From b1a5a818720752c4198eb8c2f7b943ab4d0512d2 Mon Sep 17 00:00:00 2001
From: Mario Santos <santosguillamot@gmail.com>
Date: Fri, 17 May 2024 12:22:40 +0200
Subject: [PATCH] Check user can edit post meta

---
 packages/editor/src/bindings/post-meta.js | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/packages/editor/src/bindings/post-meta.js b/packages/editor/src/bindings/post-meta.js
index 4027448a9763f3..312704bbbda29b 100644
--- a/packages/editor/src/bindings/post-meta.js
+++ b/packages/editor/src/bindings/post-meta.js
@@ -37,12 +37,27 @@ export default {
 				},
 			} );
 	},
-	lockAttributesEditing() {
+	lockAttributesEditing( { select, context = {} } ) {
+		const postId = context.postId
+			? context.postId
+			: select( editorStore ).getCurrentPostId();
+		const postType = context.postType
+			? context.postType
+			: select( editorStore ).getCurrentPostType();
+
 		// TODO: Check that editing is happening in the post editor and not a template.
 
 		// TODO: Check that the custom field is not protected and available in the REST API.
 
-		// TODO: Check that the user has the capability to edit post meta.
+		// Check that the user has the capability to edit post meta.
+		const canUserEdit = select( coreDataStore ).canUserEditEntityRecord(
+			'postType',
+			postType,
+			postId
+		);
+		if ( ! canUserEdit ) {
+			return true;
+		}
 
 		return false;
 	},