Changeset 54556 for branches/5.5/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
- Timestamp:
- 10/17/2022 05:58:36 PM (2 years ago)
- Location:
- branches/5.5
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.5
- Property svn:mergeinfo changed
/trunk merged: 54521-54530,54541
- Property svn:mergeinfo changed
-
branches/5.5/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r48275 r54556 136 136 137 137 /** 138 * Checks if the terms for a post can be read. 139 * 140 * @since 6.0.3 141 * 142 * @param WP_Post $post Post object. 143 * @param WP_REST_Request $request Full details about the request. 144 * @return bool Whether the terms for the post can be read. 145 */ 146 public function check_read_terms_permission_for_post( $post, $request ) { 147 // If the requested post isn't associated with this taxonomy, deny access. 148 if ( ! is_object_in_taxonomy( $post->post_type, $this->taxonomy ) ) { 149 return false; 150 } 151 152 // Grant access if the post is publicly viewable. 153 if ( is_post_publicly_viewable( $post ) ) { 154 return true; 155 } 156 157 // Otherwise grant access if the post is readable by the logged in user. 158 if ( current_user_can( 'read_post', $post->ID ) ) { 159 return true; 160 } 161 162 // Otherwise, deny access. 163 return false; 164 } 165 166 /** 138 167 * Checks if a request has access to read terms in the specified taxonomy. 139 168 * … … 156 185 array( 'status' => rest_authorization_required_code() ) 157 186 ); 187 } 188 189 if ( ! empty( $request['post'] ) ) { 190 $post = get_post( $request['post'] ); 191 192 if ( ! $post ) { 193 return new WP_Error( 194 'rest_post_invalid_id', 195 __( 'Invalid post ID.' ), 196 array( 197 'status' => 400, 198 ) 199 ); 200 } 201 202 if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) { 203 return new WP_Error( 204 'rest_forbidden_context', 205 __( 'Sorry, you are not allowed to view terms for this post.' ), 206 array( 207 'status' => rest_authorization_required_code(), 208 ) 209 ); 210 } 158 211 } 159 212
Note: See TracChangeset
for help on using the changeset viewer.