W3cubDocs

/WordPress

WP_REST_Plugins_Controller::check_read_permission( string $plugin )

Checks if the given plugin can be viewed by the current user.

Description

On multisite, this hides non-active network only plugins if the user does not have permission to manage network plugins.

Parameters

$plugin

(string) (Required) The plugin file to check.

Return

(true|WP_Error) True if can read, a WP_Error instance otherwise.

Source

File: wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php 

protected function check_read_permission( $plugin ) {
		if ( ! $this->is_plugin_installed( $plugin ) ) {
			return new WP_Error( 'rest_plugin_not_found', __( 'Plugin not found.' ), array( 'status' => 404 ) );
		}

		if ( ! is_multisite() ) {
			return true;
		}

		if ( ! is_network_only_plugin( $plugin ) || is_plugin_active( $plugin ) || current_user_can( 'manage_network_plugins' ) ) {
			return true;
		}

		return new WP_Error(
			'rest_cannot_view_plugin',
			__( 'Sorry, you are not allowed to manage this plugin.' ),
			array( 'status' => rest_authorization_required_code() )
		);
	}

Uses

Uses Description
wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php: WP_REST_Plugins_Controller::is_plugin_installed()

Checks if the plugin is installed.
wp-includes/rest-api.php: rest_authorization_required_code()

Returns a contextual HTTP error code for authorization failure.
wp-admin/includes/plugin.php: is_network_only_plugin()

Checks for “Network: true” in the plugin header to see if this should be activated only as a network wide plugin. The plugin would also work when Multisite is not enabled.
wp-admin/includes/plugin.php: is_plugin_active()

Determines whether a plugin is active.
wp-includes/capabilities.php: current_user_can()

Returns whether the current user has the specified capability.
wp-includes/l10n.php: __()

Retrieve the translation of $text.
wp-includes/load.php: is_multisite()

If Multisite is enabled.
wp-includes/class-wp-error.php: WP_Error::__construct()

Initialize the error.

Used By

Used By Description
wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php: WP_REST_Plugins_Controller::get_items()

Retrieves a collection of plugins.
wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php: WP_REST_Plugins_Controller::get_item_permissions_check()

Checks if a given request has access to get a specific plugin.
wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php: WP_REST_Plugins_Controller::update_item_permissions_check()

Checks if a given request has access to update a specific plugin.
wp-includes/rest-api/endpoints/class-wp-rest-plugins-controller.php: WP_REST_Plugins_Controller::delete_item_permissions_check()

Checks if a given request has access to delete a specific plugin.

Changelog

Version Description
5.5.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_rest_plugins_controller/check_read_permission