Disable REST API - Version v1.7

Version Description

Release Info

Developer	dmchale
Plugin	Disable REST API
Version	v1.7
Comparing to
See all releases

Code changes from version v1.6 to v1.7

Files changed (5) hide show

admin.php +7 -7
classes/disable-rest-api.php +9 -10
css/admin.css +6 -6
disable-json-api.php +1 -1
readme.txt +8 -2

admin.php CHANGED Viewed

	@@ -1,17 +1,17 @@
1	<div class="wrap">
2	- <h1><?php ~~echo esc_html__~~( "Disable REST API", "disable-json-api" ); ?></h1>
3	<?php settings_errors( 'DRA-notices' ); ?>
4
5	- <p><?php ~~echo esc_html__~~( "By default, this plugin ensures that the entire REST API is protected from non-authenticated users. You may use this page to specify which endpoints should be allowed to behave as normal.", "disable-json-api" ); ?></p>
6	<p>
7	- <strong><?php ~~echo esc_html__~~( "IMPORTANT NOTE:", "disable-json-api" ); ?></strong> <?php ~~echo esc_html__~~( "Checking a box merely restores default functionality to an endpoint. Other authentication and/or permissions may still be required for access, or other themes/plugins may also affect access to those endpoints.", "disable-json-api" ); ?>
8	</p>
9
10	<hr />
11
12	<div id="select-container">
13	- <?php ~~echo esc_html__~~( "Rules for", "disable-json-api" ); ?>: <select name="role" id="dra-role">
14	- <option value="none"><?php ~~echo esc_html__~~( "Unauthenticated Users", "disable-json-api" ); ?></option>
15	<?php
16	$role = ( isset( $_GET['role'] ) ) ? $_GET['role'] : 'none';
17	wp_dropdown_roles( $role );
	@@ -39,8 +39,8 @@
39	<div id="button-container">
40	<?php submit_button(); ?>
41	<input type="submit" name="reset" id="dra-reset-button"
42	- value="<?php ~~echo esc_attr__~~( "Reset Allowed List of Routes", "disable-json-api" ); ?>"
43	- onclick="return confirm('<?php ~~echo esc_attr__~~( "Are you sure you wish to reset all allowed routes for this user role?", "disable-json-api" ); ?>');">
44	</div>
45
46	</form>


1	<div class="wrap">
2	+ <h1><?php esc_html_e( "Disable REST API", "disable-json-api" ); ?></h1>
3	<?php settings_errors( 'DRA-notices' ); ?>
4
5	+ <p><?php esc_html_e( "By default, this plugin ensures that the entire REST API is protected from non-authenticated users. You may use this page to specify which endpoints should be allowed to behave as normal.", "disable-json-api" ); ?></p>
6	<p>
7	+ <strong><?php esc_html_e( "IMPORTANT NOTE:", "disable-json-api" ); ?></strong> <?php esc_html_e( "Checking a box merely restores default functionality to an endpoint. Other authentication and/or permissions may still be required for access, or other themes/plugins may also affect access to those endpoints.", "disable-json-api" ); ?>
8	</p>
9
10	<hr />
11
12	<div id="select-container">
13	+ <?php esc_html_e( "Rules for", "disable-json-api" ); ?>: <select name="role" id="dra-role">
14	+ <option value="none"><?php esc_html_e( "Unauthenticated Users", "disable-json-api" ); ?></option>
15	<?php
16	$role = ( isset( $_GET['role'] ) ) ? $_GET['role'] : 'none';
17	wp_dropdown_roles( $role );

39	<div id="button-container">
40	<?php submit_button(); ?>
41	<input type="submit" name="reset" id="dra-reset-button"
42	+ value="<?php esc_attr_e( "Reset Allowed List of Routes", "disable-json-api" ); ?>"
43	+ onclick="return confirm('<?php esc_attr_e( "Are you sure you wish to reset all allowed routes for this user role?", "disable-json-api" ); ?>');">
44	</div>
45
46	</form>

classes/disable-rest-api.php CHANGED Viewed

	@@ -8,7 +8,7 @@ class Disable_REST_API {
8
9	const MENU_SLUG = 'disable_rest_api_settings';
10	const CAPABILITY = 'manage_options';
11	- const VERSION = '1.6';
12
13	/**
14	* Stores 'disable-json-api/disable-json-api.php' typically
	@@ -98,6 +98,11 @@ class Disable_REST_API {
98	// If we have a definition for the current user's role
99	if ( isset( $current_options['roles'][$role] ) ) {
100





