Opened 8 years ago
Closed 8 years ago
#40251 closed defect (bug) (wontfix)
Querying for single user in REST API after unsetting rest_user_query returns rest_user_cannot_view
Reported by: | daduenn | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7.3 |
Component: | REST API | Keywords: | |
Focuses: | rest-api | Cc: |
Description
Unsetting has_published_posts with the rest_user_query filter hook allows users who do not have published posts to show in /wp-json/wp/v2/Users . It seems that the same should work similarly for single users (/wp-json/wp/v2/Users/23) but it does not. This seems like a bug.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Hey daduann, thanks for the report! While it might make sense to be able to do this - this filter is just _one_ place that can change the data the rest api returns. There's other permissions checks and filters involved to make sure we don't expose all users of a site, not just ones with
has_published_posts
.I think it makes sense to keep it this way, and not have this endpoint support listing all users, rather than providing a developer API to allow disabling the
has_published_posts
check./users/$id
doesn't use WP_User_Query so there's be no way to use this specific hook to control that either.Feel free to re-open if you strongly disagree, but at this point I don't think we need to support this in the core endpoint. Current develop suggestion: create your own PHP subclass for the route.