automator_recipe_item_add_before

Description

Usage

add_action( 'automator_recipe_item_add_before', 'your_function_name', 10, 2 );

Parameters

$request (WP_REST_Request)

The REST request object.

$type (string)

The item type.

Examples

<?php
/**
 * Example function to hook into 'automator_recipe_item_add_before'.
 * This function checks if the item being added is of type 'action'
 * and if it's an action that is not allowed to be added from the REST API
 * without specific authorization.
 *
 * @param WP_REST_Request $request The REST request object.
 * @param string          $type    The item type.
 */
function my_automator_restrict_unauthorized_actions( WP_REST_Request $request, string $type ) {
	// Only proceed if the item type is 'action'
	if ( 'action' === $type ) {
		$parameters = $request->get_params();
		$action_slug = $parameters['slug'] ?? ''; // Assuming 'slug' is a parameter for the action

		// List of action slugs that require special handling or are disallowed via REST
		$restricted_action_slugs = [
			'delete_user_account',
			'reset_user_password',
			// Add other sensitive action slugs here
		];

		// Check if the action being added is in our restricted list
		if ( in_array( $action_slug, $restricted_action_slugs, true ) ) {
			// Check if the current user has the necessary capability to add this restricted action
			// For demonstration, let's assume only administrators can add these.
			if ( ! current_user_can( 'manage_options' ) ) {
				// Prepare an error response
				$error_response = new WP_Error(
					'automator_unauthorized_action',
					__( 'You do not have permission to add this type of action via the REST API.', 'your-text-domain' ),
					[ 'status' => rest_authorization_required_code() ]
				);

				// In a real scenario, you might want to throw this error or return it
				// to stop the item addition process. Since this is an action hook,
				// we can't directly return a REST response here without more context
				// of how the main plugin handles errors.
				// For a more robust solution, you might need to hook into a pre-request
				// validation or throw an exception that the plugin can catch.

				// For now, we'll log a warning.
				error_log( sprintf(
					'Unauthorized attempt to add action "%s" via REST API by user ID %d. User is not an administrator.',
					$action_slug,
					get_current_user_id()
				) );

				// Note: To actually prevent the item from being added, the plugin
				// would need to inspect this error or have a mechanism to halt
				// execution based on this hook's logic. This example demonstrates
				// how to *detect* and *log* such an attempt.
			}
		}
	}
}

// Add the action to the 'automator_recipe_item_add_before' hook.
// We specify 10 for priority and 2 for the number of arguments the callback accepts.
add_action( 'automator_recipe_item_add_before', 'my_automator_restrict_unauthorized_actions', 10, 2 );
?>

Placement

This code should be placed in the functions.php file of your active theme, a custom plugin, or using a code snippets plugin.

Source Code

src/api/transports/restful/recipe/items/traits/hooks/trait-hook-add-operations.php:31

protected function dispatch_add_before_hooks(): void {
		$type = $this->get_item_type();

		/**
		 * Fires before any recipe item is added.
		 *
		 * @since 7.0
		 *
		 * @param WP_REST_Request $request The REST request object.
		 * @param string          $type    The item type.
		 */
		do_action(
			'automator_recipe_item_add_before',
			$this->get_request(),
			$type
		);

		/**
		 * Fires before a specific item type is added.
		 *
		 * @since 7.0
		 *
		 * @param WP_REST_Request $request The REST request object.
		 */
		do_action(
			"automator_recipe_{$type}_add_before",
			$this->get_request()
		);
	}

Related Hooks

• automator_recipe_{$type}_add_before — fires_nearby