Support Queries Discussed at the Micropub Popups (#229)

* Change category search to filter per proposal

* Turn filter into a function and test that function

* Pass input to syndicate target filter to allow for additional queries

* Add additional query filters to source query

* Add offset query argument to media endpoint source

* Fix permissions for Indieauth change on media endpoint

* Bump version

Author: dshanske

includes/class-micropub-endpoint.php

@@ -316,8 +316,8 @@ public static function post_handler( $request ) {
 		return $response;
 	}
 
-	private static function get_syndicate_targets( $user_id ) {
-		return apply_filters( 'micropub_syndicate-to', array(), $user_id );
+	private static function get_syndicate_targets( $user_id, $input = null ) {
+		return apply_filters( 'micropub_syndicate-to', array(), $user_id, $input );
 	}
 
 	/**
@@ -332,7 +332,7 @@ public static function query_handler( $request ) {
 		switch ( static::$input['q'] ) {
 			case 'config':
 				$resp = array(
-					'syndicate-to'   => static::get_syndicate_targets( $user_id ),
+					'syndicate-to'   => static::get_syndicate_targets( $user_id, static::$input ),
 					'media-endpoint' => rest_url( static::get_namespace() . '/media' ),
 					'mp'             => array(
 						'slug',
@@ -351,7 +351,7 @@ public static function query_handler( $request ) {
 				break;
 			case 'syndicate-to':
 				// return syndication targets with filter
-				$resp = array( 'syndicate-to' => static::get_syndicate_targets( $user_id ) );
+				$resp = array( 'syndicate-to' => static::get_syndicate_targets( $user_id, static::$input ) );
 				break;
 			case 'category':
 				// https://github.com/indieweb/micropub-extensions/issues/5
@@ -364,18 +364,10 @@ public static function query_handler( $request ) {
 						)
 					)
 				);
-				if ( array_key_exists( 'search', static::$input ) ) {
-					$search = static::$input['search'];
-					$resp   = array_values(
-						array_filter(
-							$resp,
-							function( $value ) use ( $search ) {
-								return ( false !== stripos( $value, $search ) );
-							}
-						)
-					);
+				if ( array_key_exists( 'filter', static::$input ) ) {
+					$filter = static::$input['filter'];
+					$resp   = mp_filter( $resp, $filter );
 				}
-
 				$resp = array( 'categories' => $resp );
 				break;
 			case 'source':
@@ -386,14 +378,40 @@ function( $value ) use ( $search ) {
 					}
 					$resp = self::query( $post_id );
 				} else {
-					$numberposts = mp_get( static::$input, 'limit', 10 );
-					$posts       = get_posts(
-						array(
-							'posts_per_page' => $numberposts,
-							'fields'         => 'ids',
-						)
+					$args = array(
+						'posts_per_page' => mp_get( static::$input, 'limit', 10 ),
+						'fields'         => 'ids',
 					);
-					$resp        = array();
+					if ( array_key_exists( 'offset', static::$input ) ) {
+						$args['offset'] = mp_get( static::$input, 'offset' );
+					}
+
+					if ( array_key_exists( 'visibility', static::$input ) ) {
+						$visibilitylist = array( array( 'private' ), array( 'public' ) );
+						if ( ! in_array( $props['visibility'], $visibilitylist, true ) ) {
+							// Returning null will cause the server to return a 400 error
+							return null;
+						}
+						if ( array( 'private' ) === $props['visibility'] ) {
+							if ( user_can( $user_id, 'read_private_posts' ) ) {
+								$args['post-status'] = 'private';
+							}
+						}
+					} elseif ( array_key_exists( 'post-status', static::$input ) ) {
+						//  According to the proposed specification these are the only two properties supported.
+						// https://indieweb.org/Micropub-extensions#Post_Status
+						// For now these are the only two we will support even though WordPress defaults to 8 and allows custom
+						// But makes it easy to change
+
+						// Map published to the WordPress property publish.
+						if ( 'published' === mp_get( static::$input, 'post-status' ) ) {
+							$args['post-status'] = 'publish';
+						} elseif ( 'draft' === mp_get( static::$input, 'post-status' ) ) {
+							$args['post-status'] = 'draft';
+						}
+					}
+					$posts = get_posts( $args );
+					$resp  = array();
 					foreach ( $posts as $post ) {
 						$resp[] = self::query( $post );
 					}

