class-gv-rest-views-route_8php_source.html

 <?php
 /**
  * @package   GravityView
  * @license   GPL2+
  * @author    Josh Pollock <[email protected]>
  * @link      http://gravityview.co
  * @copyright Copyright 2015, Katz Web Services, Inc.
  *
  * @since 2.0
  */
 namespace GV\REST;

 /** If this file is called directly, abort. */
 if ( ! defined( 'GRAVITYVIEW_DIR' ) ) {
     die();
 }

 class Views_Route extends Route {
     /**
      * Route Name
      *
      * @since 2.0
      *
      * @access protected
      * @string
      */
     protected $route_name = 'views';

     /**
      * Sub type, forms {$namespace}/route_name/{id}/sub_type type endpoints
      *
      * @since 2.0
      * @access protected
      * @var string
      */
     protected $sub_type = 'entries';


     /**
      * Get a collection of views
      *
      * Callback for GET /v1/views/
      *
      * @param \WP_REST_Request $request Full data about the request.
      * @return \WP_Error|\WP_REST_Response
      */
     public function get_items( $request ) {

         $page = $request->get_param( 'page' );
         $limit = $request->get_param( 'limit' );

         $items = \GVCommon::get_all_views( array(
             'posts_per_page' => $limit,
             'paged' => $page,
         ) );

         if ( empty( $items ) ) {
             return new \WP_Error( 'gravityview-no-views', __( 'No Views found.', 'gk-gravityview' ) ); //@todo message
         }

         $data = array(
             'views' => array(),
             'total' => wp_count_posts( 'gravityview' )->publish,
         );
         foreach ( $items as $item ) {
             $data['views'][] = $this->prepare_view_for_response( $item, $request );
         }

         return new \WP_REST_Response( $data, 200 );
     }

     /**
      * Get one view
      *
      * Callback for /v1/views/{id}/
      *
      * @since 2.0
      * @param \WP_REST_Request $request Full data about the request.
      * @return \WP_Error|\WP_REST_Response
      */
     public function get_item( $request ) {

         $url = $request->get_url_params();

         $view_id = intval( $url['id'] );

         $item = get_post( $view_id );

         //return a response or error based on some conditional
         if ( $item && ! is_wp_error( $item ) ) {
             $data = $this->prepare_view_for_response( $item, $request );
             return new \WP_REST_Response( $data, 200 );
         }

         return new \WP_Error( 'code', sprintf( 'A View with ID #%d was not found.', $view_id ) );
     }

     /**
      * Prepare the item for the REST response
      *
      * @since 2.0
      * @param \GV\View $view The view.
      * @param \GV\Entry $entry WordPress representation of the item.
      * @param \WP_REST_Request $request Request object.
      * @param string $context The context (directory, single)
      * @param string $class The value renderer. Default: null (raw value)
      *
      * @since 2.1 Add value renderer override $class parameter.
      *
      * @return mixed The data that is sent.
      */
     public function prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context, $class = null ) {

         // Only output the fields that should be displayed.
         $allowed = array();
         foreach ( $view->fields->by_position( "{$context}_*" )->by_visible( $view )->all() as $field ) {
             $allowed[] = $field;
         }

         /**
          * @filter `gravityview/rest/entry/fields` Allow more entry fields that are output in regular REST requests.
          * @param array $allowed The allowed ones, default by_visible, by_position( "context_*" ), i.e. as set in the view.
          * @param \GV\View $view The view.
          * @param \GV\Entry $entry The entry.
          * @param \WP_REST_Request $request Request object.
          * @param string $context The context (directory, single)
          */
         $allowed_field_ids = apply_filters( 'gravityview/rest/entry/fields', wp_list_pluck( $allowed, 'ID' ), $view, $entry, $request, $context );

         $allowed = array_filter( $allowed, function( $field ) use ( $allowed_field_ids ) {
             return in_array( $field->ID, $allowed_field_ids, true );
         } );

         // Tack on additional fields if needed
         foreach ( array_diff( $allowed_field_ids, wp_list_pluck( $allowed, 'ID' ) ) as $field_id ) {
             $allowed[] = is_numeric( $field_id ) ? \GV\GF_Field::by_id( $view->form, $field_id ) : \GV\Internal_Field::by_id( $field_id );
         }

         $r = new Request( $request );
         $return = array();

         $renderer = new \GV\Field_Renderer();

