39 lines
1.3 KiB
PHP
39 lines
1.3 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
if ( ! defined( 'ABSPATH' ) ) {
|
||
|
|
exit; // Exit if accessed directly.
|
||
|
|
}
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Authorization policy for the reservations/v1 REST API.
|
||
|
|
*
|
||
|
|
* Every route's `permission_callback` references one of these tiers so the
|
||
|
|
* intended audience is visible at the route definition:
|
||
|
|
*
|
||
|
|
* - admin(): requires the manage_reservations capability (see RsvCapabilities).
|
||
|
|
* - open(): genuinely public, OR a capability URL whose secret is validated
|
||
|
|
* inside the handler itself (confirmation codes, the Google webhook,
|
||
|
|
* the OAuth callback). Any `open()` route that is not fully public
|
||
|
|
* MUST authorise its caller from the request.
|
||
|
|
*/
|
||
|
|
final class RsvRestPolicy {
|
||
|
|
/** Administrative endpoints: managing timetables, capacities, forms, reservations. */
|
||
|
|
public static function admin(): bool|WP_Error {
|
||
|
|
if ( current_user_can( RsvCapabilities::MANAGE ) ) {
|
||
|
|
return true;
|
||
|
|
}
|
||
|
|
|
||
|
|
return new WP_Error(
|
||
|
|
'rsv_forbidden',
|
||
|
|
__( 'Sorry, you are not allowed to do that.', 'reservair' ),
|
||
|
|
// 401 when logged out, 403 when logged in but under-privileged.
|
||
|
|
[ 'status' => rest_authorization_required_code() ]
|
||
|
|
);
|
||
|
|
}
|
||
|
|
|
||
|
|
/** Public endpoints, and capability URLs validated inside the handler. */
|
||
|
|
public static function open(): bool {
|
||
|
|
return true;
|
||
|
|
}
|
||
|
|
}
|