fix: check current user has edit_post capability

girishpanchal30 · girishpanchal30 · commit 546248036b69 · 2025-10-14T15:20:29.000+05:30
diff --git a/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php b/includes/gutenberg/feedzy-rss-feeds-gutenberg-block.php
@@ -284,8 +284,9 @@ public function feedzy_register_rest_route() {
 			array(
 				'methods'             => 'POST',
 				'callback'            => array( $this, 'feedzy_rest_route' ),
-				'permission_callback' => function () {
-					return current_user_can( 'manage_options' );
+				'permission_callback' => function ( WP_REST_Request $request ) {
+					$post_id = $request->get_param( 'postId' );
+					return current_user_can( 'edit_post', $post_id );
 				},
 				'args'                => array(
 					'url'      => array(
diff --git a/js/FeedzyBlock/Editor.js b/js/FeedzyBlock/Editor.js
@@ -194,11 +194,12 @@ class Editor extends Component {
 				.filter((item) => item !== '');
 			url = queryString.stringify({ url }, { arrayFormat: 'bracket' });
 		}
+		const postId = wp.data.select('core/editor').getCurrentPostId();
 
 		apiFetch({
 			path: `/feedzy/v1/feed?${url}`,
 			method: 'POST',
-			data: this.props.attributes,
+			data: {...this.props.attributes, postId: postId},
 		})
 			.then((data) => {
 				if (this.unmounting) {
