Mercurial Mercurial > enmi-conf.org / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
wp/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php
changeset 22 8c2e4d02f4ef
parent 21 48c4eec2b7e6 
--- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php	Fri Sep 05 18:40:08 2025 +0200
+++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php	Fri Sep 05 18:52:52 2025 +0200
@@ -77,18 +77,10 @@
 	 * @since 5.9.0
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|bool True if the request has read access, WP_Error object otherwise.
+	 * @return true|WP_Error True if the request has read access, WP_Error object otherwise.
 	 */
 	public function get_items_permissions_check( $request ) {
-		if ( ! current_user_can( 'edit_theme_options' ) ) {
-			return new WP_Error(
-				'rest_cannot_view',
-				__( 'Sorry, you are not allowed to view menu locations.' ),
-				array( 'status' => rest_authorization_required_code() )
-			);
-		}
-
-		return true;
+		return $this->check_has_read_only_access( $request );
 	}
 
 	/**
@@ -97,7 +89,7 @@
 	 * @since 5.9.0
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
+	 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 	 */
 	public function get_items( $request ) {
 		$data = array();
@@ -123,15 +115,7 @@
 	 * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
 	 */
 	public function get_item_permissions_check( $request ) {
-		if ( ! current_user_can( 'edit_theme_options' ) ) {
-			return new WP_Error(
-				'rest_cannot_view',
-				__( 'Sorry, you are not allowed to view menu locations.' ),
-				array( 'status' => rest_authorization_required_code() )
-			);
-		}
-
-		return true;
+		return $this->check_has_read_only_access( $request );
 	}
 
 	/**
@@ -140,7 +124,7 @@
 	 * @since 5.9.0
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
-	 * @return WP_Error|WP_REST_Response Response object on success, or WP_Error object on failure.
+	 * @return WP_REST_Response|WP_Error Response object on success, or WP_Error object on failure.
 	 */
 	public function get_item( $request ) {
 		$registered_menus = get_registered_nav_menus();
@@ -158,6 +142,32 @@
 	}
 
 	/**
+	 * Checks whether the current user has read permission for the endpoint.
+	 *
+	 * @since 6.8.0
+	 *
+	 * @param WP_REST_Request $request Full details about the request.
+	 * @return true|WP_Error True if the current user has permission, WP_Error object otherwise.
+	 */
+	protected function check_has_read_only_access( $request ) {
+		/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php */
+		$read_only_access = apply_filters( 'rest_menu_read_access', false, $request, $this );
+		if ( $read_only_access ) {
+			return true;
+		}
+
+		if ( ! current_user_can( 'edit_theme_options' ) ) {
+			return new WP_Error(
+				'rest_cannot_view',
+				__( 'Sorry, you are not allowed to view menu locations.' ),
+				array( 'status' => rest_authorization_required_code() )
+			);
+		}
+
+		return true;
+	}
+
+	/**
 	 * Prepares a menu location object for serialization.
 	 *
 	 * @since 5.9.0
enmi-conf.org