[wp-trac] [WordPress Trac] #56166: get_item_permissions_check
WordPress Trac
noreply at wordpress.org
Thu Jul 7 07:27:19 UTC 2022
#56166: get_item_permissions_check
--------------------------+-----------------------------
Reporter: marijnboekel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 6.0
Severity: normal | Keywords:
Focuses: rest-api |
--------------------------+-----------------------------
I'm using the REST Api to fetch users. The logged in user should only have
access to some specific user ID's.
I'm trying to deny access to certain users by using the {{{user_has_cap}}}
filter, but cannot get it to work.
After reading through the code from {{{WP_REST_Users_Controller}}} i found
that the function {{{get_item_permissions_check}}} uses the AND {{{&&}}}
operator, while i think it should be OR {{{||}}}? The {{{!
count_user_posts( $user->ID, $types )}}} is always false (assuming the
user has posts), so regardless of what i do in the {{{user_has_cap}}}, i
cannot deny access.
https://github.com/WordPress/wordpress-develop/blob/6.0/src/wp-includes
/rest-api/endpoints/class-wp-rest-users-controller.php#L445
Perhaps i'm approaching this the wrong way, maybe there is another way to
achieve what i want?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56166>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list