| 662 | /** |
| 663 | * Checks if a given request has access to read an attachment. |
| 664 | * |
| 665 | * @param WP_REST_Request $request Full details about the request. |
| 666 | * @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise. |
| 667 | */ |
| 668 | public function get_item_permissions_check( $request ) { |
| 669 | $query_args = array( |
| 670 | 'post_status' => 'any', |
| 671 | 'post_type' => 'any', |
| 672 | 'meta_key' => '_thumbnail_id', |
| 673 | 'meta_value' => $request['id'], |
| 674 | 'no_found_rows' => true, |
| 675 | 'posts_per_page' => 100, // Set a reasonable maximum number of results. |
| 676 | ); |
| 677 | |
| 678 | $posts_query = new WP_Query(); |
| 679 | $query_result = $posts_query->query( $query_args ); |
| 680 | |
| 681 | $wp_error = false; |
| 682 | |
| 683 | foreach ( $query_result as $post ) { |
| 684 | |
| 685 | if ( is_wp_error( $post ) ) { |
| 686 | continue; |
| 687 | } |
| 688 | |
| 689 | |
| 690 | if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) { |
| 691 | $wp_error = WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); |
| 692 | } |
| 693 | |
| 694 | if ( $post && ! empty( $request['password'] ) ) { |
| 695 | // Check post password, and return error if invalid. |
| 696 | if ( ! hash_equals( $post->post_password, $request['password'] ) ) { |
| 697 | $wp_error = WP_Error( 'rest_post_incorrect_password', __( 'Incorrect post password.' ), array( 'status' => 403 ) ); |
| 698 | } |
| 699 | } |
| 700 | |
| 701 | // Allow access to all password protected posts if the context is edit. |
| 702 | if ( 'edit' === $request['context'] ) { |
| 703 | add_filter( 'post_password_required', '__return_false' ); |
| 704 | } |
| 705 | |
| 706 | if ( $post && $this->check_read_permission( $post ) ) { |
| 707 | return true; |
| 708 | } |
| 709 | } |
| 710 | |
| 711 | if( $wp_error && ! $has_permission ) { |
| 712 | return $wp_error; |
| 713 | } |
| 714 | |
| 715 | return parent::get_item_permissions_check( $request ); |
| 716 | } |
| 717 | |