--- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php Fri Sep 05 18:40:08 2025 +0200
+++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php Fri Sep 05 18:52:52 2025 +0200
@@ -327,10 +327,12 @@
}
if ( rest_is_field_included( 'title.rendered', $fields ) ) {
add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
+ add_filter( 'private_title_format', array( $this, 'protected_title_format' ) );
$data['title']['rendered'] = get_the_title( $post->ID );
remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) );
+ remove_filter( 'private_title_format', array( $this, 'protected_title_format' ) );
}
if ( rest_is_field_included( 'settings', $fields ) ) {
@@ -507,26 +509,40 @@
* Checks if a given request has access to read a single theme global styles config.
*
* @since 5.9.0
+ * @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
*/
public function get_theme_item_permissions_check( $request ) {
/*
- * Verify if the current user has edit_theme_options capability.
- * This capability is required to edit/view/delete templates.
+ * Verify if the current user has edit_posts capability.
+ * This capability is required to view global styles.
*/
- if ( ! current_user_can( 'edit_theme_options' ) ) {
- return new WP_Error(
- 'rest_cannot_manage_global_styles',
- __( 'Sorry, you are not allowed to access the global styles on this site.' ),
- array(
- 'status' => rest_authorization_required_code(),
- )
- );
+ if ( current_user_can( 'edit_posts' ) ) {
+ return true;
+ }
+
+ foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
+ if ( current_user_can( $post_type->cap->edit_posts ) ) {
+ return true;
+ }
}
- return true;
+ /*
+ * Verify if the current user has edit_theme_options capability.
+ */
+ if ( current_user_can( 'edit_theme_options' ) ) {
+ return true;
+ }
+
+ return new WP_Error(
+ 'rest_cannot_read_global_styles',
+ __( 'Sorry, you are not allowed to access the global styles on this site.' ),
+ array(
+ 'status' => rest_authorization_required_code(),
+ )
+ );
}
/**
@@ -587,26 +603,13 @@
* Checks if a given request has access to read a single theme global styles config.
*
* @since 6.0.0
+ * @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
*
* @param WP_REST_Request $request Full details about the request.
* @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
*/
public function get_theme_items_permissions_check( $request ) {
- /*
- * Verify if the current user has edit_theme_options capability.
- * This capability is required to edit/view/delete templates.
- */
- if ( ! current_user_can( 'edit_theme_options' ) ) {
- return new WP_Error(
- 'rest_cannot_manage_global_styles',
- __( 'Sorry, you are not allowed to access the global styles on this site.' ),
- array(
- 'status' => rest_authorization_required_code(),
- )
- );
- }
-
- return true;
+ return $this->get_theme_item_permissions_check( $request );
}
/**
@@ -630,7 +633,7 @@
);
}
- $response = array();
+ $response = array();
// Register theme-defined variations e.g. from block style variation partials under `/styles`.
$partials = WP_Theme_JSON_Resolver::get_style_variations( 'block' );