[wp-trac] [WordPress Trac] #45252: Reconsider the `context` argument in REST API calls
WordPress Trac
noreply at wordpress.org
Thu Nov 1 12:20:51 UTC 2018
#45252: Reconsider the `context` argument in REST API calls
-------------------------+-----------------------------
Reporter: youknowriad | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: rest-api |
-------------------------+-----------------------------
When creating an abstraction on top of the REST API, the line is often
blurry between `edit` context and `view` context.
This issue is made visible in
https://github.com/WordPress/gutenberg/issues/11335
The data module of Gutenberg is an abstraction layer allowing the consumer
(logged-in users) to fetch WordPress data organized in entities (posts,
taxonomies, ...). Each entity in the abstraction layer has a well-defined
"format". At the moment, this format is defined by the returned value of
the REST API in the `edit` context. This makes it impossible for users
that don't have access to the `edit` context to use the data layer because
conceptually the data layer is not a layer on top of the REST API, it uses
the REST API as just an implementation detail, it's a layer to retrieve
WordPress data.
So while I think we should rethink if we need the `context` argument
entirely, I propose to do this iteratively and not change everything at
the moment.
Can we consider this?
- Instead of returning 403 when users don't have access to the `edit`
context, consider returning 200 but limiting the returned fields to the
fields the current user has access to.
An argument for context could be to limit the size of the response or the
time spent to compute all the fields, for me this is redundant with
`_fields` and we shouldn't mix both use-cases: Security and Performance.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45252>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list