[wp-trac] [WordPress Trac] #40251: Querying for single user in REST API after unsetting rest_user_query returns rest_user_cannot_view
WordPress Trac
noreply at wordpress.org
Sun Mar 26 01:48:37 UTC 2017
#40251: Querying for single user in REST API after unsetting rest_user_query
returns rest_user_cannot_view
--------------------------+-----------------------
Reporter: daduenn | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: REST API | Version: 4.7.3
Severity: normal | Resolution: wontfix
Keywords: | Focuses: rest-api
--------------------------+-----------------------
Changes (by joehoyle):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Hey daduann, thanks for the report! While it might make sense to be able
to do this - this filter is just _one_ place that can change the data the
rest api returns. There's other permissions checks and filters involved to
make sure we don't expose all users of a site, not just ones with
`has_published_posts`.
I think it makes sense to keep it this way, and not have this endpoint
support listing all users, rather than providing a developer API to allow
disabling the `has_published_posts` check. `/users/$id` doesn't use
WP_User_Query so there's be no way to use this specific hook to control
that either.
Feel free to re-open if you strongly disagree, but at this point I don't
think we need to support this in the core endpoint. Current develop
suggestion: create your own PHP subclass for the route.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40251#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list