0
0
Wordpressframework~20 mins

Permission callbacks in Wordpress - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Permission Callback Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a permission callback returns false?

In WordPress REST API, if a permission callback returns false, what is the expected behavior when a client tries to access that endpoint?

Wordpress
register_rest_route('myplugin/v1', '/data', [
  'methods' => 'GET',
  'callback' => 'myplugin_get_data',
  'permission_callback' => 'myplugin_check_permission'
]);

function myplugin_check_permission() {
  return false;
}
AThe API returns the data but logs a warning in the server.
BThe API returns a 403 Forbidden error to the client.
CThe API returns a 404 Not Found error to the client.
DThe API ignores the permission callback and returns the data.
Attempts:
2 left
💡 Hint

Think about what permission denied means in web APIs.

📝 Syntax
intermediate
2:00remaining
Identify the correct permission callback syntax

Which of the following is the correct way to define a permission callback for a REST API route in WordPress?

Wordpress
register_rest_route('myplugin/v1', '/item', [
  'methods' => 'POST',
  'callback' => 'myplugin_create_item',
  'permission_callback' => ???
]);
Acurrent_user_can('edit_posts')
Bmyplugin_check_permission()
Cfunction() { return current_user_can('edit_posts'); }
D'myplugin_check_permission'
Attempts:
2 left
💡 Hint

Remember, permission_callback expects a callable, not the result of a function call.

🔧 Debug
advanced
2:00remaining
Why does this permission callback cause a fatal error?

Consider this permission callback function:

function myplugin_permission() {
  return current_user_can('edit_posts') ? true : false;
  echo 'Check permission';
}

Why does this cause a fatal error?

Wordpress
register_rest_route('myplugin/v1', '/check', [
  'methods' => 'GET',
  'callback' => 'myplugin_callback',
  'permission_callback' => 'myplugin_permission'
]);
AThe function lacks a required parameter for permission callbacks.
BThe echo statement after return causes unreachable code error.
CThe function returns a boolean but should return a WP_Error object.
DThe function name is not a valid callable.
Attempts:
2 left
💡 Hint

Check the function signature against how WordPress calls permission callbacks (with $request).

state_output
advanced
2:00remaining
What is the output when permission callback returns WP_Error?

If a permission callback returns a WP_Error object instead of true or false, what will the REST API response be?

Wordpress
function myplugin_permission() {
  return new WP_Error('rest_forbidden', 'You do not have permission', ['status' => 403]);
}

register_rest_route('myplugin/v1', '/error', [
  'methods' => 'GET',
  'callback' => 'myplugin_callback',
  'permission_callback' => 'myplugin_permission'
]);
AThe API returns a 403 error with the message 'You do not have permission'.
BThe API ignores the WP_Error and returns the callback data.
CThe API returns a 500 Internal Server Error.
DThe API returns a 200 OK with empty data.
Attempts:
2 left
💡 Hint

WP_Error objects are used to send error responses in WordPress REST API.

🧠 Conceptual
expert
3:00remaining
Why use permission callbacks instead of checking permissions inside the main callback?

Why is it better to use a permission_callback in WordPress REST API routes rather than checking permissions inside the main callback function?

APermission callbacks automatically log user activity, main callbacks do not.
BPermission callbacks are required by WordPress and main callbacks cannot check permissions.
CPermission callbacks prevent unauthorized users from triggering expensive operations in the main callback.
DPermission callbacks run after the main callback to verify results.
Attempts:
2 left
💡 Hint

Think about performance and security when handling API requests.