WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REST API: Add the `$request` parameter to methods checking permissions. 

This adds the `$request` parameter to the `permissions_check()` methods within `WP_REST_Widgets_Controller` and adds `$request` as an allowed parameter to the `permissions_check()` method within `WP_REST_Templates_Controller`.

Even when this parameter is not used by default, it should be implemented to support the class being extended and the method overidden.

Props johnbillion, timothyblynjacobs.
Fixes #53593.
Built from https://develop.svn.wordpress.org/trunk@51349


git-svn-id: http://core.svn.wordpress.org/trunk@50958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
desrosj 2021-07-06 15:43:00 +00:00
parent 98579e4495
commit 1dcad8f5bb
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php
View File

@ -109,9 +109,10 @@ class WP_REST_Templates_Controller extends WP_REST_Controller {
* *
* @since 5.8.0 * @since 5.8.0
* *
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
protected function permissions_check() { protected function permissions_check( $request ) {
// Verify if the current user has edit_theme_options capability. // Verify if the current user has edit_theme_options capability.
// This capability is required to edit/view/delete templates. // This capability is required to edit/view/delete templates.
if ( ! current_user_can( 'edit_theme_options' ) ) { if ( ! current_user_can( 'edit_theme_options' ) ) {

13
wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php
View File

@ -97,7 +97,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function get_items_permissions_check( $request ) { public function get_items_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -139,7 +139,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function get_item_permissions_check( $request ) { public function get_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -176,7 +176,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function create_item_permissions_check( $request ) { public function create_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -220,7 +220,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function update_item_permissions_check( $request ) { public function update_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -283,7 +283,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function delete_item_permissions_check( $request ) { public function delete_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -398,9 +398,10 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* *
* @since 5.8.0 * @since 5.8.0
* *
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error * @return true|WP_Error
*/ */
protected function permissions_check() { protected function permissions_check( $request ) {
if ( ! current_user_can( 'edit_theme_options' ) ) { if ( ! current_user_can( 'edit_theme_options' ) ) {
return new WP_Error( return new WP_Error(
'rest_cannot_manage_widgets', 'rest_cannot_manage_widgets',

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.9-alpha-51348'; $wp_version = '5.9-alpha-51349';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.