[wp-trac] [WordPress Trac] #54516: Full site editing/REST-API: modify permission checks to use post type.
WordPress Trac
noreply at wordpress.org
Thu Nov 25 23:39:15 UTC 2021
#54516: Full site editing/REST-API: modify permission checks to use post type.
---------------------------+-------------------------
Reporter: peterwilsoncc | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.9
Component: REST API | Version: trunk
Severity: normal | Keywords: needs-patch
Focuses: rest-api |
---------------------------+-------------------------
The new `wp_global_styles` post type is registered to use
`edit_theme_options` in the capability settings.
The `WP_REST_Global_Styles_Controller` class's permission checks methods
use the capability in a hard coded form rather than using
`$post_type->cap->edit_posts`, etc, for the primitives and `edit_post,
$post_id` for the meta caps.
To allow theme and plugin developers to modify the capability used for
editing global styles via a filter, it would be good to defer to the post
types setting. At the moment, such code would cause a conflict between the
permission checks in the API and those in `wp_insert_post()`.
I'll put this on the 5.9 milestone for visibility as the endpoint was
introduced during the current cycle.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54516>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list