Attributes permissions
This commit is contained in:
parent
82a6a5f18e
commit
f574a149d1
|
@ -134,7 +134,7 @@ abstract class WC_REST_Terms_Controller extends WP_REST_Controller {
|
||||||
|
|
||||||
$term = get_term( (int) $request['id'], $taxonomy );
|
$term = get_term( (int) $request['id'], $taxonomy );
|
||||||
if ( $term && ! wc_rest_check_product_term_permissions( $taxonomy, 'read', $term->term_id ) ) {
|
if ( $term && ! wc_rest_check_product_term_permissions( $taxonomy, 'read', $term->term_id ) ) {
|
||||||
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
|
@ -104,8 +104,8 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
|
||||||
* @return WP_Error|boolean
|
* @return WP_Error|boolean
|
||||||
*/
|
*/
|
||||||
public function get_items_permissions_check( $request ) {
|
public function get_items_permissions_check( $request ) {
|
||||||
if ( 'edit' === $request['context'] && ! current_user_can( 'manage_product_terms' ) ) {
|
if ( ! wc_rest_check_manager_permissions( 'attributes', 'read' ) ) {
|
||||||
return new WP_Error( 'woocommerce_rest_forbidden_context', __( 'Sorry, you cannot view this resource with edit context.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
@ -118,7 +118,7 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
|
||||||
* @return WP_Error|boolean
|
* @return WP_Error|boolean
|
||||||
*/
|
*/
|
||||||
public function create_item_permissions_check( $request ) {
|
public function create_item_permissions_check( $request ) {
|
||||||
if ( ! current_user_can( 'manage_product_terms' ) ) {
|
if ( ! wc_rest_check_manager_permissions( 'attributes', 'create' ) ) {
|
||||||
return new WP_Error( 'woocommerce_rest_cannot_create', __( 'Sorry, you cannot create new resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'woocommerce_rest_cannot_create', __( 'Sorry, you cannot create new resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -132,7 +132,15 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
|
||||||
* @return WP_Error|boolean
|
* @return WP_Error|boolean
|
||||||
*/
|
*/
|
||||||
public function get_item_permissions_check( $request ) {
|
public function get_item_permissions_check( $request ) {
|
||||||
return $this->get_items_permissions_check( $request );
|
if ( ! $this->get_taxonomy( $request ) ) {
|
||||||
|
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( ! wc_rest_check_manager_permissions( 'attributes', 'read' ) ) {
|
||||||
|
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot view this resource', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -142,13 +150,11 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
|
||||||
* @return WP_Error|boolean
|
* @return WP_Error|boolean
|
||||||
*/
|
*/
|
||||||
public function update_item_permissions_check( $request ) {
|
public function update_item_permissions_check( $request ) {
|
||||||
$taxonomy = $this->get_taxonomy( $request );
|
if ( ! $this->get_taxonomy( $request ) ) {
|
||||||
if ( ! $taxonomy ) {
|
|
||||||
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
|
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
$taxonomy_obj = get_taxonomy( $taxonomy );
|
if ( ! wc_rest_check_manager_permissions( 'attributes', 'edit' ) ) {
|
||||||
if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) {
|
|
||||||
return new WP_Error( 'woocommerce_rest_cannot_update', __( 'Sorry, you cannot update resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'woocommerce_rest_cannot_update', __( 'Sorry, you cannot update resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -162,13 +168,11 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
|
||||||
* @return WP_Error|boolean
|
* @return WP_Error|boolean
|
||||||
*/
|
*/
|
||||||
public function delete_item_permissions_check( $request ) {
|
public function delete_item_permissions_check( $request ) {
|
||||||
$taxonomy = $this->get_taxonomy( $request );
|
if ( ! $this->get_taxonomy( $request ) ) {
|
||||||
if ( ! $taxonomy ) {
|
|
||||||
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
|
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
$taxonomy_obj = get_taxonomy( $taxonomy );
|
if ( ! wc_rest_check_manager_permissions( 'attributes', 'delete' ) ) {
|
||||||
if ( ! current_user_can( $taxonomy_obj->cap->delete_terms ) ) {
|
|
||||||
return new WP_Error( 'woocommerce_rest_cannot_delete', __( 'Sorry, you cannot delete resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
return new WP_Error( 'woocommerce_rest_cannot_delete', __( 'Sorry, you cannot delete resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -283,8 +283,9 @@ function wc_rest_check_product_term_permissions( $taxonomy, $context = 'read', $
|
||||||
*/
|
*/
|
||||||
function wc_rest_check_manager_permissions( $object, $context = 'read' ) {
|
function wc_rest_check_manager_permissions( $object, $context = 'read' ) {
|
||||||
$objects = array(
|
$objects = array(
|
||||||
'reports' => 'view_woocommerce_reports',
|
'reports' => 'view_woocommerce_reports',
|
||||||
'settings' => 'manage_woocommerce',
|
'settings' => 'manage_woocommerce',
|
||||||
|
'attributes' => 'manage_product_terms',
|
||||||
);
|
);
|
||||||
|
|
||||||
$permission = current_user_can( $objects[ $object ] );
|
$permission = current_user_can( $objects[ $object ] );
|
||||||
|
|
Loading…
Reference in New Issue