Changeset 47034
- Timestamp:
- 01/03/2020 02:26:36 AM (5 years ago)
- Location:
- trunk/src/wp-includes/rest-api/endpoints
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-post-statuses-controller.php
r46696 r47034 90 90 } 91 91 } 92 92 93 return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to manage post statuses.' ), array( 'status' => rest_authorization_required_code() ) ); 93 94 } -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php
r46823 r47034 82 82 public function get_items_permissions_check( $request ) { 83 83 if ( 'edit' === $request['context'] ) { 84 foreach ( get_post_types( array(), 'object' ) as $post_type ) { 85 if ( ! empty( $post_type->show_in_rest ) && current_user_can( $post_type->cap->edit_posts ) ) { 84 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 85 86 foreach ( $types as $type ) { 87 if ( current_user_can( $type->cap->edit_posts ) ) { 86 88 return true; 87 89 } … … 103 105 */ 104 106 public function get_items( $request ) { 105 $data = array(); 106 107 foreach ( get_post_types( array(), 'object' ) as $obj ) { 108 if ( empty( $obj->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $obj->cap->edit_posts ) ) ) { 107 $data = array(); 108 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 109 110 foreach ( $types as $type ) { 111 if ( 'edit' === $request['context'] && ! current_user_can( $type->cap->edit_posts ) ) { 109 112 continue; 110 113 } 111 114 112 $post_type = $this->prepare_item_for_response( $obj, $request );113 $data[ $ obj->name ] = $this->prepare_response_for_collection( $post_type );115 $post_type = $this->prepare_item_for_response( $type, $request ); 116 $data[ $type->name ] = $this->prepare_response_for_collection( $post_type ); 114 117 } 115 118 -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
r46823 r47034 200 200 201 201 if ( 'authors' === $request['who'] ) { 202 $ can_view = false;203 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 202 $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); 203 204 204 foreach ( $types as $type ) { 205 205 if ( post_type_supports( $type->name, 'author' ) 206 206 && current_user_can( $type->cap->edit_posts ) ) { 207 $can_view =true;207 return true; 208 208 } 209 209 } 210 if ( ! $can_view ) { 211 return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); 212 } 210 211 return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); 213 212 } 214 213
Note: See TracChangeset
for help on using the changeset viewer.