[wp-trac] [WordPress Trac] #45098: Introduce WP_REST_Block_Renderer_Controller and WP_REST_Blocks_Controller classes

WordPress Trac noreply at wordpress.org
Wed Oct 24 23:07:51 UTC 2018 

#45098: Introduce WP_REST_Block_Renderer_Controller and WP_REST_Blocks_Controller
classes
------------------------------------------------+-----------------------
 Reporter:  danielbachhuber                     |       Owner:  desrosj
     Type:  task (blessed)                      |      Status:  assigned
 Priority:  normal                              |   Milestone:  5.0
Component:  REST API                            |     Version:
 Severity:  normal                              |  Resolution:
 Keywords:  has-patch has-unit-tests fixed-5.0  |     Focuses:  rest-api
------------------------------------------------+-----------------------

Comment (by peterwilsoncc):

 I've found an error when an author or contributor attempts to reuse a
 block created by another user.

 When inserting a block, the author can read others blocks and it inserts
 correctly.

 When the author attempts to go back and edit their post, the attempts to
 fetch the blocks in the `edit` context, preventing any user without the
 `edit_others_posts` permission to see the error "Block has been deleted or
 is unavailable."

 To reproduce:

 1. Create two users, `user1` (any role) and `user2` (author role)
 1. Log in as `user1` and create a reusable block
 1. Log in as `user2` and create a post using `user1`'s block
 1. The block renders correctly.
 1. Save the post and refresh the edit screen.
 1. The block fails to render and displays the error "Block has been
 deleted or is unavailable."

 Note: This happens with the current version and in my proposed patch.

 ---

 In [attachment:"45098.5.diff"], I've modified the permissions to use those
 as originally used by the feature plugin to account for custom roles and
 capabilities.

 The meta cap changes are no longer required as the primitive caps exist
 and the `edit_post` and other default meta caps map to the post types
 primitive.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45098#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list