Post Editor: Avoid 403 errors for users with low permissions (#42413)

* Post Editor: Avoid 403 errors for low capability users * Use undefined
WordPress · Jul 18, 2022 · 9f0e6be · 9f0e6be
1 parent f233a32
commit 9f0e6be
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/lib/compat/wordpress-6.1/edit-form-blocks.php b/lib/compat/wordpress-6.1/edit-form-blocks.php
@@ -15,6 +15,7 @@
 function gutenberg_preload_template_permissions( $preload_paths, $context ) {
 	if ( ! empty( $context->post ) ) {
 		$preload_paths[] = array( rest_get_route_for_post_type_items( 'wp_template' ), 'OPTIONS' );
+		$preload_paths[] = array( '/wp/v2/settings', 'OPTIONS' );
 	}
 
 	return $preload_paths;

diff --git a/packages/edit-post/src/editor.js b/packages/edit-post/src/editor.js
@@ -57,7 +57,7 @@ function Editor( {
 				getEditedPostTemplate,
 				getHiddenBlockTypes,
 			} = select( editPostStore );
-			const { getEntityRecord, getPostType, getEntityRecords } =
+			const { getEntityRecord, getPostType, getEntityRecords, canUser } =
 				select( coreStore );
 			const { getEditorSettings } = select( editorStore );
 			const { getBlockTypes } = select( blocksStore );
@@ -78,6 +78,7 @@ function Editor( {
 			const supportsTemplateMode =
 				getEditorSettings().supportsTemplateMode;
 			const isViewable = getPostType( postType )?.viewable ?? false;
+			const canEditTemplate = canUser( 'create', 'templates' );
 
 			return {
 				hasFixedToolbar:
@@ -96,7 +97,7 @@ function Editor( {
 				keepCaretInsideBlock: isFeatureActive( 'keepCaretInsideBlock' ),
 				isTemplateMode: isEditingTemplate(),
 				template:
-					supportsTemplateMode && isViewable
+					supportsTemplateMode && isViewable && canEditTemplate
 						? getEditedPostTemplate()
 						: null,
 				post: postObject,

diff --git a/packages/editor/src/components/provider/use-block-editor-settings.js b/packages/editor/src/components/provider/use-block-editor-settings.js
@@ -41,7 +41,9 @@ function useBlockEditorSettings( settings, hasTemplate ) {
 		const isWeb = Platform.OS === 'web';
 		const { canUser, getEntityRecord } = select( coreStore );
 
-		const siteSettings = getEntityRecord( 'root', 'site' );
+		const siteSettings = canUser( 'read', 'settings' )
+			? getEntityRecord( 'root', 'site' )
+			: undefined;
 
 		return {
 			canUseUnfilteredHTML: canUserUseUnfilteredHTML(),