Ticket #48764: 48764.patch
| File 48764.patch, 1.9 KB (added by , 5 years ago) |
|---|
-
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
1013 1013 1014 1014 // Post status. 1015 1015 if ( ! empty( $schema['properties']['status'] ) && isset( $request['status'] ) ) { 1016 $status = $this->handle_status_param( $request['status'], $post_type );1016 $status = $this->handle_status_param( $request['status'], $post_type, $request['id'] ); 1017 1017 1018 1018 if ( is_wp_error( $status ) ) { 1019 1019 return $status; … … 1147 1147 * 1148 1148 * @param string $post_status Post status. 1149 1149 * @param object $post_type Post type. 1150 * @param int $post_id Post ID. 1150 1151 * @return string|WP_Error Post status or WP_Error if lacking the proper permission. 1151 1152 */ 1152 protected function handle_status_param( $post_status, $post_type ) {1153 protected function handle_status_param( $post_status, $post_type, $post_id ) { 1153 1154 1154 1155 switch ( $post_status ) { 1155 1156 case 'draft': … … 1156 1157 case 'pending': 1157 1158 break; 1158 1159 case 'private': 1159 if ( ! current_user_can( $post_type->cap->publish_posts ) ) {1160 if ( ! current_user_can( $post_type->cap->publish_posts, $post_id ) ) { 1160 1161 return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to create private posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); 1161 1162 } 1162 1163 break; 1163 1164 case 'publish': 1164 1165 case 'future': 1165 if ( ! current_user_can( $post_type->cap->publish_posts ) ) {1166 if ( ! current_user_can( $post_type->cap->publish_posts, $post_id ) ) { 1166 1167 return new WP_Error( 'rest_cannot_publish', __( 'Sorry, you are not allowed to publish posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); 1167 1168 } 1168 1169 break;