Provide more helpful error message/code on Post Create/Update fail #2053
Conversation
Instead of returning a generic `rest_forbidden` error, let's return an error message indicating which operation failed, and 401 instead of 403 when the request is unauthenticated.
|
@WP-API/amigos #reviewmerge |
|
👍 Not a PHP expert personally but this looks good, and is definitely an improvement over the current state of affairs. |
|
Technically the difference b/w 401 and 403 looks to be a matter of "is not authenticated" (401) vs "is authenticated but does not have credentials" (403). If we're returning a 403 for PUT errors based on capacity, is there previously a place where we checked whether the user is authenticated and returned a 401 if not? |
I'm not sure I follow. Can you clarify? |
There was a problem hiding this comment.
Should we be using the post type labels here? Trying to create a page will show "posts" right now
There was a problem hiding this comment.
Yes, although all of our strings need to be updated to this effect, so I'd rather file it as a secondary issue.
Provide more helpful error message/code on Post Create/Update fail
Sorry for the delayed response. What I mean was, if I interpret Wikipedia correctly ( && if Wikipedia represents proper usage), then both POST and PUT should generate a 401 if the user is unauthenticated:
and then, once logged in, both POST and PUT should generate a 403 if the user does not have the requisite permissions:
It looks (based purely on this PR) like we blanket-group POST errors as 401 and PUT as 403, which looks incorrect. I have not read through the rest of the code to determine whether this is the case, however. |
|
...I was misreading the code completely. Please disregard the noise. |
Instead of returning a generic
rest_forbiddenerror, let's return anerror message indicating which operation failed, and 401 instead of 403
when the request is unauthenticated.
From https://core.trac.wordpress.org/ticket/35527