diff --git src/wp-includes/customize/class-wp-customize-partial.php src/wp-includes/customize/class-wp-customize-partial.php
index f6e5e44..75872e6 100644
|
|
class WP_Customize_Partial { |
285 | 285 | ); |
286 | 286 | return $exports; |
287 | 287 | } |
| 288 | |
| 289 | /** |
| 290 | * Checks if the user can refresh this partial. |
| 291 | * |
| 292 | * Returns false if the user cannot manipulate one of the associated settings, |
| 293 | * or if one of the associated settings does not exist. |
| 294 | * |
| 295 | * |
| 296 | * This controls whether the partial will be |
| 297 | * |
| 298 | * capabilities to manipulate the related settings. |
| 299 | * |
| 300 | * @since 4.5.0 |
| 301 | * @access public |
| 302 | * |
| 303 | * @return bool False if user can't edit one one of the related settings, |
| 304 | * or if one of the associated settings does not exist. |
| 305 | */ |
| 306 | final public function check_capabilities() { |
| 307 | foreach ( $this->settings as $setting_id ) { |
| 308 | $setting = $this->component->manager->get_setting( $setting_id ); |
| 309 | if ( ! $setting || ! $setting->check_capabilities() ) { |
| 310 | return false; |
| 311 | } |
| 312 | } |
| 313 | return true; |
| 314 | } |
288 | 315 | } |
diff --git src/wp-includes/customize/class-wp-customize-selective-refresh.php src/wp-includes/customize/class-wp-customize-selective-refresh.php
index bf8a9e3..23bf06d 100644
|
|
final class WP_Customize_Selective_Refresh { |
172 | 172 | $partials = array(); |
173 | 173 | |
174 | 174 | foreach ( $this->partials() as $partial ) { |
175 | | $partials[ $partial->id ] = $partial->json(); |
| 175 | if ( $partial->check_capabilities() ) { |
| 176 | $partials[ $partial->id ] = $partial->json(); |
| 177 | } |
176 | 178 | } |
177 | 179 | |
178 | 180 | $exports = array( |
… |
… |
final class WP_Customize_Selective_Refresh { |
356 | 358 | |
357 | 359 | $partial = $this->get_partial( $partial_id ); |
358 | 360 | |
359 | | if ( ! $partial ) { |
| 361 | if ( ! $partial || ! $partial->check_capabilities() ) { |
360 | 362 | $contents[ $partial_id ] = null; |
361 | 363 | continue; |
362 | 364 | } |
diff --git tests/phpunit/tests/customize/selective-refresh.php tests/phpunit/tests/customize/selective-refresh.php
index de56b13..9d6495d 100644
|
|
class Test_WP_Customize_Selective_Refresh extends WP_UnitTestCase { |
137 | 137 | * @see WP_Customize_Selective_Refresh::export_preview_data() |
138 | 138 | */ |
139 | 139 | function test_export_preview_data() { |
| 140 | wp_set_current_user( self::factory()->user->create( array( 'role' => 'administrator' ) ) ); |
| 141 | do_action( 'customize_register', $this->wp_customize ); |
140 | 142 | $this->selective_refresh->add_partial( 'blogname', array( |
141 | 143 | 'selector' => '#site-title', |
142 | 144 | ) ); |