Open criptoraily opened 2 years ago
I'm currently working on updating custom post type ACF fields, with granular permissions, and having problems with rest_forbidden 403 error code.
Here's My Situation:
Expected Behavior I was expecting editing capabilities while updating fields to match what we have using wp backend.
Actual Behavior
Conclusion I've been playing with role/caps/rest for a while on a granular level, but I still can't accept the fact that capabilities are not tight via WP REST, this in my honest opinion, and this might be a security issue, if bob gives alice a role the edit_post cap, and alice being able to edit anyone's post fields, even though she doesn't have the edit_others_posts cap, can cause damage.
I will be looking into this closely in the following days, any feedback is appreciated. Will keep you posted ;)
Muito Obrigado e parabéns pelo trampo no plugin \o/
Trying to update a user custom field. Authentication via JWT that is working because I'm able to update regular fields.
This my Json:`
Those are my filters: // Enable the option show in rest
Getting: