strangerstudios · MaximilianoRicoTabo · Dec 19, 2024
diff --git a/includes/rest-api.php b/includes/rest-api.php
@@ -1195,7 +1195,7 @@ function pmpro_rest_api_get_permissions_check( $request ) {
 				'/pmpro/v1/me' => true,
 				'/pmpro/v1/recent_memberships' => 'pmpro_edit_members',
 				'/pmpro/v1/recent_orders' => 'pmpro_orders',
-				'/pmpro/v1/post_restrictions' => 'pmpro_edit_members',
+				'/pmpro/v1/post_restrictions' => 'edit_others_posts',
 			);
 			$route_caps = apply_filters( 'pmpro_rest_api_route_capabilities', $route_caps, $request );
 
@@ -1209,8 +1209,8 @@ function pmpro_rest_api_get_permissions_check( $request ) {
 					// No permission for this method, default to false.
 					$permission_to_check = false;
 				} else {
-					// Same permission for all methods, use it.
-					$permission_to_check = $route_caps[$route];
+					// If it's a boolean return it if it's a string ask if user can
+					$permission_to_check = $route_caps[$route] || current_user_can( $route_caps[$route] );
 				}
 
 				// Check the permission.