[wp-trac] [WordPress Trac] #54516: Full site editing/REST-API: modify permission checks to use post type.
WordPress Trac
noreply at wordpress.org
Wed Dec 15 18:52:16 UTC 2021
#54516: Full site editing/REST-API: modify permission checks to use post type.
----------------------------+---------------------------
Reporter: peterwilsoncc | Owner: spacedmonkey
Type: task (blessed) | Status: reopened
Priority: normal | Milestone: 5.9
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: rest-api
----------------------------+---------------------------
Comment (by TimothyBlynJacobs):
I'd like to suggest we punt this ticket to 6.0. This code was introduced
in 5.8 not 5.9 so I don't think this is a must solve in this release in
general.
Additionally, there is a lot of complexity to handling this. Because
templates are backed by both posts and files, the REST API controller
needs to do a lot of additional logic checks to be able to determine
whether a template can be edited based on it's type.
Instead, I think we should approach this in 6.0 by introducing specific
meta capabilities like `edit_template` or similar that would handle
whether this is a template backed by a file or by a post object in the
permission handling itself. That way developers will have the full context
available when utilizing the `map_meta_cap` and other filters.
Our REST API controllers can then perform logic like `current_user_can(
'edit_template', 'twentytwentytwo//single' )` instead.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54516#comment:33>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list