Changeset 58227
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php
r58079 r58227 237 237 * 238 238 * @since 5.8.0 239 239 240 * 240 241 * @param WP_REST_Request $request Full details about the request. … … 242 243 */ 243 244 public function get_items_permissions_check( $request ) { 244 return $this->permissions_check( $request ); 245 if ( current_user_can( 'edit_posts' ) ) { 246 return true; 247 } 248 foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { 249 if ( current_user_can( $post_type->cap->edit_posts ) ) { 250 return true; 251 } 252 } 253 254 return new WP_Error( 255 'rest_cannot_manage_templates', 256 __( 'Sorry, you are not allowed to access the templates on this site.', 'default' ), 257 array( 258 'status' => rest_authorization_required_code(), 259 ) 260 ); 245 261 } 246 262 … … 278 294 * 279 295 * @since 5.8.0 296 280 297 * 281 298 * @param WP_REST_Request $request Full details about the request. … … 283 300 */ 284 301 public function get_item_permissions_check( $request ) { 285 return $this->permissions_check( $request ); 302 if ( current_user_can( 'edit_posts' ) ) { 303 return true; 304 } 305 foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { 306 if ( current_user_can( $post_type->cap->edit_posts ) ) { 307 return true; 308 } 309 } 310 311 return new WP_Error( 312 'rest_cannot_manage_templates', 313 __( 'Sorry, you are not allowed to access the templates on this site.', 'default' ), 314 array( 315 'status' => rest_authorization_required_code(), 316 ) 317 ); 286 318 } 287 319 -
trunk/tests/phpunit/tests/rest-api/wpRestTemplatesController.php
r58079 r58227 15 15 */ 16 16 protected static $admin_id; 17 18 17 19 private static $template_post; 18 20 private static $template_part_post; … … 24 26 */ 25 27 public static function wpSetupBeforeClass( $factory ) { 26 self::$admin_id = $factory->user->create(28 self::$admin_id = $factory->user->create( 27 29 array( 28 30 'role' => 'administrator', 31 32 33 34 35 36 37 38 39 40 29 41 ) 30 42 ); … … 167 179 * @covers WP_REST_Templates_Controller::get_items 168 180 */ 169 public function test_get_items_ no_permission() {170 wp_set_current_user( 0);181 public function test_get_items_() { 182 wp_set_current_user( ); 171 183 $request = new WP_REST_Request( 'GET', '/wp/v2/templates' ); 172 184 $response = rest_get_server()->dispatch( $request ); 173 $this->assertErrorResponse( 'rest_cannot_manage_templates', $response, 401 ); 174 } 175 176 /** 177 * @covers WP_REST_Templates_Controller::get_item 178 */ 179 public function test_get_item() { 180 wp_set_current_user( self::$admin_id ); 181 $request = new WP_REST_Request( 'GET', '/wp/v2/templates/default//my_template' ); 182 $response = rest_get_server()->dispatch( $request ); 183 $data = $response->get_data(); 184 unset( $data['content'] ); 185 unset( $data['_links'] ); 185 $data = $response->get_data(); 186 186 187 187 $this->assertSame( … … 207 207 'original_source' => 'site', 208 208 ), 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 209 266 $data 210 267 ); 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 211 316 } 212 317
Note: See TracChangeset
for help on using the changeset viewer.