WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

WP_REST_Menus_Controller::check_has_read_only_access()

WP_REST_Menus_Controller::check_has_read_only_access( WP_REST_Request $request ): true|WP_Error

In this article

Back to top

Checks whether the current user has read permission for the endpoint.

Description

This allows for any user that can edit_theme_options or edit any REST API available post type.

Parameters

$requestWP_REST_Requestrequired
Full details about the request.

Return

true|WP_Error True if the current user has permission, WP_Error object otherwise.

Source

protected function check_has_read_only_access( $request ) {
	/** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php */
	$read_only_access = apply_filters( 'rest_menu_read_access', false, $request, $this );
	if ( $read_only_access ) {
		return true;
	}

	if ( current_user_can( 'edit_theme_options' ) ) {
		return true;
	}

	if ( current_user_can( 'edit_posts' ) ) {
		return true;
	}

	foreach ( get_post_types( array( 'show_in_rest' => true ), 'objects' ) as $post_type ) {
		if ( current_user_can( $post_type->cap->edit_posts ) ) {
			return true;
		}
	}

	return new WP_Error(
		'rest_cannot_view',
		__( 'Sorry, you are not allowed to view menus.' ),
		array( 'status' => rest_authorization_required_code() )
	);
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘rest_menu_read_access’, bool $read_only_access, WP_REST_Request $request, WP_REST_Controller $this )

Filters whether the current user has read access to menu items via the REST API.

UsesDescription
rest_authorization_required_code()wp-includes/rest-api.php

Returns a contextual HTTP error code for authorization failure.

current_user_can()wp-includes/capabilities.php

Returns whether the current user has the specified capability.

apply_filters()wp-includes/plugin.php

Calls the callback functions that have been added to a filter hook.

get_post_types()wp-includes/post.php

Gets a list of all registered post type objects.

WP_Error::__construct()wp-includes/class-wp-error.php

Initializes the error.

Show 3 moreShow less
Used byDescription
WP_REST_Menus_Controller::get_items_permissions_check()wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php

Checks if a request has access to read menus.

WP_REST_Menus_Controller::get_item_permissions_check()wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php

Checks if a request has access to read or edit the specified menu.

Changelog

VersionDescription
5.9.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.