File: /var/www/html/wpsysiot/wp-content/plugins/pro-elements/modules/notes/data/controller.php
<?php
namespace ElementorPro\Modules\Notes\Data;
use Elementor\Core\Utils\Collection;
use ElementorPro\Modules\Notes\Data\Endpoints\Users_Endpoint;
use ElementorPro\Modules\Notes\Database\Transformers\User_Transformer;
use ElementorPro\Modules\Notes\Utils;
use Elementor\Data\V2\Base\Controller as Base_Controller;
use Elementor\Data\V2\Base\Exceptions\Data_Exception;
use Elementor\Data\V2\Base\Exceptions\Error_404;
use ElementorPro\Data\Http_Status;
use ElementorPro\Modules\Notes\Data\Endpoints\Read_Status_Endpoint;
use ElementorPro\Modules\Notes\Data\Endpoints\Summary_Endpoint;
use ElementorPro\Modules\Notes\Database\Models\Note;
use ElementorPro\Modules\Notes\Database\Models\User;
use ElementorPro\Modules\Notes\Database\Query\Note_Query_Builder;
use ElementorPro\Modules\Notes\Notifications\User_Mentioned_Notification;
use ElementorPro\Modules\Notes\Notifications\User_Replied_Notification;
use ElementorPro\Modules\Notes\Notifications\User_Resolved_Notification;
use ElementorPro\Modules\Notes\User\Capabilities;
use ElementorPro\Plugin;
if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}
class Controller extends Base_Controller {
	public function get_name() {
		return 'notes';
	}
	public function __construct() {
		parent::__construct();
		$this->user_transformer = new User_Transformer();
	}
	public function register_endpoints() {
		$this->register_endpoint( new Read_Status_Endpoint( $this ) );
		$this->register_endpoint( new Summary_Endpoint( $this ) );
		$this->register_endpoint( new Users_Endpoint( $this ) );
		$this->index_endpoint->register_item_route( \WP_REST_Server::READABLE, [
			'id' => [
				'type' => 'integer',
				'description' => 'Note ID to find.',
				'required' => true,
			],
		] );
		$this->index_endpoint->register_items_route( \WP_REST_Server::CREATABLE, [
			'post_id' => [
				'type' => 'integer',
				'description' => 'The id of the post where the note was created at (can be template, post, page, etc.).',
				'required' => true,
				'validate_callback' => function ( $value ) {
					return Plugin::elementor()->documents->get( $value );
				},
			],
			'element_id' => [
				'type' => 'string',
				'description' => 'Each note must be attached to an elementor element.',
				'required' => true,
				'sanitize_callback' => function( $value ) {
					return trim( $value );
				},
				'validate_callback' => function ( $value ) {
					return (bool) preg_match( '/^[a-z0-9]{7,9}$/', $value );
				},
			],
			'content' => [
				'type' => 'string',
				'description' => 'The content of the note.',
				'required' => true,
				'sanitize_callback' => function ( $value ) {
					return $this->sanitize_content( $value );
				},
				'validate_callback' => function ( $value ) {
					return ! empty( $value );
				},
			],
			'position' => [
				'type' => 'object',
				'properties' => [
					'x' => [
						'required' => true,
						'type' => 'number',
					],
					'y' => [
						'required' => true,
						'type' => 'number',
					],
				],
				'required' => true,
				'description' => 'The position of the note.',
			],
			'mentioned_usernames' => [
				'type' => 'array',
				'description' => 'List of user names that have been mentioned in the note\'s content.',
				'default' => [],
				'items' => [
					'type' => 'string',
					'sanitize_callback' => function ( $value ) {
						return wp_strip_all_tags( $value, true );
					},
				],
				'required' => false,
			],
			'route_post_id' => [
				'description' => 'The ID of the post that\'s associated with the route (doesn\'t always exist, e.g: home page, archive)',
				'required' => false,
				'validate_callback' => function ( $value ) {
					if ( ! $value ) {
						return true;
					}
					return is_numeric( $value ) && Plugin::elementor()->documents->get( $value );
				},
				'sanitize_callback' => function ( $value ) {
					if ( ! $value ) {
						return null;
					}
					return intval( $value );
				},
			],
			'route_url' => [
				'type' => 'string',
				'description' => 'The URL of the route where the note was created at.',
				'required' => false,
				'validate_callback' => function ( $value ) {
					return Utils::validate_url_or_relative_url( $value );
				},
				'sanitize_callback' => function ( $value ) {
					return Utils::clean_url( $value );
				},
			],
