Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-14 22:56:19 +01:00
Code Issues Projects Releases Wiki Activity

REST API: Add the $request parameter to methods checking permissions.

Browse Source 
This adds the `$request` parameter to the permissions_check() methods within `WP_REST_Widgets_Controller` and adds $request as an allowed parameter to the `permissions_check()` method within `WP_REST_Templates_Controller`.

Even when this parameter is not used by default, it should be implemented to support the class being extended and the method overridden.

Props johnbillion, timothyblynjacobs.
Merges [51349] to the 5.8 branch.
Fixes #53593.
Built from https://develop.svn.wordpress.org/branches/5.8@51350


git-svn-id: http://core.svn.wordpress.org/branches/5.8@50959 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
desrosj 2021-07-06 15:56:59 +00:00
parent c58dfa9dfe
commit 636f00b5f2
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php
View File

@ -109,9 +109,10 @@ class WP_REST_Templates_Controller extends WP_REST_Controller {
* *
* @since 5.8.0 * @since 5.8.0
* *
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
protected function permissions_check() { protected function permissions_check( $request ) {
// Verify if the current user has edit_theme_options capability. // Verify if the current user has edit_theme_options capability.
// This capability is required to edit/view/delete templates. // This capability is required to edit/view/delete templates.
if ( ! current_user_can( 'edit_theme_options' ) ) { if ( ! current_user_can( 'edit_theme_options' ) ) {

13
wp-includes/rest-api/endpoints/class-wp-rest-widgets-controller.php
View File

@ -97,7 +97,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function get_items_permissions_check( $request ) { public function get_items_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -139,7 +139,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function get_item_permissions_check( $request ) { public function get_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -176,7 +176,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function create_item_permissions_check( $request ) { public function create_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -220,7 +220,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function update_item_permissions_check( $request ) { public function update_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -283,7 +283,7 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* @return true|WP_Error True if the request has read access, WP_Error object otherwise. * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
*/ */
public function delete_item_permissions_check( $request ) { public function delete_item_permissions_check( $request ) {
return $this->permissions_check(); return $this->permissions_check( $request );
} }
/** /**
@ -398,9 +398,10 @@ class WP_REST_Widgets_Controller extends WP_REST_Controller {
* *
* @since 5.8.0 * @since 5.8.0
* *
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error * @return true|WP_Error
*/ */
protected function permissions_check() { protected function permissions_check( $request ) {
if ( ! current_user_can( 'edit_theme_options' ) ) { if ( ! current_user_can( 'edit_theme_options' ) ) {
return new WP_Error( return new WP_Error(
'rest_cannot_manage_widgets', 'rest_cannot_manage_widgets',

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.8-RC1-51347'; $wp_version = '5.8-RC1-51350';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.