Correctly handles posts with the inherit status.
| public check_read_permission ( object $post ) : boolean | ||
| $post | object | Post object. |
| Результат | boolean | Whether the post can be read. |
/**
* Check if a given request has access to delete meta for a post.
*
* @param WP_REST_Request $request Full details about the request.
* @return WP_Error|boolean
*/
public function delete_item_permissions_check($request)
{
$parent = get_post((int) $request['parent_id']);
if (empty($parent) || empty($parent->ID)) {
return new WP_Error('rest_post_invalid_id', __('Invalid post id.'), array('status' => 404));
}
if (!$this->parent_controller->check_read_permission($parent)) {
return new WP_Error('rest_forbidden', __('Sorry, you cannot view this post.'), array('status' => rest_authorization_required_code()));
}
$post_type = get_post_type_object($parent->post_type);
if (!current_user_can($post_type->cap->delete_post, $parent->ID)) {
return new WP_Error('rest_forbidden', __('Sorry, you cannot delete the meta for this post.'), array('status' => rest_authorization_required_code()));
}
return true;
}
/**
* Check if we can read a post.
*
* Correctly handles posts with the inherit status.
*
* @param WP_Post $post Post Object.
* @return boolean Can we read it?
*/
protected function check_read_post_permission($post)
{
$posts_controller = new WP_REST_Posts_Controller($post->post_type);
return $posts_controller->check_read_permission($post);
}
/**
* Restrict read permission to whether the user can edit.
*
* @param \WP_Post $post Post object.
* @return boolean Can we read it?
*/
public function check_read_permission($post)
{
$post_type_obj = get_post_type_object('customize_snapshot');
if (!current_user_can($post_type_obj->cap->edit_post, $post->ID)) {
return false;
}
return current_user_can('customize') && parent::check_read_permission($post);
}
/**
* Checks if the post can be read.
*
* Correctly handles posts with the inherit status.
*
* @since 4.7.0
* @access protected
*
* @param WP_Post $post Post object.
* @param WP_REST_Request $request Request data to check.
* @return bool Whether post can be read.
*/
protected function check_read_post_permission($post, $request)
{
$posts_controller = new WP_REST_Posts_Controller($post->post_type);
$post_type = get_post_type_object($post->post_type);
$has_password_filter = false;
// Only check password if a specific post was queried for or a single comment
$requested_post = !empty($request['post']) && 1 === count($request['post']);
$requested_comment = !empty($request['id']);
if (($requested_post || $requested_comment) && $posts_controller->can_access_password_content($post, $request)) {
add_filter('post_password_required', '__return_false');
$has_password_filter = true;
}
if (post_password_required($post)) {
$result = current_user_can($post_type->cap->edit_post, $post->ID);
} else {
$result = $posts_controller->check_read_permission($post);
}
if ($has_password_filter) {
remove_filter('post_password_required', '__return_false');
}
return $result;
}
