From 91b518a716179fc86e15c8a6a17fc39a5833c19d Mon Sep 17 00:00:00 2001
From: Boone Gorges <boonebgorges@gmail.com>
Date: Wed, 26 Oct 2016 14:52:29 +0000
Subject: [PATCH] REST API: Use term-specific caps for permission checks in
 term update and delete endpoints.

See #38505.
Built from https://develop.svn.wordpress.org/trunk@38960


git-svn-id: http://core.svn.wordpress.org/trunk@38903 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 .../rest-api/endpoints/class-wp-rest-terms-controller.php  | 7 +++----
 wp-includes/version.php                                    | 2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php b/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
index 6540c52fdf..1d4f9c6817 100644
--- a/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
+++ b/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
@@ -451,8 +451,7 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
 			return new WP_Error( 'rest_term_invalid', __( "Resource doesn't exist." ), array( 'status' => 404 ) );
 		}
 
-		$taxonomy_obj = get_taxonomy( $this->taxonomy );
-		if ( ! current_user_can( $taxonomy_obj->cap->edit_terms ) ) {
+		if ( ! current_user_can( 'edit_term', $term->term_id ) ) {
 			return new WP_Error( 'rest_cannot_update', __( 'Sorry, you cannot update resource.' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 
@@ -527,8 +526,8 @@ class WP_REST_Terms_Controller extends WP_REST_Controller {
 		if ( ! $term ) {
 			return new WP_Error( 'rest_term_invalid', __( "Resource doesn't exist." ), array( 'status' => 404 ) );
 		}
-		$taxonomy_obj = get_taxonomy( $this->taxonomy );
-		if ( ! current_user_can( $taxonomy_obj->cap->delete_terms ) ) {
+
+		if ( ! current_user_can( 'delete_term', $term->term_id ) ) {
 			return new WP_Error( 'rest_cannot_delete', __( 'Sorry, you cannot delete resource.' ), array( 'status' => rest_authorization_required_code() ) );
 		}
 		return true;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index c17bd8a84e..2d7da86854 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -4,7 +4,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '4.7-alpha-38959';
+$wp_version = '4.7-alpha-38960';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.