Correctly handles posts with the inherit status.
public check_read_permission ( object $post ) : boolean | ||
$post | object | Post object. |
Résultat | boolean | Whether the post can be read. |
/** * Check if a given request has access to delete meta for a post. * * @param WP_REST_Request $request Full details about the request. * @return WP_Error|boolean */ public function delete_item_permissions_check($request) { $parent = get_post((int) $request['parent_id']); if (empty($parent) || empty($parent->ID)) { return new WP_Error('rest_post_invalid_id', __('Invalid post id.'), array('status' => 404)); } if (!$this->parent_controller->check_read_permission($parent)) { return new WP_Error('rest_forbidden', __('Sorry, you cannot view this post.'), array('status' => rest_authorization_required_code())); } $post_type = get_post_type_object($parent->post_type); if (!current_user_can($post_type->cap->delete_post, $parent->ID)) { return new WP_Error('rest_forbidden', __('Sorry, you cannot delete the meta for this post.'), array('status' => rest_authorization_required_code())); } return true; }
/** * Check if we can read a post. * * Correctly handles posts with the inherit status. * * @param WP_Post $post Post Object. * @return boolean Can we read it? */ protected function check_read_post_permission($post) { $posts_controller = new WP_REST_Posts_Controller($post->post_type); return $posts_controller->check_read_permission($post); }
/** * Restrict read permission to whether the user can edit. * * @param \WP_Post $post Post object. * @return boolean Can we read it? */ public function check_read_permission($post) { $post_type_obj = get_post_type_object('customize_snapshot'); if (!current_user_can($post_type_obj->cap->edit_post, $post->ID)) { return false; } return current_user_can('customize') && parent::check_read_permission($post); }
/** * Checks if the post can be read. * * Correctly handles posts with the inherit status. * * @since 4.7.0 * @access protected * * @param WP_Post $post Post object. * @param WP_REST_Request $request Request data to check. * @return bool Whether post can be read. */ protected function check_read_post_permission($post, $request) { $posts_controller = new WP_REST_Posts_Controller($post->post_type); $post_type = get_post_type_object($post->post_type); $has_password_filter = false; // Only check password if a specific post was queried for or a single comment $requested_post = !empty($request['post']) && 1 === count($request['post']); $requested_comment = !empty($request['id']); if (($requested_post || $requested_comment) && $posts_controller->can_access_password_content($post, $request)) { add_filter('post_password_required', '__return_false'); $has_password_filter = true; } if (post_password_required($post)) { $result = current_user_can($post_type->cap->edit_post, $post->ID); } else { $result = $posts_controller->check_read_permission($post); } if ($has_password_filter) { remove_filter('post_password_required', '__return_false'); } return $result; }