| 476 | * Checks if a given request has access to read an attachment. |
| 477 | * |
| 478 | * @param WP_REST_Request $request Full details about the request. |
| 479 | * @return bool|WP_Error True if the request has read access for the item, WP_Error object otherwise. |
| 480 | */ |
| 481 | public function get_item_permissions_check( $request ) { |
| 482 | |
| 483 | $query_args = array( |
| 484 | 'post_status' => 'any', |
| 485 | 'post_type' => 'any', |
| 486 | 'meta_key' => '_thumbnail_id', |
| 487 | 'meta_value' => $request['id'] |
| 488 | ); |
| 489 | |
| 490 | $posts_query = new WP_Query(); |
| 491 | $query_result = $posts_query->query( $query_args ); |
| 492 | |
| 493 | $has_permission = false; |
| 494 | $wp_error = false; |
| 495 | |
| 496 | foreach ( $query_result as $post ) { |
| 497 | |
| 498 | if ( is_wp_error( $post ) ) { |
| 499 | continue; |
| 500 | } |
| 501 | |
| 502 | if ( 'edit' === $request['context'] && $post && ! $this->check_update_permission( $post ) ) { |
| 503 | $wp_error = WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit this post.' ), array( 'status' => rest_authorization_required_code() ) ); |
| 504 | } |
| 505 | |
| 506 | if ( $post && ! empty( $request['password'] ) ) { |
| 507 | // Check post password, and return error if invalid. |
| 508 | if ( ! hash_equals( $post->post_password, $request['password'] ) ) { |
| 509 | $wp_error = WP_Error( 'rest_post_incorrect_password', __( 'Incorrect post password.' ), array( 'status' => 403 ) ); |
| 510 | } |
| 511 | } |
| 512 | |
| 513 | // Allow access to all password protected posts if the context is edit. |
| 514 | if ( 'edit' === $request['context'] ) { |
| 515 | add_filter( 'post_password_required', '__return_false' ); |
| 516 | } |
| 517 | |
| 518 | |
| 519 | if ( $post ) { |
| 520 | $has_permission = $this->check_read_permission( $post ); |
| 521 | } |
| 522 | |
| 523 | if( $has_permission ) { |
| 524 | return true; |
| 525 | } |
| 526 | } |
| 527 | |
| 528 | if( $wp_error && ! $has_permission ) { |
| 529 | return $wp_error; |
| 530 | } |
| 531 | |
| 532 | return parent::get_item_permissions_check( $request ); |
| 533 | } |
| 534 | |
| 535 | /** |