UseDataKit
diff --git a/‎composer.json
Lines changed: 2 additions & 1 deletion b/‎composer.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎composer.lock
Lines changed: 75 additions & 5 deletions b/‎composer.lock
Lines changed: 75 additions & 5 deletions
diff --git a/‎src/AccessControl/WordPressAccessController.php
Lines changed: 85 additions & 0 deletions b/‎src/AccessControl/WordPressAccessController.php
Lines changed: 85 additions & 0 deletions
diff --git a/‎src/Component/DataViewShortcode.php
Lines changed: 27 additions & 8 deletions b/‎src/Component/DataViewShortcode.php
Lines changed: 27 additions & 8 deletions
diff --git a/‎src/DataKitPlugin.php
Lines changed: 9 additions & 3 deletions b/‎src/DataKitPlugin.php
Lines changed: 9 additions & 3 deletions
diff --git a/‎src/Rest/Router.php
Lines changed: 7 additions & 3 deletions b/‎src/Rest/Router.php
Lines changed: 7 additions & 3 deletions
@@ -50,7 +50,8 @@
 		"wp-coding-standards/wpcs": "^3.1",
 		"squizlabs/php_codesniffer": "^3.10",
 		"phpcompatibility/phpcompatibility-wp": "^2.1",
-		"overtrue/phplint": "^3.4"
+		"overtrue/phplint": "^3.4",
+		"roots/wordpress-no-content": "^6.6"
 	},
 	"scripts": {
 		"build": [
 
@@ -0,0 +1,85 @@
+<?php
+
+namespace DataKit\Plugin\AccessControl;
+
+use DataKit\DataViews\AccessControl\AccessController;
+use DataKit\DataViews\AccessControl\Capability\Capability;
+use DataKit\DataViews\AccessControl\ReadOnlyAccessController;
+use WP_User;
+
+/**
+ * Access Controller backed by a {@see WP_User}.
+ *
+ * @since $ver$
+ */
+final class WordPressAccessController implements AccessController {
+	/**
+	 * The user to test against.
+	 *
+	 * @since $ver$
+	 *
+	 * @var WP_User|null
+	 */
+	private ?WP_User $user;
+
+	/**
+	 * The previous access controller.
+	 *
+	 * @since $ver$
+	 *
+	 * @var AccessController
+	 */
+	private AccessController $previous;
+
+	/**
+	 * Creates the Access Controller.
+	 *
+	 * @since $ver$
+	 *
+	 * @param WP_User|null $user The user to test against.
+	 */
+	public function __construct( ?WP_User $user ) {
+		$this->user     = $user;
+		$this->previous = new ReadOnlyAccessController();
+	}
+
+	/**
+	 * {@inheritDoc}
+	 *
+	 * @since $ver$
+	 */
+	public function can( Capability $capability ): bool {
+		$can = $this->previous->can( $capability );
+
+		if ( $this->user && $this->user->exists() ) {
+			$can = $this->user->has_cap( 'administrator' );
+		}
+
+		return $this->filter_result( $can, $capability );
+	}
+
+	/**
+	 * Applies filter on the result.
+	 *
+	 * @since $ver$
+	 *
+	 * @param bool       $can        The result to return.
+	 * @param Capability $capability The capability.
+	 *
+	 * @return bool The filtered result.
+	 */
+	private function filter_result( bool $can, Capability $capability ): bool {
+		/**
+		 * Modifies the capability check.
+		 *
+		 * @filter `datakit/access-control/can`
+		 *
+		 * @since  $ver$
+		 *
+		 * @param bool       $can        Whether the user can.
+		 * @param Capability $capability Whether the user can.
+		 * @param ?WP_User   $user       The WP_User.
+		 */
+		return (bool) apply_filters( 'datakit/access-control/can', $can, $capability, $this->user );
+	}
+}
@@ -2,6 +2,8 @@
 
 namespace DataKit\Plugin\Component;
 
+use DataKit\DataViews\AccessControl\AccessController;
+use DataKit\DataViews\AccessControl\Capability;
 use DataKit\DataViews\DataView\DataViewRepository;
 use DataKit\DataViews\DataViewException;
 use DataKit\Plugin\Rest\Router;
@@ -48,13 +50,23 @@ final class DataViewShortcode {
 	 */
 	private array $rendered = [];
 
+	/**
+	 * The Access Controller.
+	 *
+	 * @since $ver$
+	 *
+	 * @var AccessController
+	 */
+	private AccessController $access_controller;
+
 	/**
 	 * Creates the shortcode instance.
 	 *
 	 * @since $ver$
 	 */
-	private function __construct( DataViewRepository $data_view_repository ) {
+	private function __construct( DataViewRepository $data_view_repository, AccessController $access_controller ) {
 		$this->data_view_repository = $data_view_repository;
+		$this->access_controller    = $access_controller;
 
 		add_shortcode( self::SHORTCODE, [ $this, 'render_shortcode' ] );
 	}
@@ -81,13 +93,17 @@ public function render_shortcode( array $attributes ): string {
 
