All permission check methods are called on request

Question

Requesting the create_item() method in my custom rest-controller::WP_REST_CONTROLLER all registered and implementd permission-callbacks are called. Echo the name of the permission-callback in the begin of the methods I get the following response in Postman:

  • create_item_permissions_check
  • create_item_permissions_check
  • update_item_permissions_check
  • update_item_permissions_check
  • update_item_permissions_check
  • delete_item_permissions_check

I don’t call them directly in the code.
Routes with the permission-callbacks are registered as follows:

register_rest_route( 
            $this->namespace,
            '/' . $this->resource_name , 
            array(
                // Here we register the readable endpoint for collections.
                array(
                    'methods'   => WP_REST_Server::CREATABLE,
                    'callback'  => array( $this, 'create_item' ),
                    'permission_callback' => array( $this, 'create_item_permissions_check' ),
                ),
                // Register our schema callback.
                'schema' => array( $this, 'get_item_schema' ),
    ) );
    register_rest_route( 
            $this->namespace,
            '/' . $this->resource_name , 
            array(
                // Here we register the readable endpoint for collections.
                array(
                    'methods'   => WP_REST_Server::EDITABLE,
                    'callback'  => array( $this, 'update_item' ),
                    'permission_callback' => array( $this, 'update_item_permissions_check' ),
                ),
                // Register our schema callback.
                'schema' => array( $this, 'get_item_schema' ),
    ) );
    register_rest_route( 
            $this->namespace,
            '/' . $this->resource_name , 
            array(
                // Here we register the readable endpoint for one user.
                array(
                    'methods'   => WP_REST_Server::DELETABLE,
                    'callback'  => array( $this, 'delete_item' ),
                    'permission_callback' => array( $this, 'delete_item_permissions_check' ),
                ),
                // Register our schema callback.
                'schema' => array( $this, 'get_item_schema' ),
    ) );
    register_rest_route( 
            $this->namespace,
            '/' . $this->resource_name . '/(?P<id>[d]+)', 
            array(
                // Here we register the readable endpoint for collections.
                array(
                    'methods'   => WP_REST_Server::READABLE,
                    'callback'  => array( $this, 'get_item' ),
                    'permission_callback' => array( $this, 'get_item_permissions_check' ),
                ),
                // Register our schema callback.
                'schema' => array( $this, 'get_item_schema' ),
    ) );

I’m Ok with calling create_item_permission_check twice, but why are update- and delete_item-checks called as well?
This doesn’t breakes the code, it works as it should, even if those checks fail, but they shouldn’t be called as far as I understand.

0
user12030 2 years 2019-10-22T04:24:40-05:00 0 Answers 96 views 0

Leave an answer

Browse
Browse