wp-shortcake · mattheu · Mar 2, 2016 · Mar 2, 2016 · Mar 2, 2016 · Mar 2, 2016
diff --git a/inc/class-shortcode-ui.php b/inc/class-shortcode-ui.php
@@ -67,7 +67,7 @@ private function __construct() {
 	private function setup_actions() {
 		add_action( 'admin_enqueue_scripts',     array( $this, 'action_admin_enqueue_scripts' ) );
 		add_action( 'wp_enqueue_editor',         array( $this, 'action_wp_enqueue_editor' ) );
-		add_action( 'wp_ajax_bulk_do_shortcode', array( $this, 'handle_ajax_bulk_do_shortcode' ) );
+		add_action( 'rest_api_init',             array( $this, 'action_rest_api_init' ) );
 		add_filter( 'wp_editor_settings',        array( $this, 'filter_wp_editor_settings' ), 10, 2 );
 	}
 
@@ -247,9 +247,13 @@ public function enqueue() {
 				'insert_content_label'              => __( 'Insert Content', 'shortcode-ui' ),
 			),
 			'nonces'     => array(
-				'preview'        => wp_create_nonce( 'shortcode-ui-preview' ),
+				'wp_rest'        => wp_create_nonce( 'wp_rest' ),
 				'thumbnailImage' => wp_create_nonce( 'shortcode-ui-get-thumbnail-image' ),
 			),
+			'urls'       => array(
+				'preview'     => rest_url( '/shortcode-ui/v1/preview' ),
+				'bulkPreview' => rest_url( '/shortcode-ui/v1/preview/bulk' ),
+			),
 		) );
 
 		// add templates to the footer, instead of where we're at now
@@ -338,10 +342,6 @@ private function render_shortcode_for_preview( $shortcode, $post_id = null ) {
 			define( 'SHORTCODE_UI_DOING_PREVIEW', true );
 		}
 
-		if ( ! current_user_can( 'edit_post', $post_id ) ) {
-			return esc_html__( "Something's rotten in the state of Denmark", 'shortcode-ui' );
-		}
-
 		if ( ! empty( $post_id ) ) {
 			// @codingStandardsIgnoreStart
 			global $post;
@@ -369,37 +369,148 @@ private function render_shortcode_for_preview( $shortcode, $post_id = null ) {
 	}
 
 	/**
-	 * Get a bunch of shortcodes to render in MCE preview.
+	 * Register rest api endpoints.
 	 */
-	public function handle_ajax_bulk_do_shortcode() {
+	public function action_rest_api_init() {
+
+		register_rest_route( 'shortcode-ui/v1', 'preview', array(
+			'methods'             => 'GET',
+			'callback'            => array( $this, 'rest_preview_callback' ),
+			'permission_callback' => array( $this, 'rest_preview_permission_callback' ),
+			'args'                => array(
+				'shortcode' => array(
+					'sanitize_callback' => array( $this, 'rest_sanitize_shortcode' ),
+					'required'          => true,
+				),
+				'post_id' => array(
+					'sanitize_callback' => array( $this, 'rest_sanitize_post_id' ),
+					'required'          => true,
+				),
+			),
+		) );
 
-		if ( is_array( $_POST['queries'] ) ) {
+		register_rest_route( 'shortcode-ui/v1', 'preview/bulk', array(
+			'methods'             => 'GET',
+			'callback'            => array( $this, 'rest_preview_bulk_callback' ),
+			'permission_callback' => array( $this, 'rest_preview_permission_callback' ),
+			'args'                => array(
+				'queries' => array(
+					'sanitize_callback' => array( $this, 'rest_sanitize_queries' ),
+					'validate_callback' => array( $this, 'rest_validate_queries' ),
+				),
+				'post_id' => array(
+					'sanitize_callback' => array( $this, 'rest_sanitize_post_id' ),
+				),
+			),
+		) );
 
-			$responses = array();
+	}
 
-			foreach ( $_POST['queries'] as $posted_query ) {
+	/**
+	 * Permission check for getting a shortcode preview.
+	 *
+	 * @param WP_REST_Request $request
+	 * @return boolean
+	 */
+	public function rest_preview_permission_callback( WP_REST_Request $request ) {
 
-				// Don't sanitize shortcodes — can contain HTML kses doesn't allow (e.g. sourcecode shortcode)
-				if ( ! empty( $posted_query['shortcode'] ) ) {
-					$shortcode = stripslashes( $posted_query['shortcode'] );
-				} else {
-					$shortcode = null;
-				}
-				if ( isset( $posted_query['post_id'] ) ) {
-					$post_id = intval( $posted_query['post_id'] );
-				} else {
-					$post_id = null;
-				}
+		$post_id = $request->get_param( 'post_id' );
 
