Changeset 54569 for branches/4.9/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
- Timestamp:
- 10/17/2022 06:11:47 PM (2 years ago)
- Location:
- branches/4.9
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.9
- Property svn:mergeinfo changed
/trunk merged: 54521-54530,54541
- Property svn:mergeinfo changed
-
branches/4.9/src/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
r43637 r54569 128 128 129 129 /** 130 * Checks if the terms for a post can be read. 131 * 132 * @since 6.0.3 133 * 134 * @param WP_Post $post Post object. 135 * @param WP_REST_Request $request Full details about the request. 136 * @return bool Whether the terms for the post can be read. 137 */ 138 public function check_read_terms_permission_for_post( $post, $request ) { 139 // If the requested post isn't associated with this taxonomy, deny access. 140 if ( ! is_object_in_taxonomy( $post->post_type, $this->taxonomy ) ) { 141 return false; 142 } 143 144 // Grant access if the post is publicly viewable. 145 if ( is_post_publicly_viewable( $post ) ) { 146 return true; 147 } 148 149 // Otherwise grant access if the post is readable by the logged in user. 150 if ( current_user_can( 'read_post', $post->ID ) ) { 151 return true; 152 } 153 154 // Otherwise, deny access. 155 return false; 156 } 157 158 /** 130 159 * Checks if a request has access to read terms in the specified taxonomy. 131 160 * … … 137 166 public function get_items_permissions_check( $request ) { 138 167 $tax_obj = get_taxonomy( $this->taxonomy ); 168 139 169 if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) { 140 170 return false; 141 171 } 172 142 173 if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) { 143 return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); 144 } 174 return new WP_Error( 175 'rest_forbidden_context', 176 __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ), 177 array( 'status' => rest_authorization_required_code() ) 178 ); 179 } 180 181 if ( ! empty( $request['post'] ) ) { 182 $post = get_post( $request['post'] ); 183 184 if ( ! $post ) { 185 return new WP_Error( 186 'rest_post_invalid_id', 187 __( 'Invalid post ID.' ), 188 array( 189 'status' => 400, 190 ) 191 ); 192 } 193 194 if ( ! $this->check_read_terms_permission_for_post( $post, $request ) ) { 195 return new WP_Error( 196 'rest_forbidden_context', 197 __( 'Sorry, you are not allowed to view terms for this post.' ), 198 array( 199 'status' => rest_authorization_required_code(), 200 ) 201 ); 202 } 203 } 204 145 205 return true; 146 206 }
Note: See TracChangeset
for help on using the changeset viewer.