Changeset 54563 for branches/5.2/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
- Timestamp:
- 10/17/2022 06:08:00 PM (2 years ago)
- Location:
- branches/5.2
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/5.2
- Property svn:mergeinfo changed
/trunk merged: 54521-54530,54541
- Property svn:mergeinfo changed
-
branches/5.2/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r45267 r54563 136 136 137 137 /** 138 * Checks if the terms for a post can be read. 139 * 140 * @since 6.0.3 141 * 142 * @param WP_Post $post Post object. 143 * @param WP_REST_Request $request Full details about the request. 144 * @return bool Whether the terms for the post can be read. 145 */ 146 public function check_read_terms_permission_for_post( $post, $request ) { 147 // If the requested post isn't associated with this taxonomy, deny access. 148 if ( ! is_object_in_taxonomy( $post->post_type, $this->taxonomy ) ) { 149 return false; 150 } 151 152 // Grant access if the post is publicly viewable. 153 if ( is_post_publicly_viewable( $post ) ) { 154 return true; 155 } 156 157 // Otherwise grant access if the post is readable by the logged in user. 158 if ( current_user_can( 'read_post', $post->ID ) ) { 159 return true; 160 } 161 162 // Otherwise, deny access. 163 return false; 164 } 165 166 /** 138 167 * Checks if a request has access to read terms in the specified taxonomy. 139 168 * … … 145 174 public function get_items_permissions_check( $request ) { 146 175 $tax_obj = get_taxonomy( $this->taxonomy ); 176 147 177 if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 148 178 return false; 149 179 } 180 150 181 if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) { 151 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); 152 } 182 return new WP_Error( 183 'rest_forbidden_context', 184 __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), 185 array( 'status' => rest_authorization_required_code() ) 186 ); 187 } 188 189 if ( ! empty( $request['post'] ) ) { 190 $post = get_post( $request['post'] ); 191 192 if ( ! $post ) { 193 return new WP_Error( 194 'rest_post_invalid_id', 195 __( 'Invalid post ID.' ), 196 array( 197 'status' => 400, 198 ) 199 ); 200 } 201 202 if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) { 203 return new WP_Error( 204 'rest_forbidden_context', 205 __( 'Sorry, you are not allowed to view terms for this post.' ), 206 array( 207 'status' => rest_authorization_required_code(), 208 ) 209 ); 210 } 211 } 212 153 213 return true; 154 214 }
Note: See TracChangeset
for help on using the changeset viewer.