101	// See if this route is specifically allowed
102	$is_currentRoute_allowed = array_reduce( DRA_Helpers::get_allowed_routes( $role ), function ( $isMatched, $pattern ) use ( $currentRoute ) {
103	return $isMatched \|\| (bool) preg_match( '@^' . htmlspecialchars_decode( $pattern ) . '$@i', $currentRoute );
	@@ -114,11 +119,6 @@ class Disable_REST_API {
114	return false;
115	}
116
117	- // If the route has no definition, see if the role is set to allow unknown routes by default
118	- if ( true === $current_options['roles'][$role]['default_allow'] ) {
119	- return true;
120	- }
121	-
122	}
123
124	}
	@@ -188,10 +188,9 @@ class Disable_REST_API {
188	*/
189	public function admin_enqueues( $hook_suffix ) {
190	if ( $hook_suffix == 'settings_page_' . self::MENU_SLUG ) {
191	- ~~$enqueue_file_base~~ = ~~WP_PLUGIN_DIR~~ . '/' ~~. plugin_dir_path(~~ $this->base_file_path );
192	- ~~wp_enqueue_style~~( 'dra-admin-~~css~~', plugins_url( '~~css~~/admin.~~css~~', $this->base_file_path ), array(), ~~filemtime( $enqueue_file_base .~~ '~~css/admin.css~~' ), ~~'all'~~ );
193	- wp_enqueue_script( 'dra-admin-~~header~~', plugins_url( 'js/admin-~~header~~.js', $this->base_file_path ), array( 'jquery' ), ~~filemtime( $enqueue_file_base . 'js/admin-header.js' )~~, ~~false~~ );
194	- wp_enqueue_script( 'dra-admin-footer', plugins_url( 'js/admin-footer.js', $this->base_file_path ), array( 'jquery' ), filemtime( $enqueue_file_base . 'js/admin-footer.js' ), true );
195	}
196	}
197


8
9	const MENU_SLUG = 'disable_rest_api_settings';
10	const CAPABILITY = 'manage_options';
11	+ const VERSION = '1.7';
12
13	/**
14	* Stores 'disable-json-api/disable-json-api.php' typically

98	// If we have a definition for the current user's role
99	if ( isset( $current_options['roles'][$role] ) ) {
100
101	+ // If any role for this user is set to Allow Full REST API Access, return true automatically
102	+ if ( true === $current_options['roles'][$role]['default_allow'] ) {
103	+ return true;
104	+ }
105	+
106	// See if this route is specifically allowed
107	$is_currentRoute_allowed = array_reduce( DRA_Helpers::get_allowed_routes( $role ), function ( $isMatched, $pattern ) use ( $currentRoute ) {
108	return $isMatched \|\| (bool) preg_match( '@^' . htmlspecialchars_decode( $pattern ) . '$@i', $currentRoute );

119	return false;
120	}
121





122	}
123
124	}

188	*/
189	public function admin_enqueues( $hook_suffix ) {
190	if ( $hook_suffix == 'settings_page_' . self::MENU_SLUG ) {
191	+ wp_enqueue_style( 'dra-admin-css', plugins_url( 'css/admin.css', $this->base_file_path ), array(), self::VERSION, 'all' );
192	+ wp_enqueue_script( 'dra-admin-header', plugins_url( 'js/admin-header.js', $this->base_file_path ), array( 'jquery' ), self::VERSION, false );
193	+ wp_enqueue_script( 'dra-admin-footer', plugins_url( 'js/admin-footer.js', $this->base_file_path ), array( 'jquery' ), self::VERSION, true );

194	}
195	}
196

css/admin.css CHANGED Viewed

	@@ -3,11 +3,11 @@ h2 { display: inline; }
3	#route-container em { font-size: 0.8em; }
4	.switch { position: relative; display: inline-block; width: 38px; height: 20px; margin-right: 0.4em; }
5	.switch input { opacity: 0; width: 0; height: 0; }
6	- .slider { position: absolute; cursor: pointer; top: 0; left: 0; right: 0; bottom: 0; background-color: #ccc; -webkit-transition: .4s; transition: .4s; border-radius: 18px; display:inline; }
7	- .slider:before { position: absolute; content: ""; height: 14px; width: 14px; left: 4px; bottom: 3px; background-color: #fff; -webkit-transition: .4s; transition: .4s; border-radius: 50%; }
8	- input:checked + .slider { background-color: #~~2196F3~~; }
9	- input:focus + .slider { box-shadow: 0 0 1px #~~2196F3~~; }
10	- input:checked + .slider:before { -webkit-transform: translateX(16px); -ms-transform: translateX(16px); transform: translateX(16px); }
11	div#select-container, div#default-allow-container, div#route-container { padding: 1em 0 1em 0; }
12	div#route-container { display: none; }
13	- input#dra-reset-button { display: none; }


3	#route-container em { font-size: 0.8em; }
4	.switch { position: relative; display: inline-block; width: 38px; height: 20px; margin-right: 0.4em; }
5	.switch input { opacity: 0; width: 0; height: 0; }
6	+ .slider { position: absolute; cursor: pointer; top: 0; left: 0; right: 0; bottom: 0; background-color: #ccc; -webkit-transition: 0.4s; transition: 0.4s; border-radius: 18px; display:inline; }
7	+ .slider::before { position: absolute; content: ""; height: 14px; width: 14px; left: 4px; bottom: 3px; background-color: #fff; -webkit-transition: 0.4s; transition: 0.4s; border-radius: 50%; }
8	+ input:checked + .slider { background-color: #2196f3; }
9	+ input:focus + .slider { box-shadow: 0 0 1px #2196f3; }
10	+ input:checked + .slider::before { -webkit-transform: translateX(16px); -ms-transform: translateX(16px); transform: translateX(16px); }
11	div#select-container, div#default-allow-container, div#route-container { padding: 1em 0 1em 0; }
12	div#route-container { display: none; }
13	+ input#dra-reset-button { display: none; }

disable-json-api.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Disable REST API
4	* Plugin URI: http://www.binarytemplar.com/disable-json-api
5	* Description: Disable the use of the REST API on your website to anonymous users. You can optionally enable select endpoints if you wish. Now with support for User Roles!
6	- * Version: 1.6
7	* Author: Dave McHale
8	* Author URI: http://www.binarytemplar.com
9	* Text Domain: disable-json-api


3	* Plugin Name: Disable REST API
4	* Plugin URI: http://www.binarytemplar.com/disable-json-api
5	* Description: Disable the use of the REST API on your website to anonymous users. You can optionally enable select endpoints if you wish. Now with support for User Roles!
6	+ * Version: 1.7
7	* Author: Dave McHale
8	* Author URI: http://www.binarytemplar.com
9	* Text Domain: disable-json-api

readme.txt CHANGED Viewed

	@@ -3,8 +3,8 @@ Contributors: dmchale, tangrufus
3	Tags: admin, api, json, REST, rest-api, disable
4	Requires at least: 4.4
5	Requires PHP: 5.6
6	- Tested up to: 5.6
7	- Stable tag: 1.6
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10
	@@ -46,6 +46,12 @@ This plugin is ONLY meant to disable endpoints accessible via the core REST API
46
47	== Changelog ==
48






49	= 1.6 =
50	* Tested up to WP v5.6
51	* Added support for managing endpoint access on a per-user-role basis


3	Tags: admin, api, json, REST, rest-api, disable
4	Requires at least: 4.4
5	Requires PHP: 5.6
6	+ Tested up to: 5.8
7	+ Stable tag: 1.7
8	License: GPLv2 or later
9	License URI: http://www.gnu.org/licenses/gpl-2.0.html
10

46
47	== Changelog ==
48
49	+ = 1.7 =
50	+ * Tested up to WP v5.8
51	+ * Replace use of filemtime() with plugin version number for static file enqueues. Props @tangrufus for bringing this up!
52	+ * Fixed logic bug for role-based default_allow rules. Props @msp1974 for the report!
53	+ * Few small code-style updates
54	+
55	= 1.6 =
56	* Tested up to WP v5.6
57	* Added support for managing endpoint access on a per-user-role basis