[wp-trac] [WordPress Trac] #40383: Comments Controller is not checking permission of Custom Post Type controller class
WordPress Trac
noreply at wordpress.org
Tue Aug 13 17:22:31 UTC 2019
#40383: Comments Controller is not checking permission of Custom Post Type
controller class
--------------------------------------------+------------------------------
Reporter: langan | Owner:
| TimothyBlynJacobs
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Future Release
Component: REST API | Version: 4.7
Severity: normal | Resolution:
Keywords: needs-unit-tests needs-refresh | Focuses:
--------------------------------------------+------------------------------
Comment (by TimothyBlynJacobs):
That'd work. Interestingly, it isn't enforced or documented that the
`rest_controller_class` must extend `WP_REST_Posts_Controller`, just
`WP_REST_Controller`. I don't know if that changes the thinking any.
The different usages of the controller have different requirements, so I
opted to make the `::get_for_post_type` method be as conservative in
possible in what it should return. It matches how
`create_initial_rest_routes` works.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40383#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list