[wp-trac] [WordPress Trac] #42999: A Super Admin can have no caps on a /wp/v2/users/me?context=edit REST API request
WordPress Trac
noreply at wordpress.org
Fri Dec 29 18:34:49 UTC 2017
#42999: A Super Admin can have no caps on a /wp/v2/users/me?context=edit REST API
request
--------------------------+-----------------------------
Reporter: imath | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: multisite |
--------------------------+-----------------------------
Hi,
When testing Gutenberg, as it uses the REST API
`/wp/v2/users/me?context=edit` request to get the current user
capabilities I've noticed this request can return an empty object for the
user's capabilities although the current user is a Super Administrator.
Steps to reproduce in a multisite config:
1. log as a super administrator.
2. create a new user from the network administration.
3. create a new site for this created user.
4. Request `/wp/v2/users/me?context=edit` on the newly created site.
I think even if a Super Admin has no role on a given site, as he can
actually perform all the site's administrator actions, the site's
`/wp/v2/users/me?context=edit` request should return the administrator's
capabilities for this Super Admin.
I'm attaching a diff containing my suggestion to fix what i think is an
issue + a unit test.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42999>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list