[wp-trac] [WordPress Trac] #42303: REST API: Post status controller has wrong view permission check error message

WordPress Trac noreply at wordpress.org
Sun Oct 22 09:41:20 UTC 2017


#42303: REST API: Post status controller has wrong view permission check error
message
--------------------------+-----------------------------
 Reporter:  schlessera    |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  REST API      |    Version:  4.7
 Severity:  normal        |   Keywords:
  Focuses:  rest-api      |
--------------------------+-----------------------------
 The REST API post status controller has the following code to make a read-
 only permissions check for viewing the post statuses:

 {{{#!php
 <?php
 if ( 'edit' === $request['context'] ) {
    $types = get_post_types( array( 'show_in_rest' => true ), 'objects' );

    foreach ( $types as $type ) {
       if ( current_user_can( $type->cap->edit_posts ) ) {
          return true;
       }
    }
    return new WP_Error( 'rest_cannot_view', __( 'Sorry, you are not
 allowed to edit posts in this post type.' ), array( 'status' =>
 rest_authorization_required_code() ) );
 }
 }}}

 This seems to be left-over copy-pasta from the post types controller.

 I'd suggest sending the following `WP_Error` message instead:
 {{{#!php
 __( 'Sorry, you are not allowed to manage post statuses.' )
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42303>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list