Ticket #48764: 48764.1.patch
File 48764.1.patch, 4.4 KB (added by , 5 years ago) |
---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
959 959 * @return stdClass|WP_Error Post object or WP_Error. 960 960 */ 961 961 protected function prepare_item_for_database( $request ) { 962 $prepared_post = new stdClass ;962 $prepared_post = new stdClass(); 963 963 964 964 // Post ID. 965 965 if ( isset( $request['id'] ) ) { … … 1013 1013 1014 1014 // Post status. 1015 1015 if ( ! empty( $schema['properties']['status'] ) && isset( $request['status'] ) ) { 1016 $status = $this->handle_status_param( $request['status'], $post_type );1016 $status = $this->handle_status_param( $request['status'], $post_type, $request['id'] ); 1017 1017 1018 1018 if ( is_wp_error( $status ) ) { 1019 1019 return $status; … … 1147 1147 * 1148 1148 * @param string $post_status Post status. 1149 1149 * @param object $post_type Post type. 1150 * @param int $post_id Post ID. 1150 1151 * @return string|WP_Error Post status or WP_Error if lacking the proper permission. 1151 1152 */ 1152 protected function handle_status_param( $post_status, $post_type ) {1153 protected function handle_status_param( $post_status, $post_type, $post_id ) { 1153 1154 1154 1155 switch ( $post_status ) { 1155 1156 case 'draft': … … 1156 1157 case 'pending': 1157 1158 break; 1158 1159 case 'private': 1159 if ( ! current_user_can( $post_type->cap->publish_posts ) ) {1160 if ( ! current_user_can( $post_type->cap->publish_posts, $post_id ) ) { 1160 1161 return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to create private posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); 1161 1162 } 1162 1163 break; 1163 1164 case 'publish': 1164 1165 case 'future': 1165 if ( ! current_user_can( $post_type->cap->publish_posts ) ) {1166 if ( ! current_user_can( $post_type->cap->publish_posts, $post_id ) ) { 1166 1167 return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to publish posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); 1167 1168 } 1168 1169 break; … … 2078 2079 'type' => 'object', 2079 2080 'context' => array( 'view', 'edit', 'embed' ), 2080 2081 'arg_options' => array( 2081 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() 2082 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() 2082 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). 2083 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). 2083 2084 ), 2084 2085 'properties' => array( 2085 2086 'raw' => array( … … 2103 2104 'type' => 'object', 2104 2105 'context' => array( 'view', 'edit' ), 2105 2106 'arg_options' => array( 2106 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() 2107 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() 2107 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). 2108 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). 2108 2109 ), 2109 2110 'properties' => array( 2110 2111 'raw' => array( … … 2148 2149 'type' => 'object', 2149 2150 'context' => array( 'view', 'edit', 'embed' ), 2150 2151 'arg_options' => array( 2151 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database() 2152 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database() 2152 'sanitize_callback' => null, // Note: sanitization implemented in self::prepare_item_for_database(). 2153 'validate_callback' => null, // Note: validation implemented in self::prepare_item_for_database(). 2153 2154 ), 2154 2155 'properties' => array( 2155 2156 'raw' => array( … … 2606 2607 public function sanitize_post_statuses( $statuses, $request, $parameter ) { 2607 2608 $statuses = wp_parse_slug_list( $statuses ); 2608 2609 2609 // The default status is different in WP_REST_Attachments_Controller 2610 // The default status is different in WP_REST_Attachments_Controller. 2610 2611 $attributes = $request->get_attributes(); 2611 2612 $default_status = $attributes['args']['status']['default']; 2612 2613