diff options
Diffstat (limited to 'wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php')
| -rw-r--r-- | wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php index 1c2a769..cbf0ee0 100644 --- a/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php +++ b/wp-includes/rest-api/endpoints/class-wp-rest-templates-controller.php @@ -236,12 +236,28 @@ class WP_REST_Templates_Controller extends WP_REST_Controller { * Checks if a given request has access to read templates. * * @since 5.8.0 + * @since 6.6.0 Allow users with edit_posts capability to read templates. * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_items_permissions_check( $request ) { - return $this->permissions_check( $request ); + if ( current_user_can( 'edit_posts' ) ) { + return true; + } + foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { + if ( current_user_can( $post_type->cap->edit_posts ) ) { + return true; + } + } + + return new WP_Error( + 'rest_cannot_manage_templates', + __( 'Sorry, you are not allowed to access the templates on this site.' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); } /** @@ -277,12 +293,28 @@ class WP_REST_Templates_Controller extends WP_REST_Controller { * Checks if a given request has access to read a single template. * * @since 5.8.0 + * @since 6.6.0 Allow users with edit_posts capability to read individual templates. * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. */ public function get_item_permissions_check( $request ) { - return $this->permissions_check( $request ); + if ( current_user_can( 'edit_posts' ) ) { + return true; + } + foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { + if ( current_user_can( $post_type->cap->edit_posts ) ) { + return true; + } + } + + return new WP_Error( + 'rest_cannot_manage_templates', + __( 'Sorry, you are not allowed to access the templates on this site.' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); } /** @@ -636,6 +668,12 @@ class WP_REST_Templates_Controller extends WP_REST_Controller { * @return WP_REST_Response Response object. */ public function prepare_item_for_response( $item, $request ) { + // Resolve pattern blocks so they don't need to be resolved client-side + // in the editor, improving performance. + $blocks = parse_blocks( $item->content ); + $blocks = resolve_pattern_blocks( $blocks ); + $item->content = serialize_blocks( $blocks ); + // Restores the more descriptive, specific name for use within this method. $template = $item; |