WordPress · spacedmonkey · May 12, 2020 · Jun 9, 2020 · Jun 9, 2020 · Jun 17, 2020
diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php
@@ -1202,6 +1202,8 @@ public function get_index( $request ) {
 
 		$response->add_link( 'help', 'http://v2.wp-api.org/' );
 
+		$response = $this->maybe_add_current_theme_link( $response );
+
 		/**
 		 * Filters the API root index data.
 		 *
@@ -1507,4 +1509,24 @@ public function get_headers( $server ) {
 
 		return $headers;
 	}
+
+	/**
+	 * Add current theme link to API response for users who have proper permissions.
+	 *
+	 * @since 5.7.0
+	 *
+	 * @param WP_REST_Response $response REST API response.
+	 *
+	 * @return WP_REST_Response REST API response.
+	 */
+	protected function maybe_add_current_theme_link( \WP_REST_Response $response ) {
+		if ( ! current_user_can( 'switch_themes' ) && ! current_user_can( 'manage_network_themes' ) ) {
+			return $response;
+		}
+
+		$theme = wp_get_theme();
+		$response->add_link( 'https://api.w.org/active-theme', rest_url( 'wp/v2/themes/' . $theme->get_stylesheet() ) );
+
+		return $response;
+	}
 }
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php
@@ -47,6 +47,28 @@ public function register_routes() {
 				'schema' => array( $this, 'get_item_schema' ),
 			)
 		);
+
+		register_rest_route(
+			$this->namespace,
+			'/' . $this->rest_base . '/(?P<stylesheet>[\w-]+)',
+			array(
+				'args'   => array(
+					'stylesheet' => array(
+						'description' => __( "The theme's stylesheet. This uniquely identifies the theme." ),
+						'type'        => 'string',
+					),
+				),
+				array(
+					'methods'             => WP_REST_Server::READABLE,
+					'callback'            => array( $this, 'get_item' ),
+					'permission_callback' => array( $this, 'get_item_permissions_check' ),
+					'args'                => array(
+						'context' => $this->get_context_param( array( 'default' => 'view' ) ),
+					),
+				),
+				'schema' => array( $this, 'get_public_item_schema' ),
+			)
+		);
 	}
 
 	/**
@@ -58,6 +80,56 @@ public function register_routes() {
 	 * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object.
 	 */
 	public function get_items_permissions_check( $request ) {
+		if ( current_user_can( 'switch_themes' ) || current_user_can( 'manage_network_themes' ) ) {
+			return true;
+		}
+
+		$registered = $this->get_collection_params();
+		if ( isset( $registered['status'], $request['status'] ) && is_array( $request['status'] ) && array( 'active' ) === $request['status'] ) {
+			return $this->check_read_active_theme_permission();
+		}
+
+		return new WP_Error(
+			'rest_user_cannot_view',
+			__( 'Sorry, you are not allowed to view themes.' ),
+			array( 'status' => rest_authorization_required_code() )
+		);
+	}
+
+	/**
+	 * Checks if a given request has access to read the theme.
+	 *
+	 * @since 5.7.0
+	 *
+	 * @param WP_REST_Request $request Full details about the request.
+	 * @return bool|WP_Error True if the request has read access for the item, otherwise WP_Error object.
+	 */
+	public function get_item_permissions_check( $request ) {
+		if ( current_user_can( 'switch_themes' ) || current_user_can( 'manage_network_themes' ) ) {
+			return true;
+		}
+
+		$wp_theme      = wp_get_theme( $request['name'] );
+		$current_theme = wp_get_theme();
+		if ( $this->is_same_theme( $wp_theme, $current_theme ) && true === $this->check_read_active_theme_permission() ) {
+			return true;
+		}
+
+		return new WP_Error(
+			'rest_cannot_view_active_theme',
+			__( 'Sorry, you are not allowed to view themes.' ),
+			array( 'status' => rest_authorization_required_code() )
+		);
+	}
+
+	/**
+	 * Checks if a theme can be read.
+	 *
+	 * @since 5.7.0
+	 *
+	 * @return bool|WP_Error Whether the theme can be read.
+	 */
+	protected function check_read_active_theme_permission() {
 		if ( current_user_can( 'edit_posts' ) ) {
 			return true;
 		}
@@ -69,12 +141,34 @@ public function get_items_permissions_check( $request ) {
 		}
 
 		return new WP_Error(
-			'rest_user_cannot_view',
-			__( 'Sorry, you are not allowed to view themes.' ),
+			'rest_cannot_view_active_theme',
+			__( 'Sorry, you are not allowed to view active theme.' ),
 			array( 'status' => rest_authorization_required_code() )
 		);
 	}
 
