[wp-trac] [WordPress Trac] #54516: Full site editing/REST-API: modify permission checks to use post type.
WordPress Trac
noreply at wordpress.org
Tue Feb 22 06:03:13 UTC 2022
#54516: Full site editing/REST-API: modify permission checks to use post type.
----------------------------+---------------------------
Reporter: peterwilsoncc | Owner: spacedmonkey
Type: task (blessed) | Status: reopened
Priority: normal | Milestone: 6.0
Component: REST API | Version: 5.9
Severity: normal | Resolution:
Keywords: has-patch | Focuses: rest-api
----------------------------+---------------------------
Comment (by manfcarlo):
Replying to [comment:33 TimothyBlynJacobs]:
> Instead, I think we should approach this in 6.0 by introducing specific
meta capabilities like `edit_template` or similar that would handle
whether this is a template backed by a file or by a post object in the
permission handling itself. That way developers will have the full context
available when utilizing the `map_meta_cap` and other filters.
>
> Our REST API controllers can then perform logic like `current_user_can(
'edit_template', 'twentytwentytwo//single' )` instead.
Here is a suggested implementation. There appear to be two test failures,
one is just stating that the new meta capabilities don't have their own
tests yet, the other I believe is happening because the permission check
is failing when the delete method is called on a non-existing template.
Not sure what is the best way to handle that.
Another limitation I can see is
[https://github.com/WordPress/gutenberg/issues/37126 the example code in
this issue] would still not work, due to the `map_meta_cap` filter
ultimately being applied to `edit_template` rather than `edit_post`. This
may not be a problem if it is understood that `edit_post` should not be
used for templates, but again, thoughts are welcome.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54516#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list