Make WordPress Core


Ignore:
Timestamp:
05/23/2020 03:22:53 PM (4 years ago)
Author:
ocean90
Message:

Role/Capability: Use meta caps edit_post, read_post, and delete_post directly.

Rather than consulting the post type object, let map_meta_cap() handle that for us.

Props peterwilsoncc, ocean90.
Fixes #50128.
See #23226.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

    r47265 r47850  
    14801480
    14811481        // Is the post readable?
    1482         if ( 'publish' === $post->post_status || current_user_can( $post_type->cap->read_post, $post->ID ) ) {
     1482        if ( 'publish' === $post->post_status || current_user_can( 'read_post', $post->ID ) ) {
    14831483            return true;
    14841484        }
     
    15231523        }
    15241524
    1525         return current_user_can( $post_type->cap->edit_post, $post->ID );
     1525        return current_user_can( 'edit_post', $post->ID );
    15261526    }
    15271527
     
    15591559        }
    15601560
    1561         return current_user_can( $post_type->cap->delete_post, $post->ID );
     1561        return current_user_can( 'delete_post', $post->ID );
    15621562    }
    15631563
Note: See TracChangeset for help on using the changeset viewer.