diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php index 9720a20945..0af4ec4e97 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-taxonomies-controller.php @@ -80,7 +80,7 @@ class WP_REST_Taxonomies_Controller extends WP_REST_Controller { $taxonomies = get_taxonomies( '', 'objects' ); } foreach ( $taxonomies as $taxonomy ) { - if ( ! empty( $taxonomy->show_in_rest ) && current_user_can( $taxonomy->cap->manage_terms ) ) { + if ( ! empty( $taxonomy->show_in_rest ) && current_user_can( $taxonomy->cap->assign_terms ) ) { return true; } } @@ -109,7 +109,7 @@ class WP_REST_Taxonomies_Controller extends WP_REST_Controller { } $data = array(); foreach ( $taxonomies as $tax_type => $value ) { - if ( empty( $value->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $value->cap->manage_terms ) ) ) { + if ( empty( $value->show_in_rest ) || ( 'edit' === $request['context'] && ! current_user_can( $value->cap->assign_terms ) ) ) { continue; } $tax = $this->prepare_item_for_response( $value, $request ); @@ -141,7 +141,7 @@ class WP_REST_Taxonomies_Controller extends WP_REST_Controller { if ( empty( $tax_obj->show_in_rest ) ) { return false; } - if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->manage_terms ) ) { + if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->assign_terms ) ) { return new WP_Error( 'rest_forbidden_context', __( 'Sorry, you are not allowed to manage terms in this taxonomy.' ), array( 'status' => rest_authorization_required_code() ) ); } } diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php index 477df8ba48..3342742b93 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php @@ -376,7 +376,10 @@ class WP_REST_Terms_Controller extends WP_REST_Controller { } $taxonomy_obj = get_taxonomy( $this->taxonomy ); - if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) { + if ( ( is_taxonomy_hierarchical( $this->taxonomy ) + && ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) + || ( ! is_taxonomy_hierarchical( $this->taxonomy ) + && ! current_user_can( $taxonomy_obj->cap->assign_terms ) ) ) { return new WP_Error( 'rest_cannot_create', __( 'Sorry, you are not allowed to create new terms.' ), array( 'status' => rest_authorization_required_code() ) ); } diff --git a/wp-includes/version.php b/wp-includes/version.php index ad72c1e2a9..d259ef2283 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.9.8-alpha-43442'; +$wp_version = '4.9.8-alpha-43443'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.