Opened 7 years ago
Closed 6 years ago
#42303 closed defect (bug) (fixed)
REST API: Post status controller has wrong view permission check error message
Reported by: | schlessera | Owned by: | joehoyle |
---|---|---|---|
Milestone: | 5.0 | Priority: | normal |
Severity: | normal | Version: | 4.7 |
Component: | REST API | Keywords: | has-patch |
Focuses: | rest-api | Cc: |
Description
The REST API post status controller has the following code to make a read-only permissions check for viewing the post statuses:
<?php if ( 'edit' === $request['context'] ) { $types = get_post_types( array( 'show_in_rest' => true ), 'objects' ); foreach ( $types as $type ) { if ( current_user_can( $type->cap->edit_posts ) ) { return true; } } return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to edit posts in this post type.' ), array( 'status' => rest_authorization_required_code() ) ); }
This seems to be left-over copy-pasta from the post types controller.
I'd suggest sending the following WP_Error
message instead:
__( 'Sorry, you are not allowed to manage post statuses.' )
Attachments (1)
Change History (8)
#2
in reply to:
↑ description
@
7 years ago
Replying to schlessera:
Oh, sorry, I seemed to have edited out the actual problem in my description: The error message does not match the intent of the controller.
Note: See
TracTickets for help on using
tickets.
'Sorry, you are not allowed to manage post statuses.'