Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Attributes permissions

This commit is contained in:
Claudio Sanches 2016-03-30 14:49:22 -03:00
parent 82a6a5f18e
commit f574a149d1
3 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/abstracts/abstract-wc-rest-terms-controller.php
View File

@ -134,7 +134,7 @@ abstract class WC_REST_Terms_Controller extends WP_REST_Controller {
$term = get_term( (int) $request['id'], $taxonomy ); $term = get_term( (int) $request['id'], $taxonomy );
if ( $term && ! wc_rest_check_product_term_permissions( $taxonomy, 'read', $term->term_id ) ) { if ( $term && ! wc_rest_check_product_term_permissions( $taxonomy, 'read', $term->term_id ) ) {
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot view this resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
} }
return true; return true;

28
includes/api/class-wc-rest-product-attributes-controller.php
View File

@ -104,8 +104,8 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
* @return WP_Error|boolean * @return WP_Error|boolean
*/ */
public function get_items_permissions_check( $request ) { public function get_items_permissions_check( $request ) {
if ( 'edit' === $request['context'] && ! current_user_can( 'manage_product_terms' ) ) { if ( ! wc_rest_check_manager_permissions( 'attributes', 'read' ) ) {
return new WP_Error( 'woocommerce_rest_forbidden_context', __( 'Sorry, you cannot view this resource with edit context.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
} }
return true; return true;
@ -118,7 +118,7 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
* @return WP_Error|boolean * @return WP_Error|boolean
*/ */
public function create_item_permissions_check( $request ) { public function create_item_permissions_check( $request ) {
if ( ! current_user_can( 'manage_product_terms' ) ) { if ( ! wc_rest_check_manager_permissions( 'attributes', 'create' ) ) {
return new WP_Error( 'woocommerce_rest_cannot_create', __( 'Sorry, you cannot create new resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); return new WP_Error( 'woocommerce_rest_cannot_create', __( 'Sorry, you cannot create new resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
} }
@ -132,7 +132,15 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
* @return WP_Error|boolean * @return WP_Error|boolean
*/ */
public function get_item_permissions_check( $request ) { public function get_item_permissions_check( $request ) {
return $this->get_items_permissions_check( $request ); if ( ! $this->get_taxonomy( $request ) ) {
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
}
if ( ! wc_rest_check_manager_permissions( 'attributes', 'read' ) ) {
return new WP_Error( 'woocommerce_rest_cannot_view', __( 'Sorry, you cannot view this resource', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
}
return true;
} }
/** /**
@ -142,13 +150,11 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
* @return WP_Error|boolean * @return WP_Error|boolean
*/ */
public function update_item_permissions_check( $request ) { public function update_item_permissions_check( $request ) {
$taxonomy = $this->get_taxonomy( $request ); if ( ! $this->get_taxonomy( $request ) ) {
if ( ! $taxonomy ) {
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) ); return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
} }
$taxonomy_obj = get_taxonomy( $taxonomy ); if ( ! wc_rest_check_manager_permissions( 'attributes', 'edit' ) ) {
if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) {
return new WP_Error( 'woocommerce_rest_cannot_update', __( 'Sorry, you cannot update resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); return new WP_Error( 'woocommerce_rest_cannot_update', __( 'Sorry, you cannot update resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
} }
@ -162,13 +168,11 @@ class WC_REST_Product_Attributes_Controller extends WP_REST_Controller {
* @return WP_Error|boolean * @return WP_Error|boolean
*/ */
public function delete_item_permissions_check( $request ) { public function delete_item_permissions_check( $request ) {
$taxonomy = $this->get_taxonomy( $request ); if ( ! $this->get_taxonomy( $request ) ) {
if ( ! $taxonomy ) {
return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) ); return new WP_Error( "woocommerce_rest_taxonomy_invalid", __( "Resource doesn't exist.", 'woocommerce' ), array( 'status' => 404 ) );
} }
$taxonomy_obj = get_taxonomy( $taxonomy ); if ( ! wc_rest_check_manager_permissions( 'attributes', 'delete' ) ) {
if ( ! current_user_can( $taxonomy_obj->cap->delete_terms ) ) {
return new WP_Error( 'woocommerce_rest_cannot_delete', __( 'Sorry, you cannot delete resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) ); return new WP_Error( 'woocommerce_rest_cannot_delete', __( 'Sorry, you cannot delete resource.', 'woocommerce' ), array( 'status' => rest_authorization_required_code() ) );
} }

5
includes/wc-rest-functions.php
View File

@ -283,8 +283,9 @@ function wc_rest_check_product_term_permissions( $taxonomy, $context = 'read', $
*/ */
function wc_rest_check_manager_permissions( $object, $context = 'read' ) { function wc_rest_check_manager_permissions( $object, $context = 'read' ) {
$objects = array( $objects = array(
'reports' => 'view_woocommerce_reports', 'reports' => 'view_woocommerce_reports',
'settings' => 'manage_woocommerce', 'settings' => 'manage_woocommerce',
'attributes' => 'manage_product_terms',
); );
$permission = current_user_can( $objects[ $object ] ); $permission = current_user_can( $objects[ $object ] );