diff -r 48c4eec2b7e6 -r 8c2e4d02f4ef wp/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php --- a/wp/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php Fri Sep 05 18:40:08 2025 +0200 +++ b/wp/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php Fri Sep 05 18:52:52 2025 +0200 @@ -327,10 +327,12 @@ } if ( rest_is_field_included( 'title.rendered', $fields ) ) { add_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); + add_filter( 'private_title_format', array( $this, 'protected_title_format' ) ); $data['title']['rendered'] = get_the_title( $post->ID ); remove_filter( 'protected_title_format', array( $this, 'protected_title_format' ) ); + remove_filter( 'private_title_format', array( $this, 'protected_title_format' ) ); } if ( rest_is_field_included( 'settings', $fields ) ) { @@ -507,26 +509,40 @@ * Checks if a given request has access to read a single theme global styles config. * * @since 5.9.0 + * @since 6.7.0 Allow users with edit post capabilities to view theme global styles. * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. */ public function get_theme_item_permissions_check( $request ) { /* - * Verify if the current user has edit_theme_options capability. - * This capability is required to edit/view/delete templates. + * Verify if the current user has edit_posts capability. + * This capability is required to view global styles. */ - if ( ! current_user_can( 'edit_theme_options' ) ) { - return new WP_Error( - 'rest_cannot_manage_global_styles', - __( 'Sorry, you are not allowed to access the global styles on this site.' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); + if ( current_user_can( 'edit_posts' ) ) { + return true; + } + + foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) { + if ( current_user_can( $post_type->cap->edit_posts ) ) { + return true; + } } - return true; + /* + * Verify if the current user has edit_theme_options capability. + */ + if ( current_user_can( 'edit_theme_options' ) ) { + return true; + } + + return new WP_Error( + 'rest_cannot_read_global_styles', + __( 'Sorry, you are not allowed to access the global styles on this site.' ), + array( + 'status' => rest_authorization_required_code(), + ) + ); } /** @@ -587,26 +603,13 @@ * Checks if a given request has access to read a single theme global styles config. * * @since 6.0.0 + * @since 6.7.0 Allow users with edit post capabilities to view theme global styles. * * @param WP_REST_Request $request Full details about the request. * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. */ public function get_theme_items_permissions_check( $request ) { - /* - * Verify if the current user has edit_theme_options capability. - * This capability is required to edit/view/delete templates. - */ - if ( ! current_user_can( 'edit_theme_options' ) ) { - return new WP_Error( - 'rest_cannot_manage_global_styles', - __( 'Sorry, you are not allowed to access the global styles on this site.' ), - array( - 'status' => rest_authorization_required_code(), - ) - ); - } - - return true; + return $this->get_theme_item_permissions_check( $request ); } /** @@ -630,7 +633,7 @@ ); } - $response = array(); + $response = array(); // Register theme-defined variations e.g. from block style variation partials under `/styles`. $partials = WP_Theme_JSON_Resolver::get_style_variations( 'block' );