-				$responses[ $posted_query['counter'] ] = array(
-					'query' => $posted_query,
-					'response' => $this->render_shortcode_for_preview( $shortcode, $post_id ),
-				);
-			}
+		if ( empty( $post_id ) ) {
+			return new WP_Error( 'rest_no_post_id', __( 'No Post ID.' ) );
+		}
+
+		if ( ! current_user_can( 'edit_post', $post_id ) ) {
+			return new WP_Error( 'rest_no_edit_post_cap', __( 'You do not have permission to edit this Post.' ) );
+		}
 
-			wp_send_json_success( $responses );
-			exit;
+		return true;
+	}
+
+	/**
+	 * Sanitize collection of shortcode queries.
+	 *
+	 * Used for bulk requests.
+	 *
+	 * @param array $queries Queries
+	 * @return string Queries
+	 */
+	public function rest_sanitize_queries( $queries ) {
+		$clean_queries = array();
+		foreach ( $queries as $query ) {
+			$clean_queries[] = array(
+				'counter'   => absint( $query['counter'] ),
+				'shortcode' => $this->rest_sanitize_shortcode( $query['shortcode'] ),
+			);
 		}
+		return $clean_queries;
+	}
+
+	/**
+	 * Validate collection of shortcodes.
+	 *
+	 * Used for bulk requests.
+	 *
+	 * @param array $queries Queries
+	 * @return boolean
+	 */
+	public function rest_validate_queries( $shortcodes ) {
+		return is_array( $shortcodes );
+	}
+
+	/**
+	 * Sanitize rest request shortcode arg.
+	 *
+	 * @param string $shortcode Shortcode
+	 * @return string Shortcode
+	 */
+	public function rest_sanitize_shortcode( $shortcode ) {
+		return stripslashes( $shortcode );
+	}
+
+	/**
+	 * Sanitize Post ID.
+	 *
+	 * @param mixed $shortcode Post Id
+	 * @return int Post Id
+	 */
+	public function rest_sanitize_post_id( $post_id ) {
+		return absint( $post_id );
+	}
+
+	/**
+	 * Get a preview for a single shortcode to render in MCE preview.
+	 */
+	public function rest_preview_callback( WP_REST_Request $request ) {
+
+		$shortcode = $request->get_param( 'shortcode' );
+		$post_id   = $request->get_param( 'post_id' );
+
+		return array(
+			'shortcode' => $shortcode,
+			'post_id'   => $post_id,
+			'preview'   => $this->render_shortcode_for_preview( $shortcode, $post_id ),
+		);
+	}
+
+	/**
+	 * Get a bunch of shortcodes previews to render in MCE preview.
+	 */
+	public function rest_preview_bulk_callback( WP_REST_Request $request ) {
+
+		$previews = array();
+		$post_id  = $request->get_param( 'post_id' );
+
+		foreach ( $request->get_param( 'queries' ) as $query ) {
+			$previews[] = array(
+				'shortcode' => $query['shortcode'],
+				'post_id'   => $post_id,
+				'counter'   => $query['counter'],
+				'preview'   => $this->render_shortcode_for_preview( $query['shortcode'], $post_id ),
+			);
+		}
+
+		return array_filter( $previews );
 
 	}
 

diff --git a/js-tests/build/specs.js b/js-tests/build/specs.js
@@ -382,65 +382,6 @@ describe( "MCE View Constructor", function() {
 
 	} );
 
-	describe( "Fetch preview HTML", function() {
-
-		beforeEach(function() {
-			jasmine.Ajax.install();
-		});
-
-		afterEach(function() {
-			jasmine.Ajax.uninstall();
-		});
-
-		var constructor = jQuery.extend( true, {
-			render: function( force ) {},
-		}, MceViewConstructor );
-
-		// Mock shortcode model data.
-		constructor.shortcodeModel = jQuery.extend( true, {}, sui.shortcodes.first() );
-
-		it( 'Fetches data success', function(){
-
-			spyOn( wp.ajax, "post" ).and.callThrough();
-			spyOn( constructor, "render" );
-
-			constructor.fetch();
-
-			expect( constructor.fetching ).toEqual( true );
-			expect( constructor.content ).toEqual( undefined );
-			expect( wp.ajax.post ).toHaveBeenCalled();
-			expect( constructor.render ).not.toHaveBeenCalled();
-
-			jasmine.Ajax.requests.mostRecent().respondWith( {
-				'status': 200,
-				'responseText': '{"success":true,"data":"test preview response body"}'
-			} );
-
-			expect( constructor.fetching ).toEqual( undefined );
-			expect( constructor.content ).toEqual( 'test preview response body' );
-			expect( constructor.render ).toHaveBeenCalled();
-
-		});
-
-		it( 'Handles errors when fetching data', function() {
-
-			spyOn( constructor, "render" );
-
-			constructor.fetch();
-
-			jasmine.Ajax.requests.mostRecent().respondWith( {
-				'status': 500,
-				'responseText': '{"success":false}'
-			});
-
-			expect( constructor.fetching ).toEqual( undefined );
-			expect( constructor.content ).toContain( 'shortcake-error' );
-			expect( constructor.render ).toHaveBeenCalled();
-
-		} );
-
-	} );
-
 	it( 'parses simple shortcode', function() {
 		var shortcode = MceViewConstructor.parseShortcodeString( '[test_shortcode attr="test value"]');
 		expect( shortcode instanceof Shortcode ).toEqual( true );
@@ -761,15 +702,13 @@ var Fetcher = (function() {
 	 * }
 	 * @return {Deferred}
 	 */
-	this.queueToFetch = function( query ) {
+	this.queueToFetch = function( shortcode ) {
 		var fetchPromise = new $.Deferred();
 
