Skip to content

Commit

Permalink
Reusable Blocks: Verify edit capability on export action
Browse files Browse the repository at this point in the history
  • Loading branch information
@aduth
aduth committed Oct 19, 2018
1 parent 0235f5d commit ac75c14
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions gutenberg.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,14 @@ function gutenberg_add_edit_link( $actions, $post ) {

if ( 'wp_block' === $post->post_type ) {
unset( $actions['inline hide-if-no-js'] );

// Export uses block raw content, which is only returned from the post
// REST endpoint via `context=edit`, requiring edit capability.
$post_type = get_post_type_object( $post->post_type );
if ( ! current_user_can( $post_type->cap->edit_post, $post->ID ) ) {
return $actions;
}

$actions['export'] = sprintf(
'<button type="button" class="wp-list-reusable-blocks__export button-link" data-id="%s" aria-label="%s">%s</button>',
$post->ID,
Expand Down

0 comments on commit ac75c14

Please sign in to comment.