Skip to content

Update permission callback to check user capability #661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Oct 31, 2025
Merged

Update permission callback to check user capability #661

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
41601a8
Update permission callback to check user capability
pkevan Oct 1, 2025
e6b9cce
pass post_id to request
pkevan Oct 3, 2025
01d0c38
switch types
pkevan Oct 3, 2025
6e62afd
patch
pkevan Oct 3, 2025
eb8e1cc
linting
pkevan Oct 3, 2025
786ba2c
more
pkevan Oct 3, 2025
e36234b
:shrug:
pkevan Oct 3, 2025
fe6e23d
Update src/blocks/remote-data-container/hooks/useRemoteData.ts
pkevan Oct 6, 2025
9860345
Update types/remote-data.d.ts
pkevan Oct 6, 2025
c7ba63c
fix
pkevan Oct 6, 2025
285a080
remove duplicate definition
pkevan Oct 7, 2025
16213fa
Merge branch 'trunk' into patch/check-user-permissions
maxschmeling Oct 23, 2025
0c1c46d
add in check and casting for post id
pkevan Oct 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions inc/REST/RemoteDataController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,8 @@ public static function execute_queries( WP_REST_Request $request ): array|WP_Err
);
}

public static function permission_callback(): bool {
return true;
public static function permission_callback( WP_REST_Request $request ): bool {
$post_id = $request->get_param( 'post_id' );
return current_user_can( 'edit_post', $post_id );
}
}
6 changes: 6 additions & 0 deletions src/blocks/remote-data-container/hooks/useRemoteData.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import apiFetch from '@wordpress/api-fetch';
import { select } from '@wordpress/data';
import { store as editorStore } from '@wordpress/editor';
import { useEffect, useState } from '@wordpress/element';

import { REMOTE_DATA_REST_API_URL } from '@/blocks/remote-data-container/config/constants';
Expand Down Expand Up @@ -177,6 +179,9 @@ export function useRemoteData( {
}

async function fetch( inputs: RemoteDataQueryInput[] ): Promise< void > {
const { getCurrentPostId } = select( editorStore );
const postId = getCurrentPostId();

// If there are no inputs, there is nothing to fetch. Empty query inputs
// must be represented by an empty object, e.g. `[ {} ]`.
if ( 0 === inputs.length ) {
Expand All @@ -194,6 +199,7 @@ export function useRemoteData( {
block_name: blockName,
query_key: queryKey,
query_inputs: inputs,
post_id: postId ?? null,
};

try {
Expand Down
1 change: 1 addition & 0 deletions types/remote-data.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ interface RemoteDataApiRequest {
block_name: string;
query_inputs: RemoteDataQueryInput[];
query_key: string;
post_id: ?( number | string );
}

interface RemoteDataApiResult {
Expand Down
Loading