[wp-trac] [WordPress Trac] #44287: REST API: Declare user capability to perform actions using JSON Hyper Schema `targetSchema`

WordPress Trac noreply at wordpress.org
Thu May 31 23:54:14 UTC 2018 

#44287: REST API: Declare user capability to perform actions using JSON Hyper
Schema `targetSchema`
-----------------------------+------------------------------------------
 Reporter:  danielbachhuber  |      Owner:  (none)
     Type:  enhancement      |     Status:  new
 Priority:  normal           |  Milestone:  4.9.8
Component:  Role/Capability  |    Version:
 Severity:  normal           |   Keywords:  needs-patch needs-unit-tests
  Focuses:  rest-api         |
-----------------------------+------------------------------------------
 There are a variety of operations a WordPress user can only perform if
 they have the correct capabilities. For instance, a WordPress who can
 create posts can only change authors on the post if they have the
 `edit_others_posts` capability.

 A REST API client should only display UI for one of these operations if
 the WordPress user can perform the action. Only editors should see the
 author dropdown, not authors.

 However, user capabilities are evaluated at runtime. The result of
 `current_user_can()` can be modified by the `map_meta_cap` and `user_can`
 filters. This means we can't expose capabilities directly, but instead
 need to expose their computed value.

 Fortunately, JSON Hyper Schema `targetSchema` provides a language for us
 to communicate this information. To resolve this issue, we'll need to
 commit a patch prepared from the following pull requests:

 * [https://github.com/WordPress/gutenberg/pull/6529 Use `targetSchema` of
 JSON Hyper Schema to communicate sticky action]
 * [https://github.com/WordPress/gutenberg/pull/6630 Use `wp:action-assign-
 author` to indicate if user can assign authors]
 * [https://github.com/WordPress/gutenberg/pull/6670 Introduce `wp:action-
 publish`; update corresponding UI to reference]
 * [https://github.com/WordPress/gutenberg/pull/6761 Ensure contributors
 can create tags and manage categories]

 From [https://github.com/WordPress/gutenberg/issues/6361 Avoid direct use
 of user capabilities in client-side code]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44287>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list