REST API: Enable users with read_private_posts to query for them.

An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.

Props rachelbaker, soulseekah, twoelevenjay.

Moves [43694] from the 5.0 branch to trunk.

Fixes #43701.
Built from https://develop.svn.wordpress.org/trunk@43979


git-svn-id: http://core.svn.wordpress.org/trunk@43811 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-includes/rest-api.php

@@ -990,7 +990,7 @@ function rest_sanitize_boolean( $value ) {
 	}
 
 	// Everything else will map nicely to boolean.
-	return (boolean) $value;
+	return (bool) $value;
 }
 
 /**

wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php

@@ -2509,7 +2509,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
 
 			$post_type_obj = get_post_type_object( $this->post_type );
 
-			if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
+			if ( current_user_can( $post_type_obj->cap->edit_posts ) || 'private' === $status && current_user_can( $post_type_obj->cap->read_private_posts ) ) {
 				$result = rest_validate_request_arg( $status, $request, $parameter );
 				if ( is_wp_error( $result ) ) {
 					return $result;

wp-includes/version.php

@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.1-alpha-43978';
+$wp_version = '5.1-alpha-43979';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.