Tweak: better handling of Rest API

newfold-labs · Nov 18, 2024 · 319e8c9 · 319e8c9
1 parent d4c4074
commit 319e8c9
Show file tree

Hide file tree

Showing 6 changed files with 113 additions and 63 deletions.
diff --git a/components/advancedSettings/JetpackBoost/SingleOption.js b/components/advancedSettings/JetpackBoost/SingleOption.js
@@ -41,7 +41,7 @@ const SingleOption = ( {params, isChild, methods, constants } ) =>  {
     // Imposta un nuovo timeout di 2 secondi
     debounceTimeout.current = setTimeout(() => {
       apiFetch({
-        path: 'newfold-performance/v1/jetpack/set_options',
+        path: 'newfold-performance/v1/jetpack/settings',
         method: 'POST',
         data: {
           field: {

diff --git a/components/advancedSettings/JetpackBoost/index.js b/components/advancedSettings/JetpackBoost/index.js
@@ -73,7 +73,7 @@ const JetpackBoost = ({ methods, constants }) => {
   useEffect(() => {
     setLoading(true) // Inizia il caricamento
     apiFetch({
-      path: 'newfold-performance/v1/jetpack/get_options'
+      path: 'newfold-performance/v1/jetpack/settings'
     })
       .then(async (response) => {
 

diff --git a/includes/Performance.php b/includes/Performance.php
@@ -2,10 +2,12 @@
 
 namespace NewfoldLabs\WP\Module\Performance;
 
+use NewfoldLabs\WP\Module\Performance\RestApi\RestApi;
 use NewfoldLabs\WP\Module\Performance\CacheTypes\Browser;
 use NewfoldLabs\WP\Module\Performance\CacheTypes\File;
 use NewfoldLabs\WP\Module\Performance\CacheTypes\Skip404;
 use NewfoldLabs\WP\ModuleLoader\Container;
+use NewfoldLabs\WP\Module\Performance\Permissions;
 
 /**
  * Performance Class
@@ -57,15 +59,6 @@ class Performance {
 	 */
 	protected $container;
 
-	/**
-	 * Array map of API controllers.
-	 *
-	 * @var array
-	 */
-	protected $controllers = array(
-		'NewfoldLabs\\WP\\Module\\Performance\\RestApi\\JetpackController',
-	);
-
 	/**
 	 * Constructor.
 	 *
@@ -92,13 +85,15 @@ public function __construct( Container $container ) {
 
 		add_action( 'admin_enqueue_scripts', array( $this, 'register_scripts' ) );
 
-		add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+		if ( Permissions::is_authorized_admin() || Permissions::rest_is_authorized_admin() ) {
+			new RestAPI();
+		}
 	}
 
 	/**
 	 * Constructor.
 	 *
-	 * @param Container $container the container
+	 * @param Container $container the container.
 	 */
 	public function configureContainer( Container $container ) {
 
@@ -165,21 +160,6 @@ public function register_scripts() {
 		\wp_enqueue_style( 'nfd-performance', plugin_dir_url( __DIR__ ) . '/src/css/style.css', null, '1', 'screen' );
 	}
 
-	/**
-	 * Register API routes.
-	 */
-	public function register_routes() {
-		foreach ( $this->controllers as $Controller ) {
-			/**
-			 * Get an instance of the WP_REST_Controller.
-			 *
-			 * @var $instance \WP_REST_Controller
-			 */
-			$instance = new $Controller( $this->container );
-			$instance->register_routes();
-		}
-	}
-
 	/**
 	 * Update the default action scheduler retention period to 5 days instead of 30.
 	 * The actions scheduler table tends to grow to gigantic sizes and this should help.

