Changeset 47850
- Timestamp:
- 05/23/2020 03:22:53 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/class-wp-customize-nav-menus.php
r47808 r47850 1357 1357 continue; 1358 1358 } 1359 if ( ! current_user_can( $post_type_obj->cap->publish_posts ) || ! current_user_can( $post_type_obj->cap->edit_post, $post_id ) ) {1359 if ( ! current_user_can( $post_type_obj->cap->publish_posts ) || ! current_user_can( 'edit_post', $post_id ) ) { 1360 1360 continue; 1361 1361 } -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-attachments-controller.php
r47391 r47850 110 110 111 111 // Attaching media to a post requires ability to edit said post. 112 if ( ! empty( $request['post'] ) ) { 113 $parent = get_post( (int) $request['post'] ); 114 $post_parent_type = get_post_type_object( $parent->post_type ); 115 116 if ( ! current_user_can( $post_parent_type->cap->edit_post, $request['post'] ) ) { 117 return new WP_Error( 118 'rest_cannot_edit', 119 __( 'Sorry, you are not allowed to upload media to this post.' ), 120 array( 'status' => rest_authorization_required_code() ) 121 ); 122 } 112 if ( ! empty( $request['post'] ) && ! current_user_can( 'edit_post', (int) $request['post'] ) ) { 113 return new WP_Error( 114 'rest_cannot_edit', 115 __( 'Sorry, you are not allowed to upload media to this post.' ), 116 array( 'status' => rest_authorization_required_code() ) 117 ); 123 118 } 124 119 -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-autosaves-controller.php
r47397 r47850 161 161 } 162 162 163 $parent_post_type_obj = get_post_type_object( $parent->post_type ); 164 165 if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { 163 if ( ! current_user_can( 'edit_post', $parent->ID ) ) { 166 164 return new WP_Error( 167 165 'rest_cannot_read', -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-blocks-controller.php
r46823 r47850 29 29 */ 30 30 public function check_read_permission( $post ) { 31 // Ensure that the user is logged in and has the read_blocks capability. 32 $post_type = get_post_type_object( $post->post_type ); 33 if ( ! current_user_can( $post_type->cap->read_post, $post->ID ) ) { 31 // By default the read_post capability is mapped to edit_posts. 32 if ( ! current_user_can( 'read_post', $post->ID ) ) { 34 33 return false; 35 34 } -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
r47597 r47850 1775 1775 1776 1776 if ( post_password_required( $post ) ) { 1777 $result = current_user_can( $post_type->cap->edit_post, $post->ID );1777 $result = current_user_can( 'edit_post', $post->ID ); 1778 1778 } else { 1779 1779 $result = $posts_controller->check_read_permission( $post ); -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
r47265 r47850 1480 1480 1481 1481 // Is the post readable? 1482 if ( 'publish' === $post->post_status || current_user_can( $post_type->cap->read_post, $post->ID ) ) {1482 if ( 'publish' === $post->post_status || current_user_can( 'read_post', $post->ID ) ) { 1483 1483 return true; 1484 1484 } … … 1523 1523 } 1524 1524 1525 return current_user_can( $post_type->cap->edit_post, $post->ID );1525 return current_user_can( 'edit_post', $post->ID ); 1526 1526 } 1527 1527 … … 1559 1559 } 1560 1560 1561 return current_user_can( $post_type->cap->delete_post, $post->ID );1561 return current_user_can( 'delete_post', $post->ID ); 1562 1562 } 1563 1563 -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
r47547 r47850 170 170 } 171 171 172 $parent_post_type_obj = get_post_type_object( $parent->post_type ); 173 174 if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) { 172 if ( ! current_user_can( 'edit_post', $parent->ID ) ) { 175 173 return new WP_Error( 176 174 'rest_cannot_read', … … 410 408 $parent_post_type = get_post_type_object( $parent->post_type ); 411 409 412 if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) {410 if ( ! current_user_can( 'delete_post', $parent->ID ) ) { 413 411 return new WP_Error( 414 412 'rest_cannot_delete', … … 428 426 } 429 427 430 $post_type = get_post_type_object( 'revision' ); 431 432 if ( ! current_user_can( $post_type->cap->delete_post, $revision->ID ) ) { 428 if ( ! current_user_can( 'delete_post', $revision->ID ) ) { 433 429 return new WP_Error( 434 430 'rest_cannot_delete', -
trunk/tests/phpunit/tests/rest-api.php
r47849 r47850 1324 1324 /** 1325 1325 * @dataProvider rest_ensure_response_data_provider 1326 * @group test11327 1326 * 1328 1327 * @param mixed $response The response passed to rest_ensure_response().
Note: See TracChangeset
for help on using the changeset viewer.