Complete the code to register a REST route with a permission callback that allows only logged-in users.
register_rest_route('myplugin/v1', '/data', array( 'methods' => 'GET', 'callback' => 'myplugin_get_data', 'permission_callback' => [1] ));
The is_user_logged_in function checks if the user is logged in, which is a common permission callback for REST routes.
Complete the permission callback to allow only users who can edit posts.
register_rest_route('myplugin/v1', '/update', array( 'methods' => 'POST', 'callback' => 'myplugin_update_data', 'permission_callback' => function() { return [1]('edit_posts'); } ));
The current_user_can function checks if the current user has a specific capability, such as 'edit_posts'.
Fix the error in the permission callback to correctly check if the user can delete posts.
register_rest_route('myplugin/v1', '/delete', array( 'methods' => 'DELETE', 'callback' => 'myplugin_delete_data', 'permission_callback' => function() { return current_user_can([1]); } ));
The correct capability to check for deleting posts is 'delete_posts'.
Fill both blanks to create a permission callback that allows only administrators to access the route.
register_rest_route('myplugin/v1', '/admin', array( 'methods' => 'GET', 'callback' => 'myplugin_admin_data', 'permission_callback' => function() { return current_user_can([1]) && is_user_logged_in() && [2]; } ));
The capability 'manage_options' is usually assigned to administrators. The second blank uses true to complete the logical expression correctly.
Fill all three blanks to create a permission callback that allows users who are logged in and have the 'edit_pages' capability.
register_rest_route('myplugin/v1', '/pages', array( 'methods' => 'POST', 'callback' => 'myplugin_edit_pages', 'permission_callback' => function() { if (![1]()) { return false; } return [2]([3]); } ));
The code first checks if the user is logged in with is_user_logged_in(). Then it checks if the user has the 'edit_pages' capability using current_user_can().