From 17c256df0bfc3655cb90756c8965ac9d40ad0a6d Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Thu, 3 May 2018 06:54:25 +0000
Subject: [PATCH] REST API: When handling `who=authors` query parameter for
 `GET wp/v2/users`, only check `edit_posts` for post types that support
 `author`.

Props danielbachhuber.
Merges [43137] to the 4.9 branch.
Fixes #42202.
Built from https://develop.svn.wordpress.org/branches/4.9@43138


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42967 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 .../rest-api/endpoints/class-wp-rest-users-controller.php      | 3 ++-
 wp-includes/version.php                                        | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
index 51555c7202..375d79e8a8 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
@@ -190,7 +190,8 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
 			$can_view = false;
 			$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
 			foreach ( $types as $type ) {
-				if ( current_user_can( $type->cap->edit_posts ) ) {
+				if ( post_type_supports( $type->name, 'author' )
+					&& current_user_can( $type->cap->edit_posts ) ) {
 					$can_view = true;
 				}
 			}
diff --git a/wp-includes/version.php b/wp-includes/version.php
index d5513c83f9..02319efd05 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.9.6-alpha-43136';
+$wp_version = '4.9.6-alpha-43138';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.