			'route_title' => [
				'type' => 'string',
				'description' => 'The title of the route where the note was created at.',
				'required' => false,
				'sanitize_callback' => function ( $value ) {
					return wp_strip_all_tags( $value, true );
				},
			],
			'parent_id' => [
				'type' => 'integer',
				'description' => 'If the new note is a reply to another note, the parent_id should be the thread\'s id.',
				'required' => false,
				'default' => 0,
			],
			'is_public' => [
				'type' => 'boolean',
				'description' => 'Should this note be visible for everyone or just for its author.',
				'required' => false,
			],
		] );
		$this->index_endpoint->register_item_route( \WP_REST_Server::EDITABLE, [
			'id' => [
				'type' => 'integer',
				'description' => 'The id the note.',
				'required' => true,
			],
			'content' => [
				'type' => 'string',
				'description' => 'The content of the note.',
				'required' => false,
				'sanitize_callback' => function ( $value ) {
					return $this->sanitize_content( $value );
				},
			],
			'mentioned_usernames' => [
				'type' => 'array',
				'description' => 'List of user names that have been mentioned in the note\'s content.',
				'items' => [
					'type' => 'string',
					'sanitize_callback' => function ( $value ) {
						return wp_strip_all_tags( $value, true );
					},
				],
				'required' => false,
			],
			'status' => [
				'type' => 'string',
				'description' => 'Note status can be draft or publish.',
				'required' => false,
				'enum' => [
					Note::STATUS_PUBLISH,
					Note::STATUS_DRAFT,
				],
			],
			'is_public' => [
				'type' => 'boolean',
				'description' => 'Should this note be visible for everyone or just for its author.',
				'required' => false,
			],
			'is_resolved' => [
				'type' => 'boolean',
				'description' => 'Is this note resolved and should be hidden.',
				'required' => false,
			],
		] );
		$this->index_endpoint->register_item_route( \WP_REST_Server::DELETABLE, [
			'id' => [
				'type' => 'integer',
				'description' => 'The id of the note.',
				'required' => true,
			],
			'force' => [
				'type' => 'boolean',
				'description' => 'Determine if it should be deleted permanently or change the status to trash.',
				'default' => false,
				'required' => false,
			],
		] );
	}
	/**
	 * Notes index route params.
	 *
	 * @return array[]
	 */
	public function get_collection_params() {
		return [
			'route_url' => [
				'type' => 'string',
				'description' => 'The URL of the route where the note was created at.',
				'required' => false,
				'validate_callback' => function ( $value ) {
					return Utils::validate_url_or_relative_url( $value );
				},
				'sanitize_callback' => function ( $value ) {
					return Utils::clean_url( $value );
				},
			],
			'status' => [
				'type' => 'string',
				'description' => 'The note status (e.g. "publish", "draft").',
				'required' => false,
				'enum' => [
					Note::STATUS_PUBLISH,
					Note::STATUS_DRAFT,
				],
				'default' => Note::STATUS_PUBLISH,
			],
			'is_resolved' => [
				'type' => 'boolean',
				'description' => 'Whether the note is resolved or not.',
				'required' => false,
			],
			'parent_id' => [
				'type' => 'integer',
				'description' => 'The note\'s parent id (use 0 for top-level).',
				'required' => false,
			],
			'post_id' => [
				'type' => 'integer',
				'description' => 'The ID of the post that the note is attached to.',
				'required' => false,
				'validate_callback' => function ( $value ) {
					return Plugin::elementor()->documents->get( $value );
				},
			],
			'only_unread' => [
				'type' => 'boolean',
				'description' => 'Show only unread notes (represents an unread thread if one of its replies is unread).',
				'required' => false,
			],
			'only_relevant' => [
				'type' => 'boolean',
				'description' => 'Show only notes that are relevant to the current user.',
				'required' => false,
			],
			'order_by' => [
				'type' => 'string',
				'description' => 'A column to order the results by.',
				'required' => false,
				'default' => 'last_activity_at',
				'enum' => [
					'last_activity_at',
					'created_at',
				],
			],
			'order' => [
				'type' => 'string',
				'description' => 'Results order direction.',
				'required' => false,
				'default' => 'desc',
				'enum' => [
					'asc',
					'desc',
				],
			],
		];
	}
	/**
	 * Get all Notes by filters.
