Include "args" argument in the registered rest routes for boxes/fields.

jtsternberg · jtsternberg · commit d4152459c55d · 2016-10-22T22:12:06.000-04:00
This enables better discovery in the schema, and also handles the
required parameters for us for the DELETE endpoint.
diff --git a/includes/CMB2_REST_Controller_Boxes.php b/includes/CMB2_REST_Controller_Boxes.php
@@ -45,24 +45,39 @@ public function __construct( WP_REST_Server $wp_rest_server ) {
 	 * @since 2.2.4
 	 */
 	public function register_routes() {
+		$args = array(
+			'_embed' => array(
+				'description' => __( 'Includes the registered fields for the box in the response.', 'cmb2' ),
+			),
+			'_rendered' => array(
+				'description' => __( 'Includes the fully rendered attributes, \'form_open\', \'form_close\', as well as the enqueued \'js_dependencies\' script handles, and \'css_dependencies\' stylesheet handles.', 'cmb2' ),
+			),
+		);
+
+		// @todo determine what belongs in the context param.
+		// $args['context'] = $this->get_context_param();
+		// $args['context']['required'] = false;
+		// $args['context']['default'] = 'view';
+		// $args['context']['enum'] = array( 'view', 'embed' );
 
 		// Returns all boxes data.
 		register_rest_route( $this->namespace, '/' . $this->rest_base, array(
 			array(
 				'methods'             => WP_REST_Server::READABLE,
 				'callback'            => array( $this, 'get_items' ),
 				'permission_callback' => array( $this, 'get_items_permissions_check' ),
-				'args'                => $this->get_collection_params(),
+				'args'                => $args,
 			),
 			'schema' => array( $this, 'get_item_schema' ),
 		) );
 
 		// Returns specific box's data.
 		register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<cmb_id>[\w-]+)', array(
 			array(
-				'methods'  => WP_REST_Server::READABLE,
-				'callback' => array( $this, 'get_item' ),
+				'methods'             => WP_REST_Server::READABLE,
+				'callback'            => array( $this, 'get_item' ),
 				'permission_callback' => array( $this, 'get_item_permissions_check' ),
+				'args'                => $args,
 			),
 			'schema' => array( $this, 'get_item_schema' ),
 		) );
diff --git a/includes/CMB2_REST_Controller_Fields.php b/includes/CMB2_REST_Controller_Fields.php
@@ -22,34 +22,56 @@ class CMB2_REST_Controller_Fields extends CMB2_REST_Controller_Boxes {
 	 * @since 2.2.4
 	 */
 	public function register_routes() {
+		$args = array(
+			'_embed' => array(
+				'description' => __( 'Includes the box object which the fields are registered to in the response.', 'cmb2' ),
+			),
+			'_rendered' => array(
+				'description' => __( 'When the \'rendered\' argument is passed, the renderable field attributes will be returned fully rendered. By default, the names of the callback handers for the renderable attributes will be returned.', 'cmb2' ),
+			),
+			'object_id' => array(
+				'description' => __( 'To view or modify the field\'s value, the \'object_id\' and \'object_type\' arguments are required.', 'cmb2' ),
+			),
+			'object_type' => array(
+				'description' => __( 'To view or modify the field\'s value, the \'object_id\' and \'object_type\' arguments are required.', 'cmb2' ),
+			),
+		);
 
 		// Returns specific box's fields.
 		register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<cmb_id>[\w-]+)/fields/', array(
 			array(
-				'methods'  => WP_REST_Server::READABLE,
-				'callback' => array( $this, 'get_items' ),
+				'methods'             => WP_REST_Server::READABLE,
+				'callback'            => array( $this, 'get_items' ),
 				'permission_callback' => array( $this, 'get_items_permissions_check' ),
+				'args'                => $args,
 			),
 			'schema' => array( $this, 'get_item_schema' ),
 		) );
 
