REST API: Unify permission error messages.
Props ramiy. Fixes #38803. Built from https://develop.svn.wordpress.org/trunk@39257 git-svn-id: http://core.svn.wordpress.org/trunk@39197 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
d4603ec9b7
commit
07cf16f7ba
|
@ -111,13 +111,13 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||||
if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post ) ) {
|
if ( ! empty( $post_id ) && $post && ! $this->check_read_post_permission( $post ) ) {
|
||||||
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you cannot read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you cannot read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
} elseif ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) {
|
} elseif ( 0 === $post_id && ! current_user_can( 'moderate_comments' ) ) {
|
||||||
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you cannot read comments without a post.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read comments without a post.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
|
if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
|
||||||
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you cannot view comments with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to view comments with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! current_user_can( 'edit_posts' ) ) {
|
if ( ! current_user_can( 'edit_posts' ) ) {
|
||||||
|
@ -311,17 +311,17 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! $this->check_read_permission( $comment ) ) {
|
if ( ! $this->check_read_permission( $comment ) ) {
|
||||||
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you cannot read this comment.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to read this comment.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
$post = get_post( $comment->comment_post_ID );
|
$post = get_post( $comment->comment_post_ID );
|
||||||
|
|
||||||
if ( $post && ! $this->check_read_post_permission( $post ) ) {
|
if ( $post && ! $this->check_read_post_permission( $post ) ) {
|
||||||
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you cannot read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_read_post', __( 'Sorry, you are not allowed to read the post for this comment.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
|
if ( ! empty( $request['context'] ) && 'edit' === $request['context'] && ! current_user_can( 'moderate_comments' ) ) {
|
||||||
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you cannot view this comment with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to view this comment with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
@ -378,24 +378,24 @@ class WP_REST_Comments_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( isset( $request['karma'] ) && $request['karma'] > 0 && ! current_user_can( 'moderate_comments' ) ) {
|
if ( isset( $request['karma'] ) && $request['karma'] > 0 && ! current_user_can( 'moderate_comments' ) ) {
|
||||||
return new WP_Error( 'rest_comment_invalid_karma', __( 'Sorry, you cannot set karma for comments.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_comment_invalid_karma', __( 'Sorry, you are not allowed to set karma for comments.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) {
|
if ( isset( $request['status'] ) && ! current_user_can( 'moderate_comments' ) ) {
|
||||||
return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you cannot set status for comments.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_comment_invalid_status', __( 'Sorry, you are not allowed to set status for comments.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( empty( $request['post'] ) && ! current_user_can( 'moderate_comments' ) ) {
|
if ( empty( $request['post'] ) && ! current_user_can( 'moderate_comments' ) ) {
|
||||||
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you cannot create this comment without a post.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_comment_invalid_post_id', __( 'Sorry, you are not allowed to create this comment without a post.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! empty( $request['post'] ) && $post = get_post( (int) $request['post'] ) ) {
|
if ( ! empty( $request['post'] ) && $post = get_post( (int) $request['post'] ) ) {
|
||||||
if ( 'draft' === $post->post_status ) {
|
if ( 'draft' === $post->post_status ) {
|
||||||
return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you cannot create a comment on this post.' ), array( 'status' => 403 ) );
|
return new WP_Error( 'rest_comment_draft_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( 'trash' === $post->post_status ) {
|
if ( 'trash' === $post->post_status ) {
|
||||||
return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you cannot create a comment on this post.' ), array( 'status' => 403 ) );
|
return new WP_Error( 'rest_comment_trash_post', __( 'Sorry, you are not allowed to create a comment on this post.' ), array( 'status' => 403 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! $this->check_read_post_permission( $post ) ) {
|
if ( ! $this->check_read_post_permission( $post ) ) {
|
||||||
|
|
|
@ -78,7 +78,7 @@ class WP_REST_Post_Statuses_Controller extends WP_REST_Controller {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you cannot view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -76,7 +76,7 @@ class WP_REST_Post_Types_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you cannot view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -123,7 +123,7 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
$parent_post_type_obj = get_post_type_object( $parent->post_type );
|
$parent_post_type_obj = get_post_type_object( $parent->post_type );
|
||||||
if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) {
