Continues from #899 resolves #930 using the last of the proposed solutions in which the author taxonomy is made available in the WP REST API with the base coauthors but without the term description.
The privacy issue pointed out in #850 and fixed by #851 is handled based on capabilities. In a filter on rest_prepare_author, the description is changed to an empty string if the current user does not have the edit_posts capability.
My intention was to make the view context of the coauthors endpoint available to anyone who could open a post in the block editor. In that way, it could be used in custom blocks as was mentioned in #851 but would not be available to subscribers or unauthenticated users.
I am open to making revisions if security of the email addresses needs to be more strict or if a different approach is preferable for another reason.
Steps to Test
I used Application Passwords for authentication in my own testing.
[ ] GET /wp-json/wp/v2/coauthors as an unauthenticated user. The description should be an empty string undefined.
[ ] GET /wp-json/wp/v2/coauthors as a user with the Subscriber role. The description should be an empty string undefined.
[ ] GET /wp-json/wp/v2/coauthors as a user with the Author role or above. The description should appear in its original state.
Description
Continues from #899 resolves #930 using the last of the proposed solutions in which the author taxonomy is made available in the WP REST API with the base
coauthorsbut without the term description.The privacy issue pointed out in #850 and fixed by #851 is handled based on capabilities. In a filter on
rest_prepare_author, the description is changed to an empty string if the current user does not have theedit_postscapability.My intention was to make the view context of the coauthors endpoint available to anyone who could open a post in the block editor. In that way, it could be used in custom blocks as was mentioned in #851 but would not be available to subscribers or unauthenticated users.
I am open to making revisions if security of the email addresses needs to be more strict or if a different approach is preferable for another reason.
Steps to Test
I used Application Passwords for authentication in my own testing.
/wp-json/wp/v2/coauthorsas an unauthenticated user. The description should bean empty stringundefined./wp-json/wp/v2/coauthorsas a user with the Subscriber role. The description should bean empty stringundefined./wp-json/wp/v2/coauthorsas a user with the Author role or above. The description should appear in its original state.