Global Styles: allow read access to users with `edit_posts` capabilities

This patch any role that can edit a post, including custom post types, or edit theme options to read global styles from the API. This enables read-only access to global styles in the post editor. Test coverage in included.

Props ramonopoly, peterwilsoncc, mukesh27, aaronrobertshaw, mamaduka, spacedmonkey, talldanwp, timothyblynjacobs.
Fixes #62042.



Built from https://develop.svn.wordpress.org/trunk@59048


git-svn-id: http://core.svn.wordpress.org/trunk@58444 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ramonopoly 2024-09-18 05:19:14 +00:00
parent 0ec15861c7
commit 840f0fc053
3 changed files with 30 additions and 29 deletions

View File

@ -489,7 +489,7 @@ function create_initial_post_types() {
'revisions_rest_controller_class' => 'WP_REST_Global_Styles_Revisions_Controller', 'revisions_rest_controller_class' => 'WP_REST_Global_Styles_Revisions_Controller',
'late_route_registration' => true, 'late_route_registration' => true,
'capabilities' => array( 'capabilities' => array(
'read' => 'edit_theme_options', 'read' => 'edit_posts',
'create_posts' => 'edit_theme_options', 'create_posts' => 'edit_theme_options',
'edit_posts' => 'edit_theme_options', 'edit_posts' => 'edit_theme_options',
'edit_published_posts' => 'edit_theme_options', 'edit_published_posts' => 'edit_theme_options',

View File

@ -509,18 +509,35 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
* Checks if a given request has access to read a single theme global styles config. * Checks if a given request has access to read a single theme global styles config.
* *
* @since 5.9.0 * @since 5.9.0
* @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
* *
* @param WP_REST_Request $request Full details about the request. * @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
*/ */
public function get_theme_item_permissions_check( $request ) { public function get_theme_item_permissions_check( $request ) {
/* /*
* Verify if the current user has edit_theme_options capability. * Verify if the current user has edit_posts capability.
* This capability is required to edit/view/delete global styles. * This capability is required to view global styles.
*/ */
if ( ! current_user_can( 'edit_theme_options' ) ) { if ( current_user_can( 'edit_posts' ) ) {
return true;
}
foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
if ( current_user_can( $post_type->cap->edit_posts ) ) {
return true;
}
}
/*
* Verify if the current user has edit_theme_options capability.
*/
if ( current_user_can( 'edit_theme_options' ) ) {
return true;
}
return new WP_Error( return new WP_Error(
'rest_cannot_manage_global_styles', 'rest_cannot_read_global_styles',
__( 'Sorry, you are not allowed to access the global styles on this site.' ), __( 'Sorry, you are not allowed to access the global styles on this site.' ),
array( array(
'status' => rest_authorization_required_code(), 'status' => rest_authorization_required_code(),
@ -528,9 +545,6 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
); );
} }
return true;
}
/** /**
* Returns the given theme global styles config. * Returns the given theme global styles config.
* *
@ -589,26 +603,13 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
* Checks if a given request has access to read a single theme global styles config. * Checks if a given request has access to read a single theme global styles config.
* *
* @since 6.0.0 * @since 6.0.0
* @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
* *
* @param WP_REST_Request $request Full details about the request. * @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
*/ */
public function get_theme_items_permissions_check( $request ) { public function get_theme_items_permissions_check( $request ) {
/* return $this->get_theme_item_permissions_check( $request );
* Verify if the current user has edit_theme_options capability.
* This capability is required to edit/view/delete global styles.
*/
if ( ! current_user_can( 'edit_theme_options' ) ) {
return new WP_Error(
'rest_cannot_manage_global_styles',
__( 'Sorry, you are not allowed to access the global styles on this site.' ),
array(
'status' => rest_authorization_required_code(),
)
);
}
return true;
} }
/** /**

View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.7-alpha-59047'; $wp_version = '6.7-alpha-59048';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.