         $used_ids = array();

         foreach ( $allowed as $field ) {
             $source = is_numeric( $field->ID ) ? $view->form : new \GV\Internal_Source();

             $field_id = $field->ID;
             $index = null;

             if ( ! isset( $used_ids[ $field_id ] ) ) {
                 $used_ids[ $field_id ] = 0;
             } else {
                 $index = ++$used_ids[ $field_id ];
             }

             if ( $index ) {
                 /**
                  * Modify non-unique IDs (custom, id, etc.) to be unique and not gobbled up.
                  */
                 $field_id = sprintf( '%s(%d)', $field_id, $index + 1 );
             }

             /**
              * @filter `gravityview/api/field/key` Filter the key name in the results for JSON output.
              * @param string $field_id The ID. Should be unique or keys will be gobbled up.
              * @param \GV\View $view The view.
              * @param \GV\Entry $entry The entry.
              * @param \WP_REST_Request $request Request object.
              * @param string $context The context (directory, single)
              */
             $field_id = apply_filters( 'gravityview/api/field/key', $field_id, $view, $entry, $request, $context );

             if ( ! $class && in_array( $field->ID, array( 'custom' ) ) ) {
                 /**
                  * Custom fields (and perhaps some others) will require rendering as they don't
                  * contain an intrinsic value (for custom their value is stored in the view and requires a renderer).
                  * We force the CSV template to take over in such cases, it's good enough for most cases.
                  */
                 $return[ $field_id ] = $renderer->render( $field, $view, $source, $entry, $r, '\GV\Field_CSV_Template' );
             } else if ( $class ) {
                 $return[ $field_id ] = $renderer->render( $field, $view, $source, $entry, $r, $class );
             } else {
                 switch ( $field->type ):
                     case 'list':
                         $return[ $field_id ] = unserialize( $field->get_value( $view, $source, $entry, $r ) );
                         break;
                     case 'fileupload':
                     case 'business_hours':
                         $return[ $field_id ] = json_decode( $field->get_value( $view, $source, $entry, $r ) );
                         break;
                     default;
                         $return[ $field_id ] = $field->get_value( $view, $source, $entry, $r );
                 endswitch;
             }
         }

         return $return;
     }

     /**
      * Get entries from a view
      *
      * Callback for /v1/views/{id}/entries/
      *
      * @since 2.0
      * @param \WP_REST_Request $request Full data about the request.
      * @return \WP_Error|\WP_REST_Response
      */
     public function get_sub_items( $request ) {

         $url     = $request->get_url_params();
         $view_id = intval( $url['id'] );
         $format  = \GV\Utils::get( $url, 'format', 'json' );

         if( $post_id = $request->get_param('post_id') ) {
             global $post;

             $post = get_post( $post_id );

             if ( ! $post || is_wp_error( $post ) ) {
                 return new \WP_Error( 'gravityview-post-not-found', sprintf( 'A post with ID #%d was not found.', $post_id ) );
             }

             $collection = \GV\View_Collection::from_post( $post );

             if ( ! $collection->contains( $view_id ) ) {
                 return new \WP_Error( 'gravityview-post-not-contains', sprintf( 'The post with ID #%d does not contain a View with ID #%d', $post_id, $view_id ) );
             }
         }

         $view = \GV\View::by_id( $view_id );

         if ( 'html' === $format ) {

             $renderer = new \GV\View_Renderer();
             $count = $total = 0;

             /** @var \GV\Template_Context $context */
             add_action( 'gravityview/template/view/render', function( $context ) use ( &$count, &$total ) {
                 $count = $context->entries->count();
                 $total = $context->entries->total();
             } );

             $output = $renderer->render( $view, new Request( $request ) );

             /**
              * @filter `gravityview/rest/entries/html/insert_meta` Whether to include `http-equiv` meta tags in the HTML output describing the data
              * @since 2.0
              * @param bool $insert_meta Add <meta> tags? [Default: true]
              * @param int $count The number of entries being rendered
              * @param \GV\View $view The view.
              * @param \WP_REST_Request $request Request object.
              * @param int $total The number of total entries for the request
              */
             $insert_meta = apply_filters( 'gravityview/rest/entries/html/insert_meta', true, $count, $view, $request, $total );

             if ( $insert_meta ) {
                 $output = '<meta http-equiv="X-Item-Count" content="' . $count . '" />' . $output;
                 $output = '<meta http-equiv="X-Item-Total" content="' . $total . '" />' . $output;
             }