+		$delete_args = $args;
+		$delete_args['object_id']['required'] = true;
+		$delete_args['object_type']['required'] = true;
+
 		// Returns specific field data.
 		register_rest_route( $this->namespace, '/' . $this->rest_base . '/(?P<cmb_id>[\w-]+)/fields/(?P<field_id>[\w-]+)', array(
 			array(
-				'methods'  => WP_REST_Server::READABLE,
-				'callback' => array( $this, 'get_item' ),
+				'methods'             => WP_REST_Server::READABLE,
+				'callback'            => array( $this, 'get_item' ),
 				'permission_callback' => array( $this, 'get_item_permissions_check' ),
+				'args'                => $args,
 			),
 			array(
-				'methods'  => WP_REST_Server::EDITABLE,
-				'callback' => array( $this, 'update_field_value' ),
-				'args'     => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
+				'methods'             => WP_REST_Server::EDITABLE,
+				'callback'            => array( $this, 'update_field_value' ),
+				'args'                => $this->get_endpoint_args_for_item_schema( WP_REST_Server::EDITABLE ),
 				'permission_callback' => array( $this, 'update_field_value_permissions_check' ),
+				'args'                => $args,
 			),
 			array(
-				'methods'  => WP_REST_Server::DELETABLE,
-				'callback' => array( $this, 'delete_field_value' ),
+				'methods'             => WP_REST_Server::DELETABLE,
+				'callback'            => array( $this, 'delete_field_value' ),
 				'permission_callback' => array( $this, 'delete_field_value_permissions_check' ),
+				'args'                => $delete_args,
 			),
 			'schema' => array( $this, 'get_item_schema' ),
 		) );
diff --git a/tests/test-cmb-rest-controllers.php b/tests/test-cmb-rest-controllers.php
@@ -130,7 +130,7 @@ public function test_read_box_field() {
 		$this->assertResponseStatuses( $url, array(
 			'GET' => 200,
 			'POST' => array( 403 => 'rest_forbidden' ),
-			'DELETE' => array( 403 => 'rest_forbidden' ),
+			'DELETE' => array( 400 => 'rest_missing_callback_param' ),
 		) );
 
 		$mb = $this->metabox_array;
@@ -145,7 +145,7 @@ public function test_read_box_field() {
 		$this->assertResponseStatuses( $url, array(
 			'GET' => array( 403 => 'cmb2_rest_no_field_by_id_error' ),
 			'POST' => array( 403 => 'rest_forbidden' ),
-			'DELETE' => array( 403 => 'rest_forbidden' ),
+			'DELETE' => array( 400 => 'rest_missing_callback_param' ),
 		) );
 	}
 
@@ -155,8 +155,13 @@ public function test_read_box_field_filter() {
 		$this->assertResponseStatuses( $url, array(
 			'GET' => array( 403 => 'rest_forbidden' ),
 			'POST' => array( 403 => 'rest_forbidden' ),
-			'DELETE' => array( 403 => 'rest_forbidden' ),
+			'DELETE' => array( 400 => 'rest_missing_callback_param' ),
 		) );
+
+		$request = new WP_REST_Request( 'DELETE', $url );
+		$request['object_id'] = $this->post_id;
+		$request['object_type'] = 'post';
+		$this->assertResponseStatus( 403, rest_do_request( $request ), 'rest_forbidden' );
 	}
 
 	/**
@@ -268,19 +273,22 @@ public function test_delete_bad_request_for_admin() {
 		$url = '/' . CMB2_REST::NAME_SPACE . '/boxes/test/fields/rest_test';
 		$request = new WP_REST_Request( 'DELETE', $url );
 		$response = rest_do_request( $request );
-		$this->assertResponseStatus( 400, $response, 'cmb2_rest_modify_field_value_error' );
+		$this->assertResponseStatus( 400, $response, 'rest_missing_callback_param' );
 		$this->assertResponseData( array(
-			'code'    => 'cmb2_rest_modify_field_value_error',
-			'message' => __( 'CMB2 Field value cannot be modified without the object_id and object_type parameters specified.', 'cmb2' ),
+			'code'    => 'rest_missing_callback_param',
+			'message' => 'Missing parameter(s): object_id, object_type',
 			'data'    => array(
 				'status' => 400,
+				'params' => array(
+					'object_id',
+					'object_type',
+				),
 			),
 		), $response );
 
-
 		$request['object_id'] = $this->post_id;
 		$response = rest_do_request( $request );
-		$this->assertResponseStatus( 400, $response, 'cmb2_rest_modify_field_value_error' );
+		$this->assertResponseStatus( 400, $response, 'rest_missing_callback_param' );
 	}
 
 	public function test_delete_authorized_for_admin() {
