Refactor permission checks for authors (#1006)

mikejolley · Aljullu · commit 2751512260d8 · 2019-10-14T15:13:07.000+02:00
diff --git a/src/RestApi/Controllers/Products.php b/src/RestApi/Controllers/Products.php
@@ -105,13 +105,19 @@ public function get_item_permissions_check( $request ) {
 	}
 
 	/**
-	 * Change read permissions to allow author access to this API.
+	 * Change REST API permissions so that authors have access to this API.
 	 *
-	 * @param array $permissions Array of access permissions.
+	 * This code only runs for methods of this class. @see Products::get_items below.
+	 *
+	 * @param bool $permission Does the current user have access to the API.
+	 * @return bool
 	 */
-	public function change_permissions( $permissions ) {
-		$permissions['read'] = 'edit_posts';
-		return $permissions;
+	public function force_edit_posts_permission( $permission ) {
+		// If user has access already, we can bypass additonal checks.
+		if ( $permission ) {
+			return $permission;
+		}
+		return current_user_can( 'edit_posts' );
 	}
 
 	/**
@@ -121,9 +127,9 @@ public function change_permissions( $permissions ) {
 	 * @return WP_Error|WP_REST_Response
 	 */
 	public function get_items( $request ) {
-		add_filter( 'woocommerce_rest_check_permissions', array( $this, 'change_permissions' ) );
+		add_filter( 'woocommerce_rest_check_permissions', array( $this, 'force_edit_posts_permission' ) );
 		$response = parent::get_items( $request );
-		remove_filter( 'woocommerce_rest_check_permissions', array( $this, 'change_permissions' ) );
+		remove_filter( 'woocommerce_rest_check_permissions', array( $this, 'force_edit_posts_permission' ) );
 
 		return $response;
 	}
