add permissions check that inherits WC auth processes

Author: ggwicz

src/Rest/Endpoints/AbandonedCarts.php

@@ -13,6 +13,7 @@
 use WP_REST_Request;
 use WP_REST_Controller;
 use WP_REST_Response;
+use WP_Error;
 use WC_Product;
 
 use WebDevStudios\CCForWoo\AbandonedCarts\CartsTable;
@@ -55,17 +56,33 @@ public function __construct() {
 	 */
 	public function register_routes() {
 		register_rest_route(
-			'wc-' . $this->rest_base,
+			Registrar::$namespace,
+			'/' . $this->rest_base,
 			[
 				[
-					'methods'  => WP_REST_Server::READABLE,
-					'callback' => [ $this, 'get_items' ],
+					'methods'             => WP_REST_Server::READABLE,
+					'callback'            => [ $this, 'get_items' ],
+					'permission_callback' => [ $this, 'get_items_permissions_check' ],
 				],
 				'schema' => null,
 			]
 		);
 	}
 
+	/**
+	 * Check whether a given request has permission to show abandoned carts.
+	 *
+	 * @param  WP_REST_Request $request Full details about the request.
+	 * @return WP_Error|boolean
+	 */
+	public function get_items_permissions_check( $request ) {
+		if ( ! wc_rest_check_manager_permissions( 'settings', 'read' ) ) {
+			return new WP_Error( 'cc-woo-rest-not-allowed', esc_html__( 'Sorry, you cannot list resources.', 'cc-woo' ), [ 'status' => rest_authorization_required_code() ] );
+		}
+
+		return true;
+	}
+
 	/**
 	 * Register the Abandoned Carts endpoint.
 	 *
@@ -188,7 +205,7 @@ private function get_cart_data( int $per_page, int $offset, string $date_min, st
 		);
 		// phpcs:enable WordPress.DB.PreparedSQL
 
-		return $this->prepare_cart_data_for_api( $data );
+		return $this->prepare_cart_data_for_api_response( $data );
 	}
 
 	/**
@@ -230,7 +247,7 @@ private function get_dates_where( string $date_min, string $date_max ) : string
 	 * @param array $data The carts whose fields need preparation.
 	 * @return array
 	 */
-	private function prepare_cart_data_for_api( array $data ) {
+	private function prepare_cart_data_for_api_response( array $data ) {
 		foreach ( $data as $cart ) {
 			$cart->cart_contents     = maybe_unserialize( $cart->cart_contents );
 			$cart->cart_contents     = $this->get_additional_product_fields( $cart->cart_contents );

src/Rest/Registrar.php

@@ -20,15 +20,25 @@
  */
 class Registrar extends Service {
 
+    /**
+	 * Namespace for the endpoints this registrar registers.
+	 *
+	 * @since 2019-10-16
+	 *
+	 * @var string
+	 */
+    public static $namespace = 'wc/cc-woo';
+
 	/**
 	 * Register hooks.
 	 *
 	 * @author George Gecewicz <[email protected]>
 	 * @since  2019-11-13
 	 */
 	public function register_hooks() {
-		add_action( 'rest_api_init', [ $this, 'init_rest_endpoints' ] );
-	}
+        add_action( 'rest_api_init', [ $this, 'init_rest_endpoints' ] );
+        add_filter( 'woocommerce_rest_is_request_to_rest_api', [ $this, 'register_endpoints_with_woo_auth_handler' ] );
+    }
 
 	/**
 	 * Initialize REST endpoints.
@@ -38,7 +48,27 @@ public function register_hooks() {
 	 */
 	public function init_rest_endpoints() {
 		( new Endpoints\AbandonedCarts() )->register_routes();
-	}
+    }
+
+    /**
+	 * Register REST endpoints with WooCommerce's REST auth handler.
+	 *
+	 * @author George Gecewicz <[email protected]>
+	 * @since  2019-11-13
+     *
+     * @return bool
+	 */
+    public function register_endpoints_with_woo_auth_handler() {
+        $request_uri = esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) );
+
+        if ( empty( $request_uri ) ) {
+            return false;
+        }
+
+		$rest_prefix = trailingslashit( rest_get_url_prefix() );
+
+        return false !== strpos( $request_uri, $rest_prefix . self::$namespace );
+    }
 
 }
 

src/View/Admin/Field/AbandonedCarts/RestEndpoints.php

@@ -124,14 +124,6 @@ class WooTab extends WC_Settings_Page implements Hookable {
 	 */
 	private $import_existing_customer_section = 'customer_data_import';
 
-	/**
-	 * The identifier for the Abandoned Carts section.
-	 *
-	 * @since 2019-10-24
-	 * @var string
-	 */
-	private $abandoned_carts_section = 'abandoned_carts';
-
 	/**
 	 * WooTab constructor.
 	 *
@@ -207,7 +199,6 @@ public function get_sections() {
 		$sections = [
 			''                                      => esc_html__( 'Store Information', 'cc-woo' ),
 			$this->import_existing_customer_section => esc_html__( 'Import your contacts', 'cc-woo' ),
-			$this->abandoned_carts_section          => esc_html__( 'Abandoned Carts', 'cc-woo' ),
 		];
 
 		return apply_filters( 'woocommerce_get_sections_' . $this->id, $sections );
@@ -280,10 +271,6 @@ private function get_default_settings_options() {
 			case $this->import_existing_customer_section:
 				$settings = $this->get_customer_data_settings();
 				break;
-
-			case $this->abandoned_carts_section:
-				$settings = $this->get_abandoned_carts_settings();
-				break;
 		}
 
 		$settings = $this->process_errors( $settings );
@@ -306,8 +293,7 @@ public function add_rest_group( $groups ) {
 		$groups[] = [
 			'id'          => 'cc_woo',
 			'label'       => esc_html__( 'Constant Contact WooCommerce', 'cc-woo' ),
-			'description' => esc_html__( 'This endpoint provides information for the Constant Contact for WooCommerce plugin.',
-				'cc-woo' ),
+			'description' => esc_html__( 'This endpoint provides information for the Constant Contact for WooCommerce plugin.', 'cc-woo' ),
 		];
 
 		return $groups;
@@ -546,37 +532,6 @@ private function get_customer_data_settings() {
 		return $settings;
 	}
 
-	/**
-	 * Get the Abandoned Carts settings.
-	 *
-	 * @since  2019-10-24
-	 * @author George Gecewicz <[email protected]>
-	 *
-	 * @return array
-	 */
-	private function get_abandoned_carts_settings() {
-		$settings = [
-			[
-				'title' => esc_html__( 'Abandoned Cart Settings', 'cc-woo' ),
-				'id'    => 'cc_woo_abandoned_cart_settings',
-				'type'  => 'title',
-			],
-			[
-				'title' => '',
-				'type'  => 'title',
-				'desc'  => esc_html__( 'Settings for the Abandoned Carts functionality, namely its REST API endpoint.', 'cc-woo' ),
-			],
-		];
-
-		$rest_endpoints_field = new \WebDevStudios\CCForWoo\View\Admin\Field\AbandonedCarts\RestEndpoints();
-
-		$settings[] = array_merge( $settings,
-			$rest_endpoints_field->get_form_field()
-		);
-
-		return $settings;
-	}
-
 	/**
 	 * Displays the Constant Contact connection button when the form is validated and a connection is not already established.
 	 *