mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-04-13 00:22:52 +02:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

REST API: Add the $request parameter to methods checking permissions.

Browse Source 
This adds the `$request` parameter to the permissions_check() methods within `WP_REST_Widgets_Controller` and adds $request as an allowed parameter to the `permissions_check()` method within `WP_REST_Templates_Controller`.

Even when this parameter is not used by default, it should be implemented to support the class being extended and the method overridden.

Props johnbillion, timothyblynjacobs.
Merges [51349] to the 5.8 branch.
Fixes #53593.

git-svn-id: https://develop.svn.wordpress.org/branches/5.8@51350 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jonathan Desrosiers 2021-07-06 15:55:02 +00:00
parent 4ea1800d11
commit 6a2506680b
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php
View File

@ -109,9 +109,10 @@ class WP_REST_Templates_Controller extends WP_REST_Controller {
*
* @since 5.8.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
protected function permissions_check() {
protected function permissions_check( $request ) {
// Verify if the current user has edit_theme_options capability.
// This capability is required to edit/view/delete templates.
if ( ! current_user_can( 'edit_theme_options' ) ) {

13
src/wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php
View File

@ -97,7 +97,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_items_permissions_check( $request ) {
return $this->permissions_check();
return $this->permissions_check( $request );
}
/**
@ -139,7 +139,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function get_item_permissions_check( $request ) {
return $this->permissions_check();
return $this->permissions_check( $request );
}
/**
@ -176,7 +176,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function create_item_permissions_check( $request ) {
return $this->permissions_check();
return $this->permissions_check( $request );
}
/**
@ -220,7 +220,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function update_item_permissions_check( $request ) {
return $this->permissions_check();
return $this->permissions_check( $request );
}
/**
@ -283,7 +283,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/
public function delete_item_permissions_check( $request ) {
return $this->permissions_check();
return $this->permissions_check( $request );
}
/**
@ -398,9 +398,10 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
*
* @since 5.8.0
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error
*/
protected function permissions_check() {
protected function permissions_check( $request ) {
if ( ! current_user_can( 'edit_theme_options' ) ) {
return new WP_Error(
'rest_cannot_manage_widgets',