             $response = new \WP_REST_Response( $output, 200 );
             $response->header( 'X-Item-Count', $count );
             $response->header( 'X-Item-Total', $total );

             return $response;
         }

         $entries = $view->get_entries( new Request( $request ) );

         if ( ! $entries->all() ) {
             return new \WP_Error( 'gravityview-no-entries', __( 'No Entries found.', 'gk-gravityview' ) );
         }

         if ( in_array( $format, array( 'csv', 'tsv' ), true ) ) {

             ob_start();

             $csv_or_tsv = fopen( 'php://output', 'w' );

             /** Da' BOM :) */
             if ( apply_filters( 'gform_include_bom_export_entries', true, $view->form ? $view->form->form : null ) ) {
                 fputs( $csv_or_tsv, "\xef\xbb\xbf" );
             }

             $headers_done = false;

             // If not "tsv" then use comma
             $delimiter = ( 'tsv' === $format ) ? "\t" : ',';

             foreach ( $entries->all() as $entry ) {
                 $entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory', '\GV\Field_CSV_Template' );

                 if ( ! $headers_done ) {
                     $headers_done = fputcsv( $csv_or_tsv, array_map( array( '\GV\Utils', 'strip_excel_formulas' ), array_keys( $entry ) ), $delimiter );
                 }

                 fputcsv( $csv_or_tsv, array_map( array( '\GV\Utils', 'strip_excel_formulas' ), $entry ), $delimiter );
             }

             $response = new \WP_REST_Response( '', 200 );
             $response->header( 'X-Item-Count', $entries->count() );
             $response->header( 'X-Item-Total', $entries->total() );
             $response->header( 'Content-Type', 'text/' . $format );

             fflush( $csv_or_tsv );

             $data = rtrim( ob_get_clean() );

             add_filter( 'rest_pre_serve_request', function() use ( $data ) {
                 echo $data;
                 return true;
             } );

             if ( defined( 'DOING_GRAVITYVIEW_TESTS' ) && DOING_GRAVITYVIEW_TESTS ) {
                 echo $data; // rest_pre_serve_request is not called in tests
             }

             return $response;
         }

         $data = array( 'entries' => $entries->all(), 'total' => $entries->total() );

         foreach ( $data['entries'] as &$entry ) {
             $entry = $this->prepare_entry_for_response( $view, $entry, $request, 'directory' );
         }

         return new \WP_REST_Response( $data, 200 );
     }

     /**
      * Get one entry from view
      *
      * Callback for /v1/views/{id}/entries/{id}/
      *
      * @uses GVCommon::get_entry
      * @since 2.0
      * @param \WP_REST_Request $request Full data about the request.
      * @return \WP_Error|\WP_REST_Response
      */
     public function get_sub_item( $request ) {
         $url      = $request->get_url_params();
         $view_id  = intval( $url['id'] );
         $entry_id = intval( $url['s_id'] );
         $format   = \GV\Utils::get( $url, 'format', 'json' );

         $view  = \GV\View::by_id( $view_id );
         $entry = \GV\GF_Entry::by_id( $entry_id );

         if ( $format === 'html' ) {
             $renderer = new \GV\Entry_Renderer();
             return $renderer->render( $entry, $view, new Request( $request ) );
         }

         return $this->prepare_entry_for_response( $view, $entry, $request, 'single' );
     }

     /**
      * Prepare the item for the REST response
      *
      * @since 2.0
      * @param \WP_Post $view_post WordPress representation of the item.
      * @param \WP_REST_Request $request Request object.
      * @return mixed
      */
     public function prepare_view_for_response( $view_post, \WP_REST_Request $request ) {
         if ( is_wp_error( $this->get_item_permissions_check( $request, $view_post->ID ) ) ) {
             // Redacted out view.
             return array( 'ID' => $view_post->ID, 'post_content' => __( 'You are not allowed to access this content.', 'gk-gravityview' ) );
         }

         $view = \GV\View::from_post( $view_post );

         $item = $view->as_data();

         // Add all the WP_Post data
         $view_post = $view_post->to_array();

         unset( $view_post['to_ping'], $view_post['ping_status'], $view_post['pinged'], $view_post['post_type'], $view_post['filter'], $view_post['post_category'], $view_post['tags_input'], $view_post['post_content'], $view_post['post_content_filtered'] );

         $return = wp_parse_args( $item, $view_post );

         $return['title'] = $return['post_title'];

         $return['settings'] = isset( $return['atts'] ) ? $return['atts'] : array();
         unset( $return['atts'], $return['view_id'] );

