From a53f3d8147c85f5859880e36992d35a462d04e65 Mon Sep 17 00:00:00 2001
From: "Zane M. Kolnik" <zane@kanopi.com>
Date: Mon, 10 Nov 2025 17:12:47 -0500
Subject: [PATCH] issue-427: Adding permissions check.

---
 ...lass-acf-to-rest-api-options-controller.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/v3/lib/endpoints/class-acf-to-rest-api-options-controller.php b/v3/lib/endpoints/class-acf-to-rest-api-options-controller.php
index a64bd85..b9456f7 100644
--- a/v3/lib/endpoints/class-acf-to-rest-api-options-controller.php
+++ b/v3/lib/endpoints/class-acf-to-rest-api-options-controller.php
@@ -27,5 +27,23 @@ public function register_routes() {
 			) );
 		}
 
+		/**
+		 * Check if a given request has access to get items
+		 *
+		 * @param WP_REST_Request $request Full data about the request.
+		 * @return WP_Error|bool
+		 */
+		public function get_item_permissions_check( $request ) {
+			if ( ! current_user_can( 'manage_options' ) ) {
+				return new WP_Error(
+					'rest_forbidden_context',
+					__( 'Sorry, you are not allowed to access options.', 'acf-to-rest-api' ),
+					array( 'status' => rest_authorization_required_code() )
+				);
+			}
+			return true;
+		}
+
 	}
 }
+