Changeset 54538 for branches/6.0/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
- Timestamp:
- 10/17/2022 12:33:23 PM (2 years ago)
- Location:
- branches/6.0
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/6.0
-
branches/6.0/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r52068 r54538 146 146 147 147 /** 148 * Checks if the terms for a post can be read. 149 * 150 * @since 6.0.3 151 * 152 * @param WP_Post $post Post object. 153 * @param WP_REST_Request $request Full details about the request. 154 * @return bool Whether the terms for the post can be read. 155 */ 156 public function check_read_terms_permission_for_post( $post, $request ) { 157 // If the requested post isn't associated with this taxonomy, deny access. 158 if ( ! is_object_in_taxonomy( $post->post_type, $this->taxonomy ) ) { 159 return false; 160 } 161 162 // Grant access if the post is publicly viewable. 163 if ( is_post_publicly_viewable( $post ) ) { 164 return true; 165 } 166 167 // Otherwise grant access if the post is readable by the logged in user. 168 if ( current_user_can( 'read_post', $post->ID ) ) { 169 return true; 170 } 171 172 // Otherwise, deny access. 173 return false; 174 } 175 176 /** 148 177 * Checks if a request has access to read terms in the specified taxonomy. 149 178 * … … 166 195 array( 'status' => rest_authorization_required_code() ) 167 196 ); 197 } 198 199 if ( ! empty( $request['post'] ) ) { 200 $post = get_post( $request['post'] ); 201 202 if ( ! $post ) { 203 return new WP_Error( 204 'rest_post_invalid_id', 205 __( 'Invalid post ID.' ), 206 array( 207 'status' => 400, 208 ) 209 ); 210 } 211 212 if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) { 213 return new WP_Error( 214 'rest_forbidden_context', 215 __( 'Sorry, you are not allowed to view terms for this post.' ), 216 array( 217 'status' => rest_authorization_required_code(), 218 ) 219 ); 220 } 168 221 } 169 222
Note: See TracChangeset
for help on using the changeset viewer.