Changeset 59048
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/post.php
r59045 r59048 490 490 'late_route_registration' => true, 491 491 'capabilities' => array( 492 'read' => 'edit_ theme_options',492 'read' => 'edit_posts', 493 493 'create_posts' => 'edit_theme_options', 494 494 'edit_posts' => 'edit_theme_options', -
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php
r59009 r59048 510 510 * 511 511 * @since 5.9.0 512 * @since 6.7.0 Allow users with edit post capabilities to view theme global styles. 512 513 * 513 514 * @param WP_REST_Request $request Full details about the request. … … 516 517 public function get_theme_item_permissions_check( $request ) { 517 518 /* 519 * Verify if the current user has edit_posts capability. 520 * This capability is required to view global styles. 521 */ 522 if ( current_user_can( 'edit_posts' ) ) { 523 return true; 524 } 525 526 foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { 527 if ( current_user_can( $post_type->cap->edit_posts ) ) { 528 return true; 529 } 530 } 531 532 /* 518 533 * Verify if the current user has edit_theme_options capability. 519 * This capability is required to edit/view/delete global styles.520 534 */ 521 if ( !current_user_can( 'edit_theme_options' ) ) {522 return new WP_Error(523 'rest_cannot_manage_global_styles',524 __( 'Sorry, you are not allowed to access the global styles on this site.' ), 525 array(526 'status' => rest_authorization_required_code(),527 )528 );529 }530 531 return true;535 if ( current_user_can( 'edit_theme_options' ) ) { 536 return true; 537 } 538 539 return new WP_Error( 540 'rest_cannot_read_global_styles', 541 __( 'Sorry, you are not allowed to access the global styles on this site.' ), 542 array( 543 'status' => rest_authorization_required_code(), 544 ) 545 ); 532 546 } 533 547 … … 590 604 * 591 605 * @since 6.0.0 606 * @since 6.7.0 Allow users with edit post capabilities to view theme global styles. 592 607 * 593 608 * @param WP_REST_Request $request Full details about the request. … … 595 610 */ 596 611 public function get_theme_items_permissions_check( $request ) { 597 /* 598 * Verify if the current user has edit_theme_options capability. 599 * This capability is required to edit/view/delete global styles. 600 */ 601 if ( ! current_user_can( 'edit_theme_options' ) ) { 602 return new WP_Error( 603 'rest_cannot_manage_global_styles', 604 __( 'Sorry, you are not allowed to access the global styles on this site.' ), 605 array( 606 'status' => rest_authorization_required_code(), 607 ) 608 ); 609 } 610 611 return true; 612 return $this->get_theme_item_permissions_check( $request ); 612 613 } 613 614 … … 633 634 } 634 635 635 $response 636 $response = array(); 636 637 637 638 // Register theme-defined variations e.g. from block style variation partials under `/styles`. -
trunk/tests/phpunit/tests/rest-api/rest-global-styles-controller.php
r58466 r59048 20 20 * @var int 21 21 */ 22 protected static $editor_id; 23 24 /** 25 * @var int 26 */ 22 27 protected static $subscriber_id; 28 29 /** 30 * @var int 31 */ 32 protected static $theme_manager_id; 23 33 24 34 /** … … 55 65 ); 56 66 67 self::$editor_id = $factory->user->create( 68 array( 69 'role' => 'editor', 70 ) 71 ); 72 57 73 self::$subscriber_id = $factory->user->create( 58 74 array( … … 60 76 ) 61 77 ); 78 79 self::$theme_manager_id = $factory->user->create( 80 array( 81 'role' => 'subscriber', 82 ) 83 ); 84 85 // Add the 'edit_theme_options' capability to the theme manager (subscriber). 86 $theme_manager_id = get_user_by( 'id', self::$theme_manager_id ); 87 if ( $theme_manager_id instanceof WP_User ) { 88 $theme_manager_id->add_cap( 'edit_theme_options' ); 89 } 62 90 63 91 // This creates the global styles for the current theme. … … 79 107 80 108 /** 81 * 109 * Clean up after our tests run. 82 110 */ 83 111 public static function wpTearDownAfterClass() { 84 112 self::delete_user( self::$admin_id ); 113 self::delete_user( self::$editor_id ); 85 114 self::delete_user( self::$subscriber_id ); 115 self::delete_user( self::$theme_manager_id ); 86 116 } 87 117 … … 265 295 $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/tt1-blocks' ); 266 296 $response = rest_get_server()->dispatch( $request ); 267 $this->assertErrorResponse( 'rest_cannot_ manage_global_styles', $response, 401 );297 $this->assertErrorResponse( 'rest_cannot_read_global_styles', $response, 401 ); 268 298 } 269 299 … … 271 301 * @covers WP_REST_Global_Styles_Controller::get_theme_item 272 302 * @ticket 54516 273 */ 274 public function test_get_theme_item_permission_check() { 303 * @ticket 62042 304 */ 305 public function test_get_theme_item_subscriber_permission_check() { 275 306 wp_set_current_user( self::$subscriber_id ); 276 307 $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/tt1-blocks' ); 277 308 $response = rest_get_server()->dispatch( $request ); 278 $this->assertErrorResponse( 'rest_cannot_manage_global_styles', $response, 403 ); 309 $this->assertErrorResponse( 'rest_cannot_read_global_styles', $response, 403 ); 310 } 311 312 /** 313 * @covers WP_REST_Global_Styles_Controller::get_theme_item 314 * @ticket 62042 315 */ 316 public function test_get_theme_item_editor_permission_check() { 317 wp_set_current_user( self::$editor_id ); 318 $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/tt1-blocks' ); 319 $response = rest_get_server()->dispatch( $request ); 320 // Checks that the response has the expected keys. 321 $data = $response->get_data(); 322 $links = $response->get_links(); 323 $this->assertArrayHasKey( 'settings', $data, 'Data does not have "settings" key' ); 324 $this->assertArrayHasKey( 'styles', $data, 'Data does not have "styles" key' ); 325 $this->assertArrayHasKey( 'self', $links, 'Links do not have a "self" key' ); 326 } 327 328 /** 329 * @covers WP_REST_Global_Styles_Controller_Gutenberg::get_theme_item 330 * @ticket 62042 331 */ 332 public function test_get_theme_item_theme_options_manager_permission_check() { 333 wp_set_current_user( self::$theme_manager_id ); 334 switch_theme( 'emptytheme' ); 335 $request = new WP_REST_Request( 'GET', '/wp/v2/global-styles/themes/emptytheme' ); 336 $response = rest_get_server()->dispatch( $request ); 337 // Checks that the response has the expected keys. 338 $data = $response->get_data(); 339 $links = $response->get_links(); 340 $this->assertArrayHasKey( 'settings', $data, 'Data does not have "settings" key' ); 341 $this->assertArrayHasKey( 'styles', $data, 'Data does not have "styles" key' ); 342 $this->assertArrayHasKey( 'self', $links, 'Links do not have a "self" key' ); 279 343 } 280 344 … … 608 672 * of saving via the API. 609 673 * 610 * @covers WP_REST_Global_Styles_Controller _Gutenberg::update_item674 * @covers WP_REST_Global_Styles_Controller::update_item 611 675 * @ticket 61312 612 676 * @ticket 61451
Note: See TracChangeset
for help on using the changeset viewer.