[wp-trac] [WordPress Trac] #57829: Post "Read" Capability for Rest API
WordPress Trac
noreply at wordpress.org
Wed Mar 1 00:56:55 UTC 2023
#57829: Post "Read" Capability for Rest API
-------------------------+-----------------------------
Reporter: juvodesign | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
Posttypes with the public attribute set to false are still queryable
through the rest api. Since it seems there is no other capability to check
for a general read permission of posts and the 'show_in_rest' attribute is
needed for the block editor and to make the post queryable by
authenticated users, i think it makes sense to either introduce said
"read_post" capability or to make rest api requests only query editable
posts when the posttype has public set to false.
Not having the option to have a non-public posttypes and the rest api
enabled at the same time without any further workaround seems unintuitive
to me.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57829>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list