diff --git a/admin/templates/html-keys-edit.php b/admin/templates/html-keys-edit.php
index 21bbb11..5c2ca33 100644
--- a/admin/templates/html-keys-edit.php
+++ b/admin/templates/html-keys-edit.php
@@ -67,19 +67,22 @@
display_name,
- absint( $user->ID ),
- $user->user_email
- );
+
+ $all_users = get_users( );
+
+ $user_id = ! empty( $key_data['user_id'] ) ? absint( $key_data['user_id'] ) : '';
+
?>
diff --git a/includes/rest-api/wpem-rest-crud-controller.php b/includes/rest-api/wpem-rest-crud-controller.php
index 36f787b..43d9a7d 100644
--- a/includes/rest-api/wpem-rest-crud-controller.php
+++ b/includes/rest-api/wpem-rest-crud-controller.php
@@ -42,6 +42,8 @@ protected function get_object( $id ) {
return new WP_Error( 'invalid-method', sprintf( __( "Method '%s' not implemented. Must be overridden in subclass.", 'wp-event-manager-rest-api' ), __METHOD__ ), array( 'status' => 405 ) );
}
+
+
/**
* Check if a given request has access to read an item.
*
diff --git a/includes/rest-api/wpem-rest-posts-conroller.php b/includes/rest-api/wpem-rest-posts-conroller.php
index a00988a..9fc6447 100644
--- a/includes/rest-api/wpem-rest-posts-conroller.php
+++ b/includes/rest-api/wpem-rest-posts-conroller.php
@@ -57,6 +57,7 @@ public function get_items_permissions_check( $request ) {
return new WP_Error( 'wpem_rest_cannot_view', __( 'Sorry, you cannot list resources.', 'wp-event-manager-rest-api' ), array( 'status' => rest_authorization_required_code() ) );
}
+
return true;
}
diff --git a/wpem-rest-api-functions.php b/wpem-rest-api-functions.php
index a65f423..79f73c0 100644
--- a/wpem-rest-api-functions.php
+++ b/wpem-rest-api-functions.php
@@ -37,7 +37,7 @@ function wpem_rest_prepare_date_response( $date, $utc = true ) {
function wpem_rest_check_post_permissions( $post_type, $context = 'read', $object_id = 0 ) {
global $wpdb;
$contexts = array(
- 'read' => 'read_private_posts',
+ 'read' => 'read',
'create' => 'publish_posts',
'edit' => 'edit_post',
'delete' => 'delete_post',
@@ -51,8 +51,18 @@ function wpem_rest_check_post_permissions( $post_type, $context = 'read', $objec
$cap = $contexts[ $context ];
$post_type_object = get_post_type_object( $post_type );
-
$permission = current_user_can( $post_type_object->cap->$cap, $object_id );
+
+ //check each and every post id
+ if($object_id != 0){
+
+ $author_id = get_post_field ('post_author', $object_id);
+ $current_user_id = get_current_user_id();
+ if($author_id != $current_user_id)
+ return false;
+
+ }
+
}
return apply_filters( 'wpem_rest_check_permissions', $permission, $context, $object_id, $post_type );
|