From 25bfff959fb6344dd5618ee5138a5e590ad4ead9 Mon Sep 17 00:00:00 2001
From: Rachel Baker <rachel@rachelbaker.me>
Date: Sat, 30 Dec 2017 20:49:40 +0000
Subject: [PATCH] REST API: Return the proper status code for failed permission
 callbacks in WP_REST_Server->dispatch().

Use the rest_authorization_required_code() function to return a 401 status code when a permission callback fails due to a user not being logged in.

Merges [42421] to the 4.9 branch.

Props jaswrks.
Fixes #42828.

Built from https://develop.svn.wordpress.org/branches/4.9@42422


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42253 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/rest-api/class-wp-rest-server.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-includes/rest-api/class-wp-rest-server.php b/wp-includes/rest-api/class-wp-rest-server.php
index c69cb4834c..56322f90c4 100644
--- a/wp-includes/rest-api/class-wp-rest-server.php
+++ b/wp-includes/rest-api/class-wp-rest-server.php
@@ -908,7 +908,7 @@ class WP_REST_Server {
 						if ( is_wp_error( $permission ) ) {
 							$response = $permission;
 						} elseif ( false === $permission || null === $permission ) {
-							$response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => 403 ) );
+							$response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => rest_authorization_required_code() ) );
 						}
 					}
 				}