[wp-trac] [WordPress Trac] #56166: get_item_permissions_check
WordPress Trac
noreply at wordpress.org
Thu Jul 7 08:07:23 UTC 2022
#56166: get_item_permissions_check
--------------------------+------------------------------
Reporter: marijnboekel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 6.0
Severity: normal | Resolution:
Keywords: | Focuses: rest-api
--------------------------+------------------------------
Comment (by christinavoudouris):
Hey, I looked up the users endpoint in the docs, and you can include or
exclude users by ID:
https://developer.wordpress.org/rest-api/reference/users/#list-users
I haven't tried it with users specifically, but I know you can also do the
same thing with posts and pages. I think that may work for you?
Replying to [ticket:56166 marijnboekel]:
> I'm using the REST Api to fetch users. The logged in user should only
have access to some specific user ID's.
>
> I'm trying to deny access to certain users by using the
{{{user_has_cap}}} filter, but cannot get it to work.
>
> After reading through the code from {{{WP_REST_Users_Controller}}} i
found that the function {{{get_item_permissions_check}}} uses the AND
{{{&&}}} operator, while i think it should be OR {{{||}}}? The {{{!
count_user_posts( $user->ID, $types )}}} is always false (assuming the
user has posts), so regardless of what i do in the {{{user_has_cap}}}, i
cannot deny access.
>
> https://github.com/WordPress/wordpress-develop/blob/6.0/src/wp-includes
/rest-api/endpoints/class-wp-rest-users-controller.php#L445
>
>
> Perhaps i'm approaching this the wrong way, maybe there is another way
to achieve what i want?
>
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56166#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list