Use rest endpoint instead of ajax

Author: lezama

projects/packages/forms/changelog/rest-export-endpoint

@@ -0,0 +1,4 @@
+Significance: minor
+Type: added
+
+Add REST API endpoint for exporting form responses, replacing legacy AJAX implementation

projects/packages/forms/src/contact-form/class-contact-form-endpoint.php

@@ -255,6 +255,43 @@ public function register_routes() {
 				'callback'            => array( $this, 'get_forms_config' ),
 			)
 		);
+
+		register_rest_route(
+			$this->namespace,
+			$this->rest_base . '/export',
+			array(
+				'methods'             => \WP_REST_Server::CREATABLE,
+				'permission_callback' => array( $this, 'export_permissions_check' ),
+				'callback'            => array( $this, 'export_responses' ),
+				'args'                => array(
+					'selected' => array(
+						'type'    => 'array',
+						'items'   => array( 'type' => 'integer' ),
+						'default' => array(),
+					),
+					'post'     => array(
+						'type'    => 'string',
+						'default' => 'all',
+					),
+					'search'   => array(
+						'type'    => 'string',
+						'default' => '',
+					),
+					'status'   => array(
+						'type'    => 'string',
+						'default' => 'publish',
+					),
+					'before'   => array(
+						'type'    => 'string',
+						'default' => '',
+					),
+					'after'    => array(
+						'type'    => 'string',
+						'default' => '',
+					),
+				),
+			)
+		);
 	}
 
 	/**
@@ -1070,4 +1107,106 @@ public function get_forms_config( WP_REST_Request $request ) { // phpcs:ignore V
 
 		return rest_ensure_response( $config );
 	}
+
+	/**
+	 * Checks if a given request has permissions to export responses.
+	 *
+	 * @param WP_REST_Request $request The request object.
+	 * @return bool|WP_Error True if the request can export, error object otherwise.
+	 */
+	public function export_permissions_check( $request ) { //phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable
+		if ( is_super_admin() ) {
+			return true;
+		}
+
+		if ( ! is_user_member_of_blog( get_current_user_id(), get_current_blog_id() ) ) {
+			return new WP_Error(
+				'rest_user_not_member',
+				__( 'Sorry, you are not a member of this site.', 'jetpack-forms' ),
+				array( 'status' => rest_authorization_required_code() )
+			);
+		}
+
+		if ( ! current_user_can( 'export' ) ) {
+			return new WP_Error(
+				'rest_user_cannot_export',
+				__( 'Sorry, you are not allowed to export form responses on this site.', 'jetpack-forms' ),
+				array( 'status' => rest_authorization_required_code() )
+			);
+		}
+
+		return true;
+	}
+
+	/**
+	 * Export form responses to CSV.
+	 *
+	 * @param WP_REST_Request $request The request object.
+	 * @return WP_REST_Response|WP_Error The response containing CSV data or error.
+	 */
+	public function export_responses( $request ) {
+		$selected = $request->get_param( 'selected' );
+		$post_id  = $request->get_param( 'post' );
+		$search   = $request->get_param( 'search' );
+		$status   = $request->get_param( 'status' );
+		$before   = $request->get_param( 'before' );
+		$after    = $request->get_param( 'after' );
+
+		$query_args = array(
+			'post_type'        => 'feedback',
+			'posts_per_page'   => -1,
+			'post_status'      => array( 'publish' ),
+			'order'            => 'ASC',
+			'suppress_filters' => false,
+		);
+
+		if ( $status && $status !== 'publish' ) {
+			$query_args['post_status'] = explode( ',', $status );
+		}
+
+		if ( $post_id && $post_id !== 'all' ) {
+			$query_args['post_parent'] = intval( $post_id );
+		}
+
+		if ( $search ) {
+			$query_args['s'] = $search;
+		}
+
+		if ( ! empty( $selected ) ) {
+			$query_args['post__in'] = array_map( 'intval', $selected );
+		}
+
+		if ( $before || $after ) {
+			$date_query = array();
+			if ( $before ) {
+				$date_query['before'] = $before;
+			}
+			if ( $after ) {
+				$date_query['after'] = $after;
+			}
+			$query_args['date_query'] = array( $date_query );
+		}
+
+		$feedback_posts = get_posts( $query_args );
+
+		if ( empty( $feedback_posts ) ) {
+			return new WP_Error( 'no_responses', __( 'No responses found', 'jetpack-forms' ), array( 'status' => 404 ) );
+		}
+
+		$feedback_ids = array_map(
+			function ( $post ) {
+				return $post->ID;
+			},
+			$feedback_posts
+		);
+
+		$plugin      = Contact_Form_Plugin::init();
+		$export_data = $plugin->get_export_feedback_data( $feedback_ids );
+
+		if ( empty( $export_data ) ) {
+			return new WP_Error( 'no_responses', __( 'No responses found', 'jetpack-forms' ), array( 'status' => 404 ) );
+		}
+
+		$plugin->download_feedback_as_csv( $export_data, $post_id );
+	}
 }

projects/packages/forms/src/contact-form/class-contact-form-plugin.php

@@ -211,9 +211,7 @@ protected function __construct() {
 		add_filter( 'wp_privacy_personal_data_exporters', array( $this, 'register_personal_data_exporter' ) );
 		add_filter( 'wp_privacy_personal_data_erasers', array( $this, 'register_personal_data_eraser' ) );
 
