From b8a4820acf465d2d7324d5d2bd5b4fd8098e0864 Mon Sep 17 00:00:00 2001 From: Peter Kiss Date: Fri, 26 Apr 2024 15:01:03 +0200 Subject: [PATCH] Return public jobs only in the endpoints (#2814) Co-authored-by: gikaragia --- .../class-wp-job-manager-promoted-jobs-api.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/includes/promoted-jobs/class-wp-job-manager-promoted-jobs-api.php b/includes/promoted-jobs/class-wp-job-manager-promoted-jobs-api.php index a8e3bcfa5..bedb9bcd2 100644 --- a/includes/promoted-jobs/class-wp-job-manager-promoted-jobs-api.php +++ b/includes/promoted-jobs/class-wp-job-manager-promoted-jobs-api.php @@ -163,7 +163,7 @@ public function get_items() { $args = [ 'post_type' => \WP_Job_Manager_Post_Types::PT_LISTING, - 'post_status' => array_merge( array_keys( get_job_listing_post_statuses() ), [ 'trash' ] ), + 'post_status' => 'publish', 'no_found_rows' => true, 'ignore_sticky_posts' => true, 'posts_per_page' => -1, @@ -270,13 +270,16 @@ public function update_job_status( $request ) { public function get_job_data( $request ) { $job_id = $request->get_param( 'job_id' ); $post = get_post( $job_id ); + if ( \WP_Job_Manager_Post_Types::PT_LISTING !== get_post_type( $post ) ) { return new WP_Error( 'not_found', __( 'The promoted job was not found', 'wp-job-manager' ), [ 'status' => 404 ] ); } + $controller = get_post_type_object( \WP_Job_Manager_Post_Types::PT_LISTING )->get_rest_controller(); - if ( ! ( $controller instanceof WP_REST_Posts_Controller ) || ! $controller->check_read_permission( $post ) ) { + if ( ! ( $controller instanceof WP_REST_Posts_Controller ) || ! $controller->check_read_permission( $post ) || 'publish' !== $post->post_status ) { return new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to view this job.', 'wp-job-manager' ), [ 'status' => rest_authorization_required_code() ] ); } + $job_data = $this->prepare_item_for_response( get_post( $job_id ) ); if ( is_wp_error( $job_data ) ) { return $job_data;