+	/**
+	 * Retrieves a single theme.
+	 *
+	 * @since 5.7.0
+	 *
+	 * @param WP_REST_Request $request Full details about the request.
+	 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
+	 */
+	public function get_item( $request ) {
+		$wp_theme = wp_get_theme( $request['stylesheet'] );
+		if ( ! $wp_theme->exists() ) {
+			return new WP_Error(
+				'rest_theme_invalid_slug',
+				__( 'Invalid theme slug.' ),
+				array( 'status' => 404 )
+			);
+		}
+		$data = $this->prepare_item_for_response( $wp_theme, $request );
+
+		return rest_ensure_response( $data );
+	}
+
 	/**
 	 * Retrieves a collection of themes.
 	 *
@@ -84,20 +178,25 @@ public function get_items_permissions_check( $request ) {
 	 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 	 */
 	public function get_items( $request ) {
-		// Retrieve the list of registered collection query parameters.
-		$registered = $this->get_collection_params();
-		$themes     = array();
+		$themes = array();
+
+		$active_themes = wp_get_themes();
+		$current_theme = wp_get_theme();
+		$status        = $request['status'];
 
-		if ( isset( $registered['status'], $request['status'] ) && in_array( 'active', $request['status'], true ) ) {
-			$active_theme = wp_get_theme();
-			$active_theme = $this->prepare_item_for_response( $active_theme, $request );
-			$themes[]     = $this->prepare_response_for_collection( $active_theme );
+		foreach ( $active_themes as $theme_name => $theme ) {
+			$theme_status = ( $this->is_same_theme( $theme, $current_theme ) ) ? 'active' : 'inactive';
+			if ( is_array( $status ) && ! in_array( $theme_status, $status, true ) ) {
+				continue;
+			}
+			$_theme   = $this->prepare_item_for_response( $theme, $request );
+			$themes[] = $this->prepare_response_for_collection( $_theme );
 		}
 
 		$response = rest_ensure_response( $themes );
 
 		$response->header( 'X-WP-Total', count( $themes ) );
-		$response->header( 'X-WP-TotalPages', count( $themes ) );
+		$response->header( 'X-WP-TotalPages', 1 );
 
 		return $response;
 	}
@@ -166,38 +265,47 @@ public function prepare_item_for_response( $theme, $request ) {
 			}
 		}
 
+		$current_theme = wp_get_theme();
+		if ( rest_is_field_included( 'status', $fields ) ) {
+			$data['status'] = ( $this->is_same_theme( $theme, $current_theme ) ) ? 'active' : 'inactive';
+		}
+
 		if ( rest_is_field_included( 'theme_supports', $fields ) ) {
-			foreach ( get_registered_theme_features() as $feature => $config ) {
-				if ( ! is_array( $config['show_in_rest'] ) ) {
-					continue;
-				}
+			if ( $this->is_same_theme( $theme, $current_theme ) ) {
+				foreach ( get_registered_theme_features() as $feature => $config ) {
+					if ( ! is_array( $config['show_in_rest'] ) ) {
+						continue;
+					}
 
-				$name = $config['show_in_rest']['name'];
+					$name = $config['show_in_rest']['name'];
 
-				if ( ! rest_is_field_included( "theme_supports.{$name}", $fields ) ) {
-					continue;
-				}
+					if ( ! rest_is_field_included( "theme_supports.{$name}", $fields ) ) {
+						continue;
+					}
 
-				if ( ! current_theme_supports( $feature ) ) {
-					$data['theme_supports'][ $name ] = $config['show_in_rest']['schema']['default'];
-					continue;
-				}
+					if ( ! current_theme_supports( $feature ) ) {
+						$data['theme_supports'][ $name ] = $config['show_in_rest']['schema']['default'];
+						continue;
+					}
 
