Dev news

Commit 840f0fc053 for wordpress.org

commit 840f0fc0536052747fd566175ba21af60f96479f
Author: ramonopoly <ramonopoly@git.wordpress.org>
Date:   Wed Sep 18 05:19:14 2024 +0000

    Global Styles: allow read access to users with `edit_posts` capabilities

    This patch any role that can edit a post, including custom post types, or edit theme options to read global styles from the API. This enables read-only access to global styles in the post editor. Test coverage in included.

    Props ramonopoly, peterwilsoncc, mukesh27, aaronrobertshaw, mamaduka, spacedmonkey, talldanwp, timothyblynjacobs.
    Fixes #62042.



    Built from https://develop.svn.wordpress.org/trunk@59048


    git-svn-id: http://core.svn.wordpress.org/trunk@58444 1a063a9b-81f0-0310-95a4-ce76da25c4cd

diff --git a/wp-includes/post.php b/wp-includes/post.php
index 8812957bf2..e522e3eb84 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -489,7 +489,7 @@ function create_initial_post_types() {
 			'revisions_rest_controller_class' => 'WP_REST_Global_Styles_Revisions_Controller',
 			'late_route_registration'         => true,
 			'capabilities'                    => array(
-				'read'                   => 'edit_theme_options',
+				'read'                   => 'edit_posts',
 				'create_posts'           => 'edit_theme_options',
 				'edit_posts'             => 'edit_theme_options',
 				'edit_published_posts'   => 'edit_theme_options',
diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php
index 8be3aedd9a..51c1ac29b8 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php
@@ -509,26 +509,40 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
 	 * Checks if a given request has access to read a single theme global styles config.
 	 *
 	 * @since 5.9.0
+	 * @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
 	 * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
 	 */
 	public function get_theme_item_permissions_check( $request ) {
+		/*
+		 * Verify if the current user has edit_posts capability.
+		 * This capability is required to view global styles.
+		 */
+		if ( current_user_can( 'edit_posts' ) ) {
+			return true;
+		}
+
+		foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
+			if ( current_user_can( $post_type->cap->edit_posts ) ) {
+				return true;
+			}
+		}
+
 		/*
 		 * Verify if the current user has edit_theme_options capability.
-		 * This capability is required to edit/view/delete global styles.
 		 */
-		if ( ! current_user_can( 'edit_theme_options' ) ) {
-			return new WP_Error(
-				'rest_cannot_manage_global_styles',
-				__( 'Sorry, you are not allowed to access the global styles on this site.' ),
-				array(
-					'status' => rest_authorization_required_code(),
-				)
-			);
+		if ( current_user_can( 'edit_theme_options' ) ) {
+			return true;
 		}

-		return true;
+		return new WP_Error(
+			'rest_cannot_read_global_styles',
+			__( 'Sorry, you are not allowed to access the global styles on this site.' ),
+			array(
+				'status' => rest_authorization_required_code(),
+			)
+		);
 	}

 	/**
@@ -589,26 +603,13 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
 	 * Checks if a given request has access to read a single theme global styles config.
 	 *
 	 * @since 6.0.0
+	 * @since 6.7.0 Allow users with edit post capabilities to view theme global styles.
 	 *
 	 * @param WP_REST_Request $request Full details about the request.
 	 * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise.
 	 */
 	public function get_theme_items_permissions_check( $request ) {
-		/*
-		 * Verify if the current user has edit_theme_options capability.
-		 * This capability is required to edit/view/delete global styles.
-		 */
-		if ( ! current_user_can( 'edit_theme_options' ) ) {
-			return new WP_Error(
-				'rest_cannot_manage_global_styles',
-				__( 'Sorry, you are not allowed to access the global styles on this site.' ),
-				array(
-					'status' => rest_authorization_required_code(),
-				)
-			);
-		}
-
-		return true;
+		return $this->get_theme_item_permissions_check( $request );
 	}

 	/**
@@ -632,7 +633,7 @@ class WP_REST_Global_Styles_Controller extends WP_REST_Posts_Controller {
 			);
 		}

-		$response   = array();
+		$response = array();

 		// Register theme-defined variations e.g. from block style variation partials under `/styles`.
 		$partials = WP_Theme_JSON_Resolver::get_style_variations( 'block' );
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 4768f9be67..8649cef4db 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.7-alpha-59047';
+$wp_version = '6.7-alpha-59048';

 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.