includes/class-micropub-media.php

@@ -203,12 +203,10 @@ protected static function permissions_check( $request ) {
 		static::$micropub_auth_response = apply_filters( 'indieauth_response', static::$micropub_auth_response );
 		if ( 'POST' === $request->get_method() ) {
 			if ( ! current_user_can( 'upload_files' ) ) {
-				return new WP_Micropub_Error( 'forbidden', 'User is not permitted to upload files', 403 );
+				return new WP_Micropub_Error( 'insufficient_scope', 'You do not have permission to create or upload media', 401 );
 			}
-		}
-		$intersect = array_intersect( array( 'create', 'media' ), static::$scopes );
-		if ( empty( $intersect ) ) {
-			return new WP_Micropub_Error( 'insufficient_scope', 'You do not have permission to create or upload media', 401 );
+		} else if ( ! current_user_can( 'read' ) ) {
+				return new WP_Micropub_Error( 'forbidden', 'Unauthorized', 403 );
 		}
 
 		return true;
@@ -365,14 +363,16 @@ public static function query_handler( $request ) {
 						$resp = self::return_media_data( $attachment_id );
 					} else {
 						$numberposts = mp_get( $params, 'limit', 10 );
-						$attachments = get_posts(
-							array(
-								'posts_per_page' => $numberposts,
-								'post_type'      => 'attachment',
-								'fields'         => 'ids',
-								'order'          => 'DESC',
-							)
+						$args        = array(
+							'posts_per_page' => $numberposts,
+							'post_type'      => 'attachment',
+							'fields'         => 'ids',
+							'order'          => 'DESC',
 						);
+						if ( array_key_exists( 'offset', $params ) ) {
+							$args['offset'] = mp_get( $params, 'offset' );
+						}
+						$attachments = get_posts( $args );
 						$resp        = array();
 						foreach ( $attachments as $attachment ) {
 							$resp[] = self::return_media_data( $attachment );

includes/functions.php

@@ -34,3 +34,17 @@ function mp_get( $array, $key, $default = array(), $index = false ) {
 		return $return;
 	}
 }
+
+if ( ! function_exists( 'mp_filter' ) ) {
+	// Searches for partial matches in an array of strings
+	function mp_filter( $array, $filter ) {
+		return array_values(
+			array_filter(
+				$array,
+				function( $value ) use ( $filter ) {
+					return ( false !== stripos( $value, $filter ) );
+				}
+			)
+		);
+	}
+}

micropub.php

@@ -7,7 +7,7 @@
  * Author: IndieWeb WordPress Outreach Club
  * Author URI: https://indieweb.org/WordPress_Outreach_Club
  * Text Domain: micropub
- * Version: 2.2.0
+ * Version: 2.2.1
  */
 
 /* See README for supported filters and actions.

readme.md

@@ -56,7 +56,7 @@ Called during the creation of a Micropub post. This defaults to post, but allows
 Called during the creation of a Micropub post. This defaults to nothing but allows for a Micropub post to set a custom taxonomy.
 
 
-`micropub_syndicate-to( $synd_urls, $user_id )`
+`micropub_syndicate-to( $synd_urls, $user_id, $input )`
 
 Called to generate the list of `syndicate-to` targets to return in response to a query. Returns `$synd_urls`, an array, possibly modified. This filter is empty by default
 
@@ -214,6 +214,12 @@ into markdown and saved to readme.md.
 ## Changelog 
 
 
+### 2.2.1 (2020-07-31 ) 
+* Change category query parameter from search to filter per decision at Micropub Popup Session
+* Fix permissions for Media Endpoint to match Endpoint
+* For source query on both media and micropub endpoint support offset parameter
+
+
 ### 2.2.0 (2020-07-25 ) 
 * Deprecate MICROPUB_LOCAL_AUTH, MICROPUB_AUTHENTICATION_ENDPOINT and MICROPUB_TOKEN_ENDPOINT constants.
 * Remove IndieAuth Client code, will now require the IndieAuth or other plugin that does not yet exist.

readme.txt

@@ -4,7 +4,7 @@ Tags: micropub, publish, indieweb, microformats
 Requires at least: 4.9.9
 Requires PHP: 5.6
 Tested up to: 5.4.2
-Stable tag: 2.2.0
+Stable tag: 2.2.1
 License: CC0
 License URI: http://creativecommons.org/publicdomain/zero/1.0/
 Donate link: -
@@ -62,7 +62,7 @@ Called during the creation of a Micropub post. This defaults to post, but allows
 Called during the creation of a Micropub post. This defaults to nothing but allows for a Micropub post to set a custom taxonomy.
 
