[wp-trac] [WordPress Trac] #56166: get_item_permissions_check

WordPress Trac noreply at wordpress.org
Thu Jul 7 08:07:23 UTC 2022

#56166: get_item_permissions_check
 Reporter:  marijnboekel  |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  REST API      |     Version:  6.0
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:  rest-api

Comment (by christinavoudouris):

 Hey, I looked up the users endpoint in the docs, and you can include or
 exclude users by ID:

 I haven't tried it with users specifically, but I know you can also do the
 same thing with posts and pages. I think that may work for you?

 Replying to [ticket:56166 marijnboekel]:
 > I'm using the REST Api to fetch users. The logged in user should only
 have access to some specific user ID's.
 > I'm trying to deny access to certain users by using the
 {{{user_has_cap}}} filter, but cannot get it to work.
 > After reading through the code from {{{WP_REST_Users_Controller}}} i
 found that the function {{{get_item_permissions_check}}} uses the AND
 {{{&&}}} operator, while i think it should be OR {{{||}}}? The {{{!
 count_user_posts( $user->ID, $types )}}} is always false (assuming the
 user has posts), so regardless of what i do in the {{{user_has_cap}}}, i
 cannot deny access.
 > https://github.com/WordPress/wordpress-develop/blob/6.0/src/wp-includes
 > Perhaps i'm approaching this the wrong way, maybe there is another way
 to achieve what i want?

Ticket URL: <https://core.trac.wordpress.org/ticket/56166#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list