The menu, menu item, and menu location endpoints were added to the REST API in [52079]. In that commit, menu data was treated as private and restricted to logged-in users with the edit_theme_options capability. However, in many cases, this data can be considered public. Previously, there was no simple way for developers to allow this data to be exposed via the REST API.
This commit introduces the rest_menu_read_access filter, enabling developers to control read access to menus, menu items, and menu locations in the REST API. The same filter is applied across all three REST API classes, simplifying the process of opting into exposing this data.
Each instance of the filter provides the current request and the relevant class instance as context, allowing developers to selectively or globally enable access to the data.
Props spacedmonkey, antonvlasenko, kadamwhite, julianmar, masteradhoc.
Fixes#54304.
Built from https://develop.svn.wordpress.org/trunk@59718
git-svn-id: http://core.svn.wordpress.org/trunk@59060 1a063a9b-81f0-0310-95a4-ce76da25c4cd
When using the /posts or /pages endpoints, for private posts or pages, you get the following title property: { raw: "Some title", rendered: "Private: Some title" }
this commit removes the prefix from rendered private posts titles (just like what we do for protected posts)
Props youknowriad, swissspidy, timothyblynjacobs, sergeybiryukov, ramonopoly.
Fixes#61639.
Built from https://develop.svn.wordpress.org/trunk@58783
git-svn-id: http://core.svn.wordpress.org/trunk@58185 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Do not call the `prepare_links` methods in core REST API controllers, unless the `_links` or `_embedded` fields are requested. There is no need to prepare links if they are never returned in the response. This saves resources, as many calls to `prepare_links` methods perform database queries.
Props Spacedmonkey, timothyblynjacobs, rachelbaker, desrosj, dlh, hellofromTonya.
Fixes#52992.
Built from https://develop.svn.wordpress.org/trunk@53760
git-svn-id: http://core.svn.wordpress.org/trunk@53319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Add a new parameter to `WP_Query` called `update_menu_item_cache` that when set to true, primes the caches for linked terms and posts for menu item post objects. This change moves logic
found in `wp_get_nav_menu_items` into a new function called `update_menu_item_cache`. Update the menu item REST API controller, to pass the `update_menu_item_cache` parameter to the
arguments used for the `WP_Query` run to get menu items.
Props furi3r, TimothyBlynJacobs, spacedmonkey, peterwilsoncc, mitogh.
Fixes#55620.
--This line, and those below, will be ignored--
M src/wp-includes/class-wp-query.php
M src/wp-includes/nav-menu.php
M src/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php
M tests/phpunit/tests/post/nav-menu.php
Built from https://develop.svn.wordpress.org/trunk@53504
git-svn-id: http://core.svn.wordpress.org/trunk@53093 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This aims to improve performance by calling `sanitize_url()` directly, instead of the `esc_url_raw()` wrapper. As of WordPress 6.1, `sanitize_url()` is the recommended function for sanitizing a URL for database or redirect usage.
Follow-up to [11383], [13096], [51597], [53452].
Props benjgrolleau, peterwilsoncc, SergeyBiryukov.
Fixes#55852.
Built from https://develop.svn.wordpress.org/trunk@53455
git-svn-id: http://core.svn.wordpress.org/trunk@53044 1a063a9b-81f0-0310-95a4-ce76da25c4cd
In the new menu items, global items and template controllers manually call the function `wp_after_insert_post()` to manually fire the action of the same name after all potential data is updated.
This accounts for the use case in which a theme or plugin developer has modified the endpoints use of either taxonomy or meta data.
The new parameter `$fire_after_hooks` is added to `wp_update_nav_menu_item()` to control whether the `wp_after_insert_post` action is fired when it in turn calls `wp_insert_post()`.
Props spacedmonkey, peterwilsoncc, zieladam.
Fixes#54536.
Built from https://develop.svn.wordpress.org/trunk@52276
git-svn-id: http://core.svn.wordpress.org/trunk@51868 1a063a9b-81f0-0310-95a4-ce76da25c4cd
The menu items REST API controller was added in [52079]. This included functionality to add a "block" menu item type. This functionality is experimental and not currently used in WordPress core, so should be removed.
Props noisysocks.
See #40878.
Built from https://develop.svn.wordpress.org/trunk@52184
git-svn-id: http://core.svn.wordpress.org/trunk@51776 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit introduces the `/wp/v2/menus`, `/wp/v2/menu-items` and `/wp/v2/menu-locations` REST API endpoints. These endpoints are fully available to users with the `edit_theme_options` capability, but can be read by any user who can edit a REST API available post type.
The `nav_menu` taxonomy and `nav_menu_item` post type now map their capabilities to the `edit_theme_options` primitive capability. This allows developers to provide more fine-grained access control. However, if a developer is currently dynamically removing the `edit_theme_options` capability using `map_meta_cap`, they should use the `user_has_cap` filter instead.
The `wp_update_nav_menu_item()` function has been adjusted to return an error if saving the menu item post or assigning the menu item to a menu generate an error.
Lastly, a new menu item type is introduced, `block`, that can be used to store a Block as a menu item.
Props andraganescu, antonvlasenko, dingo_d, dlh, isabel_brison, kadamwhite, Mamaduka, NateWr, noisysocks, peterwilsoncc, ryelle, schlessera, soean, Spacedmonkey, talldanwp, TimothyBlynJacobs, tobifjellner, westonruter, wpscholar, zieladam.
Fixes#40878.
Built from https://develop.svn.wordpress.org/trunk@52079
git-svn-id: http://core.svn.wordpress.org/trunk@51671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