         $return['search_criteria'] = array(
             'page_size' => rgars( $return, 'settings/page_size' ),
             'sort_field' => rgars( $return, 'settings/sort_field' ),
             'sort_direction' => rgars( $return, 'settings/sort_direction' ),
             'offset' => rgars( $return, 'settings/offset' ),
         );

         unset( $return['settings']['page_size'], $return['settings']['sort_field'], $return['settings']['sort_direction'] );

         // Redact for non-logged ins
         if ( ! \GVCommon::has_cap( 'edit_others_gravityviews' ) ) {
             unset( $return['settings'] );
             unset( $return['search_criteria'] );
         }

         if ( ! \GFCommon::current_user_can_any( 'gravityforms_edit_forms' ) ) {
             unset( $return['form'] );
         }

         return $return;
     }

     /**
      * @param \WP_REST_Request $request
      *
      * @return bool|\WP_Error
      */
     public function get_item_permissions_check( $request ) {
         if ( func_num_args() === 2 ) {
             $view_id = func_get_arg( 1 ); // $view_id override
         } else {
             $url     = $request->get_url_params();
             $view_id = intval( $url['id'] );
         }

         if ( ! $view = \GV\View::by_id( $view_id ) ) {
             return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gk-gravityview' ) );
         }

         while ( $error = $view->can_render( array( 'rest' ), $request ) ) {

             if ( ! is_wp_error( $error ) ) {
                 break;
             }

             switch ( str_replace( 'gravityview/', '', $error->get_error_code() ) ) {
                 case 'rest_disabled':
                 case 'post_password_required':
                 case 'not_public':
                 case 'embed_only':
                 case 'no_direct_access':
                     return new \WP_Error( 'rest_forbidden_access_denied', __( 'You are not allowed to access this content.', 'gk-gravityview' ) );
                 case 'no_form_attached':
                     return new \WP_Error( 'rest_forbidden_no_form_attached', __( 'This View is not configured properly.', 'gk-gravityview' ) );
                 default:
                     return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gk-gravityview' ) );
             }
         }

         /**
          * @filter `gravityview/view/output/rest` Disable rest output. Final chance.
          * @param bool Enable or not.
          * @param \GV\View $view The view.
          */
         if ( ! apply_filters( 'gravityview/view/output/rest', true, $view ) ) {
             return new \WP_Error( 'rest_forbidden', __( 'You are not allowed to access this content.', 'gk-gravityview' ) );
         }

         return true;
     }

     public function get_sub_item_permissions_check( $request ) {
         // Accessing a single entry needs the View access permissions.
         if ( is_wp_error( $error = $this->get_items_permissions_check( $request ) ) ) {
             return $error;
         }

         $url     = $request->get_url_params();
         $view_id = intval( $url['id'] );
         $entry_id = intval( $url['s_id'] );

         $view = \GV\View::by_id( $view_id );

         if ( ! $entry = \GV\GF_Entry::by_id( $entry_id ) ) {
             return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
         }

         if ( $entry['form_id'] != $view->form->ID ) {
             return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
         }

         if ( $entry['status'] != 'active' ) {
             return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
         }

         if ( apply_filters( 'gravityview_custom_entry_slug', false ) && $entry->slug != get_query_var( \GV\Entry::get_endpoint_name() ) ) {
             return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
         }

         $is_admin_and_can_view = $view->settings->get( 'admin_show_all_statuses' ) && \GVCommon::has_cap('gravityview_moderate_entries', $view->ID );

         if ( $view->settings->get( 'show_only_approved' ) && ! $is_admin_and_can_view ) {
             if ( ! \GravityView_Entry_Approval_Status::is_approved( gform_get_meta( $entry->ID, \GravityView_Entry_Approval::meta_key ) )  ) {
                 return new \WP_Error( 'rest_forbidden', 'You are not allowed to view this content.', 'gravityview' );
             }
         }

         return true;
     }

     public function get_items_permissions_check( $request ) {
         // Getting a list of all Views is always possible.
         return true;
     }

     public function get_sub_items_permissions_check( $request ) {
         // Accessing all entries of a View needs the same permissions as accessing the View.
         return $this->get_item_permissions_check( $request );
     }
 }
$url
$url
Definition: post_image.php:25

GV\REST\Views_Route\get_sub_item_permissions_check
get_sub_item_permissions_check( $request)
Definition: class-gv-rest-views-route.php:461

