I'm an Administrator role user. When I'm using the REST API, if I attempt to call
GET /wp-json/wp/v2/posts?context=edit
I get this error message:
401 Unauthorized : [rest_forbidden_context] Sorry, you are not allowed to edit posts in this post type.
Similar errors are generated for pages queries as well. If I query:
GET /wp-json/wp/v2/users?context=edit
I get a slightly different error message:
401 Unauthorized : [rest_forbidden_context] Sorry, you are not allowed to list users.
I can use the same API endpoints with ?context=view with no problem, but I'd like to be able to view the posts and page content without shortcode expansion, so it's my understanding that I need to query against edit context.
Again, I have the administrator role on the server and can log into the dashboard and edit any post, so I don't think it's a user permission issue with my userid. Any ideas on what might be causing the error?
Some additional details: My server version: 5.5.3 Accessing the API using the wordpress_json library for Python (which under the hoods uses requests' Basic Authentication headers)
I'm an Administrator role user. When I'm using the REST API, if I attempt to call
GET /wp-json/wp/v2/posts?context=edit
I get this error message:
401 Unauthorized : [rest_forbidden_context] Sorry, you are not allowed to edit posts in this post type.
Similar errors are generated for pages queries as well. If I query:
GET /wp-json/wp/v2/users?context=edit
I get a slightly different error message:
401 Unauthorized : [rest_forbidden_context] Sorry, you are not allowed to list users.
I can use the same API endpoints with ?context=view with no problem, but I'd like to be able to view the posts and page content without shortcode expansion, so it's my understanding that I need to query against edit context.
Again, I have the administrator role on the server and can log into the dashboard and edit any post, so I don't think it's a user permission issue with my userid. Any ideas on what might be causing the error?
Some additional details: My server version: 5.5.3 Accessing the API using the wordpress_json library for Python (which under the hoods uses requests' Basic Authentication headers)
Share Improve this question edited Nov 9, 2020 at 22:10 William McVey asked Nov 9, 2020 at 22:02 William McVeyWilliam McVey 1352 silver badges6 bronze badges1 Answer
Reset to default 2Clearly your administrator is unable to modify those posts according to the roles and capabilities system.
This is the code that is generating that error in WP_REST_Post_Types_Controller:
public function get_items_permissions_check( $request ) {
if ( 'edit' === $request['context'] ) {
$types = get_post_types( array( 'show_in_rest' => true ), 'objects' );
foreach ( $types as $type ) {
if ( current_user_can( $type->cap->edit_posts ) ) {
return true;
}
}
return new WP_Error(
'rest_cannot_view',
__( 'Sorry, you are not allowed to edit posts in this post type.' ),
array( 'status' => rest_authorization_required_code() )
);
}
return true;
}
So the user your python application is interacting as, does not have the edit_posts capability. Assuming it was succesfully authenticating.
What I think has happened here is that you are making unauthenticated requests, under the assumption they are authenticated. Somewhere along the line a mistake was made, perhaps a header is not being applied to your requests, etc.
Either way, what you describe is normal behaviour for an unauthenticated client. I would take a closer look at your python library. For something as simple as basic auth REST API a generic REST API library may be more appropriate and reliable.
Also keep in mind it's not enough to use basic authentication, a plugin needs to be installed and activated at the WP end. WP 5.6 also adds application password support as a more secure alternative