Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix permissions typo 

Part of #4055
This commit is contained in:
Max Rice 2013-11-23 14:32:22 -05:00
parent 1ce5a71f3d
commit 5bb8c9daef
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/api/class-wc-api-orders.php
View File

@ -266,7 +266,7 @@ class WC_API_Orders extends WC_API_Resource {
*/ */
public function edit_order( $id, $data ) { public function edit_order( $id, $data ) {
$id = $this->validate_request( $id, 'shop_order', 'write' ); $id = $this->validate_request( $id, 'shop_order', 'edit' );
if ( is_wp_error( $id ) ) if ( is_wp_error( $id ) )
return $id; return $id;

14
includes/api/class-wc-api-resource.php
View File

@ -73,10 +73,10 @@ class WC_API_Resource {
// only custom post types have per-post type/permission checks // only custom post types have per-post type/permission checks
if ( 'customer' !== $type ) { if ( 'customer' !== $type ) {
$post = get_post( $id, ARRAY_A ); $post = get_post( $id );
// for checking permissions, product variations are the same as the product post type // for checking permissions, product variations are the same as the product post type
$post_type = ( 'product_variation' === $post['post_type'] ) ? 'product' : $post['post_type']; $post_type = ( 'product_variation' === $post->post_type ) ? 'product' : $post->post_type;
// validate post type // validate post type
if ( $type !== $post_type ) if ( $type !== $post_type )
@ -376,21 +376,21 @@ class WC_API_Resource {
private function check_permission( $post, $context ) { private function check_permission( $post, $context ) {
if ( ! is_a( $post, 'WP_Post' ) ) if ( ! is_a( $post, 'WP_Post' ) )
$post = get_post( $post, ARRAY_A ); $post = get_post( $post );
if ( is_null( $post ) ) if ( is_null( $post ) )
return false; return false;
$post_type = get_post_type_object( $post['post_type'] ); $post_type = get_post_type_object( $post->post_type );
if ( 'read' === $context ) if ( 'read' === $context )
return current_user_can( $post_type->cap->read_post, $post['ID'] ); return current_user_can( $post_type->cap->read_private_posts, $post->ID );
elseif ( 'edit' === $context ) elseif ( 'edit' === $context )
return current_user_can( $post_type->cap->edit_post, $post['ID'] ); return current_user_can( $post_type->cap->edit_post, $post->ID );
elseif ( 'delete' === $context ) elseif ( 'delete' === $context )
return current_user_can( $post_type->cap->delete_post, $post['ID'] ); return current_user_can( $post_type->cap->delete_post, $post->ID );
else else
return false; return false;