-				$support = get_theme_support( $feature );
+					$support = get_theme_support( $feature );
 
-				if ( isset( $config['show_in_rest']['prepare_callback'] ) ) {
-					$prepare = $config['show_in_rest']['prepare_callback'];
-				} else {
-					$prepare = array( $this, 'prepare_theme_support' );
-				}
+					if ( isset( $config['show_in_rest']['prepare_callback'] ) ) {
+						$prepare = $config['show_in_rest']['prepare_callback'];
+					} else {
+						$prepare = array( $this, 'prepare_theme_support' );
+					}
 
-				$prepared = $prepare( $support, $config, $feature, $request );
+					$prepared = $prepare( $support, $config, $feature, $request );
 
-				if ( is_wp_error( $prepared ) ) {
-					continue;
-				}
+					if ( is_wp_error( $prepared ) ) {
+						continue;
+					}
 
-				$data['theme_supports'][ $name ] = $prepared;
+					$data['theme_supports'][ $name ] = $prepared;
+				}
+			} else {
+				$data['theme_supports'] = array();
 			}
 		}
 
@@ -206,6 +314,8 @@ public function prepare_item_for_response( $theme, $request ) {
 		// Wrap the data in a response object.
 		$response = rest_ensure_response( $data );
 
+		$response->add_links( $this->prepare_links( $theme ) );
+
 		/**
 		 * Filters theme data returned from the REST API.
 		 *
@@ -219,6 +329,40 @@ public function prepare_item_for_response( $theme, $request ) {
 	}
 
 	/**
+	 * Prepares links for the request.
+	 *
+	 * @since 5.7.0
+	 *
+	 * @param WP_Theme $theme Theme data.
+	 * @return array Links for the given block type.
+	 */
+	protected function prepare_links( $theme ) {
+		return array(
+			'collection' => array(
+				'href' => rest_url( sprintf( '%s/%s', $this->namespace, $this->rest_base ) ),
+			),
+			'self'       => array(
+				'href' => rest_url( sprintf( '%s/%s/%s', $this->namespace, $this->rest_base, $theme->get_template() ) ),
+			),
+		);
+	}
+
+	/**
+	 * Helper function to compare theme to current theme.
+	 *
+	 * @since 5.7.0
+	 *
+	 * @param WP_Theme $theme  Theme to compare to active theme.
+	 * @param WP_Theme $current_theme Current active theme.
+	 *
+	 * @return bool
+	 */
+	protected function is_same_theme( $theme, $current_theme ) {
+		return (string) $theme === (string) $current_theme;
+	}
+
+	/**
+	 *
 	 * Prepares the theme support value for inclusion in the REST API response.
 	 *
 	 * @since 5.5.0
@@ -399,6 +543,11 @@ public function get_item_schema() {
 					'type'        => 'string',
 					'readonly'    => true,
 				),
+				'status'         => array(
+					'description' => __( 'A named status for the theme.' ),
+					'type'        => 'string',
+					'enum'        => array( 'inactive', 'active' ),
+				),
 			),
 		);
 
@@ -431,10 +580,9 @@ public function get_collection_params() {
 			'description'       => __( 'Limit result set to themes assigned one or more statuses.' ),
 			'type'              => 'array',
 			'items'             => array(
-				'enum' => array( 'active' ),
+				'enum' => array( 'active', 'inactive' ),
 				'type' => 'string',
 			),
-			'required'          => true,
 			'sanitize_callback' => array( $this, 'sanitize_theme_status' ),
 		);
 

diff --git a/tests/phpunit/tests/rest-api/rest-schema-setup.php b/tests/phpunit/tests/rest-api/rest-schema-setup.php
@@ -129,6 +129,7 @@ public function test_expected_routes_in_schema() {
 			'/wp/v2/block-types/(?P<namespace>[a-zA-Z0-9_-]+)/(?P<name>[a-zA-Z0-9_-]+)',
 			'/wp/v2/settings',
 			'/wp/v2/themes',
+			'/wp/v2/themes/(?P<stylesheet>[\w-]+)',
 			'/wp/v2/plugins',
 			'/wp/v2/plugins/(?P<plugin>[^.\/]+(?:\/[^.\/]+)?)',
 			'/wp/v2/block-directory/search',