[wp-trac] [WordPress Trac] #56166: get_item_permissions_check

WordPress Trac noreply at wordpress.org
Thu Jul 7 07:27:19 UTC 2022

#56166: get_item_permissions_check
 Reporter:  marijnboekel  |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  REST API      |    Version:  6.0
 Severity:  normal        |   Keywords:
  Focuses:  rest-api      |
 I'm using the REST Api to fetch users. The logged in user should only have
 access to some specific user ID's.

 I'm trying to deny access to certain users by using the {{{user_has_cap}}}
 filter, but cannot get it to work.

 After reading through the code from {{{WP_REST_Users_Controller}}} i found
 that the function {{{get_item_permissions_check}}} uses the AND {{{&&}}}
 operator, while i think it should be OR {{{||}}}? The {{{!
 count_user_posts( $user->ID, $types )}}} is always false (assuming the
 user has posts), so regardless of what i do in the {{{user_has_cap}}}, i
 cannot deny access.


 Perhaps i'm approaching this the wrong way, maybe there is another way to
 achieve what i want?

Ticket URL: <https://core.trac.wordpress.org/ticket/56166>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list