Merge pull request #130 from Automattic/fix/api-routes-permissions-hardening

More restrictive API route permissions

Author: iuravic

lib/class-convertercontroller.php

@@ -147,7 +147,7 @@ public function register_routes() {
 	 * @return bool|WP_Error
 	 */
 	public function rest_permission() {
-		$is_user_authorized = current_user_can( 'edit_posts' );
+		$is_user_authorized = current_user_can( 'edit_others_posts' );
 
 		if ( ! $is_user_authorized ) {
 			return new WP_Error( 'newspack_content_converter_rest_invalid_permission', __( 'Unauthorized access.' ) );