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ public static function webfinger( $request ) {
5959

6060
$user = \get_user_by( 'login', \esc_sql( $resource_identifier ) );
6161

62-
if ( ! $user ) {
62+
if ( ! $user || ! user_can( $user, 'publish_posts' ) ) {
6363
return new \WP_Error( 'activitypub_user_not_found', \__( 'User not found', 'activitypub' ), array( 'status' => 404 ) );
6464
}
6565

0 commit comments

Comments
 (0)