1 <?php
  2 
  3 /**
  4  * WC REST API Class
  5  *
  6  * @class    WC_POS_API
  7  * @package  WooCommerce POS
  8  * @author   Paul Kilmurray <paul@kilbot.com.au>
  9  * @link     http://www.woopos.com.au
 10  */
 11 
 12 namespace WC_POS;
 13 
 14 class API {
 15 
 16   /**
 17    *
 18    */
 19   public function __construct() {
 20 
 21     // remove wc api authentication
 22     // - relies on ->api and ->authentication being publicly accessible
 23     if( isset( WC()->api ) && isset( WC()->api->authentication ) ){
 24       remove_filter( 'woocommerce_api_check_authentication', array( WC()->api->authentication, 'authenticate' ), 0 );
 25     }
 26 
 27     // support for X-HTTP-Method-Override for WC < 2.4
 28     if( version_compare( WC()->version, '2.4', '<' ) && isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']) ){
 29       $_GET['_method'] = $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'];
 30     }
 31 
 32     add_filter( 'woocommerce_api_classes', array( $this, 'api_classes' ) );
 33     add_filter( 'woocommerce_api_check_authentication', array( $this, 'wc_api_authentication' ), 10, 0 );
 34     add_filter( 'woocommerce_api_dispatch_args', array( $this, 'dispatch_args'), 10, 2 );
 35     add_filter( 'woocommerce_api_query_args', array( $this, 'woocommerce_api_query_args' ), 10, 2 );
 36   }
 37 
 38   /**
 39    * Load API classes
 40    *
 41    * @param array $classes
 42    * @return array
 43    */
 44   public function api_classes( array $classes ){
 45 
 46     // common classes
 47     array_push(
 48       $classes,
 49       '\WC_POS\API\Products',
 50       '\WC_POS\API\Orders',
 51       '\WC_POS\API\Customers',
 52       '\WC_POS\API\Coupons',
 53       '\WC_POS\API\Payload',
 54       '\WC_POS\API\Params',
 55       '\WC_POS\API\i18n',
 56       '\WC_POS\API\Templates'
 57     );
 58 
 59     // frontend only
 60     if( current_user_can('access_woocommerce_pos') ){
 61       array_push( $classes, '\WC_POS\API\Gateways', '\WC_POS\API\Support' );
 62     }
 63 
 64     // admin only
 65     if( current_user_can('manage_woocommerce_pos') ){
 66       array_push( $classes, '\WC_POS\API\Settings' );
 67     }
 68 
 69     return $classes;
 70   }
 71 
 72 
 73   /**
 74    * Bypass authentication for WC REST API
 75    * @todo use OAuth, how to handle manage no access?
 76    *
 77    * @return WP_User object
 78    */
 79   public function wc_api_authentication() {
 80     global $current_user;
 81     $user = $current_user;
 82 
 83     if( user_can( $user->ID, 'access_woocommerce_pos' ) ) {
 84       return $user;
 85     }
 86 
 87     return new \WP_Error(
 88       'woocommerce_pos_authentication_error',
 89       __( 'User not authorized to access WooCommerce POS', 'woocommerce-pos' ),
 90       array( 'status' => 401 )
 91     );
 92   }
 93 
 94   /**
 95    * @todo this is a total hack, need to customise bb remote sync
 96    *
 97    * @param $args
 98    * @param $callback
 99    * @return mixed
100    */
101   public function dispatch_args($args, $callback){
102 
103     // note: using headers rather than query params, easier to manage through the js app
104     $args['wc_pos_admin'] = is_pos_admin();
105 
106     return $args;
107   }
108 
109   /**
110    * - this filter was introduced in WC 2.3
111    * @param $args
112    * @param $request_args
113    * @return mixed
114    */
115   public function woocommerce_api_query_args($args, $request_args){
116 
117     // required for compatibility WC < 2.3.5
118     if ( ! empty( $request_args['in'] ) ) {
119       $args['post__in'] = explode(',', $request_args['in']);
120       unset( $request_args['in'] );
121     }
122 
123     // required for compatibility WC < 2.4
124     if ( ! empty( $request_args['not_in'] ) ) {
125       $args['post__not_in'] = explode(',', $request_args['not_in']);
126       unset( $request_args['not_in'] );
127     }
128 
129     /**
130      * This is a safe guard against overloading the POS
131      * - some theme developers use pre_get_posts to alter the no. of posts/products
132      * - $query->set( 'posts_per_page', LARGE/-1 ) will grind the POS to a halt
133      * - ensure the default is 10, unless specifically requested by the POS
134      */
135     if( empty( $args['posts_per_page'] ) ){
136       $args['posts_per_page'] = 10;
137     }
138 
139     // remove relevanssi
140     remove_filter('posts_request', 'relevanssi_prevent_default_request');
141     remove_filter('the_posts', 'relevanssi_query');
142 
143     return $args;
144   }
145 
146   /**
147    * Raw payload
148    * @return array|mixed|string
149    */
150   static public function get_raw_data() {
151     global $HTTP_RAW_POST_DATA;
152     if ( !isset( $HTTP_RAW_POST_DATA ) ) {
153       $HTTP_RAW_POST_DATA = trim(file_get_contents('php://input'));
154     }
155     return json_decode( $HTTP_RAW_POST_DATA, true);
156   }
157 
158 }

API documentation generated by ApiGen