-		query.counter = ++fetcher.counter;
-
 		fetcher.queries.push({
 			promise: fetchPromise,
-			query: query,
-			counter: query.counter
+			shortcode: shortcode,
+			counter: ++fetcher.counter
 		});
 
 		if ( ! fetcher.timeout ) {
@@ -795,22 +734,30 @@ var Fetcher = (function() {
 			return;
 		}
 
-		var request = $.post( ajaxurl + '?action=bulk_do_shortcode', {
-				queries: _.pluck( fetcher.queries, 'query' )
+		var request = $.get( shortcodeUIData.urls.bulkPreview, {
+				_wpnonce: shortcodeUIData.nonces.wp_rest,
+				post_id:    $( '#post_ID' ).val(),
+				queries: _.map( fetcher.queries, function( query ) {
+					return { shortcode: query.shortcode, counter: query.counter };
+				} )
 			}
 		);
 
-		request.done( function( response ) {
-			_.each( response.data, function( result, index ) {
+		request.done( function( responses ) {
+
+			_.each( responses, function( result ) {
+
 				var matchedQuery = _.findWhere( fetcher.queries, {
-					counter: parseInt( index ),
+					counter: result.counter,
 				});
 
 				if ( matchedQuery ) {
 					fetcher.queries = _.without( fetcher.queries, matchedQuery );
-					matchedQuery.promise.resolve( result );
+					matchedQuery.promise.resolve( result.preview );
 				}
+
 			} );
+
 		} );
 	};
 
@@ -857,8 +804,8 @@ var shortcodeViewConstructor = {
 		this.shortcodeModel = this.getShortcodeModel( this.shortcode );
 		this.fetching = this.delayedFetch();
 
-		this.fetching.done( function( queryResponse ) {
-			var response = queryResponse.response;
+		this.fetching.done( function( response ) {
+
 			if ( '' === response ) {
 				var span = $('<span />').addClass('shortcake-notice shortcake-empty').text( self.shortcodeModel.formatShortcode() );
 				var wrapper = $('<div />').html( span );
@@ -944,43 +891,7 @@ var shortcodeViewConstructor = {
 	 * @return {Promise}
 	 */
 	delayedFetch: function() {
-		return fetcher.queueToFetch({
-			post_id: $( '#post_ID' ).val(),
-			shortcode: this.shortcodeModel.formatShortcode(),
-			nonce: shortcodeUIData.nonces.preview,
-		});
-	},
-
-	/**
-	 * Fetch a preview of a single shortcode.
-	 *
-	 * Async. Sets this.content and calls this.render.
-	 *
-	 * @return undefined
-	 */
-	fetch: function() {
-		var self = this;
-
-		if ( ! this.fetching ) {
-			this.fetching = true;
-
-			wp.ajax.post( 'do_shortcode', {
-				post_id: $( '#post_ID' ).val(),
-				shortcode: this.shortcodeModel.formatShortcode(),
-				nonce: shortcodeUIData.nonces.preview,
-			}).done( function( response ) {
-				if ( '' === response ) {
-					self.content = '<span class="shortcake-notice shortcake-empty">' + self.shortcodeModel.formatShortcode() + '</span>';
-				} else {
-					self.content = response;
-				}
-			}).fail( function() {
-				self.content = '<span class="shortcake-error">' + shortcodeUIData.strings.mce_view_error + '</span>';
-			} ).always( function() {
-				delete self.fetching;
-				self.render( null, true );
-			} );
-		}
+		return fetcher.queueToFetch( this.shortcodeModel.formatShortcode() );
 	},
 
 	/**