WordPress.org

Make WordPress Core


Ignore:
Timestamp:
11/18/2016 07:06:26 PM (19 months ago)
Author:
joehoyle
Message:

REST API: Check read permissions on posts when viewing comments.

With a few tests for getting / creating comments to reflect core behaviour.

Props timmyc.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php

    r39292 r39295  
    14551455    protected function check_read_post_permission( $post ) {
    14561456        $posts_controller = new WP_REST_Posts_Controller( $post->post_type );
     1457        $post_type = get_post_type_object( $post->post_type );
     1458
     1459        if ( post_password_required( $post ) ) {
     1460            return current_user_can( $post_type->cap->edit_post, $post->ID );
     1461        }
    14571462
    14581463        return $posts_controller->check_read_permission( $post );
Note: See TracChangeset for help on using the changeset viewer.