diff --git a/includes/Permissions.php b/includes/Permissions.php
@@ -0,0 +1,52 @@
+<?php
+namespace NewfoldLabs\WP\Module\Performance;
+
+/**
+ * Permissions and Authorization constants and utilities.
+ */
+final class Permissions {
+	/**
+	 * WordPress Admin capability string
+	 */
+	const ADMIN          = 'manage_options';
+	const INSTALL_THEMES = 'install_themes';
+	const EDIT_THEMES    = 'edit_themes';
+
+	/**
+	 * Confirm REST API caller has ADMIN user capabilities.
+	 *
+	 * @return boolean
+	 */
+	public static function rest_is_authorized_admin() {
+		return \is_user_logged_in() && \current_user_can( self::ADMIN );
+	}
+
+	/**
+	 * Confirm logged-in user is in wp-admin and has ADMIN user capabilities.
+	 *
+	 * @return boolean
+	 */
+	public static function is_authorized_admin() {
+		return \is_admin() && self::rest_is_authorized_admin();
+	}
+
+	/**
+	 * Confirm logged-in user can manage themes.
+	 *
+	 * @return boolean
+	 */
+	public static function rest_can_manage_themes() {
+		return \is_user_logged_in() &&
+			\current_user_can( self::INSTALL_THEMES ) &&
+			\current_user_can( self::EDIT_THEMES );
+	}
+
+	/**
+	 * Confirm whether user has ADMIN user and edit_post capabilities for creating pages.
+	 *
+	 * @return boolean
+	 */
+	public static function custom_post_authorized_admin() {
+		return \current_user_can( 'edit_posts' ) && \current_user_can( self::ADMIN );
+	}
+}
diff --git a/includes/RestApi/JetpackController.php b/includes/RestApi/JetpackController.php
@@ -1,9 +1,6 @@
 <?php
-
 namespace NewfoldLabs\WP\Module\Performance\RestApi;
 
-use NewfoldLabs\WP\ModuleLoader\Container;
-
 /**
  * Class JetpackController
  *
@@ -25,56 +22,35 @@ class JetpackController {
 	 */
 	protected $rest_base = '/jetpack';
 
-	/**
-	 * Container
-	 *
-	 * @var [type]
-	 */
-	protected $container;
-
 	/**
 	 * Plugin slug
 	 *
 	 * @var string
 	 */
 	protected $plugin_slug = 'jetpack-boost';
 
-
-	/**
-	 * JetpackController constructor.
-	 *
-	 * @param Container $container the container.
-	 */
-	public function __construct( Container $container ) {
-		$this->container = $container;
-	}
-
 	/**
 	 * Register API routes.
 	 *
 	 * @return void
 	 */
 	public function register_routes() {
-		\register_rest_route(
-			$this->namespace,
-			$this->rest_base . '/get_options',
-			array(
-				'methods'             => \WP_REST_Server::READABLE,
-				'callback'            => array( $this, 'get_options' ),
-				'permission_callback' => function () {
-					return 'manage_options';
-				},
-			)
-		);
-		\register_rest_route(
+		register_rest_route(
 			$this->namespace,
-			$this->rest_base . '/set_options',
+			$this->rest_base . '/settings',
 			array(
+				array(
+					'methods'             => \WP_REST_Server::READABLE,
+					'callback'            => array( $this, 'get_options' ),
+					'permission_callback' => function () {
+						return current_user_can( 'manage_options' );
+					},
+				),
 				array(
 					'methods'             => \WP_REST_Server::CREATABLE,
 					'callback'            => array( $this, 'set_options' ),
 					'permission_callback' => function () {
-						return 'manage_options';
+						return current_user_can( 'manage_options' );
 					},
 				),
 			)
@@ -87,7 +63,7 @@ public function register_routes() {
 	 * @return WP_REST_Response
 	 */
 	public function get_options() {
-		return new \WP_REST_Response(
+		return rest_ensure_response(
 			array(
 				'is_module_active'    => defined( 'JETPACK_BOOST_VERSION' ),
 				'critical-css'        => get_option( 'jetpack_boost_status_critical-css' ),

diff --git a/includes/RestApi/RestApi.php b/includes/RestApi/RestApi.php
@@ -0,0 +1,42 @@
+<?php
+
+namespace NewfoldLabs\WP\Module\Performance\RestApi;
+
+//use NewfoldLabs\WP\Module\Onboarding\RestApi\RestApiFilter;
+
+/**
+ * Instantiate controllers and register routes.
+ */
+final class RestApi {
+
+	/**
+	 * List of custom REST API controllers
+	 *
+	 * @var array
+	 */
+	protected $controllers = array(
+		'NewfoldLabs\\WP\\Module\\Performance\\RestApi\\JetpackController',
+	);
+
+	/**
+	 * Setup the custom REST API
+	 */
+	public function __construct() {
+		add_action( 'rest_api_init', array( $this, 'register_routes' ) );
+	}
+
+	/**
+	 * Register the custom REST API routes
+	 */
+	public function register_routes() {
+		foreach ( $this->controllers as $controller ) {
+			/**
+			 * Get an instance of the WP_REST_Controller.
+			 *
+			 * @var $instance WP_REST_Controller
+			 */
+			$instance = new $controller();
+			$instance->register_routes();
+		}
+	}
+}