vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-04-10 15:44:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

REST API: Enable users with read_private_posts to query for them.

Browse Source 
An authorized request with the read_private_posts capability for a post type should be able to GET /wp/v2/posts for posts of status=private. This query is further sanity-checked by WP_REST_Posts_Controller->check_read_permission(), which is unchanged.

Props rachelbaker, soulseekah, twoelevenjay.

Moves [43694] from the 5.0 branch to trunk.

Fixes #43701.

git-svn-id: https://develop.svn.wordpress.org/trunk@43979 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Jonathan Desrosiers
2018-12-11 22:29:36 +00:00
parent f173141c5b
commit c0e80b028a
3 changed files with 66 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
View File

@@ -2509,7 +2509,7 @@ class WP_REST_Posts_Controller extends WP_REST_Controller {
$post_type_obj = get_post_type_object( $this->post_type );
if ( current_user_can( $post_type_obj->cap->edit_posts ) ) {
if ( current_user_can( $post_type_obj->cap->edit_posts ) || 'private' === $status && current_user_can( $post_type_obj->cap->read_private_posts ) ) {
$result = rest_validate_request_arg( $status, $request, $parameter );
if ( is_wp_error( $result ) ) {
return $result;