Opened 6 months ago
#61444 new defect (bug)
REST API: If Super Admin does not exist in subsite, retrieving users is rejected
Reported by: | wildworks | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | REST API | Keywords: | |
Focuses: | Cc: |
Description
I submitted this ticket based on this issue in Gutenberg: https://github.com/WordPress/gutenberg/issues/62574
The block editor retrieves the list of users via the REST API and generates the author dropdown. The author of the post (postAuthor
) is also respected and included in the list. Here is the code.
However, if the super admin does not exist as a user in the subsite, the REST API request will return undefined
, and so any posts created by the super admin in the subsite will have an empty author field.
When I investigated why the REST API was not returning the user data, I found that the request was being rejected at this point.
I'm thinking of adding an exception for super admins only, like this:
if ( is_multisite() && ! is_user_member_of_blog( $user->ID ) && ! is_super_admin( $user->ID ) ) { return $error; }
I would be grateful if you could advise whether this approach would cause any unintended problems and whether it even makes sense.
The posts sidebar when a super admin creates a post in a subsite where they don't exist as a user. The author field is empty.