[wp-trac] [WordPress Trac] #43681: Incorrect HTTP status code in 'posts' query.
WordPress Trac
noreply at wordpress.org
Fri Jun 20 00:21:02 UTC 2025
#43681: Incorrect HTTP status code in 'posts' query.
-------------------------------------------------+-------------------------
Reporter: demitrimuna | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future
| Release
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests has-test- | Focuses: rest-api
info needs-testing |
-------------------------------------------------+-------------------------
Changes (by SirLouen):
* keywords: has-patch has-unit-tests has-test-info => has-patch has-unit-
tests has-test-info needs-testing
Comment:
I've improved the previous patch. It was not accounting for users with
`read_private_posts` capability checking for private posts. Those were
failing because it was only checking for `edit_post` capability.
Now all tests are passing with the refreshed patch, so its time to move
into testing.
== More Testing Instructions
1. Create a user, add read_private_posts capability to that user and try
to read all posts with status `private`.
2. Then try to read all posts with a regular user with the status
`private`. It should return 403, instead of 400.
3. Try to read with the user with capability `read_private_posts` posts
with status `draft`. It should return 403 instead of 400
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43681#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list