';
?>
0,
'user_id' => '',
'description' => '',
'permissions' => '',
'truncated_key' => '',
'last_access' => '',
);
if ( 0 === $key_id ) {
return $empty;
}
$key = $wpdb->get_row(
$wpdb->prepare(
"SELECT key_id, user_id, description, permissions, truncated_key, last_access
FROM {$wpdb->prefix}woocommerce_api_keys
WHERE key_id = %d",
$key_id
),
ARRAY_A
);
if ( is_null( $key ) ) {
return $empty;
}
return $key;
}
/**
* API Keys admin actions.
*/
public function actions() {
if ( $this->is_api_keys_settings_page() ) {
// Revoke key.
if ( isset( $_REQUEST['revoke-key'] ) ) { // WPCS: input var okay, CSRF ok.
$this->revoke_key();
}
// Bulk actions.
if ( isset( $_REQUEST['action'] ) && isset( $_REQUEST['key'] ) ) { // WPCS: input var okay, CSRF ok.
$this->bulk_actions();
}
}
}
/**
* Notices.
*/
public static function notices() {
if ( isset( $_GET['revoked'] ) ) { // WPCS: input var okay, CSRF ok.
$revoked = absint( $_GET['revoked'] ); // WPCS: input var okay, CSRF ok.
/* translators: %d: count */
WC_Admin_Settings::add_message( sprintf( _n( '%d API key permanently revoked.', '%d API keys permanently revoked.', $revoked, 'woocommerce' ), $revoked ) );
}
}
/**
* Revoke key.
*/
private function revoke_key() {
global $wpdb;
check_admin_referer( 'revoke' );
if ( isset( $_REQUEST['revoke-key'] ) ) { // WPCS: input var okay, CSRF ok.
$key_id = absint( $_REQUEST['revoke-key'] ); // WPCS: input var okay, CSRF ok.
$user_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT user_id FROM {$wpdb->prefix}woocommerce_api_keys WHERE key_id = %d", $key_id ) );
if ( $key_id && $user_id && ( current_user_can( 'edit_user', $user_id ) || get_current_user_id() === $user_id ) ) {
$this->remove_key( $key_id );
} else {
wp_die( esc_html__( 'You do not have permission to revoke this API Key', 'woocommerce' ) );
}
}
wp_safe_redirect( esc_url_raw( add_query_arg( array( 'revoked' => 1 ), admin_url( 'admin.php?page=wc-settings&tab=advanced§ion=keys' ) ) ) );
exit();
}
/**
* Bulk actions.
*/
private function bulk_actions() {
check_admin_referer( 'woocommerce-settings' );
if ( ! current_user_can( 'manage_woocommerce' ) ) {
wp_die( esc_html__( 'You do not have permission to edit API Keys', 'woocommerce' ) );
}
if ( isset( $_REQUEST['action'] ) ) { // WPCS: input var okay, CSRF ok.
$action = sanitize_text_field( wp_unslash( $_REQUEST['action'] ) ); // WPCS: input var okay, CSRF ok.
$keys = isset( $_REQUEST['key'] ) ? array_map( 'absint', (array) $_REQUEST['key'] ) : array(); // WPCS: input var okay, CSRF ok.
if ( 'revoke' === $action ) {
$this->bulk_revoke_key( $keys );
}
}
}
/**
* Bulk revoke key.
*
* @param array $keys API Keys.
*/
private function bulk_revoke_key( $keys ) {
if ( ! current_user_can( 'remove_users' ) ) {
wp_die( esc_html__( 'You do not have permission to revoke API Keys', 'woocommerce' ) );
}
$qty = 0;
foreach ( $keys as $key_id ) {
$result = $this->remove_key( $key_id );
if ( $result ) {
$qty++;
}
}
// Redirect to webhooks page.
wp_safe_redirect( esc_url_raw( add_query_arg( array( 'revoked' => $qty ), admin_url( 'admin.php?page=wc-settings&tab=advanced§ion=keys' ) ) ) );
exit();
}
/**
* Remove key.
*
* @param int $key_id API Key ID.
* @return bool
*/
private function remove_key( $key_id ) {
global $wpdb;
$delete = $wpdb->delete( $wpdb->prefix . 'woocommerce_api_keys', array( 'key_id' => $key_id ), array( '%d' ) );
return $delete;
}
}
new WC_Admin_API_Keys();