GV\REST\Views_Route\prepare_entry_for_response
prepare_entry_for_response( $view, $entry, \WP_REST_Request $request, $context, $class=null)
Prepare the item for the REST response.
Definition: class-gv-rest-views-route.php:112

GV\REST
Definition: class-gv-request-rest.php:2

GV\REST\Views_Route
If this file is called directly, abort.
Definition: class-gv-rest-views-route.php:18

GV\REST\Views_Route\get_items
get_items( $request)
Get a collection of views.
Definition: class-gv-rest-views-route.php:47

$format
if(gv_empty( $field['value'], false, false)) $format
Definition: gquiz_percent.php:21

GV

$class
$class
Definition: entry_approval.php:24

GV\REST\Views_Route\get_sub_items_permissions_check
get_sub_items_permissions_check( $request)
Definition: class-gv-rest-views-route.php:505

$entries
$entries
Definition: other_entries.php:57

GV\REST\Views_Route\prepare_view_for_response
prepare_view_for_response( $view_post, \WP_REST_Request $request)
Prepare the item for the REST response.
Definition: class-gv-rest-views-route.php:368

GV\REST\Views_Route\get_items_permissions_check
get_items_permissions_check( $request)
Definition: class-gv-rest-views-route.php:500

GV\REST\Route
If this file is called directly, abort.
Definition: class-gv-rest-route.php:18

GV\View_Collection\from_post
static from_post(\WP_Post $post)
Get a list of  objects inside the supplied .
Definition: class-gv-collection-view.php:87

$view_id
$view_id
Definition: delete_link.php:10

$post
global $post
Definition: delete-entry.php:7

GV\GF_Field\by_id
static by_id( $form, $field_id)
Get a  by  and Field ID.
Definition: class-gv-field-gravityforms.php:59

$field
$field
Definition: search-field-chainedselect.php:29

GV\Entry\get_endpoint_name
static get_endpoint_name()
Return the endpoint name for a single Entry.
Definition: class-gv-entry.php:63

GV\REST\Views_Route\get_item
get_item( $request)
Get one view.
Definition: class-gv-rest-views-route.php:81

GV\REST\Request
If this file is called directly, abort.
Definition: class-gv-request-rest.php:12

GV\View\by_id
static by_id( $post_id)
Construct a  instance from a post ID.
Definition: class-gv-view.php:818

GV\REST\Views_Route\get_sub_item
get_sub_item( $request)
Get one entry from view.
Definition: class-gv-rest-views-route.php:343

GV\REST\Route\get_sub_items
get_sub_items( $request)
Get a collection of items.
Definition: class-gv-rest-route.php:264

GV\Internal_Field\by_id
static by_id( $field_id)
Get a  from an internal Gravity Forms field ID.
Definition: class-gv-field-internal.php:51

endswitch
endswitch
Definition: field-created_by-html.php:48

$output
$output
Definition: edit_link.php:18

GV\REST\Views_Route\$sub_type
$sub_type
Definition: class-gv-rest-views-route.php:36

GV\Utils\get
static get( $array, $key, $default=null)
Grab a value from an array or an object or default.
Definition: class-gv-utils.php:72

GV\REST\Views_Route\$route_name
$route_name
Route Name.
Definition: class-gv-rest-views-route.php:27

GV\GF_Entry\by_id
static by_id( $entry_id, $form_id=0)
Construct a  instance by ID.
Definition: class-gv-entry-gravityforms.php:42

GravityView_Entry_Approval_Status\is_approved
static is_approved( $status)
Definition: class-gravityview-entry-approval-status.php:177

GVCommon\has_cap
static has_cap( $caps='', $object_id=null, $user_id=null)
Alias of GravityView_Roles_Capabilities::has_cap()
Definition: class-common.php:77

$entry
$entry
Definition: notes.php:27

$field_id
if(false !==strpos( $value, '00:00')) $field_id
string $field_id ID of the field being displayed
Definition: time.php:22

GVCommon\get_all_views
static get_all_views( $args=array())
Get all existing Views.
Definition: class-common.php:114

GV\REST\Views_Route\get_item_permissions_check
get_item_permissions_check( $request)
Definition: class-gv-rest-views-route.php:417

GV\View\from_post
static from_post( $post)
Construct a  instance from a .
Definition: class-gv-view.php:689

GravityView_Entry_Approval\meta_key
const meta_key
Definition: class-gravityview-entry-approval.php:28