Changeset 54566 for branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
- Timestamp:
- 10/17/2022 06:08:39 PM (2 years ago)
- Location:
- branches/4.7
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.7
- Property svn:mergeinfo changed
/trunk merged: 54521-54530,54541
- Property svn:mergeinfo changed
-
branches/4.7/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r40427 r54566 134 134 135 135 /** 136 * Checks if the terms for a post can be read. 137 * 138 * @since 6.0.3 139 * 140 * @param WP_Post $post Post object. 141 * @param WP_REST_Request $request Full details about the request. 142 * @return bool Whether the terms for the post can be read. 143 */ 144 public function check_read_terms_permission_for_post( $post, $request ) { 145 // If the requested post isn't associated with this taxonomy, deny access. 146 if ( ! is_object_in_taxonomy( $post->post_type, $this->taxonomy ) ) { 147 return false; 148 } 149 150 // Grant access if the post is publicly viewable. 151 if ( is_post_publicly_viewable( $post ) ) { 152 return true; 153 } 154 155 // Otherwise grant access if the post is readable by the logged in user. 156 if ( current_user_can( 'read_post', $post->ID ) ) { 157 return true; 158 } 159 160 // Otherwise, deny access. 161 return false; 162 } 163 164 /** 136 165 * Checks if a request has access to read terms in the specified taxonomy. 137 166 * … … 144 173 public function get_items_permissions_check( $request ) { 145 174 $tax_obj = get_taxonomy( $this->taxonomy ); 175 146 176 if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 147 177 return false; 148 178 } 179 149 180 if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) { 150 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); 151 } 181 return new WP_Error( 182 'rest_forbidden_context', 183 __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), 184 array( 'status' => rest_authorization_required_code() ) 185 ); 186 } 187 188 if ( ! empty( $request['post'] ) ) { 189 $post = get_post( $request['post'] ); 190 191 if ( ! $post ) { 192 return new WP_Error( 193 'rest_post_invalid_id', 194 __( 'Invalid post ID.' ), 195 array( 196 'status' => 400, 197 ) 198 ); 199 } 200 201 if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) { 202 return new WP_Error( 203 'rest_forbidden_context', 204 __( 'Sorry, you are not allowed to view terms for this post.' ), 205 array( 206 'status' => rest_authorization_required_code(), 207 ) 208 ); 209 } 210 } 211 152 212 return true; 153 213 }
Note: See TracChangeset
for help on using the changeset viewer.