Global Styles: allow read access to users with `edit_posts` capabilities
This patch any role that can edit a post, including custom post types, or edit theme options to read global styles from the API. This enables read-only access to global styles in the post editor. Test coverage in included. Props ramonopoly, peterwilsoncc, mukesh27, aaronrobertshaw, mamaduka, spacedmonkey, talldanwp, timothyblynjacobs. Fixes #62042. Built from https://develop.svn.wordpress.org/trunk@59048 git-svn-id: http://core.svn.wordpress.org/trunk@58444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
0ec15861c7
commit
840f0fc053
|
@ -489,7 +489,7 @@ function create_initial_post_types() {
|
||||||
'revisions_rest_controller_class' => 'WP_REST_Global_Styles_Revisions_Controller',
|
'revisions_rest_controller_class' => 'WP_REST_Global_Styles_Revisions_Controller',
|
||||||
'late_route_registration' => true,
|
'late_route_registration' => true,
|
||||||
'capabilities' => array(
|
'capabilities' => array(
|
||||||
'read' => 'edit_theme_options',
|
'read' => 'edit_posts',
|
||||||
'create_posts' => 'edit_theme_options',
|
'create_posts' => 'edit_theme_options',
|
||||||
'edit_posts' => 'edit_theme_options',
|
'edit_posts' => 'edit_theme_options',
|
||||||
'edit_published_posts' => 'edit_theme_options',
|
'edit_published_posts' => 'edit_theme_options',
|
||||||
|
|
|
@ -509,18 +509,35 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
|
||||||
* Checks if a given request has access to read a single theme global styles config.
|
* Checks if a given request has access to read a single theme global styles config.
|
||||||
*
|
*
|
||||||
* @since 5.9.0
|
* @since 5.9.0
|
||||||
|
* @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
|
||||||
*
|
*
|
||||||
* @param WP_REST_Request $request Full details about the request.
|
* @param WP_REST_Request $request Full details about the request.
|
||||||
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
|
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
|
||||||
*/
|
*/
|
||||||
public function get_theme_item_permissions_check( $request ) {
|
public function get_theme_item_permissions_check( $request ) {
|
||||||
/*
|
/*
|
||||||
* Verify if the current user has edit_theme_options capability.
|
* Verify if the current user has edit_posts capability.
|
||||||
* This capability is required to edit/view/delete global styles.
|
* This capability is required to view global styles.
|
||||||
*/
|
*/
|
||||||
if ( ! current_user_can( 'edit_theme_options' ) ) {
|
if ( current_user_can( 'edit_posts' ) ) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
|
||||||
|
if ( current_user_can( $post_type->cap->edit_posts ) ) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Verify if the current user has edit_theme_options capability.
|
||||||
|
*/
|
||||||
|
if ( current_user_can( 'edit_theme_options' ) ) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
return new WP_Error(
|
return new WP_Error(
|
||||||
'rest_cannot_manage_global_styles',
|
'rest_cannot_read_global_styles',
|
||||||
__( 'Sorry, you are not allowed to access the global styles on this site.' ),
|
__( 'Sorry, you are not allowed to access the global styles on this site.' ),
|
||||||
array(
|
array(
|
||||||
'status' => rest_authorization_required_code(),
|
'status' => rest_authorization_required_code(),
|
||||||
|
@ -528,9 +545,6 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the given theme global styles config.
|
* Returns the given theme global styles config.
|
||||||
*
|
*
|
||||||
|
@ -589,26 +603,13 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
|
||||||
* Checks if a given request has access to read a single theme global styles config.
|
* Checks if a given request has access to read a single theme global styles config.
|
||||||
*
|
*
|
||||||
* @since 6.0.0
|
* @since 6.0.0
|
||||||
|
* @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
|
||||||
*
|
*
|
||||||
* @param WP_REST_Request $request Full details about the request.
|
* @param WP_REST_Request $request Full details about the request.
|
||||||
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
|
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
|
||||||
*/
|
*/
|
||||||
public function get_theme_items_permissions_check( $request ) {
|
public function get_theme_items_permissions_check( $request ) {
|
||||||
/*
|
return $this->get_theme_item_permissions_check( $request );
|
||||||
* Verify if the current user has edit_theme_options capability.
|
|
||||||
* This capability is required to edit/view/delete global styles.
|
|
||||||
*/
|
|
||||||
if ( ! current_user_can( 'edit_theme_options' ) ) {
|
|
||||||
return new WP_Error(
|
|
||||||
'rest_cannot_manage_global_styles',
|
|
||||||
__( 'Sorry, you are not allowed to access the global styles on this site.' ),
|
|
||||||
array(
|
|
||||||
'status' => rest_authorization_required_code(),
|
|
||||||
)
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.7-alpha-59047';
|
$wp_version = '6.7-alpha-59048';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue