Template editor: wrong REST API permissions check

[carlomanf]

Description

Related: #26573, #37126

I wrote a plugin that replaces the templates REST API controller in order to separate the capability to create new templates from the capability to edit existing templates. Below is a simplified version of what I am using:

<?php

add_action( 'registered_post_type_wp_template', function( $post_type, $post_type_object ) {
	$post_type_object->rest_controller = null;
	$post_type_object->rest_controller_class = 'Example_Template_Controller';
}, 10, 2 );

class Example_Template_Controller extends WP_REST_Templates_Controller {
	public function update_item_permissions_check( $request ) {
		return true;
	}

	public function create_item_permissions_check( $request ) {
		return false;
	}
}

One problem that became apparent is that the "Edit template" link in the post editor does not show up unless I allowed the user to pass the create_item_permissions_check in the REST API, even if they were already passing the update_item_permission_check.

If the user passes the update_item_permission_check but fails the create_item_permissions_check, I expected that the "Edit template" link would still be available and only the button for creating a new one should be disabled.

On the other hand, if the user passes the create_item_permissions_check but fails the update_item_permission_check, the "Edit template" link wrongly shows and allows the template editor to be loaded, but the changes correctly can't get saved.

It appears that the "Edit template" link is calling the wrong REST API permissions check.

Step-by-step reproduction instructions

1. Add the example code above (e.g. as a plugin)
2. Edit a post or page the old way (not the site editor)
3. Click on the "Template" section in the sidebar
4. Observe that the "Edit template" link is missing
5. Switch around the return true and return false statements in the example code
6. Edit a post or page the old way (not the site editor)
7. Click on the "Template" section in the sidebar
8. Observe that the "Edit template" link is showing

Screenshots, screen recording, code snippet

No response

Environment info

Gutenberg 16.0.0

Please confirm that you have searched existing issues in the repo.

Yes

Please confirm that you have tested with all plugins deactivated except Gutenberg.

No

[github-actions]

Hi,
This issue has gone 30 days without any activity. This means it is time for a check-in to make sure it is still relevant. If you are still experiencing this issue with the latest versions, you can help the project by responding to confirm the problem and by providing any updated reproduction steps.
Thanks for helping out.

[carlomanf]

I know it's automated, but seems like a backward request to me. Unless I explicitly confirm the issue remains unresolved every time a new version is released, or at least every 30 days, the assumption will be that it's somehow resolved, despite there being no activity on this ticket?

Perhaps a more appropriate message would be:

Hi,
This issue has gone 6 months without any activity. This means it is time for a check-in to make sure it is still relevant. If you are no longer experiencing this issue with the latest versions, you can help the project by responding to confirm the problem is resolved and closing the ticket. If you are still experiencing the issue, disregard this message.
Thanks for helping out.

[github-actions]

Hi,
This issue has gone 30 days without any activity. This means it is time for a check-in to make sure it is still relevant. If you are still experiencing this issue with the latest versions, you can help the project by responding to confirm the problem and by providing any updated reproduction steps.
Thanks for helping out.