Use the default "read reports" permission for the export endpoint.

2019-07-02 13:53:42 -06:00 · 2019-07-02 13:53:42 -06:00 · c7d94cc929
parent e6c445e1d4
commit c7d94cc929
2 changed files with 11 additions and 16 deletions
--- a/plugins/woocommerce-admin/includes/api/class-wc-admin-rest-reports-export-controller.php
+++ b/plugins/woocommerce-admin/includes/api/class-wc-admin-rest-reports-export-controller.php
@ -43,7 +43,7 @@ class WC_Admin_REST_Reports_Export_Controller extends WC_Admin_REST_Reports_Cont
 				array(
 					'methods'             => WP_REST_Server::EDITABLE,
 					'callback'            => array( $this, 'export_items' ),
-					'permission_callback' => array( $this, 'export_permissions_check' ),
+					'permission_callback' => array( $this, 'get_items_permissions_check' ),
 					'args'                => $this->get_export_collection_params(),
 				),
 				'schema' => array( $this, 'get_export_public_schema' ),
@ -57,27 +57,13 @@ class WC_Admin_REST_Reports_Export_Controller extends WC_Admin_REST_Reports_Cont
 				array(
 					'methods'             => WP_REST_Server::READABLE,
 					'callback'            => array( $this, 'export_status' ),
-					'permission_callback' => array( $this, 'export_permissions_check' ),
+					'permission_callback' => array( $this, 'get_items_permissions_check' ),
 				),
 				'schema' => array( $this, 'get_export_status_public_schema' ),
 			)
 		);
 	}

-	/**
-	 * Makes sure the current user has access to WRITE the settings APIs.
-	 *
-	 * @param WP_REST_Request $request Full data about the request.
-	 * @return WP_Error|bool
-	 */
-	public function export_permissions_check( $request ) {
-		if ( ! wc_rest_check_manager_permissions( 'settings', 'edit' ) ) {
-			// @todo: better message?
-			return new WP_Error( 'woocommerce_rest_cannot_edit', __( 'Sorry, you cannot edit this resource.', 'woocommerce-admin' ), array( 'status' => rest_authorization_required_code() ) );
-		}
-		return true;
-	}
-
 	/**
 	 * Get the query params for collections.
 	 *
--- a/plugins/woocommerce-admin/tests/api/reports-export.php
+++ b/plugins/woocommerce-admin/tests/api/reports-export.php
@ -51,6 +51,15 @@ class WC_Tests_API_Reports_Export extends WC_REST_Unit_Test_Case {
 		$this->assertArrayHasKey( $this->status_route, $routes );
 	}

+	/**
+	 * Test requesting export without valid permissions.
+	 */
+	public function test_request_export_without_permission() {
+		wp_set_current_user( 0 );
+		$response = $this->server->dispatch( new WP_REST_Request( 'POST', '/wc/v4/reports/taxes/export' ) );
+		$this->assertEquals( 401, $response->get_status() );
+	}
+
 	/**
 	 * Test the export of a taxes report.
 	 *