 		// Only add data set once per ID.
 		if ( ! in_array( $id, $this->rendered, true ) ) {
-			wp_enqueue_script( 'datakit/dataview' );
-			wp_enqueue_style( 'datakit/dataview' );
-
 			try {
 				$dataview = $this->data_view_repository->get( $id );
-				$js       = sprintf( 'datakit_dataviews["%s"] = %s;', esc_attr( $id ), $dataview->to_js() );
-				$js       = str_replace( '{REST_ENDPOINT}', Router::get_url(), $js );
+				if ( ! $this->access_controller->can( new Capability\ViewDataView( $dataview ) ) ) {
+					return '';
+				}
+
+				wp_enqueue_script( 'datakit/dataview' );
+				wp_enqueue_style( 'datakit/dataview' );
+
+				$js = sprintf( 'datakit_dataviews["%s"] = %s;', esc_attr( $id ), $dataview->to_js() );
+				$js = str_replace( '{REST_ENDPOINT}', Router::get_url(), $js );
 			} catch ( DataViewException $e ) {
 				return '';
 			}
@@ -119,9 +135,12 @@ function () use ( $js ) {
 	 *
 	 * @return self The singleton.
 	 */
-	public static function get_instance( DataViewRepository $data_view_repository ): self {
+	public static function get_instance(
+		DataViewRepository $data_view_repository,
+		AccessController $access_controller
+	): self {
 		if ( ! isset( self::$instance ) ) {
-			self::$instance = new self( $data_view_repository );
+			self::$instance = new self( $data_view_repository, $access_controller );
 		}
 
 		return self::$instance;
 
@@ -2,9 +2,11 @@
 
 namespace DataKit\Plugin;
 
+use DataKit\DataViews\AccessControl\AccessControlManager;
 use DataKit\DataViews\DataView\DataView;
 use DataKit\DataViews\DataView\DataViewRepository;
 use DataKit\DataViews\DataView\Pagination;
+use DataKit\Plugin\AccessControl\WordPressAccessController;
 use DataKit\Plugin\Rest\Router;
 use DataKit\Plugin\Component\DataViewShortcode;
 
@@ -41,8 +43,12 @@ final class DataKitPlugin {
 	 */
 	private function __construct( DataViewRepository $data_view_repository ) {
 		$this->data_view_repository = $data_view_repository;
+
+		do_action( 'datakit/loading' );
+
+		AccessControlManager::set( new WordPressAccessController( wp_get_current_user() ) );
 		Router::get_instance( $this->data_view_repository );
-		DataViewShortcode::get_instance( $this->data_view_repository );
+		DataViewShortcode::get_instance( $this->data_view_repository, AccessControlManager::current() );
 
 		/**
 		 * Modifies the default amount of results per page.
@@ -59,6 +65,8 @@ private function __construct( DataViewRepository $data_view_repository ) {
 		add_action( 'datakit/dataview/register', [ $this, 'register_data_view' ] );
 		add_action( 'wp_enqueue_scripts', [ $this, 'register_scripts' ] );
 		add_action( 'admin_enqueue_scripts', [ $this, 'register_scripts' ] );
+
+		do_action( 'datakit/loaded' );
 	}
 
 	/**
@@ -133,8 +141,6 @@ public function register_scripts(): void {
 	public static function get_instance( DataViewRepository $repository ): self {
 		if ( ! isset( self::$instance ) ) {
 			self::$instance = new self( $repository );
-
-			do_action( 'datakit/loaded' );
 		}
 
 		return self::$instance;
 
@@ -2,6 +2,7 @@
 
 namespace DataKit\Plugin\Rest;
 
+use DataKit\DataViews\AccessControl\AccessControlManager;
 use DataKit\DataViews\Data\MutableDataSource;
 use DataKit\DataViews\DataView\DataViewRepository;
 use DataKit\DataViews\Translation\Translatable;
@@ -69,10 +70,13 @@ final class Router {
 	private function __construct( DataViewRepository $data_view_repository ) {
 		$this->data_view_repository = $data_view_repository;
 		$this->translator           = new WordPressTranslator();
-		$this->view_controller      = new ViewController( $data_view_repository, $this->translator );
+		$this->view_controller      = new ViewController(
+			$data_view_repository,
+			AccessControlManager::current(),
+			$this->translator,
+		);
 
-		// @phpstan-ignore return.missing
-		add_filter( 'rest_api_init', [ $this, 'register_routes' ] );
+		add_action( 'rest_api_init', [ $this, 'register_routes' ] );
 	}
 
 	/**