-		// Export to CSV feature
 		if ( is_admin() ) {
-			add_action( 'wp_ajax_feedback_export', array( $this, 'download_feedback_as_csv' ) );
 			add_action( 'wp_ajax_create_new_form', array( $this, 'create_new_form' ) );
 		}
 		add_action( 'admin_menu', array( $this, 'admin_menu' ) );
@@ -2758,21 +2756,20 @@ function ( $selected ) {
 
 	/**
 	 * Download exported data as CSV
+	 *
+	 * @param array  $data    Export data to generate CSV from.
+	 * @param string $post_id Optional. Post ID for filename generation.
 	 */
-	public function download_feedback_as_csv() {
-		// phpcs:ignore WordPress.Security.NonceVerification.Missing -- verification is done on get_feedback_entries_from_post function
-		$post_data = wp_unslash( $_POST );
-		$data      = $this->get_feedback_entries_from_post();
-
+	public function download_feedback_as_csv( $data, $post_id = '' ) {
 		if ( empty( $data ) ) {
 			return;
 		}
 
 		// Check if we want to download all the feedbacks or just a certain contact form
-		if ( ! empty( $post_data['post'] ) && $post_data['post'] !== 'all' ) {
+		if ( ! empty( $post_id ) && $post_id !== 'all' ) {
 			$filename = sprintf(
 				'%s - %s.csv',
-				Util::get_export_filename( get_the_title( (int) $post_data['post'] ) ),
+				Util::get_export_filename( get_the_title( (int) $post_id ) ),
 				gmdate( 'Y-m-d H:i' )
 			);
 		} else {

projects/packages/forms/src/dashboard/hooks/use-export-responses.ts

@@ -3,23 +3,32 @@
  */
 import jetpackAnalytics from '@automattic/jetpack-analytics';
 import { useBreakpointMatch } from '@automattic/jetpack-components';
+import apiFetch from '@wordpress/api-fetch';
 import { store as coreStore } from '@wordpress/core-data';
 import { useSelect } from '@wordpress/data';
 import { useState, useCallback, useEffect } from '@wordpress/element';
 import { __ } from '@wordpress/i18n';
 /**
  * Internal dependencies
  */
-import { config } from '..';
 import { store as dashboardStore } from '../store';
 
+type ExportData = {
+	selected: number[];
+	post: string;
+	search: string;
+	status: string;
+	before?: string;
+	after?: string;
+};
+
 type ExportHookReturn = {
 	showExportModal: boolean;
 	openModal: () => void;
 	closeModal: () => void;
 	autoConnectGdrive: boolean;
 	userCanExport: boolean;
-	onExport: ( action: string, nonceName: string ) => Promise< Response >;
+	onExport: () => Promise< Response >;
 	selectedResponsesCount: number;
 	currentStatus: string;
 	exportLabel: string;
@@ -75,25 +84,26 @@ export default function useExportResponses(): ExportHookReturn {
 		return { selected: getSelectedResponsesFromCurrentDataset(), currentQuery: getCurrentQuery() };
 	}, [] );
 
-	const onExport = useCallback(
-		( action: string, nonceName: string ) => {
-			const data = new FormData();
-			data.append( 'action', action );
-			data.append( nonceName, config( 'exportNonce' ) );
-			selected.forEach( ( id: string ) => data.append( 'selected[]', id ) );
-			data.append( 'post', currentQuery.parent || 'all' );
-			data.append( 'search', currentQuery.search || '' );
-			data.append( 'status', currentQuery.status );
-
-			if ( currentQuery.before && currentQuery.after ) {
-				data.append( 'before', currentQuery.before );
-				data.append( 'after', currentQuery.after );
-			}
-
-			return fetch( window.ajaxurl, { method: 'POST', body: data } );
-		},
-		[ currentQuery, selected ]
-	);
+	const onExport = useCallback( () => {
+		const exportData: ExportData = {
+			selected: selected.map( id => parseInt( id, 10 ) ),
+			post: currentQuery.parent ? String( currentQuery.parent ) : 'all',
+			search: currentQuery.search || '',
+			status: currentQuery.status || 'publish',
+		};
+
+		if ( currentQuery.before && currentQuery.after ) {
+			exportData.before = currentQuery.before;
+			exportData.after = currentQuery.after;
+		}
+
+		return apiFetch( {
+			path: '/wp/v2/feedback/export',
+			method: 'POST',
+			data: exportData,
+			parse: false,
+		} );
+	}, [ currentQuery, selected ] );
 
 	useEffect( () => {
 		const url = new URL( window.location.href );