rest_authorization_required_code example


    protected function check_read_permission() {
        if ( current_user_can( 'edit_posts' ) ) {
            return true;
        }
        foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
            if ( current_user_can( $post_type->cap->edit_posts ) ) {
                return true;
            }
        }

        return new WP_Error( 'rest_block_type_cannot_view', __( 'Sorry, you are not allowed to manage block types.' ), array( 'status' => rest_authorization_required_code() ) );
    }

    /** * Get the block, if the name is valid. * * @since 5.5.0 * * @param string $name Block name. * @return WP_Block_Type|WP_Error Block type object if name is valid, WP_Error otherwise. */
    protected function get_block( $name ) {
        

    public function get_items_permissions_check( $request ) {

        $post_type = get_post_type_object( $this->post_type );

        if ( 'edit' === $request['context'] && ! current_user_can( $post_type->cap->edit_posts ) ) {
            return new WP_Error(
                'rest_forbidden_context',
                __( 'Sorry, you are not allowed to edit posts in this post type.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        return true;
    }

    /** * Overrides the result of the post password check for REST requested posts. * * Allow users to read the content of password protected posts if they have * previously passed a permission check or if they have the `edit_post` capability * for the post being checked. * * @since 5.7.1 * * @param bool $required Whether the post requires a password check. * @param WP_Post $post The post been password checked. * @return bool Result of password check taking in to account REST API considerations. */
'rest_cannot_create',
                __( 'Sorry, you are not allowed to upload media on this site.' ),
                array( 'status' => 400 )
            );
        }

        // Attaching media to a post requires ability to edit said post.         if ( ! empty( $request['post'] ) && ! current_user_can( 'edit_post', (int) $request['post'] ) ) {
            return new WP_Error(
                'rest_cannot_edit',
                __( 'Sorry, you are not allowed to upload media to this post.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        return true;
    }

    /** * Creates a single attachment. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, WP_Error object on failure. */

    protected function delete_meta_value( $object_id$meta_key$name ) {
        $meta_type = $this->get_meta_type();

        if ( ! current_user_can( "delete_{$meta_type}_meta", $object_id$meta_key ) ) {
            return new WP_Error(
                'rest_cannot_delete',
                /* translators: %s: Custom field key. */
                sprintf( __( 'Sorry, you are not allowed to edit the %s custom field.' )$name ),
                array(
                    'key'    => $name,
                    'status' => rest_authorization_required_code(),
                )
            );
        }

        if ( null === get_metadata_raw( $meta_type$object_idwp_slash( $meta_key ) ) ) {
            return true;
        }

        if ( ! delete_metadata( $meta_type$object_idwp_slash( $meta_key ) ) ) {
            return new WP_Error(
                'rest_meta_database_error',
                
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );

            foreach ( $types as $type ) {
                if ( current_user_can( $type->cap->edit_posts ) ) {
                    return true;
                }
            }

            return new WP_Error(
                'rest_cannot_view',
                __( 'Sorry, you are not allowed to edit posts in this post type.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        return true;
    }

    /** * Retrieves all public post types. * * @since 4.7.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */

    public function get_items_permissions_check( $request ) {
        if ( ! current_user_can( 'activate_plugins' ) ) {
            return new WP_Error(
                'rest_cannot_view_plugins',
                __( 'Sorry, you are not allowed to manage plugins for this site.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        return true;
    }

    /** * Retrieves a collection of plugins. * * @since 5.5.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */


        foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
            if ( current_user_can( $post_type->cap->edit_posts ) ) {
                return true;
            }
        }

        return new WP_Error(
            'rest_cannot_view',
            __( 'Sorry, you are not allowed to view the registered block pattern categories.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }

    /** * Retrieves all block pattern categories. * * @since 6.0.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure. */
    


        foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
            if ( current_user_can( $post_type->cap->edit_posts ) ) {
                return true;
            }
        }

        return new WP_Error(
            'rest_cannot_view',
            __( 'Sorry, you are not allowed to view menu items.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }

