Changeset 43067 for branches/4.9/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
- Timestamp:
- 05/01/2018 10:17:26 PM (6 years ago)
- Location:
- branches/4.9
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.9
-
branches/4.9/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r41760 r43067 187 187 } 188 188 189 if ( 'authors' === $request['who'] ) { 190 $can_view = false; 191 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 192 foreach ( $types as $type ) { 193 if ( current_user_can( $type->cap->edit_posts ) ) { 194 $can_view = true; 195 } 196 } 197 if ( ! $can_view ) { 198 return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); 199 } 200 } 201 189 202 return true; 190 203 } … … 251 264 } 252 265 253 if ( ! current_user_can( 'list_users' ) ) { 266 if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) { 267 $prepared_args['who'] = 'authors'; 268 } elseif ( ! current_user_can( 'list_users' ) ) { 254 269 $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); 255 270 } … … 1363 1378 ); 1364 1379 1380 $query_params['who'] = array( 1381 'description' => __( 'Limit result set to users who are considered authors.' ), 1382 'type' => 'string', 1383 'enum' => array( 1384 'authors', 1385 ), 1386 ); 1387 1365 1388 /** 1366 1389 * Filter collection parameters for the users controller.
Note: See TracChangeset
for help on using the changeset viewer.