Make WordPress Core


Ignore:
Timestamp:
04/09/2020 10:50:26 PM (5 years ago)
Author:
whyisjake
Message:

REST API: Fix revisions controller get_item permission check.
r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.

Bring this commit back to the 5.4 branch.

Props sorenbronsted, yohannp, TimothyBlynJacobs.

Fixes #49645.

Location:
branches/5.4
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/5.4

  • branches/5.4/tests/phpunit/tests/rest-api/rest-revisions-controller.php

    r47122 r47562  
    243243
    244244    /**
     245     * @ticket 49645
     246     */
     247    public function test_delete_item_parent_check() {
     248        wp_set_current_user( self::$contributor_id );
     249        $request = new WP_REST_Request( 'DELETE', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
     250        $request->set_param( 'force', true );
     251        $response = rest_get_server()->dispatch( $request );
     252        $this->assertErrorResponse( 'rest_cannot_delete', $response, 403 );
     253        $this->assertNotNull( get_post( $this->revision_id1 ) );
     254    }
     255
     256    /**
    245257     * @ticket 43709
    246258     */
     
    290302        $request  = new WP_REST_Request( 'DELETE', '/wp/v2/posts/' . self::$post_id . '/revisions/' . $this->revision_id1 );
    291303        $response = rest_get_server()->dispatch( $request );
    292         $this->assertErrorResponse( 'rest_cannot_read', $response, 403 );
     304        $this->assertErrorResponse( 'rest_cannot_delete', $response, 403 );
    293305    }
    294306
Note: See TracChangeset for help on using the changeset viewer.