    /** * Creates a single post. * * @since 5.9.0 * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */
    

    protected function do_permissions_check() {
        /* * Verify if the current user has edit_theme_options capability. * This capability is required to access the widgets screen. */
        if ( ! current_user_can( 'edit_theme_options' ) ) {
            return new WP_Error(
                'rest_cannot_manage_widgets',
                __( 'Sorry, you are not allowed to manage widgets on this site.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        return true;
    }

    /** * Retrieves the registered sidebar with the given id. * * @since 5.8.0 * * @param string|int $id ID of the sidebar. * @return array|null The discovered sidebar, or null if it is not registered. */

    public function get_items_permissions_check( $request ) {
        // Check if roles is specified in GET request and if user can list users.         if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
            return new WP_Error(
                'rest_user_cannot_view',
                __( 'Sorry, you are not allowed to filter users by role.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        // Check if capabilities is specified in GET request and if user can list users.         if ( ! empty( $request['capabilities'] ) && ! current_user_can( 'list_users' ) ) {
            return new WP_Error(
                'rest_user_cannot_view',
                __( 'Sorry, you are not allowed to filter users by capability.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        

    public function get_items_permissions_check( $request ) {
        $parent = $this->get_parent( $request['id'] );
        if ( is_wp_error( $parent ) ) {
            return $parent;
        }

        if ( ! current_user_can( 'edit_post', $parent->ID ) ) {
            return new WP_Error(
                'rest_cannot_read',
                __( 'Sorry, you are not allowed to view autosaves of this post.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        return true;
    }

    /** * Checks if a given request has access to create an autosave revision. * * Autosave revisions inherit permissions from the parent post, * check if the current user has permission to edit the post. * * @since 5.0.0 * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has access to create the item, WP_Error object otherwise. */

    public function get_items_permissions_check( $request ) {
        $parent = $this->get_parent( $request['parent'] );
        if ( is_wp_error( $parent ) ) {
            return $parent;
        }

        if ( ! current_user_can( 'edit_post', $parent->ID ) ) {
            return new WP_Error(
                'rest_cannot_read',
                __( 'Sorry, you are not allowed to view revisions of this post.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        return true;
    }

    /** * Get the revision, if the ID is valid. * * @since 4.7.2 * * @param int $id Supplied ID. * @return WP_Post|WP_Error Revision post object if ID is valid, WP_Error otherwise. */
public function get_items_permissions_check( $request ) {
        $tax_obj = get_taxonomy( $this->taxonomy );

        if ( ! $tax_obj || ! $this->check_is_taxonomy_allowed( $this->taxonomy ) ) {
            return false;
        }

        if ( 'edit' === $request['context'] && ! current_user_can( $tax_obj->cap->edit_terms ) ) {
            return new WP_Error(
                'rest_forbidden_context',
                __( 'Sorry, you are not allowed to edit terms in this taxonomy.' ),
                array( 'status' => rest_authorization_required_code() )
            );
        }

        if ( ! empty( $request['post'] ) ) {
            $post = get_post( $request['post'] );

            if ( ! $post ) {
                return new WP_Error(
                    'rest_post_invalid_id',
                    __( 'Invalid post ID.' ),
                    array(
                        


        foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
            if ( current_user_can( $post_type->cap->edit_posts ) ) {
                return true;
            }
        }

        return new WP_Error(
            'rest_cannot_view',
            __( 'Sorry, you are not allowed to view the registered block patterns.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }

    /** * Retrieves all block patterns. * * @since 6.0.0 * @since 6.2.0 Added migration for old core pattern categories to the new ones. * * @param WP_REST_Request $request Full details about the request. * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure. */


        foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
            if ( current_user_can( $post_type->cap->edit_posts ) ) {
                return true;
            }
        }

        return new WP_Error(
            'rest_cannot_view_url_details',
            __( 'Sorry, you are not allowed to process remote URLs.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }

    /** * Retrieves the document title from a remote URL. * * @since 5.9.0 * * @param string $url The website URL whose HTML to access. * @return string|WP_Error The HTTP response from the remote URL on success. * WP_Error if no response or no content. */
Home | Imprint | This part of the site doesn't use cookies.