(fix): ensure that only authenticated users can access draft preview …

…items in the API response

CHANGELOG.md

@@ -5,13 +5,19 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## Version [3.4.2]
+
+## Fix
+
+-   Ensure that only authenticated users can access draft preview items in the API response
+
 ## Version [3.4.1]
 
 ## Feat
 
 -   Enable filtering on taxonomy 'openpub-audience'
--	Add 'date_modified_gmt' to the api response
--	Add translation for 'Author'
+-   Add 'date_modified_gmt' to the api response
+-   Add translation for 'Author'
 
 ## Version [3.4]
 

openpub-base.php

@@ -4,7 +4,7 @@
  * Plugin Name:       Yard | OpenPub Base
  * Plugin URI:        https://www.openwebconcept.nl/
  * Description:       Acts as foundation for other OpenPub related content plugins. This plugin implements actions to allow for other plugins to add and/or change Custom Posttypes, Metaboxes, Taxonomies, en Posts 2 posts relations.
- * Version:           3.4.1
+ * Version:           3.4.2
  * Author:            Yard | Digital Agency
  * Author URI:        https://www.yard.nl/
  * License:           GPL-3.0

src/Base/Foundation/Plugin.php

@@ -19,7 +19,7 @@ class Plugin
      * Version of the plugin.
      * Used for setting versions of enqueue scripts and styles.
      */
-    public const VERSION = '3.4.1';
+    public const VERSION = '3.4.2';
 
     /**
      * Path to the root of the plugin.

src/Base/RestAPI/Controllers/ItemController.php

@@ -113,7 +113,7 @@ public function singleItemQueryBuilder(WP_REST_Request $request): Item
 
         $preview = filter_var($request->get_param('draft-preview'), FILTER_VALIDATE_BOOLEAN);
 
-        if (true === $preview) {
+        if (true === $preview && is_user_logged_in()) {
             $item->query(['post_status' => ['publish', 'draft', 'future']]);
         }