From e630d36200f059fb06b9b6c89989ad66bb40f665 Mon Sep 17 00:00:00 2001
From: girishpanchal30 <girish@krishaweb.com>
Date: Thu, 3 Oct 2024 18:01:19 +0530
Subject: [PATCH] Fix vulnerability issue with author role

---
 inc/css/class-css-handler.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/inc/css/class-css-handler.php b/inc/css/class-css-handler.php
index ded82642d..55a9fb4c9 100644
--- a/inc/css/class-css-handler.php
+++ b/inc/css/class-css-handler.php
@@ -142,8 +142,8 @@ public function register_routes() {
 							},
 						),
 					),
-					'permission_callback' => function () {
-						return current_user_can( 'publish_posts' );
+					'permission_callback' => function ( $request ) {
+						return current_user_can( 'edit_post', $request->get_param( 'id' ) );
 					},
 				),
 			)
@@ -166,8 +166,8 @@ public function register_routes() {
 							},
 						),
 					),
-					'permission_callback' => function () {
-						return current_user_can( 'publish_posts' );
+					'permission_callback' => function ( $request ) {
+						return current_user_can( 'edit_post', $request->get_param( 'id' ) );
 					},
 				),
 			)