	 *
	 * GET `/notes`
	 *
	 * @param \WP_REST_Request $request
	 *
	 * @return array
	 */
	public function get_items( $request ) {
		$user_id = get_current_user_id();
		$notes_query = Note::query()
			->with_replies_count()
			->with_unread_replies_count( $user_id )
			->with_is_read( $user_id )
			->with_author()
			->only_visible( $user_id )
			->order_by(
				$request->get_param( 'order_by' ),
				$request->get_param( 'order' )
			);
		foreach ( $this->get_filters() as $param => $callback ) {
			if ( $request->has_param( $param ) ) {
				call_user_func( $callback, $notes_query, $request->get_param( $param ) );
			}
		}
		$notes = $notes_query->get()->filter( function ( Note $note ) {
			return current_user_can( Capabilities::READ_NOTES, $note );
		} )->map( function ( Note $note ) {
			return $this->transform_users( $note );
		} );
		return [
			'data' => $notes,
			'meta' => [],
		];
	}
	/**
	 * Get a single note.
	 *
	 * GET `/notes/{id}`
	 *
	 * @param \WP_REST_Request $request
	 *
	 * @return array
	 */
	public function get_item( $request ) {
		$user_id = get_current_user_id();
		/**
		 * @var $note Note|null
		 */
		$note = Note::query()
			->where( 'id', '=', $request->get_param( 'id' ) )
			->with_replies( function ( Note_Query_Builder $q ) use ( $user_id ) {
				$q->with_author()->with_is_read( $user_id )->with_readers();
			} )
			->with_replies_count()
			->with_unread_replies_count( $user_id )
			->with_is_read( $user_id )
			->with_author()
			->with_readers()
			->with_document()
			->first();
		if ( ! $note ) {
			throw new Error_404();
		}
		$note = $this->transform_users( $note );
		$note->attach_user_capabilities( $user_id );
		return [
			'data' => $note,
			'meta' => [],
		];
	}
	/**
	 * Run all user models in the note through user transformer.
	 *
	 * @param Note $note
	 *
	 * @return Note
	 */
	protected function transform_users( Note $note ) {
		if ( ! empty( $note->author ) ) {
			$note->author = $this->user_transformer->transform( $note->author );
		}
		if ( ! $note->readers->is_empty() ) {
			$note->readers = $note->readers->map( function ( User $user ) {
				return $this->user_transformer->transform( $user );
			} );
		}
		// If the note has replies, recursively run the function for each reply note.
		if ( ! $note->replies->is_empty() ) {
			$note->replies = $note->replies->map( function ( Note $reply ) {
				return $this->transform_users( $reply );
			} );
		}
		return $note;
	}
	/**
	 * Create a note.
	 *
	 * POST `/notes`
	 *
	 * @param \WP_REST_Request $request
	 *
	 * @return array
	 * @throws \Exception
	 */
	public function create_items( $request ) {
		$this->validate_create_items( $request );
		$now = gmdate( 'Y-m-d H:i:s' );
		$values = ( new Collection( $request->get_body_params() ) )
			->only( [
				'post_id',
				'element_id',
				'content',
				'route_post_id',
				'route_url',
				'route_title',
				'status',
				'parent_id',
				'is_public',
			] )
			->merge( [
				'author_id' => get_current_user_id(),
				'created_at' => $now,
				'updated_at' => $now,
				'last_activity_at' => $now,
				'position' => wp_json_encode( $request->get_param( 'position' ) ),
			] )
			->all();
		$id = Note::query()->insert( $values );
		/** @var Note $note */
		$note = Note::query()->with_author()->find( $id );
		$note = $this->transform_users( $note );
		$mentioned = $note->sync_mentions(
			$request->get_param( 'mentioned_usernames' ),
			'user_nicename'
		);
		// Set the note as read by its author.
