admin管理员组文章数量:1327750
I'm trying to assert current_user_can()
in the permission_callback
method of a register_rest_route
function. However, it always returns false.
Upon further debugging, I see that wp_get_current_user()
function returns ID zero, which probably means the $current_user
global isn't available at the moment of execution.
That means this example from the documentation shouldn't work:
<?php
add_action( 'rest_api_init', function () {
register_rest_route( 'myplugin/v1', '/author/(?P<id>\d+)', array(
'methods' => 'GET',
'callback' => 'my_awesome_func',
'args' => array(
'id' => array(
'validate_callback' => 'is_numeric'
),
),
'permission_callback' => function () {
return current_user_can( 'edit_others_posts' );
}
) );
} );
And indeed it doesn't.
Further debugging:
<?php
// muplugins/test.php
add_action('rest_api_init', function() {
// Works. Returns current WP_User.
wp_get_current_user();
// Works. Returns current WP_User.
global $current_user;
register_rest_route('test', 'user', [
'methods' => 'GET',
// In a closure. Does not work. Returns zero.
'callback' => function() {
var_dump(wp_get_current_user());exit;
},
// In a class. Does not work. Returns zero.
'callback' => [new Something, 'test_wp_get_current_user_in_a_class'],
// In a function. Does not work. Returns zero.
'callback' => 'test_wp_get_current_user',
'permission_callback' => function() {
// Does not work. Returns zero.
wp_get_current_user();
// Does not work. Returns zero.
global $current_user;
$current_user->ID;
}
]);
});
function test_wp_get_current_user()
{
var_dump(wp_get_current_user());exit;
}
class Something
{
public function test_wp_get_current_user_in_a_class()
{
var_dump(wp_get_current_user());exit;
}
}
How can I use current_user_can()
inside register_rest_route()
? Or yet, should I?
I'm trying to assert current_user_can()
in the permission_callback
method of a register_rest_route
function. However, it always returns false.
Upon further debugging, I see that wp_get_current_user()
function returns ID zero, which probably means the $current_user
global isn't available at the moment of execution.
That means this example from the documentation shouldn't work:
<?php
add_action( 'rest_api_init', function () {
register_rest_route( 'myplugin/v1', '/author/(?P<id>\d+)', array(
'methods' => 'GET',
'callback' => 'my_awesome_func',
'args' => array(
'id' => array(
'validate_callback' => 'is_numeric'
),
),
'permission_callback' => function () {
return current_user_can( 'edit_others_posts' );
}
) );
} );
And indeed it doesn't.
Further debugging:
<?php
// muplugins/test.php
add_action('rest_api_init', function() {
// Works. Returns current WP_User.
wp_get_current_user();
// Works. Returns current WP_User.
global $current_user;
register_rest_route('test', 'user', [
'methods' => 'GET',
// In a closure. Does not work. Returns zero.
'callback' => function() {
var_dump(wp_get_current_user());exit;
},
// In a class. Does not work. Returns zero.
'callback' => [new Something, 'test_wp_get_current_user_in_a_class'],
// In a function. Does not work. Returns zero.
'callback' => 'test_wp_get_current_user',
'permission_callback' => function() {
// Does not work. Returns zero.
wp_get_current_user();
// Does not work. Returns zero.
global $current_user;
$current_user->ID;
}
]);
});
function test_wp_get_current_user()
{
var_dump(wp_get_current_user());exit;
}
class Something
{
public function test_wp_get_current_user_in_a_class()
{
var_dump(wp_get_current_user());exit;
}
}
How can I use current_user_can()
inside register_rest_route()
? Or yet, should I?
- 2 The answer right here might help: stackoverflow/questions/47455745/… – czerspalace Commented Nov 28, 2018 at 21:43
- 1 Or the docs on Authentication: developer.wordpress/rest-api/using-the-rest-api/… You need to send the nonce, or the user is not signed in. – Jacob Peattie Commented Nov 29, 2018 at 10:07
- This is correct. Do you mind posting an answer so I can accept it? – Lucas Bustamante Commented Nov 29, 2018 at 10:15
1 Answer
Reset to default 3You need to pass the wp_rest
nonce with the JavaScript request that you send to REST.
This nonce is what passes the information from PHP to JavaScript about which user is making the request.
Example:
<form>
<input type="text" name="rest_auth_nonce" value="<?= esc_attr( wp_create_nonce( 'wp_rest' ) ) ?>">
</form>
<script>
jQuery.ajax({
beforeSend: function (xhr) {
xhr.setRequestHeader('X-WP-Nonce', jQuery('form').find('input[name="rest_auth_nonce"]').val());
}
});
</script>
本文标签: rest apiHow to use currentusercan() in registerrestroute()
版权声明:本文标题:rest api - How to use current_user_can() in register_rest_route()? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742233495a2437652.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论