WordPress.org

Make WordPress Core

Opened 4 weeks ago

Closed 4 weeks ago

#53593 closed defect (bug) (fixed)

The `permissions_check()` methods are missing the `$request` parameter

Reported by: johnbillion Owned by: desrosj
Milestone: 5.8 Priority: normal
Severity: normal Version: 5.8
Component: REST API Keywords: has-patch commit dev-reviewed fixed-major
Focuses: Cc:

Description

The WP_REST_Templates_Controller::permissions_check() and WP_REST_Widgets_Controller::permissions_check() methods are called by other methods within their respective classes but the $request parameter gets lost along the way.

  1. The WP_REST_Templates_Controller class does pass the parameter but it's not implemented: ​https://github.com/WordPress/wordpress-develop/blob/5383af84832fa27c187941a63803fea8bdb553ca/src/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php#L139
  2. The WP_REST_Widgets_Controller class doesn't pass the parameter: https://github.com/WordPress/wordpress-develop/blob/5383af84832fa27c187941a63803fea8bdb553ca/src/wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php#L286

If somebody wants to extend one of these classes and override the permissions_check() method they can't implement and make use of the $request parameter because it makes the signature incompatible.

The $request parameter of the permissions_check() method should be implemented even though it's not used by default

Change History (8)

This ticket was mentioned in PR #1464 on WordPress/wordpress-develop by johnbillion.


4 weeks ago

  • Keywords has-patch added; needs-patch removed

#2 @johnbillion
4 weeks ago

  • Keywords dev-feedback added

#3 @desrosj
4 weeks ago

This seems to make sense to me. It's also consistent with other controllers in Core.

@TimothyBlynJacobs any reason not to make this change at this point in the cycle?

#4 @TimothyBlynJacobs
4 weeks ago

  • Keywords commit added

Nope, looks good to me!

#5 @desrosj
4 weeks ago

  • Keywords dev-reviewed added; dev-feedback removed

#6 @desrosj
4 weeks ago

  • Owner set to desrosj
  • Resolution set to fixed
  • Status changed from new to closed

In 51349:

REST API: Add the $request parameter to methods checking permissions.

This adds the $request parameter to the permissions_check() methods within WP_REST_Widgets_Controller and adds $request as an allowed parameter to the permissions_check() method within WP_REST_Templates_Controller.

Even when this parameter is not used by default, it should be implemented to support the class being extended and the method overidden.

Props johnbillion, timothyblynjacobs.
Fixes #53593.

#7 @desrosj
4 weeks ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Reopening to backport.

#8 @desrosj
4 weeks ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 51350:

REST API: Add the $request parameter to methods checking permissions.

This adds the $request parameter to the permissions_check() methods within WP_REST_Widgets_Controller and adds $request as an allowed parameter to the permissions_check() method within WP_REST_Templates_Controller.

Even when this parameter is not used by default, it should be implemented to support the class being extended and the method overridden.

Props johnbillion, timothyblynjacobs.
Merges [51349] to the 5.8 branch.
Fixes #53593.

Note: See TracTickets for help on using tickets.