Improve REST authentication method

Instead of checking if the user is logged in it also checks if the user a basic auth for applications is used.

Signed-off-by: Jory Hogeveen <[email protected]>

classes/PodsRESTFields.php

@@ -25,6 +25,12 @@ class PodsRESTFields {
 	 */
 	protected $pod = null;
 
+	/**
+	 * The user ID for the authenticated user.
+	 * @var int
+	 */
+	private static $rest_user_id;
+
 	/**
 	 * Constructor for class
 	 *
@@ -102,6 +108,21 @@ public function set_pod( $pod ) {
 		$this->pod = $pod;
 	}
 
+	/**
+	 * Validates if a current user or application is logged in.
+	 *
+	 * @return bool
+	 */
+	public static function is_rest_authenticated(): bool {
+		if ( isset( self::$rest_user_id ) ) {
+			return ! empty( self::$rest_user_id );
+		}
+
+		self::$rest_user_id = wp_validate_application_password( get_current_user_id() );
+
+		return ! empty( self::$rest_user_id );
+	}
+
 	/**
 	 * Add fields, based on options to REST read/write requests
 	 *
@@ -230,7 +251,7 @@ public static function field_allowed_to_extend( $field, $pod, $mode ) {
 
 		// Check if user must be logged in to access all fields and override whether they can use it.
 		if ( $all_fields_can_use_mode && $all_fields_access ) {
-			$all_fields_can_use_mode = is_user_logged_in();
+			$all_fields_can_use_mode = self::is_rest_authenticated();
 		}
 
 		// Maybe get the Field object from the Pod.
@@ -260,7 +281,7 @@ public static function field_allowed_to_extend( $field, $pod, $mode ) {
 
 		// Check if user must be logged in to access field and override whether they can use it.
 		if ( $can_use_mode && $access ) {
-			$can_use_mode = is_user_logged_in();
+			$can_use_mode = self::is_rest_authenticated();
 		}
 
 		return $can_use_mode;