WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REST API: Add `who=authors` as a query parameter for `GET wp/v2/users`. 

Any WordPress user who can `edit_posts` of a post type with `show_in_rest=true` can query for authors. This maps to current WordPress behavior where a WordPress user who can view the Manage Posts view for a post type can see any WordPress user assigned to a post (whether published or draft).

This implementation, over restricting `who=authors` to users with `list_users`, gives us future flexibility in displaying lists of posts. It still respects more restrictive permissions for `context=edit`.

Props danielbachhuber.
Merges [43001] to the 4.9 branch.
Fixes #42202.
Built from https://develop.svn.wordpress.org/branches/4.9@43067


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42896 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Sergey Biryukov 2018-05-01 22:18:26 +00:00
parent dc3d22edd9
commit 59a7fbddde
2 changed files with 25 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
View File

@ -186,6 +186,19 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) ); return new WP_Error( 'rest_forbidden_orderby', __( 'Sorry, you are not allowed to order users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
} }
if ( 'authors' === $request['who'] ) {
$can_view = false;
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
foreach ( $types as $type ) {
if ( current_user_can( $type->cap->edit_posts ) ) {
$can_view = true;
}
}
if ( ! $can_view ) {
return new WP_Error( 'rest_forbidden_who', __( 'Sorry, you are not allowed to query users by this parameter.' ), array( 'status' => rest_authorization_required_code() ) );
}
}
return true; return true;
} }
@ -250,7 +263,9 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
$prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ]; $prepared_args['orderby'] = $orderby_possibles[ $request['orderby'] ];
} }
if ( ! current_user_can( 'list_users' ) ) { if ( isset( $registered['who'] ) && ! empty( $request['who'] ) && 'authors' === $request['who'] ) {
$prepared_args['who'] = 'authors';
} elseif ( ! current_user_can( 'list_users' ) ) {
$prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' ); $prepared_args['has_published_posts'] = get_post_types( array( 'show_in_rest' => true ), 'names' );
} }
@ -1362,6 +1377,14 @@ class WP_REST_Users_Controller extends WP_REST_Controller {
), ),
); );
$query_params['who'] = array(
'description' => __( 'Limit result set to users who are considered authors.' ),
'type' => 'string',
'enum' => array(
'authors',
),
);
/** /**
* Filter collection parameters for the users controller. * Filter collection parameters for the users controller.
* *

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.9.6-alpha-43066'; $wp_version = '4.9.6-alpha-43067';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.