Allow REST API users endpoints if user is logged in and can edit_posts

digitoimistodude · Jan 19, 2021 · 05c4e8d · 05c4e8d
1 parent f07a341
commit 05c4e8d
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-#### Fixed
+### Changed
+- Allow REST API users endpoints if user is logged in and can edit_posts
+
+### Fixed
 - Escape outputting localization functions ask_e, asv_e and pll_e return
 - On `widgets_init` remove recent comments style
 

diff --git a/inc/rest-api.php b/inc/rest-api.php
@@ -5,7 +5,7 @@
  * @Author: Timi Wahalahti
  * @Date:   2020-01-10 16:24:01
  * @Last Modified by:   Timi Wahalahti
- * @Last Modified time: 2020-02-11 14:59:03
+ * @Last Modified time: 2021-01-19 09:52:42
  *
  * @package air-helper
  */
@@ -19,6 +19,10 @@
  */
 add_filter( 'rest_endpoints', 'air_helper_disable_rest_endpoints' );
 function air_helper_disable_rest_endpoints( $endpoints ) {
+  if ( current_user_can( 'edit_posts' ) ) {
+    return $endpoints;
+  }
+
   if ( isset( $endpoints['/wp/v2/users'] ) ) {
     unset( $endpoints['/wp/v2/users'] );
   }