WP_REST_Plugins_Controller::check_read_permission()protectedWP 5.5.0

Checks if the given plugin can be viewed by the current user.

On multisite, this hides non-active network only plugins if the user does not have permission to manage network plugins.

Method of the class: WP_REST_Plugins_Controller{}

No Hooks.

Return

true|WP_Error. True if can read, a WP_Error instance otherwise.

Usage

// protected - for code of main (parent) or child class
$result = $this->check_read_permission( $plugin );
$plugin(string) (required)
The plugin file to check.

Changelog

Since 5.5.0 Introduced.

WP_REST_Plugins_Controller::check_read_permission() code WP 6.4.3

protected function check_read_permission( $plugin ) {
	require_once ABSPATH . 'wp-admin/includes/plugin.php';

	if ( ! $this->is_plugin_installed( $plugin ) ) {
		return new WP_Error( 'rest_plugin_not_found', __( 'Plugin not found.' ), array( 'status' => 404 ) );
	}

	if ( ! is_multisite() ) {
		return true;
	}

	if ( ! is_network_only_plugin( $plugin ) || is_plugin_active( $plugin ) || current_user_can( 'manage_network_plugins' ) ) {
		return true;
	}

	return new WP_Error(
		'rest_cannot_view_plugin',
		__( 'Sorry, you are not allowed to manage this plugin.' ),
		array( 'status' => rest_authorization_required_code() )
	);
}