From 5fb5293c72c925791c077b1afe36f5e3a2f2039f Mon Sep 17 00:00:00 2001
From: Leo Germani <leogermani@hacklab.com.br>
Date: Mon, 21 Oct 2019 14:26:09 -0300
Subject: [PATCH] change collections api permission checks #274

---
 .../class-tainacan-rest-collections-controller.php     | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/api/endpoints/class-tainacan-rest-collections-controller.php b/src/api/endpoints/class-tainacan-rest-collections-controller.php
index 5ea7eb747..f2a7279d1 100644
--- a/src/api/endpoints/class-tainacan-rest-collections-controller.php
+++ b/src/api/endpoints/class-tainacan-rest-collections-controller.php
@@ -250,8 +250,7 @@ class REST_Collections_Controller extends REST_Controller {
 	 * @throws \Exception
 	 */
 	public function get_items_permissions_check($request){
-        $dummy = new Entities\Collection();
-        if ( 'edit' === $request['context'] && ! current_user_can($dummy->get_capabilities()->edit_posts) ) {
+		if ( 'edit' === $request['context'] && ! current_user_can($this->collections_repository->get_capabilities()->edit_posts) ) {
 			return false;
 		}
 
@@ -269,11 +268,11 @@ class REST_Collections_Controller extends REST_Controller {
 		$collection = $this->collections_repository->fetch($request['collection_id']);
 
 		if(($collection instanceof Entities\Collection)) {
-			if('edit' === $request['context'] && !$collection->can_read()) {
+			if('edit' === $request['context'] && !$collection->can_edit()) {
 				return false;
 			}
 
-			return true;
+			return $collection->can_read();
 		} 
 
 		return false;
@@ -331,8 +330,7 @@ class REST_Collections_Controller extends REST_Controller {
 	 * @throws \Exception
 	 */
 	public function create_item_permissions_check( $request ) {
-	    $dummy = new Entities\Collection();
-	    return  current_user_can($dummy->get_capabilities()->edit_posts);
+	    return  current_user_can($this->collections_repository->get_capabilities()->edit_posts);
     }
 
 	/**