[wp-trac] [WordPress Trac] #39544: REST API: Improve users endpoint in multisite
WordPress Trac
noreply at wordpress.org
Thu Apr 6 08:48:20 UTC 2017
#39544: REST API: Improve users endpoint in multisite
----------------------------+-----------------------------
Reporter: flixos90 | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: Future Release
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses: multisite
----------------------------+-----------------------------
Comment (by flixos90):
While reviewing our previous discussions for my presentation in Torino, I
noticed a few problems with our plans. Let me first list all of the
functionality and how I understand we're planning it:
* `GET wp/v2/users` lists users of the current site
* `GET wp/v2/users?global=true` lists all users
* `GET wp/v2/users/<id>` shows a user of the current site
* `GET wp/v2/users/<id>?global=true` shows any user
* `POST/PUT/PATCH wp/v2/users/<id>` updates a user of the current site
* `POST/PUT/PATCH wp/v2/users/<id>?global=true` updates any user
* `POST wp/v2/users` creates a new user and adds it to the current site
* `POST wp/v2/users?email=<existing-email-address>` adds an existing user
to the current site
* `DELETE wp/v2/users/<id>` removes a user from the current site
* `DELETE wp/v2/users/<id>?global=true` deletes any user entirely
If anything from that list is not what we previously discussed, please
correct me, as I might have misunderstood it then.
I think the following items need to be reviewed and discussed:
1. Should `POST/PUT/PATCH wp/v2/users/<id>` only allow changes of roles
and `POST/PUT/PATCH wp/v2/users/<id>?global=true` only allow changes of
everything but roles? Or should we not make this differentiation and
handle support based on capabilities (as proposed in #40263)?
2. Our plans for creating and adding are too vague I think. A problem is
that the current `POST wp/v2/users` is an operation partly in the global,
and partly in the site context (a global user is created and then added to
the current site). When specifying only an email to add an existing user,
this could also be a failed request to create a new user, so there is a
lack of clarity. I think it would be best if we had `POST
wp/v2/users?global=true` for creating a global user _without_ adding them
to a site, and then `POST wp/v2/users` to add a user to a site. This
solution would perfectly align with our plans for the `DELETE` route.
However, it might be almost impossible to implement things that way now
because of backward compatibility. We need to revisit this.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39544#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list