WordPress.org
Get WordPress
WordPress.org

WordPress Developer Resources

WP_REST_Plugins_Controller::check_read_permission()

WP_REST_Plugins_Controller::check_read_permission( string $plugin ): true|WP_Error

In this article

Back to top

Checks if the given plugin can be viewed by the current user.

Description

On multisite, this hides non-active network only plugins if the user does not have permission to manage network plugins.

Parameters

$pluginstringrequired
The plugin file to check.

Return

true|WP_Error True if can read, a WP_Error instance otherwise.

Source

protected function check_read_permission( $plugin ) {
	require_once ABSPATH . 'wp-admin/includes/plugin.php';

	if ( ! $this->is_plugin_installed( $plugin ) ) {
		return new WP_Error( 'rest_plugin_not_found', __( 'Plugin not found.' ), array( 'status' => 404 ) );
	}

	if ( ! is_multisite() ) {
		return true;
	}

	if ( ! is_network_only_plugin( $plugin ) || is_plugin_active( $plugin ) || current_user_can( 'manage_network_plugins' ) ) {
		return true;
	}

	return new WP_Error(
		'rest_cannot_view_plugin',
		__( 'Sorry, you are not allowed to manage this plugin.' ),
		array( 'status' => rest_authorization_required_code() )
	);
}

View all references View on Trac View on GitHub

UsesDescription
WP_REST_Plugins_Controller::is_plugin_installed()wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php

Checks if the plugin is installed.

is_network_only_plugin()wp-admin/includes/plugin.php

Checks for “Network: true” in the plugin header to see if this should be activated only as a network wide plugin. The plugin would also work when Multisite is not enabled.

is_plugin_active()wp-admin/includes/plugin.php

Determines whether a plugin is active.

rest_authorization_required_code()wp-includes/rest-api.php

Returns a contextual HTTP error code for authorization failure.

current_user_can()wp-includes/capabilities.php

Returns whether the current user has the specified capability.

__()wp-includes/l10n.php

Retrieves the translation of $text.

is_multisite()wp-includes/load.php

Determines whether Multisite is enabled.

WP_Error::__construct()wp-includes/class-wp-error.php

Initializes the error.

Show 5 moreShow less
Used byDescription
WP_REST_Plugins_Controller::get_items()wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php

Retrieves a collection of plugins.

WP_REST_Plugins_Controller::get_item_permissions_check()wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php

Checks if a given request has access to get a specific plugin.

WP_REST_Plugins_Controller::update_item_permissions_check()wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php

Checks if a given request has access to update a specific plugin.

WP_REST_Plugins_Controller::delete_item_permissions_check()wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php

Checks if a given request has access to delete a specific plugin.

Changelog

VersionDescription
5.5.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.