[wp-trac] [WordPress Trac] #42303: REST API: Post status controller has wrong view permission check error message
WordPress Trac
noreply at wordpress.org
Sun Oct 22 09:41:20 UTC 2017
#42303: REST API: Post status controller has wrong view permission check error
message
--------------------------+-----------------------------
Reporter: schlessera | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.7
Severity: normal | Keywords:
Focuses: rest-api |
--------------------------+-----------------------------
The REST API post status controller has the following code to make a read-
only permissions check for viewing the post statuses:
{{{#!php
<?php
if ( 'edit' === $request['context'] ) {
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
foreach ( $types as $type ) {
if ( current_user_can( $type->cap->edit_posts ) ) {
return true;
}
}
return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not
allowed to edit posts in this post type.' ), array( 'status' =>
rest_authorization_required_code() ) );
}
}}}
This seems to be left-over copy-pasta from the post types controller.
I'd suggest sending the following `WP_Error` message instead:
{{{#!php
__( 'Sorry, you are not allowed to manage post statuses.' )
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42303>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list