|
if ( ! current_user_can( $parent_post_type_obj->cap->edit_post, $parent->ID ) ) {
|
||||||
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you cannot view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_read', __( 'Sorry, you are not allowed to view revisions of this post.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -81,7 +81,7 @@ class WP_REST_Taxonomies_Controller extends WP_REST_Controller {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you cannot view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not allowed to view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -141,7 +141,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
|
if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
|
||||||
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you cannot view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -302,7 +302,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
|
if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
|
||||||
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you cannot view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -350,7 +350,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
$taxonomy_obj = get_taxonomy( $this->taxonomy );
|
$taxonomy_obj = get_taxonomy( $this->taxonomy );
|
||||||
if ( ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) {
|
if ( ! current_user_can( $taxonomy_obj->cap->manage_terms ) ) {
|
||||||
return new WP_Error( 'rest_cannot_create', __( 'Sorry, you cannot create new resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create new resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
@ -457,7 +457,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! current_user_can( 'edit_term', $term->term_id ) ) {
|
if ( ! current_user_can( 'edit_term', $term->term_id ) ) {
|
||||||
return new WP_Error( 'rest_cannot_update', __( 'Sorry, you cannot update resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_update', __( 'Sorry, you are not allowed to update resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
@ -546,7 +546,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( ! current_user_can( 'delete_term', $term->term_id ) ) {
|
if ( ! current_user_can( 'delete_term', $term->term_id ) ) {
|
||||||
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you cannot delete resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you are not allowed to delete resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -144,15 +144,15 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||||
public function get_items_permissions_check( $request ) {
|
public function get_items_permissions_check( $request ) {
|
||||||
// Check if roles is specified in GET request and if user can list users.
|
// Check if roles is specified in GET request and if user can list users.
|
||||||
if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
|
if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
|
||||||
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you cannot filter by role.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to filter by role.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
|
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
|
||||||
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you cannot view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
|
if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
|
||||||
return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you cannot order by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
@ -320,9 +320,9 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
|
if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
|
||||||
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you cannot view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to view this resource with edit context.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
} elseif ( ! count_user_posts( $id, $types ) && ! current_user_can( 'edit_user', $id ) && ! current_user_can( 'list_users' ) ) {
|
} elseif ( ! count_user_posts( $id, $types ) && ! current_user_can( 'edit_user', $id ) && ! current_user_can( 'list_users' ) ) {
|
||||||
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you cannot view this resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_user_cannot_view', __( 'Sorry, you are not allowed to view this resource.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
@ -995,7 +995,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||||
&& get_current_user_id() === $user_id
|
&& get_current_user_id() === $user_id
|
||||||
&& ! $potential_role->has_cap( 'edit_users' )
|
&& ! $potential_role->has_cap( 'edit_users' )
|
||||||
) {
|
) {
|
||||||
return new WP_Error( 'rest_user_invalid_role', __( 'You cannot give resource that role.' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give resource that role.' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Include admin functions to get access to get_editable_roles() */
|
/** Include admin functions to get access to get_editable_roles() */
|
||||||
|
@ -1005,7 +1005,7 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
|
||||||
$editable_roles = get_editable_roles();
|
$editable_roles = get_editable_roles();
|
||||||
|
|
||||||
if ( empty( $editable_roles[ $role ] ) ) {
|
if ( empty( $editable_roles[ $role ] ) ) {
|
||||||
return new WP_Error( 'rest_user_invalid_role', __( 'You cannot give resource that role.' ), array( 'status' => 403 ) );
|
return new WP_Error( 'rest_user_invalid_role', __( 'Sorry, you are not allowed to give resource that role.' ), array( 'status' => 403 ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.7-beta3-39256';
|
$wp_version = '4.7-beta3-39257';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue