diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php index ee69643813577..08d21fd090bc2 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php @@ -80,6 +80,19 @@ public function get_item_permissions_check( $request ) { * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. */ protected function check_has_read_only_access( $request ) { + /** + * Filters whether the current user has read access to menu items via the REST API. + * + * @since 6.8.0 + * @param $read_only_access bool Whether the current user has read access to menu items via the REST API. + * @param $request WP_REST_Request Full details about the request. + * @param $this WP_REST_Controller The current instance of the controller. + */ + $read_only_access = apply_filters( 'rest_menu_read_access', false, $request, $this ); + if ( $read_only_access ) { + return true; + } + if ( current_user_can( 'edit_theme_options' ) ) { return true; } diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php index e5bff633a2a87..b0ccd60fc365a 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-menu-locations-controller.php @@ -80,15 +80,7 @@ public function register_routes() { * @return true|WP_Error True if the request has read access, WP_Error object otherwise. */ public function get_items_permissions_check( $request ) { - if ( ! current_user_can( 'edit_theme_options' ) ) { - return new WP_Error( - 'rest_cannot_view', - __( 'Sorry, you are not allowed to view menu locations.' ), - array( 'status' => rest_authorization_required_code() ) - ); - } - - return true; + return $this->check_has_read_only_access( $request ); } /** @@ -123,15 +115,7 @@ public function get_items( $request ) { * @return true|WP_Error True if the request has read access for the item, WP_Error object otherwise. */ public function get_item_permissions_check( $request ) { - if ( ! current_user_can( 'edit_theme_options' ) ) { - return new WP_Error( - 'rest_cannot_view', - __( 'Sorry, you are not allowed to view menu locations.' ), - array( 'status' => rest_authorization_required_code() ) - ); - } - - return true; + return $this->check_has_read_only_access( $request ); } /** @@ -157,6 +141,32 @@ public function get_item( $request ) { return rest_ensure_response( $data ); } + /** + * Checks whether the current user has read permission for the endpoint. + * + * @since 6.8.0 + * + * @param WP_REST_Request $request Full details about the request. + * @return true|WP_Error True if the current user has permission, WP_Error object otherwise. + */ + protected function check_has_read_only_access( $request ) { + /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php */ + $read_only_access = apply_filters( 'rest_menu_read_access', false, $request, $this ); + if ( $read_only_access ) { + return true; + } + + if ( ! current_user_can( 'edit_theme_options' ) ) { + return new WP_Error( + 'rest_cannot_view', + __( 'Sorry, you are not allowed to view menu locations.' ), + array( 'status' => rest_authorization_required_code() ) + ); + } + + return true; + } + /** * Prepares a menu location object for serialization. * diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php index 3b8205f89dc92..3947bfd6107ce 100644 --- a/src/wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php +++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-menus-controller.php @@ -84,6 +84,12 @@ protected function get_term( $id ) { * @return true|WP_Error True if the current user has permission, WP_Error object otherwise. */ protected function check_has_read_only_access( $request ) { + /** This filter is documented in wp-includes/rest-api/endpoints/class-wp-rest-menu-items-controller.php */ + $read_only_access = apply_filters( 'rest_menu_read_access', false, $request, $this ); + if ( $read_only_access ) { + return true; + } + if ( current_user_can( 'edit_theme_options' ) ) { return true; }