 
-`micropub_syndicate-to( $synd_urls, $user_id )`
+`micropub_syndicate-to( $synd_urls, $user_id, $input )`
 
 Called to generate the list of `syndicate-to` targets to return in response to a query. Returns `$synd_urls`, an array, possibly modified. This filter is empty by default
 
@@ -207,6 +207,11 @@ into markdown and saved to readme.md.
 
 == Changelog ==
 
+= 2.2.1 (2020-07-31 ) =
+* Change category query parameter from search to filter per decision at Micropub Popup Session
+* Fix permissions for Media Endpoint to match Endpoint
+* For source query on both media and micropub endpoint support offset parameter
+
 = 2.2.0 (2020-07-25 ) =
 * Deprecate MICROPUB_LOCAL_AUTH, MICROPUB_AUTHENTICATION_ENDPOINT and MICROPUB_TOKEN_ENDPOINT constants.
 * Remove IndieAuth Client code, will now require the IndieAuth or other plugin that does not yet exist.

tests/test_functions.php

@@ -0,0 +1,30 @@
+<?php
+
+/** Unit tests for the Micropub Global Functions.
+ */
+
+class MicropubFunctionsTest extends WP_UnitTestCase {
+	function test_mp_filter() {
+		$input = array(
+			'webmention',
+			'jsonfeed',
+			'micropub',
+			'author',
+			'foo',
+			'bar',
+			'indieweb',
+	   		'indieweb-goals',
+			'indienews'
+		);
+		$return = mp_filter( $input, 'indie' );
+		$this->assertEquals( 
+			$return,
+			array(
+				'indieweb',
+				'indieweb-goals',
+				'indienews'
+			)
+		);
+	}
+
+}

tests/test_media.php

@@ -72,9 +72,7 @@ public function test_media_handle_upload() {
 		$this->assertInternalType( "int", $id );
 	}
 
-	public function test_upload_file_with_scope() {
-		static::$scopes = array( 'create' );
-		add_filter( 'indieauth_scopes', array( get_called_class(), 'scopes' ), 12 );
+	public function test_upload_file() {
 		wp_set_current_user( self::$author_id );
 		$response = rest_get_server()->dispatch( self::upload_request() );
 		$data     = $response->get_data();
@@ -89,8 +87,6 @@ public function test_upload_file_with_scope() {
 	}
 
 	public function test_empty_upload() {
-		static::$scopes = array( 'create' );
-		add_filter( 'indieauth_scopes', array( get_called_class(), 'scopes' ), 12 );
 		wp_set_current_user( self::$author_id );
 		$request = new WP_REST_Request( 'POST', Micropub_Media::get_rest_route( true ) );
 		$response = rest_get_server()->dispatch( $request );
@@ -99,22 +95,10 @@ public function test_empty_upload() {
 	}
 
 	public function test_upload_file_without_scope() {
-		static::$scopes = array();
-		add_filter( 'indieauth_scopes', array( get_called_class(), 'scopes' ), 12 );
-		wp_set_current_user( self::$author_id );
-		$response = rest_get_server()->dispatch( self::upload_request() );
-		$data     = $response->get_data();
-		$this->assertEquals( 401, $response->get_status(), wp_json_encode( $data ) );
-	}
-
-	public function test_upload_file_with_scope_but_insufficient_permissions() {
-		static::$scopes = array( 'create' );
-		add_filter( 'indieauth_scopes', array( get_called_class(), 'scopes' ), 12 );
 		wp_set_current_user( self::$subscriber_id );
 		$response = rest_get_server()->dispatch( self::upload_request() );
 		$data     = $response->get_data();
-		$this->assertEquals( 403, $response->get_status(), wp_json_encode( $data ) );
+		$this->assertEquals( 401, $response->get_status(), wp_json_encode( $data ) );
 	}
 
-
 }