4. Write API EDITABLE Category Order (có permission_callback) (ok)

Chú ý phải active plugin WP API SwaggerUI

<?php
/**
 * Add rest api endpoint for category listing
 */
/**
 * Class Lionel_Category_List_Rest
 */
class Lionel_Category_List_Rest extends WP_REST_Controller {
  /**
   * The namespace.
   *
   * @var string
   */
  protected $namespace;
  /**
   * Rest base for the current object.
   *
   * @var string
   */
  protected $rest_base;
  /**
   * Lionel_Category_List_Rest constructor.
   */
  public function __construct() {
    $this->namespace = 'category-list/v1';
    $this->rest_base = 'order';
  }
  /**
   * Register the routes for the objects of the controller.
   */
  public function register_routes() {
    register_rest_route($this->namespace, '/' . $this->rest_base, array(
      array(
        'methods'  => WP_REST_Server::READABLE,
        'callback' => array($this, 'get_items'),
        'permission_callback' => array( $this, 'get_items_permissions_check' ),
      ),
      array(
        'methods'  => WP_REST_Server::EDITABLE,
        'callback' => array($this, 'update_item'),
        'permission_callback' => array( $this, 'update_item_permissions_check' ),
        'args'     => $this->get_endpoint_args_for_item_schema(false),
      ),
      'schema' => null,
    ));
  }
  /**
   * Check permissions for the read.
   *
   * @param WP_REST_Request $request get data from request.
   *
   * @return bool|WP_Error
   */
  public function get_items_permissions_check($request) {
    if (!current_user_can('read')) {
      return new WP_Error('rest_forbidden', esc_html__('You cannot view the category resource.'), array('status' => $this->authorization_status_code()));
    }
    return true;
  }
  /**
   * Check permissions for the update
   *
   * @param WP_REST_Request $request get data from request.
   *
   * @return bool|WP_Error
   */
  public function update_item_permissions_check($request) {
    if (!current_user_can('read')) {
      return new WP_Error('rest_forbidden', esc_html__('You cannot update the category resource.'), array('status' => $this->authorization_status_code()));
    }
    return true;
  }
  /**
   * Grabs all the category list.
   *
   * @param WP_REST_Request $request get data from request.
   *
   * @return mixed|WP_REST_Response
   */
  public function get_items($request) {
    $cat_order = get_option('category_order');
    $data = get_categories();
    $res  = [];
    if ($cat_order) {
      $temp          = [];
      $temp['name']  = $cat_order['name'];
      $temp['id']    = $cat_order['id'];
      $temp['order'] = $cat_order['order'];
      $res[]         = $temp;
    } elseif (!empty($data)) {
      $index = 0;
      foreach ($data as $list) {
        if ('category' === $list->taxonomy) {
          $temp          = [];
          $temp['name']  = $list->name;
          $temp['id']    = $list->term_id;
          $temp['order'] = $index;
          $res[]         = $temp;
          $index++;
        }
      }
    }
    // Return all of our comment response data.
    return rest_ensure_response($res);
  }
  /**
   * Update category order
   *
   * @param WP_REST_Request $request get data from request.
   *
   * @return mixed|WP_Error|WP_REST_Response
   */
  public function update_item($request) {
    if (!isset($request['name'])) {
      return new WP_Error('invalid_data', __('Cannot update category order.'), array('status' => 400));
    }
    $update_item = ["name" => $request['name'], "id" => $request['id'], "order" => $request['order']];
    $res         = update_option('category_order', $update_item);
    if ($res) {
      $data['msg'] = __('Category order updated', '');
    } else {
      return new WP_Error('cant update', __('Please provide proper data'), array('status' => 400));
    }
    return rest_ensure_response($data);
  }
  /**
   * Sets up the proper HTTP status code for authorization.
   *
   * @return int
   */
  public function authorization_status_code() {
    $status = 401;
    if (is_user_logged_in()) {
      $status = 403;
    }
    return $status;
  }
}
/**
 * Function to register our new routes from the controller.
 */
function register_cat_list_controller() {
  $controller = new Lionel_Category_List_Rest();
  $controller->register_routes();
}
add_action('rest_api_init', 'register_cat_list_controller');
add_action( 'rest_api_init', 'register_api_hooks' );
function register_api_hooks() {
  register_rest_route(
    'category-list/v1', 'login',
    array(
      'methods'  => 'POST',
      'callback' => 'loginuser',
    )
  );
}
function loginuser($request = null){
  $creds = array();
  $creds['user_login'] = $request["username"];
  $creds['user_password'] =  $request["password"];
  $creds['remember'] = true;
  $user = wp_signon( $creds, false );
  if ( is_wp_error($user) ) echo $user->get_error_message();
  return $user;
}