Changeset 47361
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php
r47258 r47361 59 59 */ 60 60 public function get_items_permissions_check( $request ) { 61 if ( ! is_user_logged_in() || ! current_user_can( 'edit_posts' ) ) { 62 return new WP_Error( 63 'rest_user_cannot_view', 64 __( 'Sorry, you are not allowed to view themes.' ), 65 array( 'status' => rest_authorization_required_code() ) 66 ); 61 if ( current_user_can( 'edit_posts' ) ) { 62 return true; 67 63 } 68 64 69 return true; 65 foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { 66 if ( current_user_can( $post_type->cap->edit_posts ) ) { 67 return true; 68 } 69 } 70 71 return new WP_Error( 72 'rest_user_cannot_view', 73 __( 'Sorry, you are not allowed to view themes.' ), 74 array( 'status' => rest_authorization_required_code() ) 75 ); 70 76 } 71 77 -
trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php
r47258 r47361 157 157 158 158 /** 159 * @ticket 46723 160 */ 161 public function test_get_items_logged_out() { 162 wp_set_current_user( 0 ); 163 $response = self::perform_active_theme_request(); 164 $this->assertErrorResponse( 'rest_user_cannot_view', $response, 401 ); 165 } 166 167 /** 159 168 * An error should be returned when the user does not have the edit_posts capability. 160 169 * … … 165 174 $response = self::perform_active_theme_request(); 166 175 $this->assertErrorResponse( 'rest_user_cannot_view', $response, 403 ); 176 } 177 178 /** 179 * @ticket 46723 180 */ 181 public function test_get_item_single_post_type_cap() { 182 $user = self::factory()->user->create_and_get(); 183 $user->add_cap( 'edit_pages' ); 184 wp_set_current_user( $user->ID ); 185 186 $response = self::perform_active_theme_request(); 187 $this->assertEquals( 200, $response->get_status() ); 167 188 } 168 189
Note: See TracChangeset
for help on using the changeset viewer.