REST API: Enable users with `read_private_posts` to query for them.
An authorized request with the `read_private_posts` capability for a post type should be able to `GET /wp/v2/posts` for posts of `status=private`. This query is further sanity-checked by `WP_REST_Posts_Controller->check_read_permission()`, which is unchanged. Props rachelbaker, soulseekah, twoelevenjay. Fixes #43701. Built from https://develop.svn.wordpress.org/branches/5.0@43694 git-svn-id: http://core.svn.wordpress.org/branches/5.0@43523 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
b9e3d4c42e
commit
4bf87727a4
|
@ -2498,7 +2498,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
$post_type_obj = get_post_type_object( $this->post_type );
|
$post_type_obj = get_post_type_object( $this->post_type );
|
||||||
|
|
||||||
if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
|
if ( current_user_can( $post_type_obj->cap->edit_posts ) || 'private' === $status && current_user_can( $post_type_obj->cap->read_private_posts ) ) {
|
||||||
$result = rest_validate_request_arg( $status, $request, $parameter );
|
$result = rest_validate_request_arg( $status, $request, $parameter );
|
||||||
if ( is_wp_error( $result ) ) {
|
if ( is_wp_error( $result ) ) {
|
||||||
return $result;
|
return $result;
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.0-alpha-43693';
|
$wp_version = '5.0-alpha-43694';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue