Report error conditions with HTTP status

controllers/posts.php

@@ -9,20 +9,20 @@ class JSON_API_Posts_Controller {
   public function create_post() {
     global $json_api;
     if (!current_user_can('edit_posts')) {
-      $json_api->error("You need to login with a user that has 'edit_posts' capacity.");
+      $json_api->error("You need to login with a user that has 'edit_posts' capacity.", 403);
     }
     if (!$json_api->query->nonce) {
-      $json_api->error("You must include a 'nonce' value to create posts. Use the `get_nonce` Core API method.");
+      $json_api->error("You must include a 'nonce' value to create posts. Use the `get_nonce` Core API method.", 403);
     }
     $nonce_id = $json_api->get_nonce_id('posts', 'create_post');
     if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) {
-      $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.");
+      $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.", 403);
     }
     nocache_headers();
     $post = new JSON_API_Post();
     $id = $post->create($_REQUEST);
     if (empty($id)) {
-      $json_api->error("Could not create post.");
+      $json_api->error("Could not create post.", 500);
     }
     return array(
       'post' => $post
@@ -36,14 +36,14 @@ public function update_post() {
       $json_api->error("Post not found.");
     }
     if (!current_user_can('edit_post', $post->ID)) {
-      $json_api->error("You need to login with a user that has the 'edit_post' capacity for that post.");
+      $json_api->error("You need to login with a user that has the 'edit_post' capacity for that post.", 403);
     }
     if (!$json_api->query->nonce) {
-      $json_api->error("You must include a 'nonce' value to update posts. Use the `get_nonce` Core API method.");
+      $json_api->error("You must include a 'nonce' value to update posts. Use the `get_nonce` Core API method.", 403);
     }
     $nonce_id = $json_api->get_nonce_id('posts', 'update_post');
     if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) {
-      $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.");
+      $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.", 403);
     }
     nocache_headers();
     $post = new JSON_API_Post($post);
@@ -60,20 +60,20 @@ public function delete_post() {
       $json_api->error("Post not found.");
     }
     if (!current_user_can('edit_post', $post->ID)) {
-      $json_api->error("You need to login with a user that has the 'edit_post' capacity for that post.");
+      $json_api->error("You need to login with a user that has the 'edit_post' capacity for that post.", 403);
     }
     if (!current_user_can('delete_posts')) {
-      $json_api->error("You need to login with a user that has the 'delete_posts' capacity.");
+      $json_api->error("You need to login with a user that has the 'delete_posts' capacity.", 403);
     }
     if ($post->post_author != get_current_user_id() && !current_user_can('delete_other_posts')) {
-      $json_api->error("You need to login with a user that has the 'delete_other_posts' capacity.");
+      $json_api->error("You need to login with a user that has the 'delete_other_posts' capacity.", 403);
     }
     if (!$json_api->query->nonce) {
-      $json_api->error("You must include a 'nonce' value to update posts. Use the `get_nonce` Core API method.");
+      $json_api->error("You must include a 'nonce' value to update posts. Use the `get_nonce` Core API method.", 403);
     }
     $nonce_id = $json_api->get_nonce_id('posts', 'delete_post');
     if (!wp_verify_nonce($json_api->query->nonce, $nonce_id)) {
-      $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.");
+      $json_api->error("Your 'nonce' value was incorrect. Use the 'get_nonce' API method.", 403);
     }
     nocache_headers();
     wp_delete_post($post->ID);

models/comment.php

@@ -60,12 +60,12 @@ function comment_id_not_found() {
 
   function comment_closed() {
     global $json_api;
-    $json_api->error("Post is closed for comments.");
+    $json_api->error("Post is closed for comments.", 403);
   }
 
   function comment_on_draft() {
     global $json_api;
-    $json_api->error("You cannot comment on unpublished posts.");
+    $json_api->error("You cannot comment on unpublished posts.", 403);
   }
 
   function comment_post_redirect() {

singletons/api.php

@@ -379,10 +379,10 @@ function flush_rewrite_rules() {
     $wp_rewrite->flush_rules();
   }
 
-  function error($message = 'Unknown error', $status = 'error') {
+  function error($message = 'Unknown error', $http_status = 404) {
     $this->response->respond(array(
       'error' => $message
-    ), $status);
+    ), 'error', $http_status);
   }
 
   function include_value($key) {

singletons/response.php

@@ -74,7 +74,7 @@ function is_value_included($key) {
     }
   }
 
-  function respond($result, $status = 'ok') {
+  function respond($result, $status = 'ok', $http_status = 200) {
     global $json_api;
     $json = $this->get_json($result, $status);
     $status_redirect = "redirect_$status";
@@ -97,15 +97,15 @@ function respond($result, $status = 'ok') {
       $this->callback($json_api->query->callback, $json);
     } else {
       // Output the result
-      $this->output($json);
+      $this->output($json, $http_status);
     }
     exit;
   }
 
-  function output($result) {
+  function output($result, $http_status) {
     $charset = get_option('blog_charset');
     if (!headers_sent()) {
-      header('HTTP/1.1 200 OK', true);
+      status_header($http_status);
       header("Content-Type: application/json; charset=$charset", true);
     }
     echo $result;
@@ -114,7 +114,7 @@ function output($result) {
   function callback($callback, $result) {
     $charset = get_option('blog_charset');
     if (!headers_sent()) {
-      header('HTTP/1.1 200 OK', true);
+      status_header(200);
       header("Content-Type: application/javascript; charset=$charset", true);
     }
     echo "$callback($result)";