		$note->add_readers( [ get_current_user_id() ] );
		// If it's a reply, the thread's `last_activity_at` should be updated as well.
		if ( $note->is_reply() ) {
			Note::query()
				->where( 'id', '=', $note->parent_id )
				->update( [ 'last_activity_at' => $now ] );
		}
		// TODO: Use events system.
		$this->on_note_created( [
			'note' => $note,
			'mentioned' => $mentioned,
			'actor' => User::from_wp_user( wp_get_current_user() ),
		] );
		return [
			'data' => $note,
			'meta' => [],
		];
	}
	/**
	 * Update a note.
	 *
	 * PATCH `/notes/{id}`
	 *
	 * @param \WP_REST_Request $request
	 *
	 * @return array
	 */
	public function update_item( $request ) {
		$this->validate_update_items( $request );
		$now = gmdate( 'Y-m-d H:i:s' );
		$values = ( new Collection( $request->get_params() ) )
			->only( [
				'content',
				'status',
				'is_public',
				'is_resolved',
			] )
			->merge( [
				'updated_at' => $now,
			] )
			->merge( $request->has_param( 'is_resolved' ) ? [
				'last_activity_at' => $now,
			] : [] )
			->all();
		Note::query()
			->where( 'id', '=', $request->get_param( 'id' ) )
			->update( $values );
		// Need to refetch the note after update
		/** @var Note $note */
		$note = Note::query()->with_author()->find( $request->get_param( 'id' ) );
		if ( $request->has_param( 'mentioned_usernames' ) ) {
			$mentioned = $note->sync_mentions(
				$request->get_param( 'mentioned_usernames' ),
				'user_nicename'
			);
		}
		// TODO: Use events system.
		$this->on_note_updated( [
			'note' => $note,
			'actor' => User::from_wp_user( wp_get_current_user() ),
			'mentioned' => isset( $mentioned ) ? $mentioned : null,
			'resolved' => ! ! $request->get_param( 'is_resolved' ),
		] );
		return [
			'data' => $note,
			'meta' => [],
		];
	}
	/**
	 * Delete a note.
	 *
	 * DELETE `/notes/{id}`
	 *
	 * @param \WP_REST_Request $request
	 *
	 * @return \WP_REST_Response
	 * @throws \Elementor\Data\V2\Base\Exceptions\Error_404
	 */
	public function delete_item( $request ) {
		/** @var Note $note */
		$note = Note::query()->find( $request->get_param( 'id' ) );
		if ( ! $note ) {
			throw new Error_404();
		}
		Note::query()
			->where( 'id', '=', $note->id )
			->when(
				$request->get_param( 'force' ),
				function ( Note_Query_Builder $query ) {
					$query->delete( true );
				},
				function ( Note_Query_Builder $query ) {
					$query->trash();
				}
			);
		// TODO: Should return status 204 when the $e.data will support it
		return new \WP_REST_Response( [], Http_Status::OK );
	}
	/**
	 * @inheritDoc
	 */
	public function get_permission_callback( $request ) {
		$capability = null;
		$id = $request->get_param( 'id' );
		switch ( $request->get_method() ) {
			case 'GET':
				$capability = Capabilities::READ_NOTES;
				break;
			case 'POST':
				// When creating a note it checks if the user can create note for the parent note if 'parent_id' is provided.
				$id = $request->get_param( 'parent_id' );
				$capability = Capabilities::CREATE_NOTES;
				break;
			case 'PUT':
			case 'PATCH':
				$capability = Capabilities::EDIT_NOTES;
				break;
			case 'DELETE':
				$capability = Capabilities::DELETE_NOTES;
				break;
		}
		return $capability && current_user_can( $capability, $id );
	}
	/**
	 * Get the Notes filters.
	 *
	 * @return array
	 */
	public function get_filters() {
		return [
			'route_url' => function ( Note_Query_Builder $q, $url ) {
				$q->where( 'route_url', '=', $url );
			},
			'is_resolved' => function ( Note_Query_Builder $q, $is_resolved ) {
				$q->where( 'is_resolved', '=', $is_resolved );
			},
			'parent_id' => function ( Note_Query_Builder $q, $parent_id ) {
				$q->where( 'parent_id', '=', $parent_id );
			},
			'post_id' => function ( Note_Query_Builder $q, $post_id ) {
				$q->where( 'post_id', '=', $post_id );
			},
			'only_unread' => function ( Note_Query_Builder $q ) {
				$q->only_unread( get_current_user_id() );
			},
			'only_relevant' => function ( Note_Query_Builder $q ) {
				$q->only_relevant( get_current_user_id() );
			},
		];
	}
	/**
	 * Validates the create items endpoint.
