Merge pull request #15 from WP-API/approval-process

Add approval process

Author: rmccue

inc/admin/class-admin.php

@@ -69,6 +69,10 @@ public static function load() {
 				self::handle_regenerate();
 				break;
 
+			case 'approve':
+				self::handle_approve();
+				break;
+
 			default:
 				global $wp_list_table;
 
@@ -86,6 +90,7 @@ public static function dispatch() {
 			case 'add':
 			case 'edit':
 			case 'delete':
+			case 'approve':
 				break;
 
 			default:
@@ -116,6 +121,8 @@ class="add-new-h2"><?php echo esc_html_x( 'Add New', 'application', 'rest_oauth2
 			<?php
 			if ( ! empty( $_GET['deleted'] ) ) {
 				echo '<div id="message" class="updated"><p>' . esc_html__( 'Deleted application.', 'rest_oauth2' ) . '</p></div>';
+			} elseif ( ! empty( $_GET['approved'] ) ) {
+				echo '<div id="message" class="updated"><p>' . esc_html__( 'Approved application.', 'rest_oauth2' ) . '</p></div>';
 			}
 			?>
 
@@ -480,6 +487,39 @@ public static function handle_delete() {
 		exit;
 	}
 
+	/**
+	 * Approve the client.
+	 */
+	public static function handle_approve() {
+		if ( empty( $_GET['id'] ) ) {
+			return;
+		}
+
+		$id = absint( $_GET['id'] );
+		check_admin_referer( 'rest-oauth2-approve:' . $id );
+
+		if ( ! current_user_can( 'publish_post', $id ) ) {
+			wp_die(
+				'<h1>' . __( 'Cheatin&#8217; uh?', 'rest_oauth2' ) . '</h1>' .
+				'<p>' . __( 'You are not allowed to approve this application.', 'rest_oauth2' ) . '</p>',
+				403
+			);
+		}
+
+		$client = Client::get_by_post_id( $id );
+		if ( is_wp_error( $client ) ) {
+			wp_die( $client );
+		}
+
+		$did_approve = $client->approve();
+		if ( is_wp_error( $did_approve ) ) {
+			wp_die( $did_approve );
+		}
+
+		wp_safe_redirect( self::get_urL( 'approved=1' ) );
+		exit;
+	}
+
 	/**
 	 * Regenerate the client secret.
 	 */

inc/admin/class-listtable.php

@@ -102,8 +102,37 @@ protected function column_name( $item ) {
 			'edit'   => sprintf( '<a href="%s">%s</a>', esc_url( $edit_link ), esc_html__( 'Edit', 'rest_oauth2' ) ),
 			'delete' => sprintf( '<a href="%s">%s</a>', esc_url( $delete_link ), esc_html__( 'Delete', 'rest_oauth2' ) ),
 		];
+
+		$post_type_object = get_post_type_object( $item->post_type );
+		if ( current_user_can( $post_type_object->cap->publish_posts ) && $item->post_status !== 'publish' ) {
+			$publish_link = add_query_arg(
+				[
+					'page' => 'rest-oauth2-apps',
+					'action' => 'approve',
+					'id' => $item->ID,
+				],
+				admin_url( 'users.php' )
+			);
+			$publish_link = wp_nonce_url( $publish_link, 'rest-oauth2-approve:' . $item->ID );
+			$actions['app-approve'] = sprintf(
+				'<a href="%s">%s</a>',
+				esc_url( $publish_link ),
+				esc_html__( 'Approve', 'rest_oauth2' )
+			);
+		}
+
 		$action_html = $this->row_actions( $actions );
 
+		// Get suffixes for draft, etc
+		ob_start();
+		_post_states( $item );
+		$title = sprintf(
+			'<strong><a href="%s">%s</a>%s</strong>',
+			$edit_link,
+			$title,
+			ob_get_clean()
+		);
+
 		return $title . ' ' . $action_html;
 	}
 

inc/class-client.php

@@ -423,6 +423,20 @@ public function delete() {
 		return (bool) wp_delete_post( $this->get_post_id(), true );
 	}
 
+	/**
+	 * Approve a client.
+	 *
+	 * @return bool|WP_Error True if client was updated, error otherwise.
+	 */
+	public function approve() {
+		$data = array(
+			'ID' => $this->get_post_id(),
+			'post_status' => 'publish',
+		);
+		$result = wp_update_post( wp_slash( $data ), true );
+		return is_wp_error( $result ) ? $result : true;
+	}
+
 	/**
 	 * Register the underlying post type.
 	 */
@@ -431,8 +445,13 @@ public static function register_type() {
 			'public'          => false,
 			'hierarchical'    => true,
 			'capability_type' => array(
-				'client',
-				'clients',
+				'oauth2_client',
+				'oauth2_clients',
+			),
+			'capabilities'    => array(
+				'edit_posts'        => 'edit_users',
+				'edit_others_posts' => 'edit_users',
+				'publish_posts'     => 'edit_users',
 			),
 			'supports'        => array(
 				'title',

plugin.php

@@ -17,6 +17,7 @@ function bootstrap() {
 	load();
 
 	// Core authentication hooks.
+	add_action( 'init', __NAMESPACE__ . '\\Client::register_type' );
 	add_filter( 'determine_current_user', __NAMESPACE__ . '\\Authentication\\attempt_authentication', 11 );
 
 	// REST API integration.