[wp-trac] [WordPress Trac] #40878: Adding menus route
WordPress Trac
noreply at wordpress.org
Sun Nov 7 22:23:30 UTC 2021
#40878: Adding menus route
-------------------------------------------------+-------------------------
Reporter: dingo_d | Owner:
| spacedmonkey
Type: task (blessed) | Status: assigned
Priority: high | Milestone: 5.9
Component: REST API | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs-dev- | Focuses: rest-api
note |
-------------------------------------------------+-------------------------
Comment (by TimothyBlynJacobs):
While working on the merge we identified an issue with how permission
checks are implemented. Users should need access to `edit_theme_options`
in order to edit menu items. However, since the controllers extend the
native `WP_REST_Posts_Controller` and `WP_REST_Terms_Controller`, the post
type and taxonomy capability APIs ended up being used instead.
To fix this, we can either override all the permission checks in the API
controllers to solely check `edit_theme_options`, or we can instead
continue using the existing capability APIs, but properly set the
`nav_menu` taxonomy and `nav_menu_item` CPT to have their `capabilities`
set to `edit_them_options`.
In discussion with @spacedmonkey and @peterwilsoncc, we decided that this
latter approach is ideal. It makes proper use of the APIs and allows
developers the most flexibility in adapting the permission checks for
their needs.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40878#comment:64>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list