	 *
	 * @param \WP_REST_Request $request
	 *
	 * @throws Data_Exception
	 * @throws Error_404
	 */
	private function validate_create_items( \WP_REST_Request $request ) {
		$parent_id = $request->get_param( 'parent_id' );
		if ( ! $parent_id ) {
			// The validation is related only if the new note should be reply.
			return;
		}
		/** @var Note $parent */
		$parent = Note::query()->find( $parent_id );
		if ( ! $parent ) {
			throw new Error_404();
		}
		if ( $parent->is_reply() ) {
			throw new Data_Exception(
				'Cannot create reply on reply.',
				'rest_invalid_param',
				[ 'status' => Http_Status::BAD_REQUEST ]
			);
		}
		if ( $request->has_param( 'is_public' ) ) {
			throw new Data_Exception(
				"Cannot update 'is_public' on reply.",
				'rest_invalid_param',
				[ 'status' => Http_Status::BAD_REQUEST ]
			);
		}
	}
	/**
	 * Validates the update item endpoint.
	 *
	 * @param \WP_REST_Request $request
	 *
	 * @throws Data_Exception
	 * @throws Error_404
	 */
	private function validate_update_items( \WP_REST_Request $request ) {
		/** @var Note $note */
		$note = Note::query()->find( $request->get_param( 'id' ) );
		if ( ! $note ) {
			throw new Error_404();
		}
		$has_invalid_reply_attributes = $request->has_param( 'is_resolved' ) || $request->has_param( 'is_public' );
		if ( $note->is_reply() && $has_invalid_reply_attributes ) {
			throw new Data_Exception(
				"Cannot update 'is_resolved' or 'is_public' on reply.",
				'rest_invalid_param',
				[ 'status' => Http_Status::BAD_REQUEST ]
			);
		}
		// For notifications - To make sure that there are no redundant resolve notifications.
		if ( $note->is_resolved === $request->get_param( 'is_resolved' ) ) {
			throw new Data_Exception(
				"'is_resolved' was already set on '{$note->is_resolved}'.",
				'rest_invalid_param',
				[ 'status' => Http_Status::BAD_REQUEST ]
			);
		}
	}
	/**
	 * Handle note creation side-effects.
	 *
	 * @param array $event
	 *
	 * @return void
	 */
	protected function on_note_created( array $event ) {
		foreach ( $event['mentioned'] as $user ) {
			$user->notify( new User_Mentioned_Notification( $event['note'], $event['actor'] ) );
		}
		if ( $event['note']->is_reply() ) {
			$relevant = User::query()->only_relevant_to_note( $event['note'] )->get();
			foreach ( $relevant as $user ) {
				$user->notify( new User_Replied_Notification(
					$event['note'],
					$event['actor'],
					$event['mentioned']->pluck( 'ID' )->all()
				) );
			}
		}
	}
	/**
	 * Handle note update side-effects.
	 *
	 * @param array $event
	 *
	 * @return void
	 */
	protected function on_note_updated( array $event ) {
		if ( ! empty( $event['mentioned'] ) ) {
			foreach ( $event['mentioned'] as $user ) {
				$user->notify( new User_Mentioned_Notification( $event['note'], $event['actor'] ) );
			}
		}
		if ( ! empty( $event['resolved'] ) ) {
			$relevant = User::query()->only_relevant_to_note( $event['note'] )->get();
			foreach ( $relevant as $user ) {
				$user->notify( new User_Resolved_Notification(
					$event['note'],
					$event['actor']
				) );
			}
		}
	}
	/**
	 * Sanitize note content.
	 *
	 *  - Trims empty lines & spaces from start/end of the string.
	 *  - Encodes HTML entities.
	 *
	 * @param string $raw_content
	 *
	 * @return string
	 */
	private function sanitize_content( $raw_content ) {
		return htmlentities( preg_replace( '/(^[\n\s]+|[\n\s]+$)/', '', $raw_content ) );
	}
}