WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/03/2020 07:38:15 PM (16 months ago)
Author:
kadamwhite
Message:

REST API: Fix revisions controller get_item permission check.

r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.

Props sorenbronsted, yohannp, TimothyBlynJacobs.
Fixes #49645.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php

    r47122 r47547  
    243243
    244244    /**
     245     * @ticket 49645
     246     */
     247    public function test_delete_item_parent_check() {
     248        wp_set_current_user( self::$contributor_id );
     249        $request = new WP_REST_Request( 'DELETE', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
     250        $request->set_param( 'force', true );
     251        $response = rest_get_server()->dispatch( $request );
     252        $this->assertErrorResponse( 'rest_cannot_delete', $response, 403 );
     253        $this->assertNotNull( get_post( $this->revision_id1 ) );
     254    }
     255
     256    /**
    245257     * @ticket 43709
    246258     */
     
    290302        $request  = new WP_REST_Request( 'DELETE', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
    291303        $response = rest_get_server()->dispatch( $request );
    292         $this->assertErrorResponse( 'rest_cannot_read', $response, 403 );
     304        $this->assertErrorResponse( 'rest_cannot_delete', $response, 403 );
    293305    }
    294306
Note: See TracChangeset for help on using the changeset viewer.