WP_REST_Users_Controller::get_items_permissions_check() WordPress Method

The WP_REST_Users_Controller::get_items_permissions_check() method is used to check if the current user has the permissions to perform the requested action on the users collection.

WP_REST_Users_Controller::get_items_permissions_check( WP_REST_Request $request ) #

Permissions check for getting all users.

Contents

Parameters

$request

(WP_REST_Request)(Required)Full details about the request.

Top ↑

Return

(true|WP_Error) True if the request has read access, otherwise WP_Error object.

Top ↑

Source

File: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php

191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
public function get_items_permissions_check( $request ) {
    // Check if roles is specified in GET request and if user can list users.
    if ( ! empty( $request['roles'] ) && ! current_user_can( 'list_users' ) ) {
        return new WP_Error(
            'rest_user_cannot_view',
            __( 'Sorry, you are not allowed to filter users by role.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }
 
    // Check if capabilities is specified in GET request and if user can list users.
    if ( ! empty( $request['capabilities'] ) && ! current_user_can( 'list_users' ) ) {
        return new WP_Error(
            'rest_user_cannot_view',
            __( 'Sorry, you are not allowed to filter users by capability.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }
 
    if ( 'edit' === $request['context'] && ! current_user_can( 'list_users' ) ) {
        return new WP_Error(
            'rest_forbidden_context',
            __( 'Sorry, you are not allowed to list users.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }
 
    if ( in_array( $request['orderby'], array( 'email', 'registered_date' ), true ) && ! current_user_can( 'list_users' ) ) {
        return new WP_Error(
            'rest_forbidden_orderby',
            __( 'Sorry, you are not allowed to order users by this parameter.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }
 
    if ( 'authors' === $request['who'] ) {
        $types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
 
        foreach ( $types as $type ) {
            if ( post_type_supports( $type->name, 'author' )
                && current_user_can( $type->cap->edit_posts ) ) {
                return true;
            }
        }
 
        return new WP_Error(
            'rest_forbidden_who',
            __( 'Sorry, you are not allowed to query users by this parameter.' ),
            array( 'status' => rest_authorization_required_code() )
        );
    }
 
    return true;
}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/rest-api.php:rest_authorization_required_code()

Returns a contextual HTTP error code for authorization failure.

wp-includes/capabilities.php:current_user_can()

Returns whether the current user has the specified capability.

wp-includes/l10n.php:__()

Retrieve the translation of $text.

wp-includes/post.php:post_type_supports()

Check a post type’s support for a given feature.

wp-includes/post.php:get_post_types()

Get a list of all registered post type objects.

wp-includes/class-wp-error.php:WP_Error::__construct()

Initializes the error.

Show 1 more useHide more uses

Top ↑

Changelog

Changelog
VersionDescription
4.7.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by the Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.