From 51619c00a4fe915a92a61473246f839c8f978baa Mon Sep 17 00:00:00 2001
From: "K. Adam White" <kadamwhite@gmail.com>
Date: Fri, 3 Apr 2020 19:40:08 +0000
Subject: [PATCH] REST API: Fix revisions controller get_item permission check.

r45812 incorrectly introduced a delete_post permissions check into the get_item method, breaking some plugins which requested revisions when generating previews.

Props sorenbronsted, yohannp, TimothyBlynJacobs.
Fixes #49645.

Built from https://develop.svn.wordpress.org/trunk@47547


git-svn-id: http://core.svn.wordpress.org/trunk@47322 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 .../class-wp-rest-revisions-controller.php    | 22 +++++++++----------
 wp-includes/version.php                       |  2 +-
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
index 345dcd1596..cc1945ae9d 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php
@@ -384,16 +384,6 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
 			return $parent;
 		}
 
-		$parent_post_type = get_post_type_object( $parent->post_type );
-
-		if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) {
-			return new WP_Error(
-				'rest_cannot_delete',
-				__( 'Sorry, you are not allowed to delete revisions of this post.' ),
-				array( 'status' => rest_authorization_required_code() )
-			);
-		}
-
 		$revision = $this->get_revision( $request['id'] );
 		if ( is_wp_error( $revision ) ) {
 			return $revision;
@@ -417,6 +407,16 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
 			return $parent;
 		}
 
+		$parent_post_type = get_post_type_object( $parent->post_type );
+
+		if ( ! current_user_can( $parent_post_type->cap->delete_post, $parent->ID ) ) {
+			return new WP_Error(
+				'rest_cannot_delete',
+				__( 'Sorry, you are not allowed to delete revisions of this post.' ),
+				array( 'status' => rest_authorization_required_code() )
+			);
+		}
+
 		$revision = $this->get_revision( $request['id'] );
 		if ( is_wp_error( $revision ) ) {
 			return $revision;
@@ -446,7 +446,7 @@ class WP_REST_Revisions_Controller extends WP_REST_Controller {
 	 * @since 4.7.0
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
-	 * @return true|WP_Error True on success, or WP_Error object on failure.
+	 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 	 */
 	public function delete_item( $request ) {
 		$revision = $this->get_revision( $request['id'] );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 4998e93997..a19033d91a 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.5-alpha-47546';
+$wp_version = '5.5-alpha-47547';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.