diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php index 87051db58e..b62f6f55a8 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-themes-controller.php @@ -58,15 +58,21 @@ class WP_REST_Themes_Controller extends WP_REST_Controller { * @return true|WP_Error True if the request has read access for the item, otherwise WP_Error object. */ public function get_items_permissions_check( $request ) { - if ( ! is_user_logged_in() || ! current_user_can( 'edit_posts' ) ) { - return new WP_Error( - 'rest_user_cannot_view', - __( 'Sorry, you are not allowed to view themes.' ), - array( 'status' => rest_authorization_required_code() ) - ); + if ( current_user_can( 'edit_posts' ) ) { + return true; } - return true; + foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { + if ( current_user_can( $post_type->cap->edit_posts ) ) { + return true; + } + } + + return new WP_Error( + 'rest_user_cannot_view', + __( 'Sorry, you are not allowed to view themes.' ), + array( 'status' => rest_authorization_required_code() ) + ); } /** diff --git a/wp-includes/version.php b/wp-includes/version.php index 6f08fa7754..9ec2d6e748 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.4-beta2-47360'; +$wp_version = '5.4-beta2-47361'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.