[wp-trac] [WordPress Trac] #38691: REST API: Hide schema/args for site-customized endpoints unless authenticated
WordPress Trac
noreply at wordpress.org
Mon Nov 7 14:59:02 UTC 2016
#38691: REST API: Hide schema/args for site-customized endpoints unless
authenticated
--------------------------+------------------------------
Reporter: jnylen0 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by jnylen0):
1. I'll defer to @rachelbaker for specific examples and rationale behind
hiding them.
2. For settings, I'm thinking the full schema would be shown if
`current_user_can( 'manage_options' )`. Otherwise we would show only the
settings registered by core (which are already public because WP is open
source).
3. This is an option, but it seems better if it's possible to get a
complete and accurate schema when authenticated.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38691#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list